Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump the common group across 1 directory with 12 updates #6904

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 11, 2024

Bumps the common group with 8 updates in the / directory:

Package From To
github.com/Azure/azure-sdk-for-go/sdk/azcore 1.11.1 1.12.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity 1.5.2 1.6.0
github.com/aquasecurity/trivy-aws 0.9.0 0.10.0
github.com/aquasecurity/trivy-checks 0.11.0 0.12.0
github.com/containerd/containerd 1.7.17 1.7.18
github.com/docker/docker 26.1.3+incompatible 26.1.4+incompatible
golang.org/x/mod 0.17.0 0.18.0
modernc.org/sqlite 1.30.0 1.30.1

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.11.1 to 1.12.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.12.0

1.12.0 (2024-06-06)

Features Added

  • Added field StatusCodes to runtime.FetcherForNextLinkOptions allowing for additional HTTP status codes indicating success.
  • Added func NewUUID to the runtime package for generating UUIDs.

Bugs Fixed

  • Fixed an issue that prevented pollers using the Operation-Location strategy from unmarshaling the final result in some cases.

Other Changes

  • Updated dependencies.
Commits

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/internal/v1.6.0

1.6.0 (2024-04-16)

Features Added

  • Options types for SetBodilessMatcher and SetDefaultMatcher now embed RecordingOptions
  • Added a collection of default sanitizers for test recordings

sdk/azidentity/v1.6.0

1.6.0 (2024-06-10)

Features Added

  • NewOnBehalfOfCredentialWithClientAssertions creates an on-behalf-of credential that authenticates with client assertions such as federated credentials

Breaking Changes

These changes affect only code written against a beta version such as v1.6.0-beta.4

  • Removed AzurePipelinesCredential and the persistent token caching API. They will return in v1.7.0-beta.1

Bugs Fixed

  • Managed identity bug fixes

sdk/azidentity/v1.6.0-beta.4

1.6.0-beta.4 (2024-05-14)

Features Added

  • AzurePipelinesCredential authenticates an Azure Pipeline service connection with workload identity federation

sdk/azidentity/v1.6.0-beta.3

1.6.0-beta.3 (2024-04-09)

Breaking Changes

  • DefaultAzureCredential now sends a probe request with no retries for IMDS managed identity environments to avoid excessive retry delays when the IMDS endpoint is not available. This should improve credential chain resolution for local development scenarios.

Bugs Fixed

  • ManagedIdentityCredential now specifies resource IDs correctly for Azure Container Instances
Commits
  • 36f766d add sdk/resourcemanager/cosmos/armcosmos live test (#20705)
  • c005ed6 sdk/resourcemanager/network/armnetwork live test (#20331)
  • 5fa7df4 add sdk/resourcemanager/compute/armcompute live test (#20048)
  • 0d22aed add sdk/resourcemanager/eventhub/armeventhub live test (#20686)
  • 2a8d96d add sdk/resourcemanager/postgresql/armpostgresql live test (#20685)
  • b2cddab [Release] sdk/resourcemanager/paloaltonetworksngfw/armpanngfw/0.1.0 (#20437)
  • ed7f3c7 Fix azidentity troubleshooting guide link (#20736)
  • 6dfd0cb [azeventhubs] Fixing checkpoint store race condition (#20727)
  • 745d967 pass along the artifact name so we can override it later (#20732)
  • 20b4dd8 Update changelog with latest features (#20730)
  • Additional commits viewable in compare view

Updates github.com/aquasecurity/trivy-aws from 0.9.0 to 0.10.0

Release notes

Sourced from github.com/aquasecurity/trivy-aws's releases.

v0.10.0

Description

This is the first release of Trivy AWS as a Trivy plugin.

What's Changed

Full Changelog: aquasecurity/trivy-aws@v0.9.0...v0.10.0

Commits

Updates github.com/aquasecurity/trivy-checks from 0.11.0 to 0.12.0

Release notes

Sourced from github.com/aquasecurity/trivy-checks's releases.

v0.12.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-checks@v0.11.0...v0.12.0

Commits
  • 32d7d75 fix: use regex to split command
  • 7663e7b chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0
  • 20a101a Add OCI image annotations
  • 229cef1 feat: command id generator support
  • 663383b feat: command id generator support
  • 0f7d945 feat: command id generator support
  • 7f7bdd4 feat: embedded commands fs support
  • c5432ce feat: support node-collector commands and node info
  • 5bf5de4 feat: support node-collector commands and node info
  • 05e7df3 feat: support node-collector commands and node info
  • Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.17 to 1.7.18

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.18

Welcome to the v1.7.18 release of containerd!

The eighteenth patch release for containerd 1.7 contains various updates along with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink time of check to time of use race condition during directory removal.

