Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the common group with 11 updates #8110

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the common group with 11 updates #8110

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 16, 2024
edited
Loading

Bumps the common group with 11 updates:

Package From To
github.com/containerd/containerd/v2 2.0.0 2.0.1
github.com/gocsaf/csaf/v3 3.1.0 3.1.1
github.com/secure-systems-lab/go-securesystemslib 0.8.0 0.9.0
github.com/sigstore/rekor 1.3.6 1.3.7
github.com/tetratelabs/wazero 1.8.1 1.8.2
github.com/zclconf/go-cty 1.15.0 1.15.1
golang.org/x/net 0.31.0 0.32.0
golang.org/x/xerrors 0.0.0-20231012003039-104605ab7028 0.0.0-20240716161551-93cc26a95ae9
k8s.io/api 0.31.2 0.32.0
k8s.io/utils 0.0.0-20240711033017-18e509b52bc8 0.0.0-20241104100929-3ea5e8cea738
modernc.org/sqlite 1.34.1 1.34.2

Updates github.com/containerd/containerd/v2 from 2.0.0 to 2.0.1

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.0.1

Welcome to the v2.0.1 release of containerd!

The first patch release for containerd 2.0 includes a number of bug fixes and improvements.

Highlights

Container Runtime Interface (CRI)

Image Distribution

  • Update differ to handle zstd media types (#11068)

Runtime

  • Update runc binary to v1.2.3 (#11142)
  • Fix panic due to nil dereference cgroups v2 (#11098)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Wei Fu
  • Archit Kulkarni
  • Jin Dong
  • Phil Estes
  • Akhil Mohan
  • Akihiro Suda
  • Alexey Lunev
  • Austin Vazquez
  • Maksym Pavlenko
  • Mike Brown
  • Michael Zappa
  • Samuel Karp
  • Sebastiaan van Stijn
  • Andrey Smirnov
  • Davanum Srinivas

Changes

  • Prepare release notes for v2.0.1 (#11158)

... (truncated)

Commits
  • 88aa2f5 Merge pull request #11158 from dmcgowan/prepare-v2.0.1
  • b0ece5d Prepare release notes for v2.0.1
  • e206c07 Merge pull request #11154 from k8s-infra-cherrypick-robot/cherry-pick-11122-t...
  • fe69570 build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0
  • eb2d0c4 Merge pull request #11153 from k8s-infra-cherrypick-robot/cherry-pick-11130-t...
  • eb2ce68 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+
  • c11f124 Merge pull request #11139 from k8s-infra-cherrypick-robot/cherry-pick-11086-t...
  • 8c6dd50 Merge pull request #11151 from k8s-infra-cherrypick-robot/cherry-pick-11104-t...
  • e9004f0 Merge pull request #11146 from k8s-infra-cherrypick-robot/cherry-pick-11135-t...
  • c403b64 Merge pull request #11140 from k8s-infra-cherrypick-robot/cherry-pick-11061-t...
  • Additional commits viewable in compare view

Updates github.com/gocsaf/csaf/v3 from 3.1.0 to 3.1.1

Release notes

Sourced from github.com/gocsaf/csaf/v3's releases.

v3.1.1

Release 3.1.1

Commits
  • 1daaed2 ensure HTTP requests use proxy env vars (#597)
  • 18af28f Merge pull request #600 from gocsaf/docs-proxy-for-2
  • b8a9803 fix docs link to standard
  • 678f232 Merge pull request #593 from gocsaf/add-upload-permission
  • 2435abe Merge pull request #594 from gocsaf/update_go_3rd_party_libs_2024_11_22
  • 3dc84f3 Merge pull request #598 from gocsaf/docs-readme-12
  • b218084 Update README.md that go paths can be adjusted
  • 9495d8b Update Go 3rd party libs
  • f6d7589 Add required upload permissions
  • See full diff in compare view

Updates github.com/secure-systems-lab/go-securesystemslib from 0.8.0 to 0.9.0

Commits
  • 7d19192 Merge pull request #103 from secure-systems-lab/dependabot/go_modules/golang....
  • 21102fa chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
  • 1fb13ff Merge pull request #102 from secure-systems-lab/dependabot/github_actions/act...
  • 4e1c22d chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0
  • 847cabc Merge pull request #101 from secure-systems-lab/dependabot/go_modules/golang....
  • 06fac2f chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0
  • c1aadb2 Merge pull request #100 from secure-systems-lab/dependabot/go_modules/github....
  • 8fef2d7 chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0
  • c65f6c8 Merge pull request #99 from secure-systems-lab/dependabot/go_modules/golang.o...
  • 35b687d chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.29.0
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.3.6 to 1.3.7

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.7

Changelog

Please see https://github.com/sigstore/rekor/blob/main/CHANGELOG.md for changes included in this release.

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.7

New Features

  • log request body on 500 error to aid debugging (#2283)
  • Add support for signing with Tink keyset (#2228)
  • Add public key hash check in Signed Note verification (#2214)
  • update Trillian TLS configuration (#2202)
  • Add TLS support for Trillian server (#2164)
  • Replace docker-compose with plugin if available (#2153)
  • Add flags to backfill script (#2146)
  • Unset DisableKeepalive for backfill HTTP client (#2137)
  • Add script to delete indexes from Redis (#2120)
  • Run CREATE statement in backfill script (#2109)
  • Add MySQL support to backfill script (#2081)
  • Run e2e tests on mysql and redis index backends (#2079)

Bug Fixes

  • remove unneeded value in log message (#2282)
  • Add error message when computing consistency proof (#2278)
  • fix validation error handling on API (#2217)
  • fix error in pretty-printed inclusion proof from verify subcommand (#2210)
  • Fix index scripts (#2203)
  • fix failing sharding test
  • Better error handling in backfill script (#2148)
  • Batch entries in cleanup script (#2158)
  • Add missing workflow for index cleanup test (#2121)
  • hashedrekord: fix schema $id (#2092)

Contributors

  • Aditya Sirish
  • Bob Callaway
  • Colleen Murphy
  • cpanato
  • Firas Ghanmi
  • Hayden B
  • Hojoung (Brian) Jang
  • William Woodruff
Commits
  • 4caadbc changelog for v1.3.7 (#2284)
  • 9fddf00 log request body on 500 error to aid debugging (#2283)
  • 92584b7 remove unneeded value in log message (#2282)
  • 56ea4b5 Add error message when computing consistency proof (#2278)
  • 3eb84f9 build(deps): Bump the all group with 2 updates
  • 28aa29c build(deps): Bump google/cloud-sdk from 500.0.0 to 501.0.0
  • d7e2d1d build(deps): Bump codecov/codecov-action from 4.6.0 to 5.0.2
  • a018e78 build(deps): Bump google.golang.org/api from 0.205.0 to 0.206.0
  • 38d5f67 build(deps): Bump golang from d56c3e0 to 73f06be
  • ded5cd1 build(deps): Bump google.golang.org/api from 0.204.0 to 0.205.0
  • Additional commits viewable in compare view

Updates github.com/tetratelabs/wazero from 1.8.1 to 1.8.2

Release notes

Sourced from github.com/tetratelabs/wazero's releases.

v1.8.2

This release includes two main things:

Commits

Updates github.com/zclconf/go-cty from 1.15.0 to 1.15.1

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.15.1 (November 26, 2024)

  • function: Function calls can now return more mark-related information when called with unknown values when neither AllowMarks nor AllowUnknown are set for a particular parameter. (#196)
Commits
  • 3149f9d Prepare for v1.15.1 release
  • 63279be Update CHANGELOG.md
  • da16ad4 function: include marks when returning early with an unknown value
  • ea922e7 Add GitHub's "funding" metadata file
  • 7313684 function/stdlib: Even more Distinct tests
  • b843884 function/stdlib: unit tests for Distinct function
  • 0b7ccb8 docs: fix little typo in value marks
  • 9a4ed1e Prepare for possible future v1.15.1 release
  • See full diff in compare view

Updates golang.org/x/net from 0.31.0 to 0.32.0

Commits
  • 285e1cf go.mod: update golang.org/x dependencies
  • d0a1049 route: remove unused sizeof* consts on freebsd
  • 6e41410 http2: fix benchmarks using common frame read/write functions
  • 4be1253 route: change from syscall to x/sys/unix
  • bc37675 http2: limit number of PINGs bundled with RST_STREAMs
  • e9cd716 route: fix parse of zero-length sockaddrs in RIBs
  • 9a51899 http2: add SETTINGS_ENABLE_CONNECT_PROTOCOL support
  • See full diff in compare view

Updates golang.org/x/xerrors from 0.0.0-20231012003039-104605ab7028 to 0.0.0-20240716161551-93cc26a95ae9

Commits

Updates k8s.io/api from 0.31.2 to 0.32.0

Commits
  • e622342 Update dependencies to v0.32.0 tag
  • b0543a3 Merge remote-tracking branch 'origin/master' into release-1.32
  • f6bae9a Drop use of winreadlinkvolume godebug option
  • ea815d5 Merge remote-tracking branch 'origin/master' into release-1.32
  • c331a79 Revert to go1.22 windows filesystem stdlib behavior
  • f8e5e36 Merge pull request #128407 from ndixita/pod-level-resources
  • 84e0db8 Merge pull request #127857 from Jefftree/cle-v1alpha2
  • cbaf5a0 Merge pull request #128686 from thockin/take_over_pr-125233
  • a503a4f Merge pull request #128687 from tallclair/allocated-status
  • 3f43b5a Merge pull request #128240 from LionelJouin/KEP-4817
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738

Commits

Updates modernc.org/sqlite from 1.34.1 to 1.34.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the common group with 11 updates
dbafbe6 
Bumps the common group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) | `2.0.0` | `2.0.1` |
| [github.com/gocsaf/csaf/v3](https://github.com/gocsaf/csaf) | `3.1.0` | `3.1.1` |
| [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) | `0.8.0` | `0.9.0` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.3.6` | `1.3.7` |
| [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero) | `1.8.1` | `1.8.2` |
| [github.com/zclconf/go-cty](https://github.com/zclconf/go-cty) | `1.15.0` | `1.15.1` |
| [golang.org/x/net](https://github.com/golang/net) | `0.31.0` | `0.32.0` |
| [golang.org/x/xerrors](https://github.com/golang/xerrors) | `0.0.0-20231012003039-104605ab7028` | `0.0.0-20240716161551-93cc26a95ae9` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.31.2` | `0.32.0` |
| [k8s.io/utils](https://github.com/kubernetes/utils) | `0.0.0-20240711033017-18e509b52bc8` | `0.0.0-20241104100929-3ea5e8cea738` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.34.1` | `1.34.2` |


Updates `github.com/containerd/containerd/v2` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v2.0.0...v2.0.1)

Updates `github.com/gocsaf/csaf/v3` from 3.1.0 to 3.1.1
- [Release notes](https://github.com/gocsaf/csaf/releases)
- [Changelog](https://github.com/gocsaf/csaf/blob/main/docs/release-process-hints.md)
- [Commits](gocsaf/csaf@v3.1.0...v3.1.1)

Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](secure-systems-lab/go-securesystemslib@v0.8.0...v0.9.0)

Updates `github.com/sigstore/rekor` from 1.3.6 to 1.3.7
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.3.6...v1.3.7)

Updates `github.com/tetratelabs/wazero` from 1.8.1 to 1.8.2
- [Release notes](https://github.com/tetratelabs/wazero/releases)
- [Commits](tetratelabs/wazero@v1.8.1...v1.8.2)

Updates `github.com/zclconf/go-cty` from 1.15.0 to 1.15.1
- [Release notes](https://github.com/zclconf/go-cty/releases)
- [Changelog](https://github.com/zclconf/go-cty/blob/main/CHANGELOG.md)
- [Commits](zclconf/go-cty@v1.15.0...v1.15.1)

Updates `golang.org/x/net` from 0.31.0 to 0.32.0
- [Commits](golang/net@v0.31.0...v0.32.0)

Updates `golang.org/x/xerrors` from 0.0.0-20231012003039-104605ab7028 to 0.0.0-20240716161551-93cc26a95ae9
- [Commits](https://github.com/golang/xerrors/commits)

Updates `k8s.io/api` from 0.31.2 to 0.32.0
- [Commits](kubernetes/api@v0.31.2...v0.32.0)

Updates `k8s.io/utils` from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738
- [Commits](https://github.com/kubernetes/utils/commits)

Updates `modernc.org/sqlite` from 1.34.1 to 1.34.2
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.1...v1.34.2)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/gocsaf/csaf/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/sigstore/rekor
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/tetratelabs/wazero
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/zclconf/go-cty
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/xerrors
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: k8s.io/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from knqyf263 as a code owner December 16, 2024 14:55
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 16, 2024
@nikpivkin
Copy link
Contributor

I'll take a look:

go: github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser imports
	helm.sh/helm/v3/pkg/chartutil imports
	k8s.io/client-go/kubernetes/scheme imports
	k8s.io/api/coordination/v1alpha1: module k8s.io/api@latest found (v0.32.0), but does not contain package k8s.io/api/coordination/v1alpha1

@nikpivkin
Copy link
Contributor

@knqyf263 We need to wait for helm to update k8s.io/api to v0.32.0 helm/helm#13526

@knqyf263
Copy link
Collaborator

knqyf263 commented Dec 17, 2024
edited
Loading

OK, so can you downgrade k8s.io/api to v0.31.2 and see if it works? You can push the change to this branch.

@nikpivkin
Copy link
Contributor

This version does not cause conflicts, but rekor v1.3.7 requires go>=1.23.2 go: github.com/sigstore/[email protected] requires go >= 1.23.2; switching to go1.23.4.

@knqyf263
Copy link
Collaborator

Adding toolchain directive looks fine to me.

@nikpivkin
Copy link
Contributor

It also updates the minimal version of Go in addition to the toolchain.

@knqyf263
Copy link
Collaborator

We might want to bump Go in a separate PR. Can you please open it?

@nikpivkin
Copy link
Contributor

Created #8123

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 18, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 18, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/common-f90260b09f branch December 18, 2024 10:12
@nikpivkin
Copy link
Contributor

@knqyf263 dependabot created new PR #8126

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

Assignees

@nikpivkin nikpivkin

Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikpivkin @knqyf263