Highlights

  • Update Go version to 1.21.11 (#10298)
  • Remove uses of platforms.Platform alias (#10277)
  • Migrate log imports to github.com/containerd/log (#10269)
  • Migrate errdefs package to github.com/containerd/errdefs (#10266)
  • Fix usage of "unknown" platform (#10261)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Sebastiaan van Stijn
  • Akhil Mohan
  • Austin Vazquez
  • Phil Estes

Changes

  • Prepare release notes for v1.7.18 (#10301)
    • 9426aab62 Prepare release notes for v1.7.18
  • Update Go version to 1.21.11 (#10298)
  • Remove uses of platforms.Platform alias (#10277)
    • 1e3c662d6 [release/1.7] remove uses of platforms.Platform alias
  • Migrate log imports to github.com/containerd/log (#10269)
    • 0af6825b1 migrate logs imports to github.com/containerd/log module
  • Migrate errdefs package to github.com/containerd/errdefs (#10266)
    • 308341a44 replace uses of github.com/containerd/containerd/errdefs
    • 47ff8cfce migrate errdefs package to github.com/containerd/errdefs module
  • Fix usage of "unknown" platform (#10261)
    • f4d11912a core/image: fix usage of "unknown" platform
  • Explicitly set release latest to true (#10265)
    • 5b0480009 Explicitly set release latest to true
    • d669b100d build(deps): bump softprops/action-gh-release from 1 to 2

Changes from containerd/errdefs

... (truncated)

Commits
  • ae71819 Merge pull request #10301 from dmcgowan/prepare-v1.7.18
  • 9426aab Prepare release notes for v1.7.18
  • 1d324db Merge pull request #10298 from dmcgowan/1.7-update-go
  • cdd3ea9 Update Go version to 1.21.11
  • 0a137f0 Merge pull request #10277 from thaJeztah/1.7_backport_remove_use_of_platform_...
  • 1e3c662 [release/1.7] remove uses of platforms.Platform alias
  • 300a6de Merge pull request #10269 from thaJeztah/1.7_migrate_containerd_log
  • 0af6825 migrate logs imports to github.com/containerd/log module
  • be820ac Merge pull request #10266 from thaJeztah/1.7_migrate_to_errdefs_module
  • 566c535 Merge pull request #10261 from k8s-infra-cherrypick-robot/cherry-pick-10257-t...
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.1.4

26.1.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release updates the Go runtime to 1.21.11 which contains security fixes for:

Bug fixes and enhancements

  • Fixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. moby/moby#47870
  • Prevent the daemon log from being spammed with superfluous response.WriteHeader call ... messages.. moby/moby#47843
  • Don't show empty hints when plugins return an empty hook message. docker/cli#5083
  • Added ContextType: "moby" to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. docker/cli#5095
  • Fix a compatibility issue with Visual Studio Container Tools. docker/cli#5095

Packaging updates

Commits
  • de5c9cf Merge pull request #47912 from thaJeztah/26.1_backport_vendor_containerd_1.7.18
  • c62dcf8 Merge pull request #47911 from thaJeztah/26.1_backport_bump_containerd_binary...
  • 17315a2 vendor: github.com/containerd/containerd v1.7.18
  • cbd9418 update containerd binary to v1.7.18
  • fb9f72a Merge pull request #47904 from thaJeztah/26.1_backport_bump_go1.21.11
  • 3115daa update to go1.21.11
  • 2861734 Merge pull request #47892 from thaJeztah/26.1_backport_api_docs_network_confi...
  • 9c95aea Merge pull request #47893 from thaJeztah/26.1_backport_bump_docker_py
  • 3e09e19 Merge pull request #47894 from thaJeztah/26.1_backport_vendor_containerd_v1.7.17
  • 65b679a Merge pull request #47889 from thaJeztah/26.1_backport_platforms_err_handling
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.24.0

Commits
  • 332fd65 go.mod: update golang.org/x dependencies
  • 0b431c7 x509roots/fallback: update bundle
  • 349231f ssh: implement CryptoPublicKey on sk keys
  • 44c9b0f ssh: allow server auth callbacks to send additional banners
  • 67b1361 sha3: reenable s390x assembly
  • 477a5b4 sha3: make APIs usable with zero allocations
  • 59b5a86 sha3: disable s390x assembly
  • 10f366e sha3: simplify XOR functions
  • See full diff in compare view

Updates golang.org/x/mod from 0.17.0 to 0.18.0

Commits

Updates golang.org/x/net from 0.25.0 to 0.26.0

Commits
  • 66e838c go.mod: update golang.org/x dependencies
  • 6249541 http2: avoid race in server handler SetReadDeadine/SetWriteDeadline
  • 603e3e6 quic: disable X25519Kyber768Draft00 in tests
  • 67e8d0c http2: report an error if goroutines outlive serverTester tests
  • 5608279 http2: avoid corruption in priority write scheduler
  • 0d515a5 http2: factor out frame read/write test functions
  • 9f5b79b http2: drop unused retry function
  • 03c24c2 http2: use synthetic time in server tests
  • 022530c http2: add a more full-featured test net.Conn
  • 410d19e http2: avoid racy access to clientStream.requestedGzip
  • Additional commits viewable in compare view

Updates golang.org/x/term from 0.20.0 to 0.21.0

Commits

Updates golang.org/x/text from 0.15.0 to 0.16.0

Commits
  • 9c2f3a2 cmd/gotext: fix segfault in extract & rewrite commands
  • 59e1219 message: optimize lookupAndFormat function for better performance
  • a20a3e2 x/text: update x/tools for go/ssa range-over-func fix
  • See full diff in compare view

Updates modernc.org/sqlite from 1.30.0 to 1.30.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the common group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.11.1` | `1.12.0` |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.5.2` | `1.6.0` |
| [github.com/aquasecurity/trivy-aws](https://github.com/aquasecurity/trivy-aws) | `0.9.0` | `0.10.0` |
| [github.com/aquasecurity/trivy-checks](https://github.com/aquasecurity/trivy-checks) | `0.11.0` | `0.12.0` |
| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.17` | `1.7.18` |
| [github.com/docker/docker](https://github.com/docker/docker) | `26.1.3+incompatible` | `26.1.4+incompatible` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.17.0` | `0.18.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.30.0` | `1.30.1` |



Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.11.1 to 1.12.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.11.1...sdk/azcore/v1.12.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.5.2 to 1.6.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/internal/v1.5.2...sdk/azcore/v1.6.0)

Updates `github.com/aquasecurity/trivy-aws` from 0.9.0 to 0.10.0
- [Release notes](https://github.com/aquasecurity/trivy-aws/releases)
- [Commits](aquasecurity/trivy-aws@v0.9.0...v0.10.0)

Updates `github.com/aquasecurity/trivy-checks` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/aquasecurity/trivy-checks/releases)
- [Commits](aquasecurity/trivy-checks@v0.11.0...v0.12.0)

Updates `github.com/containerd/containerd` from 1.7.17 to 1.7.18
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.17...v1.7.18)

Updates `github.com/docker/docker` from 26.1.3+incompatible to 26.1.4+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v26.1.3...v26.1.4)

Updates `golang.org/x/crypto` from 0.23.0 to 0.24.0
- [Commits](golang/crypto@v0.23.0...v0.24.0)

Updates `golang.org/x/mod` from 0.17.0 to 0.18.0
- [Commits](golang/mod@v0.17.0...v0.18.0)

Updates `golang.org/x/net` from 0.25.0 to 0.26.0
- [Commits](golang/net@v0.25.0...v0.26.0)

Updates `golang.org/x/term` from 0.20.0 to 0.21.0
- [Commits](golang/term@v0.20.0...v0.21.0)

Updates `golang.org/x/text` from 0.15.0 to 0.16.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.15.0...v0.16.0)

Updates `modernc.org/sqlite` from 1.30.0 to 1.30.1
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.0...v1.30.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/aquasecurity/trivy-aws
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/aquasecurity/trivy-checks
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/containerd/containerd
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from knqyf263 as a code owner June 11, 2024 08:11
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 11, 2024
@DmitriyLewen
Copy link
Contributor

@nikpivkin @simar7
TestRepository/tarball_helm_chart_scanning_with_builtin_policies test is broken after bump github.com/aquasecurity/trivy-aws to v0.10.0.

can any of you take a look?

@knqyf263
Copy link
Collaborator

knqyf263 commented Jun 11, 2024

@DmitriyLewen I think we should exclude aquasecurity/trivy-*, like trivy-kubernetes, trivy-aws and trivy-checks from Dependabot.

@DmitriyLewen
Copy link
Contributor

yes. It make sense. I will create PR.

@DmitriyLewen
Copy link
Contributor

@knqyf263 I created #6908
IIUC, we need to close this PR so that dependabot creates 2 new PRs for trivyt and common groups.

@nikpivkin
Copy link
Contributor

@DmitriyLewen The test failed because in this PR some Kubernetes checks have an updated selector and they now apply to fewer files. In the Trivy we just need to update the tests.

@simar7
Copy link
Member

simar7 commented Jun 11, 2024

@DmitriyLewen The test failed because in this PR some Kubernetes checks have an updated selector and they now apply to fewer files. In the Trivy we just need to update the tests.

cc @chen-keinan

Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 13, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jun 13, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/common-9ed1564fca branch June 13, 2024 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants