1
0
mirror of https://github.com/goreleaser/goreleaser.git synced 2024-12-29 01:44:39 +02:00
goreleaser/go.mod

345 lines
18 KiB
Modula-2
Raw Normal View History

module github.com/goreleaser/goreleaser/v2
2018-10-29 02:54:15 +02:00
go 1.23.0
2018-10-29 02:54:15 +02:00
require (
chore(deps): bump code.gitea.io/sdk/gitea from 0.18.0 to 0.19.0 (#5033) Bumps code.gitea.io/sdk/gitea from 0.18.0 to 0.19.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=code.gitea.io/sdk/gitea&package-manager=go_modules&previous-version=0.18.0&new-version=0.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 14:20:21 +02:00
code.gitea.io/sdk/gitea v0.19.0
chore(deps): bump dario.cat/mergo from 1.0.0 to 1.0.1 (#5093) Bumps [dario.cat/mergo](https://github.com/imdario/mergo) from 1.0.0 to 1.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/imdario/mergo/releases">dario.cat/mergo's releases</a>.</em></p> <blockquote> <h2>v1.0.1</h2> <h2>What's Changed</h2> <ul> <li>fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a> by <a href="https://github.com/vsemichev"><code>@​vsemichev</code></a> in <a href="https://redirect.github.com/darccio/mergo/pull/253">darccio/mergo#253</a></li> <li>fix: <code>WithoutDereference</code> should respect non-nil struct pointers by <a href="https://github.com/joshkaplinsky"><code>@​joshkaplinsky</code></a> in <a href="https://redirect.github.com/darccio/mergo/pull/251">darccio/mergo#251</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vsemichev"><code>@​vsemichev</code></a> made their first contribution in <a href="https://redirect.github.com/darccio/mergo/pull/253">darccio/mergo#253</a></li> <li><a href="https://github.com/joshkaplinsky"><code>@​joshkaplinsky</code></a> made their first contribution in <a href="https://redirect.github.com/darccio/mergo/pull/251">darccio/mergo#251</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1">https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/darccio/mergo/commit/59ea6a9cd9f9c60cb6b1c58476f76cd3172ccebf"><code>59ea6a9</code></a> Merge pull request <a href="https://redirect.github.com/imdario/mergo/issues/251">#251</a> from joshkaplinsky/joshkaplinsky/without-dereference-...</li> <li><a href="https://github.com/darccio/mergo/commit/96f24afa924ff3b6f024de9f5aa72020078b06f9"><code>96f24af</code></a> Merge pull request <a href="https://redirect.github.com/imdario/mergo/issues/253">#253</a> from vsemichev/master</li> <li><a href="https://github.com/darccio/mergo/commit/2f1a6156ce0c8b8a6291926b75bc27b9b8fc2bfe"><code>2f1a615</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a>. adds test to verify the fix.</li> <li><a href="https://github.com/darccio/mergo/commit/4da170b81eef59e84cfa68070a73aea40f98ddbd"><code>4da170b</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a>. attempt <a href="https://redirect.github.com/imdario/mergo/issues/3">#3</a></li> <li><a href="https://github.com/darccio/mergo/commit/a13a1175be733af04b175c9fe616f594c5e8dfa9"><code>a13a117</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a>. attempt <a href="https://redirect.github.com/imdario/mergo/issues/2">#2</a></li> <li><a href="https://github.com/darccio/mergo/commit/6b830ffc3df09a6f22aafd7dfbf5f02d0da2ee22"><code>6b830ff</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a></li> <li><a href="https://github.com/darccio/mergo/commit/f33862a52373a787536aff7428212ce0ecb0cac0"><code>f33862a</code></a> WithoutDereference should respect structs</li> <li><a href="https://github.com/darccio/mergo/commit/cde9f0ea26cccb1168ee3900cf8ca457bb928c3c"><code>cde9f0e</code></a> Merge pull request <a href="https://redirect.github.com/imdario/mergo/issues/246">#246</a> from darccio/darccio/v1-frozen</li> <li><a href="https://github.com/darccio/mergo/commit/f1e2fe566a09b85177236eea3f03fc5dab009edc"><code>f1e2fe5</code></a> chore: frozen v1</li> <li><a href="https://github.com/darccio/mergo/commit/7f7b4afa33c905820aa75c473f3f13321dd499b5"><code>7f7b4af</code></a> Update FUNDING.yml</li> <li>Additional commits viewable in <a href="https://github.com/imdario/mergo/compare/v1.0.0...v1.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dario.cat/mergo&package-manager=go_modules&previous-version=1.0.0&new-version=1.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 14:25:23 +02:00
dario.cat/mergo v1.0.1
chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 (#5105) Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.2.1 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Masterminds/semver/releases">github.com/Masterminds/semver/v3's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Fix: bad package in README by <a href="https://github.com/sdelicata"><code>@​sdelicata</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li> <li>Updating the GitHub Actions and versions of Go used by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/229">Masterminds/semver#229</a></li> <li>Fix spelling in README by <a href="https://github.com/robinschneider"><code>@​robinschneider</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li> <li>Adding go build cache to fuzz output by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/232">Masterminds/semver#232</a></li> <li>Add caching to fuzz testing by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/234">Masterminds/semver#234</a></li> <li>updating github actions by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/235">Masterminds/semver#235</a></li> <li>feat: nil version equality by <a href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li> <li>add &gt;= and &lt;= by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li> <li>doc: hyphen range constraint without whitespace by <a href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li> <li>Removing reference to vert by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/245">Masterminds/semver#245</a></li> <li>simplify StrictNewVersion by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/241">Masterminds/semver#241</a></li> <li>Updating the testing version of Go used by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/246">Masterminds/semver#246</a></li> <li>bumping min version in go.mod based on what's tested by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/248">Masterminds/semver#248</a></li> <li>Updating changelog for 3.3.0 by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/249">Masterminds/semver#249</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sdelicata"><code>@​sdelicata</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li> <li><a href="https://github.com/robinschneider"><code>@​robinschneider</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li> <li><a href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li> <li><a href="https://github.com/grosser"><code>@​grosser</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li> <li><a href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0">https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Masterminds/semver/blob/master/CHANGELOG.md">github.com/Masterminds/semver/v3's changelog</a>.</em></p> <blockquote> <h2>3.3.0 (2024-08-27)</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/238">#238</a>: Add LessThanEqual and GreaterThanEqual functions (thanks <a href="https://github.com/grosser"><code>@​grosser</code></a>)</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/213">#213</a>: nil version equality checking (thanks <a href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a>)</li> </ul> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a>: Simplify StrictNewVersion parsing (thanks <a href="https://github.com/grosser"><code>@​grosser</code></a>)</li> <li>Testing support up through Go 1.23</li> <li>Minimum version set to 1.21 as this is what's tested now</li> <li>Fuzz testing now supports caching</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Masterminds/semver/commit/e6e3d4d3cb1073f0ab8fb3d4be0869d1687b75f9"><code>e6e3d4d</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/249">#249</a> from mattfarina/update-changelog-3.3.0</li> <li><a href="https://github.com/Masterminds/semver/commit/e80c4ea7233523c64c380d944a3ed57c1666ac67"><code>e80c4ea</code></a> Updating changelog for 3.3.0</li> <li><a href="https://github.com/Masterminds/semver/commit/80427ad56e4fca2ef72e4050f01f1c9c347a0cd3"><code>80427ad</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/248">#248</a> from mattfarina/bump-min-version</li> <li><a href="https://github.com/Masterminds/semver/commit/b6108372278f95198bb85fd22464b3cdc894a3a2"><code>b610837</code></a> bumping min version in go.mod based on what's tested</li> <li><a href="https://github.com/Masterminds/semver/commit/a4cccd8ea5e6a94c09921a2dd4136e337ef069d1"><code>a4cccd8</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/246">#246</a> from mattfarina/bump-go-1.23</li> <li><a href="https://github.com/Masterminds/semver/commit/7c178cf0c64cb23c5fcf0a291a2c9fb968806819"><code>7c178cf</code></a> Updating the testing version of Go used</li> <li><a href="https://github.com/Masterminds/semver/commit/29f94c1119d901b8b4daf94be98df54ef044d3d9"><code>29f94c1</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a> from grosser/grosser/validate</li> <li><a href="https://github.com/Masterminds/semver/commit/2cf1b16b95d71b6f8ccd5fc0fe43e1896a3049cd"><code>2cf1b16</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/245">#245</a> from mattfarina/remove-vert</li> <li><a href="https://github.com/Masterminds/semver/commit/b55476af0ebb4f52e3f5fb5aca65960354bdc309"><code>b55476a</code></a> Removing reference to vert</li> <li><a href="https://github.com/Masterminds/semver/commit/d07450b7cfece0885549dce1ad5b798aa7844d95"><code>d07450b</code></a> simplify StrictNewVersion</li> <li>Additional commits viewable in <a href="https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/Masterminds/semver/v3&package-manager=go_modules&previous-version=3.2.1&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-28 16:26:33 +02:00
github.com/Masterminds/semver/v3 v3.3.0
chore(deps): bump github.com/anchore/quill from 0.4.1 to 0.4.2 (#4988) Bumps [github.com/anchore/quill](https://github.com/anchore/quill) from 0.4.1 to 0.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/quill/releases">github.com/anchore/quill's releases</a>.</em></p> <blockquote> <h2>v0.4.2</h2> <h1>Changelog</h1> <h2><a href="https://github.com/anchore/quill/tree/v0.4.2">v0.4.2</a> (2024-07-11)</h2> <p><a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">Full Changelog</a></p> <h3>Bug Fixes</h3> <ul> <li>fix: terminal no longer clobbered [[PR <a href="https://redirect.github.com/anchore/quill/issues/142">#142</a>](https://redirect.github.com/anchore/quill/pull/142)] [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>fix: notarization should not fail [[Issue <a href="https://redirect.github.com/anchore/quill/issues/118">#118</a>](https://redirect.github.com/anchore/quill/issues/118)] [[PR <a href="https://redirect.github.com/anchore/quill/issues/119">#119</a>](https://redirect.github.com/anchore/quill/pull/119)] [<a href="https://github.com/wagoodman">wagoodman</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/quill/commit/4639bd62b2a88f6552bb3dea42e501f538919a93"><code>4639bd6</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.223 to 1.1.225 (<a href="https://redirect.github.com/anchore/quill/issues/455">#455</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ca419a618682341ec40798043358c0e4f69e4c91"><code>ca419a6</code></a> chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (<a href="https://redirect.github.com/anchore/quill/issues/449">#449</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf4af8169670bcab7e9b01fb2f56c969d694b22f"><code>bf4af81</code></a> chore(deps): bump github.com/charmbracelet/lipgloss (<a href="https://redirect.github.com/anchore/quill/issues/454">#454</a>)</li> <li><a href="https://github.com/anchore/quill/commit/8b306166bb4dbffa2419d05950c5039993f465d8"><code>8b30616</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.12 to 1.54.18 (<a href="https://redirect.github.com/anchore/quill/issues/456">#456</a>)</li> <li><a href="https://github.com/anchore/quill/commit/dd4e6c85c5c2493529c74fe94a58dd71fd2aa930"><code>dd4e6c8</code></a> chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (<a href="https://redirect.github.com/anchore/quill/issues/453">#453</a>)</li> <li><a href="https://github.com/anchore/quill/commit/a75519372136730ec04ef8e8e848f71196faf311"><code>a755193</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.220 to 1.1.223 (<a href="https://redirect.github.com/anchore/quill/issues/439">#439</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf64d8a2fd68f72094080e2af3a4eca884b430d6"><code>bf64d8a</code></a> chore(deps): bump github.com/charmbracelet/bubbletea (<a href="https://redirect.github.com/anchore/quill/issues/440">#440</a>)</li> <li><a href="https://github.com/anchore/quill/commit/196e96e91826b422557a1f3b23ab59276dac46a9"><code>196e96e</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.2 to 1.54.12 (<a href="https://redirect.github.com/anchore/quill/issues/446">#446</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ff50f7a9dd90dff83c0c8536374085a0d73ebbcd"><code>ff50f7a</code></a> chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/anchore/quill/issues/427">#427</a>)</li> <li><a href="https://github.com/anchore/quill/commit/092a1387f060de85a8a8b0d2d5c987a68603b65e"><code>092a138</code></a> chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (<a href="https://redirect.github.com/anchore/quill/issues/432">#432</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/anchore/quill&package-manager=go_modules&previous-version=0.4.1&new-version=0.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 14:41:38 +02:00
github.com/anchore/quill v0.4.2
chore(deps): bump github.com/atc0005/go-teams-notify/v2 from 2.11.0 to 2.12.0 (#5092) Bumps [github.com/atc0005/go-teams-notify/v2](https://github.com/atc0005/go-teams-notify) from 2.11.0 to 2.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/atc0005/go-teams-notify/releases">github.com/atc0005/go-teams-notify/v2's releases</a>.</em></p> <blockquote> <h2>v2.12.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>New Features or Enhancements 🎉</h3> <ul> <li>Expose <code>TeamsMessage</code> interface to support mocking by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/291">atc0005/go-teams-notify#291</a></li> </ul> <h3>Other Changes</h3> <ul> <li>Update CHANGELOG for v2.12.0 release by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/295">atc0005/go-teams-notify#295</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/atc0005/go-teams-notify/compare/v2.11.0...v2.12.0">https://github.com/atc0005/go-teams-notify/compare/v2.11.0...v2.12.0</a></p> <h2>v2.12.0-rc.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>New Features or Enhancements 🎉</h3> <ul> <li>Expose <code>TeamsMessage</code> interface to support mocking by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/291">atc0005/go-teams-notify#291</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/atc0005/go-teams-notify/compare/v2.11.0...v2.12.0-rc.1">https://github.com/atc0005/go-teams-notify/compare/v2.11.0...v2.12.0-rc.1</a></p> <h2>v2.12.0-alpha.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>New Features or Enhancements 🎉</h3> <ul> <li>Expose <code>TeamsMessage</code> interface to support mocking by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/289">atc0005/go-teams-notify#289</a></li> </ul> <h3>Bug Fixes 🐛</h3> <ul> <li>Update CodeQL workflow to run on dev branch PRs by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/282">atc0005/go-teams-notify#282</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/atc0005/go-teams-notify/compare/v2.11.0-alpha.5...v2.12.0-alpha.1">https://github.com/atc0005/go-teams-notify/compare/v2.11.0-alpha.5...v2.12.0-alpha.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/atc0005/go-teams-notify/blob/master/CHANGELOG.md">github.com/atc0005/go-teams-notify/v2's changelog</a>.</em></p> <blockquote> <h2>[v2.12.0] - 2024-08-16</h2> <h3>Added</h3> <ul> <li>(<a href="https://redirect.github.com/atc0005/go-teams-notify/issues/291">GH-291</a>) Expose <code>TeamsMessage</code> interface to support mocking</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/atc0005/go-teams-notify/commit/f047a24ffb08bc4ceb46d7978e0306ab1f8840eb"><code>f047a24</code></a> Merge pull request <a href="https://redirect.github.com/atc0005/go-teams-notify/issues/295">#295</a> from atc0005/update-changelog-for-v2.12.0-release</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/74ee0ac512f976d8bdc93e1a81ea275ca6070559"><code>74ee0ac</code></a> Update CHANGELOG for v2.12.0 release</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/adbaed0c6b133432c8ed9fd691fc6166855c9147"><code>adbaed0</code></a> Merge pull request <a href="https://redirect.github.com/atc0005/go-teams-notify/issues/291">#291</a> from atc0005/i285-expose-TeamsMessage-interface</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/8b7707c601437e69834eceb0fd5b5f185ee67c87"><code>8b7707c</code></a> Expose <code>TeamsMessage</code> interface to support mocking</li> <li>See full diff in <a href="https://github.com/atc0005/go-teams-notify/compare/v2.11.0...v2.12.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/atc0005/go-teams-notify/v2&package-manager=go_modules&previous-version=2.11.0&new-version=2.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 14:25:03 +02:00
github.com/atc0005/go-teams-notify/v2 v2.12.0
chore(deps): bump github.com/google/ko from 0.15.2 to 0.15.4 (#4885) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.2 to 0.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Refactor global values to be defaults by <a href="https://github.com/nmittler"><code>@​nmittler</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1318">ko-build/ko#1318</a></p> </li> <li> <p>Bump actions/checkout from 4.1.5 to 4.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1316">ko-build/ko#1316</a></p> </li> <li> <p>Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1315">ko-build/ko#1315</a></p> </li> <li> <p>Bump github/codeql-action from 2.13.4 to 3.25.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1319">ko-build/ko#1319</a></p> </li> <li> <p>Bump github/codeql-action from 3.25.5 to 3.25.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1321">ko-build/ko#1321</a></p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4">https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4</a></p> <h2>v0.15.3</h2> <p>🚨 We are investigating an issue with this release 🚨 See <a href="https://redirect.github.com/ko-build/ko/issues/1317">ko-build/ko#1317</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1244">ko-build/ko#1244</a></li> <li>Fix fly.io deployment docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1247">ko-build/ko#1247</a></li> <li>Bump golang.org/x/tools from 0.18.0 to 0.19.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1249">ko-build/ko#1249</a></li> <li>Update setup-ko action link in install.md by <a href="https://github.com/koki-develop"><code>@​koki-develop</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1256">ko-build/ko#1256</a></li> <li>Fix kind image names with --bare by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1027">ko-build/ko#1027</a></li> <li>fix: update github.com/awslabs/amazon-ecr-credential-helper to latest version by <a href="https://github.com/nesty92"><code>@​nesty92</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1267">ko-build/ko#1267</a></li> <li>drop go1.20 and start testing with go1.22 and ci updates by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1251">ko-build/ko#1251</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1265">ko-build/ko#1265</a></li> <li>Bump reviewdog/action-misspell from 1.15.0 to 1.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1252">ko-build/ko#1252</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1258">ko-build/ko#1258</a></li> <li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1255">ko-build/ko#1255</a></li> <li>Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1257">ko-build/ko#1257</a></li> <li>Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1253">ko-build/ko#1253</a></li> <li>Bump actions/setup-python from 5.0.0 to 5.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1269">ko-build/ko#1269</a></li> <li>Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1259">ko-build/ko#1259</a></li> <li>Bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1263">ko-build/ko#1263</a></li> <li>Bump reviewdog/action-misspell from 1.16.0 to 1.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1270">ko-build/ko#1270</a></li> <li>Add support for setting capabilities on the app binary by <a href="https://github.com/mejedi"><code>@​mejedi</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1271">ko-build/ko#1271</a></li> <li>Bump golang.org/x/sync from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1273">ko-build/ko#1273</a></li> <li>Bump golang.org/x/tools from 0.19.0 to 0.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1272">ko-build/ko#1272</a></li> <li>Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1275">ko-build/ko#1275</a></li> <li>Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1277">ko-build/ko#1277</a></li> <li>chore: fix function names in comment by <a href="https://github.com/camcui"><code>@​camcui</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1278">ko-build/ko#1278</a></li> <li>Bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1279">ko-build/ko#1279</a></li> <li>Fix AWS Lambda advanced docs by <a href="https://github.com/mattn"><code>@​mattn</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1281">ko-build/ko#1281</a></li> <li>Bump actions/upload-artifact from 4.3.1 to 4.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1284">ko-build/ko#1284</a></li> <li>Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1283">ko-build/ko#1283</a></li> <li>Bump actions/checkout from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1285">ko-build/ko#1285</a></li> <li>Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1286">ko-build/ko#1286</a></li> <li>Bump actions/upload-artifact from 4.3.2 to 4.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1288">ko-build/ko#1288</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1287">ko-build/ko#1287</a></li> <li>Bump actions/checkout from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1290">ko-build/ko#1290</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/c9e27f0dae0b9db53e19d521bbc5ee811ce00e39"><code>c9e27f0</code></a> Update integration_test.sh</li> <li><a href="https://github.com/ko-build/ko/commit/7cb29ac9b8f0dbdea83e2828fb9da040752b2053"><code>7cb29ac</code></a> Refactor global values to be defaults</li> <li><a href="https://github.com/ko-build/ko/commit/29e852e8bbd76d65722c57497106adb1378f885f"><code>29e852e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1321">#1321</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/74f02a8f5989e979bbc10ac067ae8d4cbd22537e"><code>74f02a8</code></a> ---</li> <li><a href="https://github.com/ko-build/ko/commit/81723216fa527be864baee6f6518fa0895e12710"><code>8172321</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1319">#1319</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/f979606b996aa20b6c6ad01226b726e1cb2777e7"><code>f979606</code></a> Bump github/codeql-action from 2.13.4 to 3.25.5</li> <li><a href="https://github.com/ko-build/ko/commit/bb99eccfe235e7b583c857bb1bafbf45f72178d1"><code>bb99ecc</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1315">#1315</a> from ko-build/dependabot/go_modules/github.com/docke...</li> <li><a href="https://github.com/ko-build/ko/commit/dcb8f4edfe8463aba0554e8cd03e58b1bd650f0a"><code>dcb8f4e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1316">#1316</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/7e47ec504a307bc63b4e2254434b9644dcf33841"><code>7e47ec5</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/ko-build/ko/commit/459bf48a23b48e5423109fd30ea0eca546279709"><code>459bf48</code></a> Bump github.com/docker/docker</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.15.2...v0.15.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.15.2&new-version=0.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-22 15:56:23 +02:00
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f
github.com/bluesky-social/indigo v0.0.0-20240813042137-4006c0eca043
github.com/caarlos0/ctrlc v1.2.0
github.com/caarlos0/env/v11 v11.2.2
github.com/caarlos0/go-reddit/v3 v3.0.1
github.com/caarlos0/go-shellwords v1.0.12
github.com/caarlos0/go-version v0.1.1
chore(deps): bump github.com/caarlos0/log from 0.4.5 to 0.4.6 (#4995) Bumps [github.com/caarlos0/log](https://github.com/caarlos0/log) from 0.4.5 to 0.4.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/caarlos0/log/releases">github.com/caarlos0/log's releases</a>.</em></p> <blockquote> <h2>v0.4.6</h2> <h2>Changelog</h2> <h3>Other work</h3> <ul> <li>06d70bcb12eea57ffa7971bc77e6c9f96824db3f: ci: update goreleaser conf (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <hr /> <p><em>Released with <a href="https://goreleaser.com/pro">GoReleaser Pro</a>!</em></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/caarlos0/log/commit/5a2932ab1d2887dc2c5148c9f316cf30e5001bdb"><code>5a2932a</code></a> chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.0 to 0.12.0 (<a href="https://redirect.github.com/caarlos0/log/issues/36">#36</a>)</li> <li><a href="https://github.com/caarlos0/log/commit/3e89e5b88f8a8b201a6f10a26c1b1e9b65e4b156"><code>3e89e5b</code></a> chore(deps): bump goreleaser/goreleaser-action from 5 to 6 (<a href="https://redirect.github.com/caarlos0/log/issues/34">#34</a>)</li> <li><a href="https://github.com/caarlos0/log/commit/06d70bcb12eea57ffa7971bc77e6c9f96824db3f"><code>06d70bc</code></a> ci: update goreleaser conf</li> <li>See full diff in <a href="https://github.com/caarlos0/log/compare/v0.4.5...v0.4.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/caarlos0/log&package-manager=go_modules&previous-version=0.4.5&new-version=0.4.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-15 14:37:45 +02:00
github.com/caarlos0/log v0.4.6
chore(deps): bump github.com/charmbracelet/keygen from 0.5.0 to 0.5.1 (#5084) Bumps [github.com/charmbracelet/keygen](https://github.com/charmbracelet/keygen) from 0.5.0 to 0.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/keygen/releases">github.com/charmbracelet/keygen's releases</a>.</em></p> <blockquote> <h2>v0.5.1</h2> <h2>Changelog</h2> <h3>Other work</h3> <ul> <li>11fd3c7e032fc1ac9fa28d2444c3a3a884111091: build: dependabot config (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>ac4889661d14406ece73e713e384b4d7f93ef152: build: fix golangci-lint config (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>66abd54ad630168d53f530d6e68598656e6bdc26: refactor: keygen: refactor same expression (<a href="https://redirect.github.com/charmbracelet/keygen/issues/16">#16</a>) (<a href="https://github.com/orangekame3"><code>@​orangekame3</code></a>)</li> <li>334fb4fe9fb3035360e421b305ba68e0834487fc: refactor: remove ioutil package (<a href="https://redirect.github.com/charmbracelet/keygen/issues/15">#15</a>) (<a href="https://github.com/orangekame3"><code>@​orangekame3</code></a>)</li> </ul> <hr /> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <p>Thoughts? Questions? We love hearing from you. Feel free to reach out on <a href="https://twitter.com/charmcli">Twitter</a>, <a href="https://mastodon.technology/@charm">The Fediverse</a>, or on <a href="https://charm.sh/chat">Discord</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/keygen/commit/11108ea758c1be31e409a29a87b8a47ffae36c40"><code>11108ea</code></a> chore(deps): bump actions/checkout from 2 to 4 (<a href="https://redirect.github.com/charmbracelet/keygen/issues/19">#19</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/8c30dda898430812a2add237234f730022c4255b"><code>8c30dda</code></a> chore(deps): bump golangci/golangci-lint-action from 2 to 6 (<a href="https://redirect.github.com/charmbracelet/keygen/issues/18">#18</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/030fd5343a36028338ef0bff8e7db4e741e991df"><code>030fd53</code></a> chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.26.0 (<a href="https://redirect.github.com/charmbracelet/keygen/issues/20">#20</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/ac4889661d14406ece73e713e384b4d7f93ef152"><code>ac48896</code></a> build: fix golangci-lint config</li> <li><a href="https://github.com/charmbracelet/keygen/commit/66abd54ad630168d53f530d6e68598656e6bdc26"><code>66abd54</code></a> refactor: keygen: refactor same expression (<a href="https://redirect.github.com/charmbracelet/keygen/issues/16">#16</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/334fb4fe9fb3035360e421b305ba68e0834487fc"><code>334fb4f</code></a> refactor: remove ioutil package (<a href="https://redirect.github.com/charmbracelet/keygen/issues/15">#15</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/11fd3c7e032fc1ac9fa28d2444c3a3a884111091"><code>11fd3c7</code></a> build: dependabot config</li> <li>See full diff in <a href="https://github.com/charmbracelet/keygen/compare/v0.5.0...v0.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/keygen&package-manager=go_modules&previous-version=0.5.0&new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 21:49:28 +02:00
github.com/charmbracelet/keygen v0.5.1
chore(deps): bump github.com/charmbracelet/lipgloss from 0.12.1 to 0.13.0 (#5095) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.12.1 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h1>Woodn’t you know, Lip Gloss has trees!</h1> <p>Lip Gloss now ships with a tree rendering sub-package!</p> <pre lang="go"><code>import &quot;github.com/charmbracelet/lipgloss/tree&quot; </code></pre> <p>Define a new tree.</p> <pre lang="go"><code>t := tree.Root(&quot;.&quot;). Child(&quot;A&quot;, &quot;B&quot;, &quot;C&quot;) </code></pre> <p>Print the tree.</p> <pre lang="go"><code>fmt.Println(t) <p>// .<br /> // ├── A<br /> // ├── B<br /> // └── C<br /> </code></pre></p> <p>Trees have the ability to nest.</p> <pre lang="go"><code>t := tree.Root(&quot;.&quot;). Child(&quot;Item 1&quot;). Child( tree.Root(&quot;Item 2&quot;). Child(&quot;Item 2.1&quot;). Child(&quot;Item 2.2&quot;). Child(&quot;Item 2.3&quot;), ). Child( tree.Root(&quot;Item 3&quot;). Child(&quot;Item 3.1&quot;). Child(&quot;Item 3.2&quot;), ) </code></pre> <p>Print the tree.</p> <pre lang="go"><code>fmt.Println(t) </code></pre> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/bb3e3398bb98de0faf2966331c4686b360f7eab4"><code>bb3e339</code></a> docs(README): match tree example alignment with list examples</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/bc0de5ca26463c5d6f6f8abcb28a5d3090019fd8"><code>bc0de5c</code></a> docs(README): make tree example match output</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/185fde35318b966319d590e960e3382233f72c6f"><code>185fde3</code></a> docs(README): update tree images</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/cf0a7c615f558ed2a522babdcf6288f46667a5bb"><code>cf0a7c6</code></a> docs: fix tree screenshot</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/feb42a9be4a0577fd10b8e9ba80541ca759fb60c"><code>feb42a9</code></a> feat: move tree to root (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/342">#342</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/0618c73743d90bb724af8f5a75e4c17bced1ff87"><code>0618c73</code></a> feat(test): add test for <code>JoinHorizontal</code> (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/346">#346</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/ed7f56e2a7e910c5a63983683c2d7e387d09d024"><code>ed7f56e</code></a> docs: fix <code>CompleteColor</code> example (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/345">#345</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/8a0e6405b71da72f705fbdb6a98eba0095ddbabe"><code>8a0e640</code></a> fix: remove unnecessary if</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/87dd58def709590a169ba141d22ab1c76081275e"><code>87dd58d</code></a> chore: fix little typo in comment in go.mod</li> <li>See full diff in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.12.1...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.12.1&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-21 20:40:16 +02:00
github.com/charmbracelet/lipgloss v0.13.0
chore(deps): bump github.com/charmbracelet/x/exp/ordered from 0.0.0-20231010190216-1cb11efc897d to 0.1.0 (#4948) Bumps [github.com/charmbracelet/x/exp/ordered](https://github.com/charmbracelet/x) from 0.0.0-20231010190216-1cb11efc897d to 0.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/x/releases">github.com/charmbracelet/x/exp/ordered's releases</a>.</em></p> <blockquote> <h2>v0.1.0</h2> <p>The very first release of our <code>x</code> package!</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/meowgorithm"><code>@​meowgorithm</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/x/pull/1">charmbracelet/x#1</a></li> <li><a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/x/pull/2">charmbracelet/x#2</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/charmbracelet/x/commits/v0.1.0">https://github.com/charmbracelet/x/commits/v0.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/charmbracelet/x/commits/v0.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/x/exp/ordered&package-manager=go_modules&previous-version=0.0.0-20231010190216-1cb11efc897d&new-version=0.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 14:30:30 +02:00
github.com/charmbracelet/x/exp/ordered v0.1.0
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
github.com/dghubble/go-twitter v0.0.0-20211115160449-93a8679adecb
chore(deps): bump github.com/dghubble/oauth1 from 0.7.2 to 0.7.3 (#4650) Bumps [github.com/dghubble/oauth1](https://github.com/dghubble/oauth1) from 0.7.2 to 0.7.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dghubble/oauth1/releases">github.com/dghubble/oauth1's releases</a>.</em></p> <blockquote> <h2>v0.7.3</h2> <h2>Changes</h2> <ul> <li>Percent encode special characters in HMAC-SHA1 secrets (<a href="https://redirect.github.com/dghubble/oauth1/pull/72">#72</a>)</li> <li>Strip whitespace from request token body (<a href="https://redirect.github.com/dghubble/oauth1/pull/56">#56</a>)</li> <li>Update Go module dependencies</li> </ul> <h2>Contributions</h2> <ul> <li>Use a centrally managed GitHub Workflow for go tests by <a href="https://github.com/dghubble"><code>@​dghubble</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/68">dghubble/oauth1#68</a></li> <li>Allow Go test Workflow to run on PRs by <a href="https://github.com/dghubble"><code>@​dghubble</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/69">dghubble/oauth1#69</a></li> <li>Fix HMAC-SHA1 key creation. by <a href="https://github.com/jerryryle"><code>@​jerryryle</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/72">dghubble/oauth1#72</a></li> <li>Fix oauth_callback_confirmed comparison when server returns extra whitespace by <a href="https://github.com/pscohn"><code>@​pscohn</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/56">dghubble/oauth1#56</a></li> <li>Add changelog for new release by <a href="https://github.com/dghubble"><code>@​dghubble</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/73A">dghubble/oauth1#73</a></li> </ul> <h2>Dependencies</h2> <ul> <li>Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/67">dghubble/oauth1#67</a></li> <li>Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/70">dghubble/oauth1#70</a></li> <li>Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/71">dghubble/oauth1#71</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jerryryle"><code>@​jerryryle</code></a> made their first contribution in <a href="https://redirect.github.com/dghubble/oauth1/pull/72">dghubble/oauth1#72</a></li> <li><a href="https://github.com/pscohn"><code>@​pscohn</code></a> made their first contribution in <a href="https://redirect.github.com/dghubble/oauth1/pull/56">dghubble/oauth1#56</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dghubble/oauth1/compare/v0.7.2...v0.7.3">https://github.com/dghubble/oauth1/compare/v0.7.2...v0.7.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dghubble/oauth1/blob/main/CHANGES.md">github.com/dghubble/oauth1's changelog</a>.</em></p> <blockquote> <h2>v0.7.3</h2> <ul> <li>Percent encode special characters in HMAC-SHA1 secrets (<a href="https://redirect.github.com/dghubble/oauth1/pull/72">#72</a>)</li> <li>Strip whitespace from request token body (<a href="https://redirect.github.com/dghubble/oauth1/pull/56">#56</a>)</li> <li>Update Go module dependencies</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dghubble/oauth1/commit/1f002e0d15d39ff470e50757a5f07403fcdb759d"><code>1f002e0</code></a> Add changelog for new release</li> <li><a href="https://github.com/dghubble/oauth1/commit/ef868072a599cf57fae2c86353c586dead2a8a57"><code>ef86807</code></a> Fix oauth_callback_confirmed comparison when server returns extra whitespace</li> <li><a href="https://github.com/dghubble/oauth1/commit/bb5618856237e63c3cb37534b7a8b738d518801b"><code>bb56188</code></a> Fix HMAC-SHA1 key creation.</li> <li><a href="https://github.com/dghubble/oauth1/commit/79e2ef8bf593ad9fcda570e35cfbb6e7b7f9206c"><code>79e2ef8</code></a> Bump github.com/stretchr/testify from 1.8.3 to 1.8.4</li> <li><a href="https://github.com/dghubble/oauth1/commit/e7f7a93e50be011b21c74ca86e0f0c4bd341ed77"><code>e7f7a93</code></a> Bump github.com/stretchr/testify from 1.8.2 to 1.8.3</li> <li><a href="https://github.com/dghubble/oauth1/commit/74c61479f9208cf0507b307b7379ca8279653d71"><code>74c6147</code></a> Allow Go test Workflow to run on PRs</li> <li><a href="https://github.com/dghubble/oauth1/commit/43ba0f7195a61293aaaf4b33190a217874f0a1bc"><code>43ba0f7</code></a> Bump github.com/stretchr/testify from 1.8.1 to 1.8.2</li> <li><a href="https://github.com/dghubble/oauth1/commit/2ceed997d3ed5779f03135a3268bb8acf1baaf4c"><code>2ceed99</code></a> Use a centrally managed GitHub Workflow for go tests</li> <li>See full diff in <a href="https://github.com/dghubble/oauth1/compare/v0.7.2...v0.7.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/dghubble/oauth1&package-manager=go_modules&previous-version=0.7.2&new-version=0.7.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-27 14:57:24 +02:00
github.com/dghubble/oauth1 v0.7.3
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-beta.1 (#4983) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-alpha.1 to 3.0.0-beta.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-beta.1</h2> <p>Welcome to the <code>3.0.0-beta.1</code> release of registry!</p> <p>This is the last major <strong>pre-release</strong> of registry.</p> <p>See the changelog below for full list of changes.</p> <h2>Deprecated</h2> <ul> <li>the default configuration path has changed to <code>/etc/distribution/config.yml</code></li> </ul> <h2>Notable Changes</h2> <ul> <li>Support for sparse indexes enables selective mirroring of platform images</li> <li>Auth config now requires explicit declaration of token signing algorithms if using an unsupported signing algorithm</li> <li>Support for OpenTelemetry tracing has been added</li> <li>Redis cache now supports clustering and custom TLS config</li> <li>Caching proxy bug fixes and minor improvements</li> <li>Garbage collection fixes and improvements</li> <li>Documentation has received several updates</li> </ul> <h2>What's Changed</h2> <ul> <li>update: set User-Agent header in GCS storage driver by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4203">distribution/distribution#4203</a></li> <li>version: export getter functions by <a href="https://github.com/corhere"><code>@​corhere</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4204">distribution/distribution#4204</a></li> <li>feat: add GH issue template by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4206">distribution/distribution#4206</a></li> <li>fix: build status badge by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4207">distribution/distribution#4207</a></li> <li>docs: remove legacy kramdown options from link by <a href="https://github.com/SKalt"><code>@​SKalt</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4209">distribution/distribution#4209</a></li> <li>update: readme cleanup and fxes by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4208">distribution/distribution#4208</a></li> <li>feat: add PR labeler by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4205">distribution/distribution#4205</a></li> <li>fix: add missing skip in s3 driver test by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4219">distribution/distribution#4219</a></li> <li>vendor: github.com/mitchellh/mapstructure v1.5.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4222">distribution/distribution#4222</a></li> <li>chore: dependabot to keep gha up to date by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4217">distribution/distribution#4217</a></li> <li>build(deps): bump github/codeql-action from 1.0.26 to 3.22.12 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4225">distribution/distribution#4225</a></li> <li>build(deps): bump actions/deploy-pages from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4224">distribution/distribution#4224</a></li> <li>build(deps): bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4226">distribution/distribution#4226</a></li> <li>build(deps): bump actions/setup-go from 3 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4228">distribution/distribution#4228</a></li> <li>build(deps): bump actions/configure-pages from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4227">distribution/distribution#4227</a></li> <li>chore: generate authors and update mailmap by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4215">distribution/distribution#4215</a></li> <li>chore: use no-cache-filter for outdated stage by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4216">distribution/distribution#4216</a></li> <li>build(deps): bump actions/upload-pages-artifact from 2 to 3 by <a href="https://github.com/dvdksn"><code>@​dvdksn</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4234">distribution/distribution#4234</a></li> <li>build(deps): bump docker/login-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4239">distribution/distribution#4239</a></li> <li>build(deps): bump docker/metadata-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4240">distribution/distribution#4240</a></li> <li>update to alpine 3.19 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4210">distribution/distribution#4210</a></li> <li>build(deps): bump docker/setup-buildx-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4230">distribution/distribution#4230</a></li> <li>fix: load gcs credentials and client inside DriverConstructor by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4218">distribution/distribution#4218</a></li> <li>build(deps): bump docker/bake-action from 2 to 4 by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4253">distribution/distribution#4253</a></li> <li>build(deps): bump actions/upload-artifact from 3.0.0 to 4.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4254">distribution/distribution#4254</a></li> <li>remove deprecated ReadSeekCloser interfaces by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4245">distribution/distribution#4245</a></li> <li>vendor: github.com/gorilla/handlers v1.5.2 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4211">distribution/distribution#4211</a></li> <li>fix: update Dockerfile version output by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4212">distribution/distribution#4212</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/c709432b917488208fa78a7932843d91eca59801"><code>c709432</code></a> Prep for v3-beta1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4399">#4399</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/c72db4109c6259a6b53d7b071e5912dbdc166332"><code>c72db41</code></a> Prep for v3-beta1 release</li> <li><a href="https://github.com/distribution/distribution/commit/60da1934b6c5ca04a5e3abc820f288209b97bc5c"><code>60da193</code></a> Bump Go and golang linter (<a href="https://redirect.github.com/distribution/distribution/issues/4389">#4389</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/948a39d358e0a89e9704eff9270d76b9506393ca"><code>948a39d</code></a> Update docs: JWKS credentials and AZ identity (<a href="https://redirect.github.com/distribution/distribution/issues/4397">#4397</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/d3cc664fa2219d5ac6e7a724dbb755f27b08a2e6"><code>d3cc664</code></a> Update docs: JWKS credentials and AZ identity</li> <li><a href="https://github.com/distribution/distribution/commit/4dd0ac977e9674cc0c2f3b206edb43475dac91c1"><code>4dd0ac9</code></a> feat: implement 'rewrite' storage middleware (<a href="https://redirect.github.com/distribution/distribution/issues/4146">#4146</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/306f4ff71eae432a323723eb4ffaf9aa861ca603"><code>306f4ff</code></a> Replace custom Redis config struct with go-redis UniversalOptions (adds senti...</li> <li><a href="https://github.com/distribution/distribution/commit/558ace139143057e0f8e3dbbcc5b695dda33462a"><code>558ace1</code></a> feat: implement 'rewrite' storage middleware</li> <li><a href="https://github.com/distribution/distribution/commit/6d5911900a793318e61324584a144d2b06b40b2b"><code>6d59119</code></a> Update Redis configuration docs with TLS options</li> <li><a href="https://github.com/distribution/distribution/commit/3a8499541a8d624b909c1e16a8d41e22b756457e"><code>3a84995</code></a> docs: disable base element override (<a href="https://redirect.github.com/distribution/distribution/issues/4391">#4391</a>)</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-alpha.1...v3.0.0-beta.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-alpha.1&new-version=3.0.0-beta.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 02:49:48 +02:00
github.com/distribution/distribution/v3 v3.0.0-beta.1
github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1
github.com/google/go-containerregistry v0.20.2
github.com/google/go-github/v64 v64.0.0
github.com/google/ko v0.16.0
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#4571) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/uuid/releases">github.com/google/uuid's releases</a>.</em></p> <blockquote> <h2>v1.6.0</h2> <h2><a href="https://github.com/google/uuid/compare/v1.5.0...v1.6.0">1.6.0</a> (2024-01-16)</h2> <h3>Features</h3> <ul> <li>add Max UUID constant (<a href="https://redirect.github.com/google/uuid/issues/149">#149</a>) (<a href="https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3">c58770e</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>fix typo in version 7 uuid documentation (<a href="https://redirect.github.com/google/uuid/issues/153">#153</a>) (<a href="https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06">016b199</a>)</li> <li>Monotonicity in UUIDv7 (<a href="https://redirect.github.com/google/uuid/issues/150">#150</a>) (<a href="https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6">a2b2b32</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/google/uuid/blob/master/CHANGELOG.md">github.com/google/uuid's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/google/uuid/compare/v1.5.0...v1.6.0">1.6.0</a> (2024-01-16)</h2> <h3>Features</h3> <ul> <li>add Max UUID constant (<a href="https://redirect.github.com/google/uuid/issues/149">#149</a>) (<a href="https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3">c58770e</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>fix typo in version 7 uuid documentation (<a href="https://redirect.github.com/google/uuid/issues/153">#153</a>) (<a href="https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06">016b199</a>)</li> <li>Monotonicity in UUIDv7 (<a href="https://redirect.github.com/google/uuid/issues/150">#150</a>) (<a href="https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6">a2b2b32</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/uuid/commit/0f11ee6918f41a04c201eceeadf612a377bc7fbc"><code>0f11ee6</code></a> chore(master): release 1.6.0 (<a href="https://redirect.github.com/google/uuid/issues/151">#151</a>)</li> <li><a href="https://github.com/google/uuid/commit/16939dafc37a38d2743810a8bdf60fdad6a0f3a3"><code>16939da</code></a> chore(tests): add strict monotonicity test case for uuid v7. (<a href="https://redirect.github.com/google/uuid/issues/154">#154</a>)</li> <li><a href="https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06"><code>016b199</code></a> fix: fix typo in version 7 uuid documentation (<a href="https://redirect.github.com/google/uuid/issues/153">#153</a>)</li> <li><a href="https://github.com/google/uuid/commit/1d8b6ea0990d688105843a9a67b1d07222350502"><code>1d8b6ea</code></a> ci: set token permissions to github workflows (<a href="https://redirect.github.com/google/uuid/issues/143">#143</a>)</li> <li><a href="https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6"><code>a2b2b32</code></a> fix: Monotonicity in UUIDv7 (<a href="https://redirect.github.com/google/uuid/issues/150">#150</a>)</li> <li><a href="https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3"><code>c58770e</code></a> feat: add Max UUID constant (<a href="https://redirect.github.com/google/uuid/issues/149">#149</a>)</li> <li>See full diff in <a href="https://github.com/google/uuid/compare/v1.5.0...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/uuid&package-manager=go_modules&previous-version=1.5.0&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 16:37:02 +02:00
github.com/google/uuid v1.6.0
github.com/goreleaser/fileglob v1.3.0
github.com/goreleaser/nfpm/v2 v2.39.0
github.com/hashicorp/go-multierror v1.1.1
feat(deps): bump github.com/invopop/jsonschema from 0.11.0 to 0.12.0 (#4348) Bumps [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema) from 0.11.0 to 0.12.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/invopop/jsonschema/commit/9b6bb6e8f15aa557c1df053de86d4e5043365ca9"><code>9b6bb6e</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/108">#108</a> from invopop/schema-property-alias</li> <li><a href="https://github.com/invopop/jsonschema/commit/f45517cf07169cf4e35eae0a4e47ad8086098583"><code>f45517c</code></a> Typo</li> <li><a href="https://github.com/invopop/jsonschema/commit/ab81e2aa6405fefd82b6958075d64d2de1844bcd"><code>ab81e2a</code></a> Fixing linting</li> <li><a href="https://github.com/invopop/jsonschema/commit/933814a23a0b8401d90625df47f4be2a0c9a3039"><code>933814a</code></a> support for JSONSchemaAlias y JSONSchemaProperty methods</li> <li><a href="https://github.com/invopop/jsonschema/commit/0108689b9f4e04f64a5986ea21650f07673c21cf"><code>0108689</code></a> Support for JSONSchemaAlias method</li> <li><a href="https://github.com/invopop/jsonschema/commit/12cbc49539c8deac9baeae7811fdcab42fd5def0"><code>12cbc49</code></a> Updating test output with new number parsing</li> <li><a href="https://github.com/invopop/jsonschema/commit/cada51da5649ccf919c51225dd8e2260a388b883"><code>cada51d</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/96">#96</a> from Hotdawg/regex_with_equals</li> <li><a href="https://github.com/invopop/jsonschema/commit/9d905a25553837495e11ecb6d61f5348110dc49f"><code>9d905a2</code></a> Limit split on genericKeywords</li> <li><a href="https://github.com/invopop/jsonschema/commit/080d97dda979ca9544cc362b9f1c7c02cfc03697"><code>080d97d</code></a> Merge branch 'invopop:main' into regex_with_equals</li> <li><a href="https://github.com/invopop/jsonschema/commit/8a098cbcb66558b5c55fccd24c7cc42825d906d6"><code>8a098cb</code></a> Fix linter issue</li> <li>See full diff in <a href="https://github.com/invopop/jsonschema/compare/v0.11.0...v0.12.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/invopop/jsonschema&package-manager=go_modules&previous-version=0.11.0&new-version=0.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 14:48:15 +02:00
github.com/invopop/jsonschema v0.12.0
feat(deps): bump github.com/jarcoal/httpmock from 1.3.0 to 1.3.1 (#4253) Bumps [github.com/jarcoal/httpmock](https://github.com/jarcoal/httpmock) from 1.3.0 to 1.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jarcoal/httpmock/releases">github.com/jarcoal/httpmock's releases</a>.</em></p> <blockquote> <h2>v1.3.1</h2> <p>Fix:</p> <ul> <li><a href="https://pkg.go.dev/github.com/jarcoal/httpmock#BodyContainsBytes">BodyContainsBytes</a> &amp; <a href="https://pkg.go.dev/github.com/jarcoal/httpmock#BodyContainsString">BodyContainsString</a> used with <a href="https://pkg.go.dev/github.com/jarcoal/httpmock#Matcher.And">And</a>/<a href="https://pkg.go.dev/github.com/jarcoal/httpmock#Matcher.Or">Or</a> by <a href="https://github.com/maxatome"><code>@​maxatome</code></a> in <a href="https://redirect.github.com/jarcoal/httpmock/issues/146">#146</a> thanks to <a href="https://github.com/Moon1706"><code>@​Moon1706</code></a> for the report → <a href="https://redirect.github.com/jarcoal/httpmock/issues/145">#145</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jarcoal/httpmock/commit/8b32cd6f52e32195f15b55c5217c12c29d6004b5"><code>8b32cd6</code></a> fix: BodyContainsBytes &amp; BodyContainsString used with And/Or</li> <li><a href="https://github.com/jarcoal/httpmock/commit/497153dd46a496640fe99428b2c833ddab93f119"><code>497153d</code></a> ci: test against go 1.21 &amp; use golangci-lint 1.54.1</li> <li><a href="https://github.com/jarcoal/httpmock/commit/070d3c85e0739c5ef0230c40f7b48b16d24c44ff"><code>070d3c8</code></a> ci: switch to install-go v3.4</li> <li><a href="https://github.com/jarcoal/httpmock/commit/1ddb9fa5c42c84afdca30c98914b42fda3005a57"><code>1ddb9fa</code></a> refactor: make golangci-lint v1.52.2 happy</li> <li><a href="https://github.com/jarcoal/httpmock/commit/507a05e8629b1661bbf08df649775319a6bde5d4"><code>507a05e</code></a> ci: add workflow_dispatch as event trigger</li> <li>See full diff in <a href="https://github.com/jarcoal/httpmock/compare/v1.3.0...v1.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/jarcoal/httpmock&package-manager=go_modules&previous-version=1.3.0&new-version=1.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-17 13:33:17 +02:00
github.com/jarcoal/httpmock v1.3.1
github.com/klauspost/pgzip v1.2.6
chore(deps): bump github.com/mattn/go-mastodon from 0.0.6 to 0.0.8 (#4872) Bumps [github.com/mattn/go-mastodon](https://github.com/mattn/go-mastodon) from 0.0.6 to 0.0.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mattn/go-mastodon/commit/190d45d2ecc90f7b5965c5d13009dd1d28b7fc28"><code>190d45d</code></a> update go.mod</li> <li><a href="https://github.com/mattn/go-mastodon/commit/18f53e138642d438552972b0d9dd237396a25d0c"><code>18f53e1</code></a> fix go.mod module</li> <li><a href="https://github.com/mattn/go-mastodon/commit/4f1b16bb826f9de25b169a069cf3b3f9797401de"><code>4f1b16b</code></a> update github workflow</li> <li><a href="https://github.com/mattn/go-mastodon/commit/0c91499d6528563480b88e6b98bba8e0e780657d"><code>0c91499</code></a> go mod tidy</li> <li><a href="https://github.com/mattn/go-mastodon/commit/afce2f5eb278b322560787ccc15781a33fd70f4c"><code>afce2f5</code></a> update deps</li> <li><a href="https://github.com/mattn/go-mastodon/commit/9c0773141dae89967e8181e0231e879cb21a26ed"><code>9c07731</code></a> update deps</li> <li><a href="https://github.com/mattn/go-mastodon/commit/a0bda564b5900b2bf2775f42011820b64676230e"><code>a0bda56</code></a> feat: add GetEndorsements method</li> <li><a href="https://github.com/mattn/go-mastodon/commit/b8ed0816089c709f14bc40d8760b16a0df76a105"><code>b8ed081</code></a> add .idea directory to .gitignore file</li> <li><a href="https://github.com/mattn/go-mastodon/commit/073dfd699697be4b62329623e200d4f16c385dbd"><code>073dfd6</code></a> Update README.md</li> <li><a href="https://github.com/mattn/go-mastodon/commit/d53cfea7c694f35b17401e24d249dcb61014f162"><code>d53cfea</code></a> Introduce APIError type and make ErrorEvent.Err public</li> <li>Additional commits viewable in <a href="https://github.com/mattn/go-mastodon/compare/v0.0.6...v0.0.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/mattn/go-mastodon&package-manager=go_modules&previous-version=0.0.6&new-version=0.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-16 15:02:42 +02:00
github.com/mattn/go-mastodon v0.0.8
feat: add gitlab for releases (#1038) * outlines gitlab client integration * makes client parameter more explicit * adds gitlab url to config * changes releaseID to string to adapt to gitlab * updates to latest gitlab client lib 0.18 * fixes copy paster in gitlab upload func * fixes gitlab typo in config * adds gitlab token to env and context * release now uses the client factory method * skips brew pipe if it is not a github release * add github tokentype to publish tests * skips scoop pipe if it is not a github release * corrects brew skip msg * adds gitlab token to main test * adds gitlab to release docs * validates config and errors accordingly * adapt release pipe name to include gitlab * fixes gitlab client after testing * moves not-configured brew and scoop pipe checks as first check * adds more debug to gitlab client * adapts changelog generation for gitlab markdown * adds debug log for gitlab changelog * env needs to run before changelog pipe * moves gitlab default download url to default pipe * moves multiple releases check to from config to release pipe * release differs now for github and gitlab * adds debug gitlab release update msgs * moves env pipe as second after before because it determines the token type other pipes depend on * adaptes error check on gitlab release creation * Revert "adaptes error check on gitlab release creation" This reverts commit 032024571c76140f8e2207ee01cc08088f37594b. * simplifies gitlab client logic. removes comments * skips tls verification for gitlab client if specified in config * updates the docs * adds clarification that brew and scoop are not supported if it is a gitlab release * fixes copy paster in release.md * adds missing blob pipe in defaults and publish due to missing in merge * updates comment in gitlab client
2019-06-29 16:02:40 +02:00
github.com/mitchellh/go-homedir v1.1.0
github.com/muesli/mango-cobra v1.2.0
github.com/muesli/roff v0.1.0
feat(deps): bump github.com/muesli/termenv from 0.15.1 to 0.15.2 (#4148) Bumps [github.com/muesli/termenv](https://github.com/muesli/termenv) from 0.15.1 to 0.15.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/muesli/termenv/releases">github.com/muesli/termenv's releases</a>.</em></p> <blockquote> <h2>v0.15.2</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump actions/setup-go from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/126">muesli/termenv#126</a></li> <li>build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/128">muesli/termenv#128</a></li> <li>fix: Cloud Shell supports RGB colors by <a href="https://github.com/muesli"><code>@​muesli</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/127">muesli/termenv#127</a></li> <li>build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/129">muesli/termenv#129</a></li> <li>fix: wezterm is truecolor by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/139">muesli/termenv#139</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2">https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/muesli/termenv/commit/51d72d34e2b9778a31aa5dd79fbdd8cdac50b4d5"><code>51d72d3</code></a> fix: wezterm is truecolor (<a href="https://redirect.github.com/muesli/termenv/issues/139">#139</a>)</li> <li><a href="https://github.com/muesli/termenv/commit/b57cbb11093e11f08bdeb3d54234909b8fa079fe"><code>b57cbb1</code></a> fix: lint</li> <li><a href="https://github.com/muesli/termenv/commit/e02986697d716017087dc725465e3d8691d317e4"><code>e029866</code></a> build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0</li> <li><a href="https://github.com/muesli/termenv/commit/9b3e79975a48df063aa7a7c1ca0c20c3c868332c"><code>9b3e799</code></a> fix: Cloud Shell supports RGB colors</li> <li><a href="https://github.com/muesli/termenv/commit/73a40463ff25452432bd4e588150285c6aeca58e"><code>73a4046</code></a> build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18</li> <li><a href="https://github.com/muesli/termenv/commit/39f5d6e77915ccc34a9e752ad0b7a3443b393058"><code>39f5d6e</code></a> build(deps): bump actions/setup-go from 3 to 4</li> <li>See full diff in <a href="https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/muesli/termenv&package-manager=go_modules&previous-version=0.15.1&new-version=0.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 14:46:00 +02:00
github.com/muesli/termenv v0.15.2
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/ory/dockertest/v3 v3.11.0
chore(deps): bump github.com/slack-go/slack from 0.13.1 to 0.14.0 (#5085) Bumps [github.com/slack-go/slack](https://github.com/slack-go/slack) from 0.13.1 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/slack-go/slack/releases">github.com/slack-go/slack's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>What's Changed</h2> <p>v0.14.0 is now available. It contains <strong>no breaking changes</strong> but does include several pieces of new functionality and long-standing bug fixes.</p> <h3>Enhancements</h3> <ul> <li>Added Support for receiving <code>metadata</code> when receiving a <code>MessageEvent</code> over WebSocket by <a href="https://github.com/rfratto"><code>@​rfratto</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1307">slack-go/slack#1307</a></li> <li>Added a new field to expose file data when receiving a <code>File</code> event from a Slack Connect Channel by <a href="https://github.com/zFlabmonsta"><code>@​zFlabmonsta</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1312">slack-go/slack#1312</a></li> <li>Added support for the <code>slack_file</code> in the image block by <a href="https://github.com/rhysm"><code>@​rhysm</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1311">slack-go/slack#1311</a></li> <li>Added 35 missing Websocket event types by <a href="https://github.com/Aryakoste"><code>@​Aryakoste</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1306">slack-go/slack#1306</a></li> <li>Added support for parsing <code>AppRateLimited</code> events in the <code>ParseEvent</code> function by <a href="https://github.com/nemuvski"><code>@​nemuvski</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1308">slack-go/slack#1308</a></li> <li>Added newly documented Channel Canvas properties to the <code>conversations.info</code> Web API method by <a href="https://github.com/ku"><code>@​ku</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1228">slack-go/slack#1228</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>Fixed an edge case when using <code>UpdateRemoteFileContext</code> and <code>UpdateRemoteFile</code> and Image Previews would return an <code>invalid_auth</code> error by <a href="https://github.com/EkeMinusYou"><code>@​EkeMinusYou</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1117">slack-go/slack#1117</a></li> </ul> <h3>Chores / Code Cleanup</h3> <ul> <li>Replaced deprecated <code>ioutil</code> with <code>io</code> and <code>os</code> packages by <a href="https://github.com/nakamasato"><code>@​nakamasato</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1310">slack-go/slack#1310</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/rfratto"><code>@​rfratto</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1307">slack-go/slack#1307</a></li> <li><a href="https://github.com/nakamasato"><code>@​nakamasato</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1310">slack-go/slack#1310</a></li> <li><a href="https://github.com/rhysm"><code>@​rhysm</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1311">slack-go/slack#1311</a></li> <li><a href="https://github.com/Aryakoste"><code>@​Aryakoste</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1306">slack-go/slack#1306</a></li> <li><a href="https://github.com/nemuvski"><code>@​nemuvski</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1308">slack-go/slack#1308</a></li> <li><a href="https://github.com/ku"><code>@​ku</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1228">slack-go/slack#1228</a></li> <li><a href="https://github.com/EkeMinusYou"><code>@​EkeMinusYou</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1117">slack-go/slack#1117</a></li> <li><a href="https://github.com/jjjjeeffff"><code>@​jjjjeeffff</code></a> was instrumental in the successful resolution of <a href="https://redirect.github.com/slack-go/slack/pull/1117">slack-go/slack#1117</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/slack-go/slack/compare/v0.13.1...v0.14.0">https://github.com/slack-go/slack/compare/v0.13.1...v0.14.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/slack-go/slack/commit/242df4614edb261e5f4f4a3907c979caf6b4977c"><code>242df46</code></a> fix: create multipart form when multipart request (<a href="https://redirect.github.com/slack-go/slack/issues/1117">#1117</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/5345c06b764bae9d8ba9838a8f47303c764c26e4"><code>5345c06</code></a> feat: Add Properties.Canvas to Channel (<a href="https://redirect.github.com/slack-go/slack/issues/1228">#1228</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/50e7414b58e49e610c1d18f46b35cdb34556f9ed"><code>50e7414</code></a> feat: Add support for parsing AppRateLimited events (<a href="https://redirect.github.com/slack-go/slack/issues/1308">#1308</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/e947079302882b182ee1bfae177023405fb747a2"><code>e947079</code></a> feat: Events api reconcilation (<a href="https://redirect.github.com/slack-go/slack/issues/1306">#1306</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/99b3ebefe7d6d29bbb4152748e27f598de0c0157"><code>99b3ebe</code></a> Add slack_file to image block (<a href="https://redirect.github.com/slack-go/slack/issues/1311">#1311</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/75103a96618c2b61e026a9b8b4656d1be5b9f2c1"><code>75103a9</code></a> add file access field to file struct for slackevents (<a href="https://redirect.github.com/slack-go/slack/issues/1312">#1312</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/25fefc8d6f397d51ab310472936f4e25846a15ae"><code>25fefc8</code></a> chore: replace ioutil with io or os package (<a href="https://redirect.github.com/slack-go/slack/issues/1310">#1310</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/b9d4317540003c4f14c15c0c1e02d6cb95e6f1fb"><code>b9d4317</code></a> slackevents: support metadata in MessageEvent (<a href="https://redirect.github.com/slack-go/slack/issues/1307">#1307</a>)</li> <li>See full diff in <a href="https://github.com/slack-go/slack/compare/v0.13.1...v0.14.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/slack-go/slack&package-manager=go_modules&previous-version=0.13.1&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 21:49:03 +02:00
github.com/slack-go/slack v0.14.0
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#4945) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p> <blockquote> <h2>v1.8.1</h2> <h2>✨ Features</h2> <ul> <li>Add env variable to suppress completion descriptions on create by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1938">spf13/cobra#1938</a></li> </ul> <h2>🐛 Bug fixes</h2> <ul> <li>Micro-optimizations by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1957">spf13/cobra#1957</a></li> </ul> <h2>🔧 Maintenance</h2> <ul> <li>build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2127">spf13/cobra#2127</a></li> <li>Consistent annotation names by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2140">spf13/cobra#2140</a></li> <li>Remove fully inactivated linters by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2148">spf13/cobra#2148</a></li> <li>Address golangci-lint deprecation warnings, enable some more linters by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2152">spf13/cobra#2152</a></li> </ul> <h2>🧪 Testing &amp; CI/CD</h2> <ul> <li>Add test for func in cobra.go by <a href="https://github.com/korovindenis"><code>@​korovindenis</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2094">spf13/cobra#2094</a></li> <li>ci: test golang 1.22 by <a href="https://github.com/cyrilico"><code>@​cyrilico</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2113">spf13/cobra#2113</a></li> <li>Optimized and added more linting by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2099">spf13/cobra#2099</a></li> <li>build(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2087">spf13/cobra#2087</a></li> <li>build(deps): bump actions/labeler from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2086">spf13/cobra#2086</a></li> <li>build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2108">spf13/cobra#2108</a></li> <li>build(deps): bump actions/cache from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2102">spf13/cobra#2102</a></li> </ul> <h2>✏️ Documentation</h2> <ul> <li>Fixes and docs for usage as plugin by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2070">spf13/cobra#2070</a></li> <li>flags: clarify documentation that LocalFlags related function do not modify the state by <a href="https://github.com/niamster"><code>@​niamster</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2064">spf13/cobra#2064</a></li> <li>chore: remove repetitive words by <a href="https://github.com/racerole"><code>@​racerole</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2122">spf13/cobra#2122</a></li> <li>Add LXC to the list of projects using Cobra <a href="https://github.com/VaradBelwalkar"><code>@​VaradBelwalkar</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2071">spf13/cobra#2071</a></li> <li>Update projects_using_cobra.md by <a href="https://github.com/marcuskohlberg"><code>@​marcuskohlberg</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2089">spf13/cobra#2089</a></li> <li>[chore]: update projects using cobra by <a href="https://github.com/cmwylie19"><code>@​cmwylie19</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2093">spf13/cobra#2093</a></li> <li>Add Taikun CLI to list of projects by <a href="https://github.com/Smidra"><code>@​Smidra</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2098">spf13/cobra#2098</a></li> <li>Add Incus to the list of projects using Cobra by <a href="https://github.com/montag451"><code>@​montag451</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2118">spf13/cobra#2118</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/cobra/commit/e94f6d0dd9a5e5738dca6bce03c4b1207ffbc0ec"><code>e94f6d0</code></a> Address golangci-lint deprecation warnings, enable some more linters (<a href="https://redirect.github.com/spf13/cobra/issues/2152">#2152</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/8003b74a10ef0d0d84fe3c408d3939d86fdeb210"><code>8003b74</code></a> Remove fully inactivated linters (<a href="https://redirect.github.com/spf13/cobra/issues/2148">#2148</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5c2c1d627d35a00153764a3d37400efc66eaca1c"><code>5c2c1d6</code></a> Consistent annotation names (<a href="https://redirect.github.com/spf13/cobra/issues/2140">#2140</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5a1acea3210649f3d70002818ec04b09f6347062"><code>5a1acea</code></a> build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 (<a href="https://redirect.github.com/spf13/cobra/issues/2127">#2127</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/0fc86c2ffd0326b6f6ed5fa36803d26993655c08"><code>0fc86c2</code></a> docs: update user guide (<a href="https://redirect.github.com/spf13/cobra/issues/2128">#2128</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/6b5f577ebce858ee70fcdd1f062ea3af4b1c03ab"><code>6b5f577</code></a> More linting (<a href="https://redirect.github.com/spf13/cobra/issues/2099">#2099</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/bd914e58d69d65e494b45bdb40e90ca816b92fcc"><code>bd914e5</code></a> fix: remove deprecated io/ioutils package (<a href="https://redirect.github.com/spf13/cobra/issues/2120">#2120</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/1f80fa2e23cc550c131e8a54dc72d11b265c6fcf"><code>1f80fa2</code></a> chore: remove repetitive words (<a href="https://redirect.github.com/spf13/cobra/issues/2122">#2122</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/c69ae4c36b134dd69e5ab9d3d6b9f571ca5afe1e"><code>c69ae4c</code></a> ci: test golang 1.22 (<a href="https://redirect.github.com/spf13/cobra/issues/2113">#2113</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/a30cee5e5ab0949cc888ef00ae6aee24e091e042"><code>a30cee5</code></a> build(deps): bump actions/cache from 3 to 4 (<a href="https://redirect.github.com/spf13/cobra/issues/2102">#2102</a>)</li> <li>Additional commits viewable in <a href="https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.8.0&new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 13:53:13 +02:00
github.com/spf13/cobra v1.8.1
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#4663) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's releases</a>.</em></p> <blockquote> <h2>v1.9.0</h2> <h2>What's Changed</h2> <ul> <li>Fix Go modules version by <a href="https://github.com/SuperQ"><code>@​SuperQ</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1394">stretchr/testify#1394</a></li> <li>Document that require is not safe to call in created goroutines by <a href="https://github.com/programmer04"><code>@​programmer04</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1392">stretchr/testify#1392</a></li> <li>Remove myself from MAINTAINERS.md by <a href="https://github.com/mvdkleijn"><code>@​mvdkleijn</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1367">stretchr/testify#1367</a></li> <li>Correct spelling/grammar by <a href="https://github.com/echarrod"><code>@​echarrod</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1389">stretchr/testify#1389</a></li> <li>docs: Update URLs in README by <a href="https://github.com/davidjb"><code>@​davidjb</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1349">stretchr/testify#1349</a></li> <li>Update mockery link to Github Pages in README by <a href="https://github.com/LandonTClipp"><code>@​LandonTClipp</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1346">stretchr/testify#1346</a></li> <li>docs: Fix typos in tests and comments by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1410">stretchr/testify#1410</a></li> <li>CI: tests from go1.17 by <a href="https://github.com/SuperQ"><code>@​SuperQ</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1409">stretchr/testify#1409</a></li> <li>Fix adding ? when no values passed by <a href="https://github.com/lesichkovm"><code>@​lesichkovm</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1320">stretchr/testify#1320</a></li> <li>codegen: use standard header for generated files by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1406">stretchr/testify#1406</a></li> <li>mock: AssertExpectations log reason only on failure by <a href="https://github.com/hikyaru-suzuki"><code>@​hikyaru-suzuki</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1360">stretchr/testify#1360</a></li> <li>assert: fix flaky TestNeverTrue by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1417">stretchr/testify#1417</a></li> <li>README: fix typos &quot;set up&quot; vs &quot;setup&quot; by <a href="https://github.com/ossan-dev"><code>@​ossan-dev</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1428">stretchr/testify#1428</a></li> <li>mock: move regexp compilation outside of <code>Called</code> by <a href="https://github.com/aud10slave"><code>@​aud10slave</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/631">stretchr/testify#631</a></li> <li>assert: refactor internal func getLen() by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1445">stretchr/testify#1445</a></li> <li>mock: deprecate type AnythingOfTypeArgument (<a href="https://redirect.github.com/stretchr/testify/issues/1434">#1434</a>) by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1441">stretchr/testify#1441</a></li> <li>Remove no longer needed assert.canConvert by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1470">stretchr/testify#1470</a></li> <li>assert: ObjectsAreEqual: use time.Equal for time.Time types by <a href="https://github.com/tscales"><code>@​tscales</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1464">stretchr/testify#1464</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1466">stretchr/testify#1466</a></li> <li>Bump actions/setup-go from 3.2.0 to 4.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1451">stretchr/testify#1451</a></li> <li>fix: make EventuallyWithT concurrency safe by <a href="https://github.com/czeslavo"><code>@​czeslavo</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1395">stretchr/testify#1395</a></li> <li>assert: fix httpCode and HTTPBody occur panic when http.Handler read Body by <a href="https://github.com/hidu"><code>@​hidu</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1484">stretchr/testify#1484</a></li> <li>assert.EqualExportedValues: fix handling of arrays by <a href="https://github.com/zrbecker"><code>@​zrbecker</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1473">stretchr/testify#1473</a></li> <li>.github: use latest Go versions by <a href="https://github.com/kevinburkesegment"><code>@​kevinburkesegment</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1489">stretchr/testify#1489</a></li> <li>assert: Deprecate EqualExportedValues by <a href="https://github.com/HaraldNordgren"><code>@​HaraldNordgren</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1488">stretchr/testify#1488</a></li> <li>suite: refactor test assertions by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1474">stretchr/testify#1474</a></li> <li>suite: fix SetupSubTest and TearDownSubTest execution order by <a href="https://github.com/linusbarth"><code>@​linusbarth</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1471">stretchr/testify#1471</a></li> <li>docs: Fix deprecation comments for http package by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1335">stretchr/testify#1335</a></li> <li>Add map support doc comments to Subset and NotSubset by <a href="https://github.com/jedevc"><code>@​jedevc</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1306">stretchr/testify#1306</a></li> <li>TestErrorIs/TestNotErrorIs: check error message contents by <a href="https://github.com/craig65535"><code>@​craig65535</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1435">stretchr/testify#1435</a></li> <li>suite: fix subtest names (fix <a href="https://redirect.github.com/stretchr/testify/issues/1501">#1501</a>) by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1504">stretchr/testify#1504</a></li> <li>assert: improve unsafe.Pointer tests by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1505">stretchr/testify#1505</a></li> <li>assert: simplify isNil implementation by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1506">stretchr/testify#1506</a></li> <li>assert.InEpsilonSlice: fix expected/actual order and other improvements by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1483">stretchr/testify#1483</a></li> <li>Fix dependency cycle with objx <a href="https://redirect.github.com/stretchr/testify/issues/1292">#1292</a> by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1453">stretchr/testify#1453</a></li> <li>mock: refactor TestIsArgsEqual by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1444">stretchr/testify#1444</a></li> <li>mock: optimize argument matching checks by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1416">stretchr/testify#1416</a></li> <li>assert: fix TestEventuallyTimeout by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1412">stretchr/testify#1412</a></li> <li>CI: add go 1.21 in GitHub Actions by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1450">stretchr/testify#1450</a></li> <li>suite: fix recoverAndFailOnPanic to report test failure at the right location by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1502">stretchr/testify#1502</a></li> <li>Update maintainers by <a href="https://github.com/brackendawson"><code>@​brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1533">stretchr/testify#1533</a></li> <li>assert: Fix EqualValues to handle overflow/underflow by <a href="https://github.com/arjunmahishi"><code>@​arjunmahishi</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1531">stretchr/testify#1531</a></li> <li>assert: better formatting for Len() error by <a href="https://github.com/kevinburkesegment"><code>@​kevinburkesegment</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1485">stretchr/testify#1485</a></li> <li>Ensure AssertExpectations does not fail in skipped tests by <a href="https://github.com/ianrose14"><code>@​ianrose14</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1331">stretchr/testify#1331</a></li> <li>suite: fix deadlock in suite.Require()/Assert() by <a href="https://github.com/arjunmahishi"><code>@​arjunmahishi</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1535">stretchr/testify#1535</a></li> <li>Revert &quot;assert: ObjectsAreEqual: use time.Equal for time.Time type&quot; by <a href="https://github.com/brackendawson"><code>@​brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1537">stretchr/testify#1537</a></li> <li>[chore] Add issue templates by <a href="https://github.com/arjunmahishi"><code>@​arjunmahishi</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1538">stretchr/testify#1538</a></li> <li>Update the build status badge by <a href="https://github.com/brackendawson"><code>@​brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1540">stretchr/testify#1540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stretchr/testify/commit/bb548d0473d4e1c9b7bbfd6602c7bf12f7a84dd2"><code>bb548d0</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1552">#1552</a> from stretchr/dependabot/go_modules/github.com/stret...</li> <li><a href="https://github.com/stretchr/testify/commit/814075f391adffd2bf2b5110a74c51827ba132c4"><code>814075f</code></a> build(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2</li> <li><a href="https://github.com/stretchr/testify/commit/e0456122451b1839c8d58d32df6364e4d0f0a709"><code>e045612</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1339">#1339</a> from bogdandrutu/uintptr</li> <li><a href="https://github.com/stretchr/testify/commit/5b6926d686d412518f50e888b9ae9b938355e011"><code>5b6926d</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1385">#1385</a> from hslatman/not-implements</li> <li><a href="https://github.com/stretchr/testify/commit/9f97d67703eff02136d487e6c907e76fdea31a8b"><code>9f97d67</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1550">#1550</a> from stretchr/release-notes</li> <li><a href="https://github.com/stretchr/testify/commit/bcb0d3fe49ff300fb78288cc144bc61a881f58ec"><code>bcb0d3f</code></a> Include the auto-release notes in releases</li> <li><a href="https://github.com/stretchr/testify/commit/fb770f8238261aa22f8e0c56f18168ccb90f4a09"><code>fb770f8</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1247">#1247</a> from ccoVeille/typos</li> <li><a href="https://github.com/stretchr/testify/commit/85d8bb6eea715dcbbb68f7c87b50e1956e20f892"><code>85d8bb6</code></a> fix typos in comments, tests and github templates</li> <li><a href="https://github.com/stretchr/testify/commit/e2741fa4e9bf2fdfe3ed48d976a7eeebe76c5009"><code>e2741fa</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1548">#1548</a> from arjunmahishi/msgAndArgs</li> <li><a href="https://github.com/stretchr/testify/commit/6e59f20c0d3883d2bdc589a9e48374ea30601851"><code>6e59f20</code></a> http_assertions: assert that the msgAndArgs actually works in tests</li> <li>Additional commits viewable in <a href="https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.8.4&new-version=1.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-04 13:56:06 +02:00
github.com/stretchr/testify v1.9.0
chore(deps): bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12 (#4751) Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.11 to 0.5.12. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ulikunitz/xz/commit/4f11dce79b9977ec2976a978d6c594ea1c23cf29"><code>4f11dce</code></a> Update README.md and SECURITY.md to address security questions</li> <li><a href="https://github.com/ulikunitz/xz/commit/f56ebbfaa2400067dcda8ade26ce912c2873ca08"><code>f56ebbf</code></a> TODO.md: fix a typo</li> <li>See full diff in <a href="https://github.com/ulikunitz/xz/compare/v0.5.11...v0.5.12">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ulikunitz/xz&package-manager=go_modules&previous-version=0.5.11&new-version=0.5.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-04 14:35:29 +02:00
github.com/ulikunitz/xz v0.5.12
chore(deps): bump github.com/xanzy/go-gitlab from 0.107.0 to 0.108.0 (#5101) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.107.0 to 0.108.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xanzy/go-gitlab/releases">github.com/xanzy/go-gitlab's releases</a>.</em></p> <blockquote> <h2>v0.108.0</h2> <h2>Breaking Changes</h2> <ul> <li>Get scoped group variables by <a href="https://github.com/andersparslov"><code>@​andersparslov</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1995">xanzy/go-gitlab#1995</a></li> <li>Rename GroupId to GroupID in the <code>MemberRole</code> and <code>Iteration</code> structs <a href="https://github.com/xanzy/go-gitlab/commit/f97a1060734309980e9c11f397b1980b9ea409a8">f97a106</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Adds <code>HookEventToken</code> helper function for X-Gitlab-Token by <a href="https://github.com/MaerF0x0"><code>@​MaerF0x0</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1976">xanzy/go-gitlab#1976</a></li> <li>Add <code>ContainerRegistrySize</code> field to <code>Statistics</code> struct by <a href="https://github.com/Florian3535"><code>@​Florian3535</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1978">xanzy/go-gitlab#1978</a></li> <li>chore: add report type to MergeRequestApprovalRule by <a href="https://github.com/mdevilliers"><code>@​mdevilliers</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1975">xanzy/go-gitlab#1975</a></li> <li>Add field &quot;is_auditor&quot; in user by <a href="https://github.com/thomasboni"><code>@​thomasboni</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1981">xanzy/go-gitlab#1981</a></li> <li>Fix the user tests by <a href="https://github.com/svanharmelen"><code>@​svanharmelen</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1982">xanzy/go-gitlab#1982</a></li> <li>Add new DCO attribute to project and group push rules by <a href="https://github.com/beekeep"><code>@​beekeep</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1980">xanzy/go-gitlab#1980</a></li> <li>Support more options for list PATs by <a href="https://github.com/hjweddie"><code>@​hjweddie</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1977">xanzy/go-gitlab#1977</a></li> <li>feat: add Bitbucket Cloud and Server import endpoints by <a href="https://github.com/pwlandoll"><code>@​pwlandoll</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1979">xanzy/go-gitlab#1979</a></li> <li>Expose PreReceiveSecretDetectionEnabled project setting by <a href="https://github.com/gravis"><code>@​gravis</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1984">xanzy/go-gitlab#1984</a></li> <li>Add 15 Missing GitLab Settings by <a href="https://github.com/Jitsusama"><code>@​Jitsusama</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1985">xanzy/go-gitlab#1985</a></li> <li>Add <code>prevent_merge_without_jira_issue</code> to Edit Project API by <a href="https://github.com/mtibben"><code>@​mtibben</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1986">xanzy/go-gitlab#1986</a></li> <li>build(github): Added support for more versions of unit tests by <a href="https://github.com/flc1125"><code>@​flc1125</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1992">xanzy/go-gitlab#1992</a></li> <li>Move PreReceiveSecretDetectionEnabled to Project by <a href="https://github.com/gravis"><code>@​gravis</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1989">xanzy/go-gitlab#1989</a></li> <li>Add 26 Missing GitLab Settings by <a href="https://github.com/Jitsusama"><code>@​Jitsusama</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1987">xanzy/go-gitlab#1987</a></li> <li>Add page token to ListOption by <a href="https://github.com/0xDagal"><code>@​0xDagal</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1994">xanzy/go-gitlab#1994</a></li> <li>member role model follow 17.4.0 spec by <a href="https://github.com/Quanalogy"><code>@​Quanalogy</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1997">xanzy/go-gitlab#1997</a></li> <li>Add more filters to List group milestones by <a href="https://github.com/adamcohen2"><code>@​adamcohen2</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1998">xanzy/go-gitlab#1998</a></li> <li>Add 28 Missing GitLab Settings by <a href="https://github.com/Jitsusama"><code>@​Jitsusama</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1996">xanzy/go-gitlab#1996</a></li> <li>Add an exponential backoff to the retry function by <a href="https://github.com/RicePatrick"><code>@​RicePatrick</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1993">xanzy/go-gitlab#1993</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/MaerF0x0"><code>@​MaerF0x0</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1976">xanzy/go-gitlab#1976</a></li> <li><a href="https://github.com/Florian3535"><code>@​Florian3535</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1978">xanzy/go-gitlab#1978</a></li> <li><a href="https://github.com/mdevilliers"><code>@​mdevilliers</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1975">xanzy/go-gitlab#1975</a></li> <li><a href="https://github.com/thomasboni"><code>@​thomasboni</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1981">xanzy/go-gitlab#1981</a></li> <li><a href="https://github.com/mtibben"><code>@​mtibben</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1986">xanzy/go-gitlab#1986</a></li> <li><a href="https://github.com/flc1125"><code>@​flc1125</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1992">xanzy/go-gitlab#1992</a></li> <li><a href="https://github.com/0xDagal"><code>@​0xDagal</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1994">xanzy/go-gitlab#1994</a></li> <li><a href="https://github.com/Quanalogy"><code>@​Quanalogy</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1997">xanzy/go-gitlab#1997</a></li> <li><a href="https://github.com/adamcohen2"><code>@​adamcohen2</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1998">xanzy/go-gitlab#1998</a></li> <li><a href="https://github.com/andersparslov"><code>@​andersparslov</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/1995">xanzy/go-gitlab#1995</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/xanzy/go-gitlab/compare/v0.107.0...v0.108.0">https://github.com/xanzy/go-gitlab/compare/v0.107.0...v0.108.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xanzy/go-gitlab/commit/6404ea33e7f94a3a78f73e8d30900472f0fb76e6"><code>6404ea3</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1993">#1993</a> from RicePatrick/add-retry-exponential-backoff</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/cd5f603fcb22819c6976cfa7862e7eb30f8717bf"><code>cd5f603</code></a> Update the comment</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/203df8edce5f17d3cce4cee6a2644d19a43e4935"><code>203df8e</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1996">#1996</a> from Jitsusama/Settings-Parameter-Sync-Batch-3</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/8f7222230dfb5fa54dc1140383d74f163d7747d7"><code>8f72222</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1995">#1995</a> from andersparslov/get-scoped-group-variables</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/f97a1060734309980e9c11f397b1980b9ea409a8"><code>f97a106</code></a> Rename GroupId to GroupID in the <code>MemberRole</code> and <code>Iteration</code> structs</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/2269380b761643e77ac5c9ea2ba4076b408e874b"><code>2269380</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1998">#1998</a> from adamcohen2/add-more-filters-to-group-milestones...</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/825df946b5718b07f7da6ab28ac0804520422217"><code>825df94</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1997">#1997</a> from Quanalogy/feature/member_role_model_follow_17_4...</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/466b5353f1de15e9c4bb111a4d8d6962313774a6"><code>466b535</code></a> Change time fields from *time.Time to *ISOTime</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/feb5c719ad09ba5ef6ddbe211a7e430c9eb12414"><code>feb5c71</code></a> Add more filters to group milestones</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/65c324f4f2206cd129851d58fb386fb9159af39e"><code>65c324f</code></a> Update backoff to only apply when the header isn't set</li> <li>Additional commits viewable in <a href="https://github.com/xanzy/go-gitlab/compare/v0.107.0...v0.108.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/xanzy/go-gitlab&package-manager=go_modules&previous-version=0.107.0&new-version=0.108.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-26 14:55:12 +02:00
github.com/xanzy/go-gitlab v0.108.0
gocloud.dev v0.39.0
chore(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 (#5060) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.23.0 to 0.24.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/3057be8f634fdb03e1da1cad9fff3415299ad3ad"><code>3057be8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/4653e48eb85159eef93c4634029cd73b0430f1e0"><code>4653e48</code></a> gopls/internal/analysis: add skipped analysis simplify on generated code</li> <li><a href="https://github.com/golang/tools/commit/f855a53930c65e6f12a11fba18f587a94ee13c55"><code>f855a53</code></a> gopls/internal/telemetry/cmd/stacks: use authentication token</li> <li><a href="https://github.com/golang/tools/commit/3ffd605b1ee7615054ae2b283575f86fc14af7cf"><code>3ffd605</code></a> gopls/doc/features: fix prominent typo</li> <li><a href="https://github.com/golang/tools/commit/a5df6ad55c875ec6f513fabb9f5161df0866f924"><code>a5df6ad</code></a> go/analysis/passes/printf: report non-constant format, no args</li> <li><a href="https://github.com/golang/tools/commit/c03e5c28b0de2baba6bca5e509da618d0c3a4692"><code>c03e5c2</code></a> go/packages: do not nullify Fset when NeedSyntax is set</li> <li><a href="https://github.com/golang/tools/commit/6a6fd991e914cbc2859fd968949132085277a6d0"><code>6a6fd99</code></a> go/ssa: substitute type parameterized aliases</li> <li><a href="https://github.com/golang/tools/commit/f6a239054ffc17a8c69ba7ae95a2b0d0131bef2a"><code>f6a2390</code></a> gopls/doc: delete commands.md</li> <li><a href="https://github.com/golang/tools/commit/2154cbf88df752a2011d2c01b43eb8c8af7373ee"><code>2154cbf</code></a> gopls/internal/golang: add &quot;Browse gopls features&quot; code action</li> <li><a href="https://github.com/golang/tools/commit/ead76ab5e90b139287fe5f5dfffd8d3b314b3eb5"><code>ead76ab</code></a> go/analysis: Add modules to Pass</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.23.0...v0.24.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-09 14:38:04 +02:00
golang.org/x/crypto v0.26.0
chore(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#5052) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.22.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/oauth2/commit/6d8340f1c53c54333dc5f280d68732afd4d05113"><code>6d8340f</code></a> LICENSE: update per Google Legal</li> <li>See full diff in <a href="https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.21.0&new-version=0.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-06 21:17:45 +02:00
golang.org/x/oauth2 v0.22.0
chore(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (#5048) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.7.0 to 0.8.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sync/commit/411f99ef121375a146e962b6eab78b03b7429483"><code>411f99e</code></a> LICENSE: update per Google Legal</li> <li>See full diff in <a href="https://github.com/golang/sync/compare/v0.7.0...v0.8.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/sync&package-manager=go_modules&previous-version=0.7.0&new-version=0.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-05 17:04:47 +02:00
golang.org/x/sync v0.8.0
chore(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#5055) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.16.0 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/b2bec85eb9df7c6fcf50218bde3db5e22b35e481"><code>b2bec85</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/text/commit/ae0cf96bbcd9fd2e2247254946b3509c3b6fccff"><code>ae0cf96</code></a> LICENSE: update per Google Legal</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.16.0...v0.17.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:15:40 +02:00
golang.org/x/text v0.17.0
chore(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 (#5060) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.23.0 to 0.24.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/3057be8f634fdb03e1da1cad9fff3415299ad3ad"><code>3057be8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/4653e48eb85159eef93c4634029cd73b0430f1e0"><code>4653e48</code></a> gopls/internal/analysis: add skipped analysis simplify on generated code</li> <li><a href="https://github.com/golang/tools/commit/f855a53930c65e6f12a11fba18f587a94ee13c55"><code>f855a53</code></a> gopls/internal/telemetry/cmd/stacks: use authentication token</li> <li><a href="https://github.com/golang/tools/commit/3ffd605b1ee7615054ae2b283575f86fc14af7cf"><code>3ffd605</code></a> gopls/doc/features: fix prominent typo</li> <li><a href="https://github.com/golang/tools/commit/a5df6ad55c875ec6f513fabb9f5161df0866f924"><code>a5df6ad</code></a> go/analysis/passes/printf: report non-constant format, no args</li> <li><a href="https://github.com/golang/tools/commit/c03e5c28b0de2baba6bca5e509da618d0c3a4692"><code>c03e5c2</code></a> go/packages: do not nullify Fset when NeedSyntax is set</li> <li><a href="https://github.com/golang/tools/commit/6a6fd991e914cbc2859fd968949132085277a6d0"><code>6a6fd99</code></a> go/ssa: substitute type parameterized aliases</li> <li><a href="https://github.com/golang/tools/commit/f6a239054ffc17a8c69ba7ae95a2b0d0131bef2a"><code>f6a2390</code></a> gopls/doc: delete commands.md</li> <li><a href="https://github.com/golang/tools/commit/2154cbf88df752a2011d2c01b43eb8c8af7373ee"><code>2154cbf</code></a> gopls/internal/golang: add &quot;Browse gopls features&quot; code action</li> <li><a href="https://github.com/golang/tools/commit/ead76ab5e90b139287fe5f5dfffd8d3b314b3eb5"><code>ead76ab</code></a> go/analysis: Add modules to Pass</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.23.0...v0.24.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-09 14:38:04 +02:00
golang.org/x/tools v0.24.0
gopkg.in/mail.v2 v2.3.1
gopkg.in/yaml.v3 v3.0.1
)
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-beta.1 (#4983) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-alpha.1 to 3.0.0-beta.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-beta.1</h2> <p>Welcome to the <code>3.0.0-beta.1</code> release of registry!</p> <p>This is the last major <strong>pre-release</strong> of registry.</p> <p>See the changelog below for full list of changes.</p> <h2>Deprecated</h2> <ul> <li>the default configuration path has changed to <code>/etc/distribution/config.yml</code></li> </ul> <h2>Notable Changes</h2> <ul> <li>Support for sparse indexes enables selective mirroring of platform images</li> <li>Auth config now requires explicit declaration of token signing algorithms if using an unsupported signing algorithm</li> <li>Support for OpenTelemetry tracing has been added</li> <li>Redis cache now supports clustering and custom TLS config</li> <li>Caching proxy bug fixes and minor improvements</li> <li>Garbage collection fixes and improvements</li> <li>Documentation has received several updates</li> </ul> <h2>What's Changed</h2> <ul> <li>update: set User-Agent header in GCS storage driver by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4203">distribution/distribution#4203</a></li> <li>version: export getter functions by <a href="https://github.com/corhere"><code>@​corhere</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4204">distribution/distribution#4204</a></li> <li>feat: add GH issue template by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4206">distribution/distribution#4206</a></li> <li>fix: build status badge by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4207">distribution/distribution#4207</a></li> <li>docs: remove legacy kramdown options from link by <a href="https://github.com/SKalt"><code>@​SKalt</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4209">distribution/distribution#4209</a></li> <li>update: readme cleanup and fxes by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4208">distribution/distribution#4208</a></li> <li>feat: add PR labeler by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4205">distribution/distribution#4205</a></li> <li>fix: add missing skip in s3 driver test by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4219">distribution/distribution#4219</a></li> <li>vendor: github.com/mitchellh/mapstructure v1.5.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4222">distribution/distribution#4222</a></li> <li>chore: dependabot to keep gha up to date by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4217">distribution/distribution#4217</a></li> <li>build(deps): bump github/codeql-action from 1.0.26 to 3.22.12 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4225">distribution/distribution#4225</a></li> <li>build(deps): bump actions/deploy-pages from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4224">distribution/distribution#4224</a></li> <li>build(deps): bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4226">distribution/distribution#4226</a></li> <li>build(deps): bump actions/setup-go from 3 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4228">distribution/distribution#4228</a></li> <li>build(deps): bump actions/configure-pages from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4227">distribution/distribution#4227</a></li> <li>chore: generate authors and update mailmap by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4215">distribution/distribution#4215</a></li> <li>chore: use no-cache-filter for outdated stage by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4216">distribution/distribution#4216</a></li> <li>build(deps): bump actions/upload-pages-artifact from 2 to 3 by <a href="https://github.com/dvdksn"><code>@​dvdksn</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4234">distribution/distribution#4234</a></li> <li>build(deps): bump docker/login-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4239">distribution/distribution#4239</a></li> <li>build(deps): bump docker/metadata-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4240">distribution/distribution#4240</a></li> <li>update to alpine 3.19 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4210">distribution/distribution#4210</a></li> <li>build(deps): bump docker/setup-buildx-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4230">distribution/distribution#4230</a></li> <li>fix: load gcs credentials and client inside DriverConstructor by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4218">distribution/distribution#4218</a></li> <li>build(deps): bump docker/bake-action from 2 to 4 by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4253">distribution/distribution#4253</a></li> <li>build(deps): bump actions/upload-artifact from 3.0.0 to 4.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4254">distribution/distribution#4254</a></li> <li>remove deprecated ReadSeekCloser interfaces by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4245">distribution/distribution#4245</a></li> <li>vendor: github.com/gorilla/handlers v1.5.2 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4211">distribution/distribution#4211</a></li> <li>fix: update Dockerfile version output by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4212">distribution/distribution#4212</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/c709432b917488208fa78a7932843d91eca59801"><code>c709432</code></a> Prep for v3-beta1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4399">#4399</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/c72db4109c6259a6b53d7b071e5912dbdc166332"><code>c72db41</code></a> Prep for v3-beta1 release</li> <li><a href="https://github.com/distribution/distribution/commit/60da1934b6c5ca04a5e3abc820f288209b97bc5c"><code>60da193</code></a> Bump Go and golang linter (<a href="https://redirect.github.com/distribution/distribution/issues/4389">#4389</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/948a39d358e0a89e9704eff9270d76b9506393ca"><code>948a39d</code></a> Update docs: JWKS credentials and AZ identity (<a href="https://redirect.github.com/distribution/distribution/issues/4397">#4397</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/d3cc664fa2219d5ac6e7a724dbb755f27b08a2e6"><code>d3cc664</code></a> Update docs: JWKS credentials and AZ identity</li> <li><a href="https://github.com/distribution/distribution/commit/4dd0ac977e9674cc0c2f3b206edb43475dac91c1"><code>4dd0ac9</code></a> feat: implement 'rewrite' storage middleware (<a href="https://redirect.github.com/distribution/distribution/issues/4146">#4146</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/306f4ff71eae432a323723eb4ffaf9aa861ca603"><code>306f4ff</code></a> Replace custom Redis config struct with go-redis UniversalOptions (adds senti...</li> <li><a href="https://github.com/distribution/distribution/commit/558ace139143057e0f8e3dbbcc5b695dda33462a"><code>558ace1</code></a> feat: implement 'rewrite' storage middleware</li> <li><a href="https://github.com/distribution/distribution/commit/6d5911900a793318e61324584a144d2b06b40b2b"><code>6d59119</code></a> Update Redis configuration docs with TLS options</li> <li><a href="https://github.com/distribution/distribution/commit/3a8499541a8d624b909c1e16a8d41e22b756457e"><code>3a84995</code></a> docs: disable base element override (<a href="https://redirect.github.com/distribution/distribution/issues/4391">#4391</a>)</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-alpha.1...v3.0.0-beta.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-alpha.1&new-version=3.0.0-beta.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 02:49:48 +02:00
require (
cloud.google.com/go v0.115.0 // indirect
cloud.google.com/go/auth v0.8.1 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
cloud.google.com/go/compute/metadata v0.5.0 // indirect
cloud.google.com/go/iam v1.1.13 // indirect
cloud.google.com/go/kms v1.18.5 // indirect
cloud.google.com/go/longrunning v0.5.12 // indirect
cloud.google.com/go/storage v1.43.0 // indirect
github.com/AlekSi/pointer v1.2.0 // indirect
feat(deps): bump github.com/google/ko from 0.12.0 to 0.13.0 (#3880) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>What's Changed</h2> <ul> <li>SPDX: Fix package manager label by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/801">ko-build/ko#801</a></li> <li>SPDX 2.3 support by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/803">ko-build/ko#803</a></li> <li>ci: build and test using 1.18 and 1.19 (drop 1.17) by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/812">ko-build/ko#812</a></li> <li>removes repo move message by <a href="https://github.com/mchmarny"><code>@​mchmarny</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/814">ko-build/ko#814</a></li> <li>feat: write sbom result to disk by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/822">ko-build/ko#822</a></li> <li>feat: adding support for using multiple keychain for sending sbom results to a different repository by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/821">ko-build/ko#821</a></li> <li>Move docs to ko.build by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/749">ko-build/ko#749</a></li> <li>Update setup-ko version by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> <li>Add -- usage in readme by <a href="https://github.com/jwcesign"><code>@​jwcesign</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/840">ko-build/ko#840</a></li> <li>add CONTRIBUTING, code of conduct, roadmap by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/837">ko-build/ko#837</a></li> <li>attempt to fix GH Pages publishing by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/843">ko-build/ko#843</a></li> <li>doc: fix link to Installation page in Getting Started by <a href="https://github.com/antoineco"><code>@​antoineco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/846">ko-build/ko#846</a></li> <li>.ko.yaml: bump golang 1.18 -&gt; 1.19 by <a href="https://github.com/srenatus"><code>@​srenatus</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/848">ko-build/ko#848</a></li> <li>truncate -image-refs file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/855">ko-build/ko#855</a></li> <li>update docs: fix broken links, align with README by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/854">ko-build/ko#854</a></li> <li>Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/820">ko-build/ko#820</a></li> <li>another docs update by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/856">ko-build/ko#856</a></li> <li>ko.build: support some common shortlinks by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/872">ko-build/ko#872</a></li> <li>install: fail with 404 instead of gzip error when url was wrong by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/879">ko-build/ko#879</a></li> <li>feat: deduplicate tags by <a href="https://github.com/bluebrown"><code>@​bluebrown</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/884">ko-build/ko#884</a></li> <li>install mkdocs-redirect when publishing site by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/873">ko-build/ko#873</a></li> <li>nit: replace one-item slice with const by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/885">ko-build/ko#885</a></li> <li>Temp fix for SLSA generators by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/886">ko-build/ko#886</a></li> <li>Fix verifier by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/891">ko-build/ko#891</a></li> <li>Fix link in static-assets.md by <a href="https://github.com/yuryu"><code>@​yuryu</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/893">ko-build/ko#893</a></li> <li>add KO_DEFAULTBASEIMAGE usage to docs by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/895">ko-build/ko#895</a></li> <li>Publish an tagged image on release by <a href="https://github.com/vdemeester"><code>@​vdemeester</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/868">ko-build/ko#868</a></li> <li>Add option to configure default platforms by <a href="https://github.com/ReToCode"><code>@​ReToCode</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/897">ko-build/ko#897</a></li> <li>Fix broken SLSA link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/899">ko-build/ko#899</a></li> <li>add MAINTAINERS.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/905">ko-build/ko#905</a></li> <li>fix: possible race condition when applying templates to flags/ldflags by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/913">ko-build/ko#913</a></li> <li>update docs to reflect actual default base image by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/903">ko-build/ko#903</a></li> <li>remove repeated error message on failure by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/921">ko-build/ko#921</a></li> <li>website: update CNCF announcement by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/920">ko-build/ko#920</a></li> <li>fix KO_CONFIG_PATH pointing to a file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/923">ko-build/ko#923</a></li> <li>upgrade to cosign v2.0.0-rc.0 by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/933">ko-build/ko#933</a></li> <li>Feature: Add ECR presubmit testing. by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/934">ko-build/ko#934</a></li> <li>remove 'ko deps' by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/937">ko-build/ko#937</a></li> <li>feat: Add KO_GO_PATH env var by <a href="https://github.com/embano1"><code>@​embano1</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/930">ko-build/ko#930</a></li> <li>add ko.build/slack short link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/945">ko-build/ko#945</a></li> <li>update link to ko goreleaser docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/936">ko-build/ko#936</a></li> <li>add ko community meeting details by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/938">ko-build/ko#938</a></li> <li>fix cosign by adding --yes by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/973">ko-build/ko#973</a></li> <li>fix: handle docker's unknown/unknown platform in index manifests by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/975">ko-build/ko#975</a></li> <li>fix file extension for cyclonedx by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/974">ko-build/ko#974</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/e22e7a15ffb988adc14c3fc6a964f61ed711812f"><code>e22e7a1</code></a> bump ggcr dep to <a href="https://github.com/main"><code>@​main</code></a> (<a href="https://redirect.github.com/google/ko/issues/976">#976</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/8e075ae1f1822bb61a871f11197566b362c342f0"><code>8e075ae</code></a> fix file extension for cyclonedx (<a href="https://redirect.github.com/google/ko/issues/974">#974</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/11670b7498be63bc0e04e7ba36433fd22f9654ce"><code>11670b7</code></a> fix: handle docker's unknown/unknown platform in index manifests (<a href="https://redirect.github.com/google/ko/issues/975">#975</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/7ce947817e2f59942cb181aa833bfd13533bcc19"><code>7ce9478</code></a> fix cosign by adding --yes (<a href="https://redirect.github.com/google/ko/issues/973">#973</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/9302da78dc995b2b2dd70c044708c3c4c6a056b6"><code>9302da7</code></a> Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (<a href="https://redirect.github.com/google/ko/issues/972">#972</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/a1588838ba1698c3ca3f6785363a1a9f82ed4baa"><code>a158883</code></a> Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (<a href="https://redirect.github.com/google/ko/issues/971">#971</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/86b6c2854f8a7c321ce1b8ea121938ce9cc79475"><code>86b6c28</code></a> Bump actions/checkout from 2 to 3 (<a href="https://redirect.github.com/google/ko/issues/966">#966</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/0bd12fb106ed9d03994a6b8883f8a5d834a2aa15"><code>0bd12fb</code></a> Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (<a href="https://redirect.github.com/google/ko/issues/967">#967</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/d5125daacd07306d3814a6910cc54422824331e6"><code>d5125da</code></a> Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (<a href="https://redirect.github.com/google/ko/issues/965">#965</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/03f4aed68268fb320b32195c80292300056b264c"><code>03f4aed</code></a> add ko community meeting details (<a href="https://redirect.github.com/google/ko/issues/938">#938</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2023-03-29 19:38:57 +02:00
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
feat(deps): bump gocloud.dev from 0.29.0 to 0.30.0 (#4129) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.29.0 to 0.30.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.30.0</h2> <p><strong>blob</strong></p> <ul> <li><strong>all</strong>: Add <code>Upload</code> and <code>Download</code> methods that may be more efficient for some drivers.</li> <li><strong>s3blob</strong>: Add support for per-request <code>s3v2.Options</code>.</li> <li><strong>s3blob</strong>: Stop escaping second <code>/</code> in <code>//</code>; it's no longer necessary.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>gcppubsub</strong>: Make it possible to configure <code>max_send_batch_size</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/d2d5bedb50683e2a6b893b75aafc193eca2715db"><code>d2d5bed</code></a> all: prep for release (<a href="https://redirect.github.com/google/go-cloud/issues/3263">#3263</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/c2e172b5a78def74973f7f3a8ece7c0bd6967432"><code>c2e172b</code></a> all: update dependencies (<a href="https://redirect.github.com/google/go-cloud/issues/3262">#3262</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/098177a48cae1bebfc90f88ed43d319444cab804"><code>098177a</code></a> blob/s3blob: fix the 'awssdk' argument examples</li> <li><a href="https://github.com/google/go-cloud/commit/2e4fad43f0b2606833b6a0de3e18628c70e11398"><code>2e4fad4</code></a> all: remove refs to deprecated xerrors</li> <li><a href="https://github.com/google/go-cloud/commit/1db413f1b3c4e344618b36401ba7e6dca3892929"><code>1db413f</code></a> pubsub/gcppubsub: make it possible to configure max_send_batch_size</li> <li><a href="https://github.com/google/go-cloud/commit/0c8428bf433136e7a4d96de0841f6373c6eacb53"><code>0c8428b</code></a> blob: Add Upload and Download methods that may be more efficient for some dri...</li> <li><a href="https://github.com/google/go-cloud/commit/54c71241a56f4c89eb64f587e5dc55667eaa40a3"><code>54c7124</code></a> all: cleanup duplicate import statements</li> <li><a href="https://github.com/google/go-cloud/commit/28b1328ae4fee939441faa5ee2e4eeba74c88ce7"><code>28b1328</code></a> all: minor code simplifications for returned boolean expressions</li> <li><a href="https://github.com/google/go-cloud/commit/2a407f5e6a71951384531445e25c58194f235062"><code>2a407f5</code></a> blob/gcsblob: Refresh goldens</li> <li><a href="https://github.com/google/go-cloud/commit/0cc16c8ae11e47028df24c4973debd6c56d29729"><code>0cc16c8</code></a> all: update goldens (<a href="https://redirect.github.com/google/go-cloud/issues/3252">#3252</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.29.0...v0.30.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.29.0&new-version=0.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 14:04:08 +02:00
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect
feat(deps): bump gocloud.dev from 0.27.0 to 0.28.0 (#3689) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.27.0 to 0.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.28.0</h2> <p><strong>BREAKING CHANGES</strong>:</p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK.</li> <li><strong>blob/azureblob</strong>: Updated to match recent breaking changes in the Azure packages (yes, again).</li> <li><strong>pubsub/awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>blob</strong></p> <ul> <li><strong>memblob</strong>: Fixed bug where use of <code>BeforeCopy</code> callback would drop the actual copying.</li> <li><strong>azureblob</strong>: Updated to match recent breaking changes in the Azure packages.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>all</strong>: Simplified and improved batch sizing, should resolve issues with too-frequent polling in some situations.</li> <li><strong>azurepubsub</strong>: Made <code>ListenerTimeout</code> configurable.</li> <li><strong>gcppubsub</strong> and <strong>awssnssqs</strong>: Support lazy mode for <code>Nack</code> (where no explicit <code>Nack</code> is sent).</li> <li><strong>awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>secrets</strong></p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK. Use azidentity.NewDefaultAzureCredential.</li> </ul> <p><strong>sql</strong></p> <ul> <li><strong>gcp/cloudsql</strong>: Fixed IAM login.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/24166090495b8e084a23aa7d11fcc81ec33e4729"><code>2416609</code></a> all: prep for v0.28.0 (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3207">#3207</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/13f46eb8065d5ea62b757f5f0f11a56f48faf7cc"><code>13f46eb</code></a> pubsub: simplify and improve batch sizing, especially for low message rates</li> <li><a href="https://github.com/google/go-cloud/commit/8f2c2b9a392a8e4a3d7a4942f88f3df607f8f6d0"><code>8f2c2b9</code></a> pubsub/memsub: Add Options for batching (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3205">#3205</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/fe0a3d75fe43c039258df25ebf102602526e3052"><code>fe0a3d7</code></a> pubsub/awssqs: Fix BeforeSend/As to enable changes to the sqs input message (...</li> <li><a href="https://github.com/google/go-cloud/commit/dfaf95af34dd9022a69a061028e0ceec98e9c670"><code>dfaf95a</code></a> secrets/azurekeyvault: Use azidentity.NewDefaultAzureCredential to support ot...</li> <li><a href="https://github.com/google/go-cloud/commit/1e26311532928f060c490a7fbf2be92b55ee12c4"><code>1e26311</code></a> blob: Remove some debug logging (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3197">#3197</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/43ed5a499864c08b7b6549ff7085f19634a1f02c"><code>43ed5a4</code></a> pubsub/gcppubsub: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3195">#3195</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/be80e70b3dcf7a6b86481881c7ac0b44a8095178"><code>be80e70</code></a> pubsub/awssnssqs: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3194">#3194</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/7d690993a53cf8cc2e7af07872876d58601f1261"><code>7d69099</code></a> blob/azblob: Update to latest, and restore As for dirlist (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3191">#3191</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/e942f3c339f0eb617ac4dbc7f37cc4e5920ee7cc"><code>e942f3c</code></a> blob/azblob: Restore As for List entry (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3188">#3188</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.27.0...v0.28.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.27.0&new-version=0.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 14:09:51 +02:00
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 // indirect
feat(deps): bump github.com/google/ko from 0.13.0 to 0.14.1 (#4132) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.13.0 to 0.14.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.14.1</h2> <h2>What's Changed</h2> <ul> <li>fix: Use attestation-name output by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/980">ko-build/ko#980</a></li> <li>Upgrade to go120 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/984">ko-build/ko#984</a></li> <li>fix release workflow by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/977">ko-build/ko#977</a></li> <li>fix deprecated attestation name by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/983">ko-build/ko#983</a></li> <li>refactor release job by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/986">ko-build/ko#986</a></li> <li>use git hash instead of git tag by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/988">ko-build/ko#988</a></li> <li>Correct a typo in resolver.go by <a href="https://github.com/felixonmars"><code>@​felixonmars</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/989">ko-build/ko#989</a></li> <li>feat: add riscv64 to goreleaser goarch by <a href="https://github.com/ernado"><code>@​ernado</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/990">ko-build/ko#990</a></li> <li>try to fix codeql workflow by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/994">ko-build/ko#994</a></li> <li>Push images faster by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1005">ko-build/ko#1005</a></li> <li>Don't publish tags twice by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1010">ko-build/ko#1010</a></li> <li>Add context to many gobuild errors by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1016">ko-build/ko#1016</a></li> <li>Fix --local with KO_DOCKER_REPO by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1017">ko-build/ko#1017</a></li> <li>Fix: Incorporate platform architecture by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1029">ko-build/ko#1029</a></li> <li>Update community.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1035">ko-build/ko#1035</a></li> <li>mention ko tekton task by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1039">ko-build/ko#1039</a></li> <li>Update community.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1037">ko-build/ko#1037</a></li> <li>Fix kind image loading for MacOS by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1026">ko-build/ko#1026</a></li> <li>Revert &quot;Fix kind image loading for MacOS&quot; by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1054">ko-build/ko#1054</a></li> <li>update boilerplate file to be KO Build Authors by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1056">ko-build/ko#1056</a></li> <li>Pin setup-ko to previous release by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1082">ko-build/ko#1082</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/felixonmars"><code>@​felixonmars</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/989">ko-build/ko#989</a></li> <li><a href="https://github.com/ernado"><code>@​ernado</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/990">ko-build/ko#990</a></li> <li><a href="https://github.com/aidy"><code>@​aidy</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1026">ko-build/ko#1026</a></li> <li><a href="https://github.com/luhring"><code>@​luhring</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1073">ko-build/ko#1073</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.13.0...v0.14.1">https://github.com/ko-build/ko/compare/v0.13.0...v0.14.1</a></p> <h2>v0.14.0</h2> <p>No release notes provided.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/200db7243f02b5c0303e21d8ab8e3b4ad3a229d0"><code>200db72</code></a> Pin setup-ko to previous release (<a href="https://redirect.github.com/google/ko/issues/1082">#1082</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/4366ded82cdda05ef85bc5483d19daa241d08f38"><code>4366ded</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1079">#1079</a> from ko-build/dependabot/github_actions/slsa-framewo...</li> <li><a href="https://github.com/ko-build/ko/commit/adbea950c10e2c69c7bf0589a6bf0b4e7ceafbfa"><code>adbea95</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1078">#1078</a> from ko-build/dependabot/github_actions/goreleaser/g...</li> <li><a href="https://github.com/ko-build/ko/commit/6175237fe6539a48206da87c239ad98b4f7d7312"><code>6175237</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1077">#1077</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/5e5fe2e703c1f0c9186975b06090ae563283f48d"><code>5e5fe2e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1076">#1076</a> from ko-build/dependabot/github_actions/aws-actions/...</li> <li><a href="https://github.com/ko-build/ko/commit/dc9b3eebef9818e2efab17cec8dd3eebff72e074"><code>dc9b3ee</code></a> Bump github.com/spf13/viper from 1.15.0 to 1.16.0</li> <li><a href="https://github.com/ko-build/ko/commit/ed445128e25c7bd0b6643b58ac44383a583d84f5"><code>ed44512</code></a> Bump golang.org/x/tools from 0.9.3 to 0.10.0 (<a href="https://redirect.github.com/google/ko/issues/1080">#1080</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/fcd95ec958cad910b4746245662506b1f974f40e"><code>fcd95ec</code></a> Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0</li> <li><a href="https://github.com/ko-build/ko/commit/974f09cdeacd7042c3db573366768ecbb32246a5"><code>974f09c</code></a> Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0</li> <li><a href="https://github.com/ko-build/ko/commit/893f6e877f7c352261c13e078bb8fc9709bb285c"><code>893f6e8</code></a> Bump aws-actions/configure-aws-credentials from 2.1.0 to 2.2.0</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.13.0...v0.14.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 18:56:50 +02:00
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
feat(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4044) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/rekor/blob/main/CHANGELOG.md">github.com/sigstore/rekor's changelog</a>.</em></p> <blockquote> <h1>v1.2.0</h1> <h2>Functional Enhancements</h2> <ul> <li>add client method to generate TLE struct (<a href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li> <li>add dsse type (<a href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li> <li>support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (<a href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li> <li>Add concurrency to backfill-redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li> <li>omit informational message if machine-parseable output has been requested (<a href="https://redirect.github.com/sigstore/rekor/issues/1486">#1486</a>)</li> <li>Publish stable checkpoint periodically to Redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1461">#1461</a>)</li> <li>Add intoto v0.0.2 to backfill script (<a href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li> <li>add new method to test insertability of proposed entries into log (<a href="https://redirect.github.com/sigstore/rekor/issues/1410">#1410</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>use t.Skip() in fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li> <li>improve fuzzing coverage (<a href="https://redirect.github.com/sigstore/rekor/issues/1499">#1499</a>)</li> <li>Remove watcher script (<a href="https://redirect.github.com/sigstore/rekor/issues/1484">#1484</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-frqx-jfcm-6jjr</li> <li>Remove requirement of PayloadHash for intoto 0.0.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li> <li>fix lint errors, bump linter up to 1.52 (<a href="https://redirect.github.com/sigstore/rekor/issues/1485">#1485</a>)</li> <li>Remove dependencies from pkg/util (<a href="https://redirect.github.com/sigstore/rekor/issues/1469">#1469</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Ceridwen Coghlan</li> <li>Cody Soyland</li> <li>Hayden B</li> <li>Miloslav Trmač</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/rekor/commit/20a995116b1548b79e62ba0ad9c29800387e8641"><code>20a9951</code></a> update for v1.2.0 (<a href="https://redirect.github.com/sigstore/rekor/issues/1507">#1507</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4"><code>140c5ad</code></a> Merge pull request from GHSA-frqx-jfcm-6jjr</li> <li><a href="https://github.com/sigstore/rekor/commit/85bb2bc7a35dcc94cd94e18984711806f437dcb6"><code>85bb2bc</code></a> use t.Skip() in fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/3adca0d2528699d2ff93bf78babef8b5cac46122"><code>3adca0d</code></a> Add concurrency to backfill-redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/795a23619d5db1c9625a71f776474033c6712b56"><code>795a236</code></a> add client method to generate TLE struct (<a href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/161a796f91d7255443aa6ce98e7981e6926762f0"><code>161a796</code></a> build(deps): bump github/codeql-action from 2.3.3 to 2.3.4 (<a href="https://redirect.github.com/sigstore/rekor/issues/1505">#1505</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/35c4489abcff256298f1bc9f7caaf5a946750dac"><code>35c4489</code></a> add dsse type (<a href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/d318e2bf433d398d95923f3509557777a2fe5abb"><code>d318e2b</code></a> support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (<a href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/d508ebad91ef4e39d8e0dd3543cebe20321dc752"><code>d508eba</code></a> Remove requirement of PayloadHash for intoto 0.0.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/b387701f27aace3e3396ad4fdbb8d3ccc869fb5f"><code>b387701</code></a> Add intoto v0.0.2 to backfill script (<a href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/rekor&package-manager=go_modules&previous-version=1.1.1&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-27 05:24:50 +02:00
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
feat(deps): bump gocloud.dev from 0.29.0 to 0.30.0 (#4129) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.29.0 to 0.30.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.30.0</h2> <p><strong>blob</strong></p> <ul> <li><strong>all</strong>: Add <code>Upload</code> and <code>Download</code> methods that may be more efficient for some drivers.</li> <li><strong>s3blob</strong>: Add support for per-request <code>s3v2.Options</code>.</li> <li><strong>s3blob</strong>: Stop escaping second <code>/</code> in <code>//</code>; it's no longer necessary.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>gcppubsub</strong>: Make it possible to configure <code>max_send_batch_size</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/d2d5bedb50683e2a6b893b75aafc193eca2715db"><code>d2d5bed</code></a> all: prep for release (<a href="https://redirect.github.com/google/go-cloud/issues/3263">#3263</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/c2e172b5a78def74973f7f3a8ece7c0bd6967432"><code>c2e172b</code></a> all: update dependencies (<a href="https://redirect.github.com/google/go-cloud/issues/3262">#3262</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/098177a48cae1bebfc90f88ed43d319444cab804"><code>098177a</code></a> blob/s3blob: fix the 'awssdk' argument examples</li> <li><a href="https://github.com/google/go-cloud/commit/2e4fad43f0b2606833b6a0de3e18628c70e11398"><code>2e4fad4</code></a> all: remove refs to deprecated xerrors</li> <li><a href="https://github.com/google/go-cloud/commit/1db413f1b3c4e344618b36401ba7e6dca3892929"><code>1db413f</code></a> pubsub/gcppubsub: make it possible to configure max_send_batch_size</li> <li><a href="https://github.com/google/go-cloud/commit/0c8428bf433136e7a4d96de0841f6373c6eacb53"><code>0c8428b</code></a> blob: Add Upload and Download methods that may be more efficient for some dri...</li> <li><a href="https://github.com/google/go-cloud/commit/54c71241a56f4c89eb64f587e5dc55667eaa40a3"><code>54c7124</code></a> all: cleanup duplicate import statements</li> <li><a href="https://github.com/google/go-cloud/commit/28b1328ae4fee939441faa5ee2e4eeba74c88ce7"><code>28b1328</code></a> all: minor code simplifications for returned boolean expressions</li> <li><a href="https://github.com/google/go-cloud/commit/2a407f5e6a71951384531445e25c58194f235062"><code>2a407f5</code></a> blob/gcsblob: Refresh goldens</li> <li><a href="https://github.com/google/go-cloud/commit/0cc16c8ae11e47028df24c4973debd6c56d29729"><code>0cc16c8</code></a> all: update goldens (<a href="https://redirect.github.com/google/go-cloud/issues/3252">#3252</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.29.0...v0.30.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.29.0&new-version=0.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 14:04:08 +02:00
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
feat(deps): bump github.com/google/ko from 0.12.0 to 0.13.0 (#3880) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>What's Changed</h2> <ul> <li>SPDX: Fix package manager label by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/801">ko-build/ko#801</a></li> <li>SPDX 2.3 support by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/803">ko-build/ko#803</a></li> <li>ci: build and test using 1.18 and 1.19 (drop 1.17) by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/812">ko-build/ko#812</a></li> <li>removes repo move message by <a href="https://github.com/mchmarny"><code>@​mchmarny</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/814">ko-build/ko#814</a></li> <li>feat: write sbom result to disk by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/822">ko-build/ko#822</a></li> <li>feat: adding support for using multiple keychain for sending sbom results to a different repository by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/821">ko-build/ko#821</a></li> <li>Move docs to ko.build by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/749">ko-build/ko#749</a></li> <li>Update setup-ko version by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> <li>Add -- usage in readme by <a href="https://github.com/jwcesign"><code>@​jwcesign</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/840">ko-build/ko#840</a></li> <li>add CONTRIBUTING, code of conduct, roadmap by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/837">ko-build/ko#837</a></li> <li>attempt to fix GH Pages publishing by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/843">ko-build/ko#843</a></li> <li>doc: fix link to Installation page in Getting Started by <a href="https://github.com/antoineco"><code>@​antoineco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/846">ko-build/ko#846</a></li> <li>.ko.yaml: bump golang 1.18 -&gt; 1.19 by <a href="https://github.com/srenatus"><code>@​srenatus</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/848">ko-build/ko#848</a></li> <li>truncate -image-refs file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/855">ko-build/ko#855</a></li> <li>update docs: fix broken links, align with README by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/854">ko-build/ko#854</a></li> <li>Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/820">ko-build/ko#820</a></li> <li>another docs update by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/856">ko-build/ko#856</a></li> <li>ko.build: support some common shortlinks by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/872">ko-build/ko#872</a></li> <li>install: fail with 404 instead of gzip error when url was wrong by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/879">ko-build/ko#879</a></li> <li>feat: deduplicate tags by <a href="https://github.com/bluebrown"><code>@​bluebrown</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/884">ko-build/ko#884</a></li> <li>install mkdocs-redirect when publishing site by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/873">ko-build/ko#873</a></li> <li>nit: replace one-item slice with const by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/885">ko-build/ko#885</a></li> <li>Temp fix for SLSA generators by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/886">ko-build/ko#886</a></li> <li>Fix verifier by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/891">ko-build/ko#891</a></li> <li>Fix link in static-assets.md by <a href="https://github.com/yuryu"><code>@​yuryu</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/893">ko-build/ko#893</a></li> <li>add KO_DEFAULTBASEIMAGE usage to docs by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/895">ko-build/ko#895</a></li> <li>Publish an tagged image on release by <a href="https://github.com/vdemeester"><code>@​vdemeester</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/868">ko-build/ko#868</a></li> <li>Add option to configure default platforms by <a href="https://github.com/ReToCode"><code>@​ReToCode</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/897">ko-build/ko#897</a></li> <li>Fix broken SLSA link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/899">ko-build/ko#899</a></li> <li>add MAINTAINERS.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/905">ko-build/ko#905</a></li> <li>fix: possible race condition when applying templates to flags/ldflags by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/913">ko-build/ko#913</a></li> <li>update docs to reflect actual default base image by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/903">ko-build/ko#903</a></li> <li>remove repeated error message on failure by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/921">ko-build/ko#921</a></li> <li>website: update CNCF announcement by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/920">ko-build/ko#920</a></li> <li>fix KO_CONFIG_PATH pointing to a file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/923">ko-build/ko#923</a></li> <li>upgrade to cosign v2.0.0-rc.0 by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/933">ko-build/ko#933</a></li> <li>Feature: Add ECR presubmit testing. by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/934">ko-build/ko#934</a></li> <li>remove 'ko deps' by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/937">ko-build/ko#937</a></li> <li>feat: Add KO_GO_PATH env var by <a href="https://github.com/embano1"><code>@​embano1</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/930">ko-build/ko#930</a></li> <li>add ko.build/slack short link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/945">ko-build/ko#945</a></li> <li>update link to ko goreleaser docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/936">ko-build/ko#936</a></li> <li>add ko community meeting details by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/938">ko-build/ko#938</a></li> <li>fix cosign by adding --yes by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/973">ko-build/ko#973</a></li> <li>fix: handle docker's unknown/unknown platform in index manifests by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/975">ko-build/ko#975</a></li> <li>fix file extension for cyclonedx by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/974">ko-build/ko#974</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/e22e7a15ffb988adc14c3fc6a964f61ed711812f"><code>e22e7a1</code></a> bump ggcr dep to <a href="https://github.com/main"><code>@​main</code></a> (<a href="https://redirect.github.com/google/ko/issues/976">#976</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/8e075ae1f1822bb61a871f11197566b362c342f0"><code>8e075ae</code></a> fix file extension for cyclonedx (<a href="https://redirect.github.com/google/ko/issues/974">#974</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/11670b7498be63bc0e04e7ba36433fd22f9654ce"><code>11670b7</code></a> fix: handle docker's unknown/unknown platform in index manifests (<a href="https://redirect.github.com/google/ko/issues/975">#975</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/7ce947817e2f59942cb181aa833bfd13533bcc19"><code>7ce9478</code></a> fix cosign by adding --yes (<a href="https://redirect.github.com/google/ko/issues/973">#973</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/9302da78dc995b2b2dd70c044708c3c4c6a056b6"><code>9302da7</code></a> Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (<a href="https://redirect.github.com/google/ko/issues/972">#972</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/a1588838ba1698c3ca3f6785363a1a9f82ed4baa"><code>a158883</code></a> Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (<a href="https://redirect.github.com/google/ko/issues/971">#971</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/86b6c2854f8a7c321ce1b8ea121938ce9cc79475"><code>86b6c28</code></a> Bump actions/checkout from 2 to 3 (<a href="https://redirect.github.com/google/ko/issues/966">#966</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/0bd12fb106ed9d03994a6b8883f8a5d834a2aa15"><code>0bd12fb</code></a> Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (<a href="https://redirect.github.com/google/ko/issues/967">#967</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/d5125daacd07306d3814a6910cc54422824331e6"><code>d5125da</code></a> Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (<a href="https://redirect.github.com/google/ko/issues/965">#965</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/03f4aed68268fb320b32195c80292300056b264c"><code>03f4aed</code></a> add ko community meeting details (<a href="https://redirect.github.com/google/ko/issues/938">#938</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2023-03-29 19:38:57 +02:00
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
chore(deps): bump gocloud.dev from 0.36.0 to 0.37.0 (#4688) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.36.0&new-version=0.37.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-13 19:59:13 +02:00
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
feat(deps): bump github.com/google/ko from 0.13.0 to 0.14.1 (#4132) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.13.0 to 0.14.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.14.1</h2> <h2>What's Changed</h2> <ul> <li>fix: Use attestation-name output by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/980">ko-build/ko#980</a></li> <li>Upgrade to go120 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/984">ko-build/ko#984</a></li> <li>fix release workflow by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/977">ko-build/ko#977</a></li> <li>fix deprecated attestation name by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/983">ko-build/ko#983</a></li> <li>refactor release job by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/986">ko-build/ko#986</a></li> <li>use git hash instead of git tag by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/988">ko-build/ko#988</a></li> <li>Correct a typo in resolver.go by <a href="https://github.com/felixonmars"><code>@​felixonmars</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/989">ko-build/ko#989</a></li> <li>feat: add riscv64 to goreleaser goarch by <a href="https://github.com/ernado"><code>@​ernado</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/990">ko-build/ko#990</a></li> <li>try to fix codeql workflow by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/994">ko-build/ko#994</a></li> <li>Push images faster by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1005">ko-build/ko#1005</a></li> <li>Don't publish tags twice by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1010">ko-build/ko#1010</a></li> <li>Add context to many gobuild errors by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1016">ko-build/ko#1016</a></li> <li>Fix --local with KO_DOCKER_REPO by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1017">ko-build/ko#1017</a></li> <li>Fix: Incorporate platform architecture by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1029">ko-build/ko#1029</a></li> <li>Update community.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1035">ko-build/ko#1035</a></li> <li>mention ko tekton task by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1039">ko-build/ko#1039</a></li> <li>Update community.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1037">ko-build/ko#1037</a></li> <li>Fix kind image loading for MacOS by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1026">ko-build/ko#1026</a></li> <li>Revert &quot;Fix kind image loading for MacOS&quot; by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1054">ko-build/ko#1054</a></li> <li>update boilerplate file to be KO Build Authors by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1056">ko-build/ko#1056</a></li> <li>Pin setup-ko to previous release by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1082">ko-build/ko#1082</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/felixonmars"><code>@​felixonmars</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/989">ko-build/ko#989</a></li> <li><a href="https://github.com/ernado"><code>@​ernado</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/990">ko-build/ko#990</a></li> <li><a href="https://github.com/aidy"><code>@​aidy</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1026">ko-build/ko#1026</a></li> <li><a href="https://github.com/luhring"><code>@​luhring</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1073">ko-build/ko#1073</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.13.0...v0.14.1">https://github.com/ko-build/ko/compare/v0.13.0...v0.14.1</a></p> <h2>v0.14.0</h2> <p>No release notes provided.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/200db7243f02b5c0303e21d8ab8e3b4ad3a229d0"><code>200db72</code></a> Pin setup-ko to previous release (<a href="https://redirect.github.com/google/ko/issues/1082">#1082</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/4366ded82cdda05ef85bc5483d19daa241d08f38"><code>4366ded</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1079">#1079</a> from ko-build/dependabot/github_actions/slsa-framewo...</li> <li><a href="https://github.com/ko-build/ko/commit/adbea950c10e2c69c7bf0589a6bf0b4e7ceafbfa"><code>adbea95</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1078">#1078</a> from ko-build/dependabot/github_actions/goreleaser/g...</li> <li><a href="https://github.com/ko-build/ko/commit/6175237fe6539a48206da87c239ad98b4f7d7312"><code>6175237</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1077">#1077</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/5e5fe2e703c1f0c9186975b06090ae563283f48d"><code>5e5fe2e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1076">#1076</a> from ko-build/dependabot/github_actions/aws-actions/...</li> <li><a href="https://github.com/ko-build/ko/commit/dc9b3eebef9818e2efab17cec8dd3eebff72e074"><code>dc9b3ee</code></a> Bump github.com/spf13/viper from 1.15.0 to 1.16.0</li> <li><a href="https://github.com/ko-build/ko/commit/ed445128e25c7bd0b6643b58ac44383a583d84f5"><code>ed44512</code></a> Bump golang.org/x/tools from 0.9.3 to 0.10.0 (<a href="https://redirect.github.com/google/ko/issues/1080">#1080</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/fcd95ec958cad910b4746245662506b1f974f40e"><code>fcd95ec</code></a> Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0</li> <li><a href="https://github.com/ko-build/ko/commit/974f09cdeacd7042c3db573366768ecbb32246a5"><code>974f09c</code></a> Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0</li> <li><a href="https://github.com/ko-build/ko/commit/893f6e877f7c352261c13e078bb8fc9709bb285c"><code>893f6e8</code></a> Bump aws-actions/configure-aws-credentials from 2.1.0 to 2.2.0</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.13.0...v0.14.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 18:56:50 +02:00
github.com/BurntSushi/toml v1.2.1 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
chore(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.2 to 2.35.3 (#4596) Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.35.2 to 2.35.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's releases</a>.</em></p> <blockquote> <h2>v2.35.3</h2> <h2>Changelog</h2> <h3>Bug fixes</h3> <ul> <li>f8ccc9df94eb9a4c91c3a1c78d4759a65f156731: fix: file mode when type: tree (<a href="https://redirect.github.com/goreleaser/nfpm/issues/779">#779</a>) (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>e1ebfdad10ef98fe6c9d424efe3f97d7b2322f04: fix: honor SOURCE_DATE_EPOCH for files (<a href="https://redirect.github.com/goreleaser/nfpm/issues/775">#775</a>) (<a href="https://github.com/osm"><code>@​osm</code></a>)</li> </ul> <h3>Dependency updates</h3> <ul> <li>9c48b79596993dd653087f91861794b7da6267e6: feat(deps): bump github.com/ProtonMail/go-crypto (<a href="https://redirect.github.com/goreleaser/nfpm/issues/771">#771</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>d7a5dc79573e4bf5d65c3f00d9cac81736f12597: feat(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/765">#765</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>fbc55c56be14ac5de4207becb98c908c615dee7e: feat(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/774">#774</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>9bb94d758ce739fc27c19bbe04bf1c1d33ce3fa9: fix(deps): update go-rpmutils (<a href="https://redirect.github.com/goreleaser/nfpm/issues/764">#764</a>) (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>5ace4da2fd3162383a16218e2ef405dc2676bdfc: ci: update changelog (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <h3>Other work</h3> <ul> <li>cd6b94108561b9ef1b06e1db8bfe9e3b3f643253: docs: update cmd docs (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>672f8c6537228848062786d7ad2d2956f6808986: docs: update starchart url (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3">https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3</a></p> <h2>Helping out</h2> <p>This release is only possible thanks to <strong>all</strong> the support of <strong>awesome people</strong>!</p> <p>Want to be one of them? You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a href="https://goreleaser.com/contributing">contribute with code</a>.</p> <h2>Where to go next?</h2> <ul> <li>nFPM is a satellite project from GoReleaser. <a href="https://goreleaser.com">Check it out</a>!</li> <li>Find examples and commented usage of all options in our <a href="https://nfpm.goreleaser.com/">website</a>.</li> <li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and <a href="https://twitter.com/goreleaser">Twitter</a>!</li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML omitted --></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/goreleaser/nfpm/commit/5ace4da2fd3162383a16218e2ef405dc2676bdfc"><code>5ace4da</code></a> ci: update changelog</li> <li><a href="https://github.com/goreleaser/nfpm/commit/f8ccc9df94eb9a4c91c3a1c78d4759a65f156731"><code>f8ccc9d</code></a> fix: file mode when type: tree (<a href="https://redirect.github.com/goreleaser/nfpm/issues/779">#779</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/48d1a19eb6c3b6fa7cf69295aa2e7bf8d2b2f520"><code>48d1a19</code></a> chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/778">#778</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/e1ebfdad10ef98fe6c9d424efe3f97d7b2322f04"><code>e1ebfda</code></a> fix: honor SOURCE_DATE_EPOCH for files (<a href="https://redirect.github.com/goreleaser/nfpm/issues/775">#775</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/25f6f2b7368585e0534b668ef76094f107e1fe4f"><code>25f6f2b</code></a> chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/776">#776</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/fbc55c56be14ac5de4207becb98c908c615dee7e"><code>fbc55c5</code></a> feat(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/774">#774</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/d83a6724284364757db5b61c7b2bd9bf0918264e"><code>d83a672</code></a> chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/773">#773</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/995a27a6fb5009a2a7e13e7747c9a7ef5a3e8098"><code>995a27a</code></a> chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/772">#772</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/9c48b79596993dd653087f91861794b7da6267e6"><code>9c48b79</code></a> feat(deps): bump github.com/ProtonMail/go-crypto (<a href="https://redirect.github.com/goreleaser/nfpm/issues/771">#771</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/e8832cc97b405ce3af1a6026f010d19e521bb1ff"><code>e8832cc</code></a> chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/770">#770</a>)</li> <li>Additional commits viewable in <a href="https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | github.com/goreleaser/nfpm/v2 | [>= 2.24.a, < 2.25] | </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/goreleaser/nfpm/v2&package-manager=go_modules&previous-version=2.35.2&new-version=2.35.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 20:56:17 +02:00
github.com/ProtonMail/go-crypto v1.0.0 // indirect
github.com/alessio/shellescape v1.4.1 // indirect
github.com/anchore/bubbly v0.0.0-20230518153401-87b6af8ccf22 // indirect
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
feat(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.1 (#3979) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.0.1 to 1.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/rekor/releases">github.com/sigstore/rekor's releases</a>.</em></p> <blockquote> <h1>v1.1.1</h1> <h2>Functional Enhancements</h2> <ul> <li>Refactor Trillian client with exported methods (<a href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li> <li>Switch to official redis-go client (<a href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li> <li>Remove replace in go.mod (<a href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li> <li>Add Rekor OID info. (<a href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>remove legacy encrypted cosign key (<a href="https://redirect.github.com/sigstore/rekor/issues/1446">#1446</a>)</li> <li>swap cjson dependency (<a href="https://redirect.github.com/sigstore/rekor/issues/1441">#1441</a>)</li> <li>Update release readme (<a href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-2h5h-59f5-c5x9</li> </ul> <h2>Contributors</h2> <ul> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Ceridwen Coghlan</li> <li>Hayden B</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/rekor/compare/v1.1.0...v1.1.1">https://github.com/sigstore/rekor/compare/v1.1.0...v1.1.1</a></p> <h1>v1.1.0</h1> <h2>Functional Enhancements</h2> <ul> <li>improve validation on intoto v0.0.2 type (<a href="https://redirect.github.com/sigstore/rekor/issues/1351">#1351</a>)</li> <li>add feature to limit HTTP request body length to process (<a href="https://redirect.github.com/sigstore/rekor/issues/1334">#1334</a>)</li> <li>add information about the file size limit (<a href="https://redirect.github.com/sigstore/rekor/issues/1313">#1313</a>)</li> <li>Add script to backfill Redis from Rekor (<a href="https://redirect.github.com/sigstore/rekor/issues/1163">#1163</a>)</li> <li>Feature: add search support for sha512 (<a href="https://redirect.github.com/sigstore/rekor/issues/1142">#1142</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>fuzzing: refactor OSS-Fuzz build script (<a href="https://redirect.github.com/sigstore/rekor/issues/1377">#1377</a>)</li> <li>Update cloudbuild for cosign 2.0 (<a href="https://redirect.github.com/sigstore/rekor/issues/1375">#1375</a>)</li> <li>Tests - Additional sharding tests (<a href="https://redirect.github.com/sigstore/rekor/issues/1180">#1180</a>)</li> <li>jar type: add fuzzer for 3rd-party dep (<a href="https://redirect.github.com/sigstore/rekor/issues/1360">#1360</a>)</li> <li>update cosign to 2.0.0 and builder image and also cosign flags (<a href="https://redirect.github.com/sigstore/rekor/issues/1368">#1368</a>)</li> <li>fuzzing: move alpine utils to fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1335">#1335</a>)</li> <li>fuzzing: add seed for alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1342">#1342</a>)</li> <li>jar: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1327">#1327</a>)</li> <li>fuzzing: open writer later in fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1326">#1326</a>)</li> <li>fuzzing: remove tar operations in alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1322">#1322</a>)</li> <li>alpine: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1316">#1316</a>)</li> <li>hashedrekord: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1315">#1315</a>)</li> <li>fuzzing: add call to IndexKeys in multiple fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1302">#1302</a>)</li> <li>fuzzing: improve cose fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1300">#1300</a>)</li> <li>fuzzing: improve fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1298">#1298</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/rekor/blob/main/CHANGELOG.md">github.com/sigstore/rekor's changelog</a>.</em></p> <blockquote> <h1>v1.1.1</h1> <h2>Functional Enhancements</h2> <ul> <li>Refactor Trillian client with exported methods (<a href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li> <li>Switch to official redis-go client (<a href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li> <li>Remove replace in go.mod (<a href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li> <li>Add Rekor OID info. (<a href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>remove legacy encrypted cosign key (<a href="https://redirect.github.com/sigstore/rekor/issues/1446">#1446</a>)</li> <li>swap cjson dependency (<a href="https://redirect.github.com/sigstore/rekor/issues/1441">#1441</a>)</li> <li>Update release readme (<a href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-2h5h-59f5-c5x9</li> </ul> <h2>Contributors</h2> <ul> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Ceridwen Coghlan</li> <li>Hayden B</li> </ul> <h1>v1.1.0</h1> <h2>Functional Enhancements</h2> <ul> <li>improve validation on intoto v0.0.2 type (<a href="https://redirect.github.com/sigstore/rekor/issues/1351">#1351</a>)</li> <li>add feature to limit HTTP request body length to process (<a href="https://redirect.github.com/sigstore/rekor/issues/1334">#1334</a>)</li> <li>add information about the file size limit (<a href="https://redirect.github.com/sigstore/rekor/issues/1313">#1313</a>)</li> <li>Add script to backfill Redis from Rekor (<a href="https://redirect.github.com/sigstore/rekor/issues/1163">#1163</a>)</li> <li>Feature: add search support for sha512 (<a href="https://redirect.github.com/sigstore/rekor/issues/1142">#1142</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>fuzzing: refactor OSS-Fuzz build script (<a href="https://redirect.github.com/sigstore/rekor/issues/1377">#1377</a>)</li> <li>Update cloudbuild for cosign 2.0 (<a href="https://redirect.github.com/sigstore/rekor/issues/1375">#1375</a>)</li> <li>Tests - Additional sharding tests (<a href="https://redirect.github.com/sigstore/rekor/issues/1180">#1180</a>)</li> <li>jar type: add fuzzer for 3rd-party dep (<a href="https://redirect.github.com/sigstore/rekor/issues/1360">#1360</a>)</li> <li>update cosign to 2.0.0 and builder image and also cosign flags (<a href="https://redirect.github.com/sigstore/rekor/issues/1368">#1368</a>)</li> <li>fuzzing: move alpine utils to fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1335">#1335</a>)</li> <li>fuzzing: add seed for alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1342">#1342</a>)</li> <li>jar: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1327">#1327</a>)</li> <li>fuzzing: open writer later in fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1326">#1326</a>)</li> <li>fuzzing: remove tar operations in alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1322">#1322</a>)</li> <li>alpine: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1316">#1316</a>)</li> <li>hashedrekord: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1315">#1315</a>)</li> <li>fuzzing: add call to IndexKeys in multiple fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1302">#1302</a>)</li> <li>fuzzing: improve cose fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1300">#1300</a>)</li> <li>fuzzing: improve fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1298">#1298</a>)</li> <li>fuzzing: improve alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1273">#1273</a>)</li> <li>fuzzing: go mod edit go-fuzz-headers (<a href="https://redirect.github.com/sigstore/rekor/issues/1272">#1272</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/rekor/commit/0c1914e5e955cb9f514e32b222cf61a13e91ab08"><code>0c1914e</code></a> update CHANGELOG for v1.1.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1462">#1462</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48"><code>cf42ace</code></a> Merge pull request from GHSA-2h5h-59f5-c5x9</li> <li><a href="https://github.com/sigstore/rekor/commit/46ac0b224e673b969457597b15af2d125ae8c5c2"><code>46ac0b2</code></a> Refactor Trillian client with exported methods (<a href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/5d6e9723b1d251001906c5583b0fd6fe7e3a1cb3"><code>5d6e972</code></a> build(deps): bump github.com/redis/go-redis/v9 from 9.0.3 to 9.0.4 (<a href="https://redirect.github.com/sigstore/rekor/issues/1460">#1460</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/baa14ce4ebe621399ff8330dd8ddc4a6ca2e2533"><code>baa14ce</code></a> Switch to official redis-go client (<a href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/059e097a0b6856ff6ed79c96cba171df691eb3d8"><code>059e097</code></a> build(deps): bump github.com/go-playground/validator/v10 (<a href="https://redirect.github.com/sigstore/rekor/issues/1457">#1457</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/1f75c792567e6a4b2fa0ebb5e12fe500434d33b1"><code>1f75c79</code></a> Update release readme (<a href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/98163f336ce3db11d776c0eabc4c7bccda7612dd"><code>98163f3</code></a> build(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (<a href="https://redirect.github.com/sigstore/rekor/issues/1455">#1455</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/24cb647106d74051ba70ce867b5c7319ad29e3b9"><code>24cb647</code></a> Remove replace in go.mod (<a href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/39bd69bc7c474ff07fef392ff139d0c01c2e116a"><code>39bd69b</code></a> Add Rekor OID info. (<a href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/rekor/compare/v1.0.1...v1.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/rekor&package-manager=go_modules&previous-version=1.0.1&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-04 04:11:29 +02:00
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.55.5
github.com/aws/aws-sdk-go-v2 v1.30.3 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect
github.com/aws/aws-sdk-go-v2/config v1.27.27 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect
chore(deps): bump gocloud.dev from 0.36.0 to 0.37.0 (#4688) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.36.0&new-version=0.37.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-13 19:59:13 +02:00
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 // indirect
chore(deps): bump github.com/google/ko from 0.15.2 to 0.15.4 (#4885) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.2 to 0.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Refactor global values to be defaults by <a href="https://github.com/nmittler"><code>@​nmittler</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1318">ko-build/ko#1318</a></p> </li> <li> <p>Bump actions/checkout from 4.1.5 to 4.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1316">ko-build/ko#1316</a></p> </li> <li> <p>Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1315">ko-build/ko#1315</a></p> </li> <li> <p>Bump github/codeql-action from 2.13.4 to 3.25.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1319">ko-build/ko#1319</a></p> </li> <li> <p>Bump github/codeql-action from 3.25.5 to 3.25.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1321">ko-build/ko#1321</a></p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4">https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4</a></p> <h2>v0.15.3</h2> <p>🚨 We are investigating an issue with this release 🚨 See <a href="https://redirect.github.com/ko-build/ko/issues/1317">ko-build/ko#1317</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1244">ko-build/ko#1244</a></li> <li>Fix fly.io deployment docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1247">ko-build/ko#1247</a></li> <li>Bump golang.org/x/tools from 0.18.0 to 0.19.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1249">ko-build/ko#1249</a></li> <li>Update setup-ko action link in install.md by <a href="https://github.com/koki-develop"><code>@​koki-develop</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1256">ko-build/ko#1256</a></li> <li>Fix kind image names with --bare by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1027">ko-build/ko#1027</a></li> <li>fix: update github.com/awslabs/amazon-ecr-credential-helper to latest version by <a href="https://github.com/nesty92"><code>@​nesty92</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1267">ko-build/ko#1267</a></li> <li>drop go1.20 and start testing with go1.22 and ci updates by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1251">ko-build/ko#1251</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1265">ko-build/ko#1265</a></li> <li>Bump reviewdog/action-misspell from 1.15.0 to 1.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1252">ko-build/ko#1252</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1258">ko-build/ko#1258</a></li> <li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1255">ko-build/ko#1255</a></li> <li>Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1257">ko-build/ko#1257</a></li> <li>Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1253">ko-build/ko#1253</a></li> <li>Bump actions/setup-python from 5.0.0 to 5.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1269">ko-build/ko#1269</a></li> <li>Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1259">ko-build/ko#1259</a></li> <li>Bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1263">ko-build/ko#1263</a></li> <li>Bump reviewdog/action-misspell from 1.16.0 to 1.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1270">ko-build/ko#1270</a></li> <li>Add support for setting capabilities on the app binary by <a href="https://github.com/mejedi"><code>@​mejedi</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1271">ko-build/ko#1271</a></li> <li>Bump golang.org/x/sync from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1273">ko-build/ko#1273</a></li> <li>Bump golang.org/x/tools from 0.19.0 to 0.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1272">ko-build/ko#1272</a></li> <li>Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1275">ko-build/ko#1275</a></li> <li>Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1277">ko-build/ko#1277</a></li> <li>chore: fix function names in comment by <a href="https://github.com/camcui"><code>@​camcui</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1278">ko-build/ko#1278</a></li> <li>Bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1279">ko-build/ko#1279</a></li> <li>Fix AWS Lambda advanced docs by <a href="https://github.com/mattn"><code>@​mattn</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1281">ko-build/ko#1281</a></li> <li>Bump actions/upload-artifact from 4.3.1 to 4.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1284">ko-build/ko#1284</a></li> <li>Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1283">ko-build/ko#1283</a></li> <li>Bump actions/checkout from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1285">ko-build/ko#1285</a></li> <li>Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1286">ko-build/ko#1286</a></li> <li>Bump actions/upload-artifact from 4.3.2 to 4.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1288">ko-build/ko#1288</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1287">ko-build/ko#1287</a></li> <li>Bump actions/checkout from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1290">ko-build/ko#1290</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/c9e27f0dae0b9db53e19d521bbc5ee811ce00e39"><code>c9e27f0</code></a> Update integration_test.sh</li> <li><a href="https://github.com/ko-build/ko/commit/7cb29ac9b8f0dbdea83e2828fb9da040752b2053"><code>7cb29ac</code></a> Refactor global values to be defaults</li> <li><a href="https://github.com/ko-build/ko/commit/29e852e8bbd76d65722c57497106adb1378f885f"><code>29e852e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1321">#1321</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/74f02a8f5989e979bbc10ac067ae8d4cbd22537e"><code>74f02a8</code></a> ---</li> <li><a href="https://github.com/ko-build/ko/commit/81723216fa527be864baee6f6518fa0895e12710"><code>8172321</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1319">#1319</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/f979606b996aa20b6c6ad01226b726e1cb2777e7"><code>f979606</code></a> Bump github/codeql-action from 2.13.4 to 3.25.5</li> <li><a href="https://github.com/ko-build/ko/commit/bb99eccfe235e7b583c857bb1bafbf45f72178d1"><code>bb99ecc</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1315">#1315</a> from ko-build/dependabot/go_modules/github.com/docke...</li> <li><a href="https://github.com/ko-build/ko/commit/dcb8f4edfe8463aba0554e8cd03e58b1bd650f0a"><code>dcb8f4e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1316">#1316</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/7e47ec504a307bc63b4e2254434b9644dcf33841"><code>7e47ec5</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/ko-build/ko/commit/459bf48a23b48e5423109fd30ea0eca546279709"><code>459bf48</code></a> Bump github.com/docker/docker</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.15.2...v0.15.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.15.2&new-version=0.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-22 15:56:23 +02:00
github.com/aws/aws-sdk-go-v2/service/ecr v1.28.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.5 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 // indirect
github.com/aws/aws-sdk-go-v2/service/kms v1.35.3 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
github.com/aws/smithy-go v1.20.3 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/bahlo/generic-list-go v0.2.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
chore(deps): bump github.com/anchore/quill from 0.4.1 to 0.4.2 (#4988) Bumps [github.com/anchore/quill](https://github.com/anchore/quill) from 0.4.1 to 0.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/quill/releases">github.com/anchore/quill's releases</a>.</em></p> <blockquote> <h2>v0.4.2</h2> <h1>Changelog</h1> <h2><a href="https://github.com/anchore/quill/tree/v0.4.2">v0.4.2</a> (2024-07-11)</h2> <p><a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">Full Changelog</a></p> <h3>Bug Fixes</h3> <ul> <li>fix: terminal no longer clobbered [[PR <a href="https://redirect.github.com/anchore/quill/issues/142">#142</a>](https://redirect.github.com/anchore/quill/pull/142)] [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>fix: notarization should not fail [[Issue <a href="https://redirect.github.com/anchore/quill/issues/118">#118</a>](https://redirect.github.com/anchore/quill/issues/118)] [[PR <a href="https://redirect.github.com/anchore/quill/issues/119">#119</a>](https://redirect.github.com/anchore/quill/pull/119)] [<a href="https://github.com/wagoodman">wagoodman</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/quill/commit/4639bd62b2a88f6552bb3dea42e501f538919a93"><code>4639bd6</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.223 to 1.1.225 (<a href="https://redirect.github.com/anchore/quill/issues/455">#455</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ca419a618682341ec40798043358c0e4f69e4c91"><code>ca419a6</code></a> chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (<a href="https://redirect.github.com/anchore/quill/issues/449">#449</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf4af8169670bcab7e9b01fb2f56c969d694b22f"><code>bf4af81</code></a> chore(deps): bump github.com/charmbracelet/lipgloss (<a href="https://redirect.github.com/anchore/quill/issues/454">#454</a>)</li> <li><a href="https://github.com/anchore/quill/commit/8b306166bb4dbffa2419d05950c5039993f465d8"><code>8b30616</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.12 to 1.54.18 (<a href="https://redirect.github.com/anchore/quill/issues/456">#456</a>)</li> <li><a href="https://github.com/anchore/quill/commit/dd4e6c85c5c2493529c74fe94a58dd71fd2aa930"><code>dd4e6c8</code></a> chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (<a href="https://redirect.github.com/anchore/quill/issues/453">#453</a>)</li> <li><a href="https://github.com/anchore/quill/commit/a75519372136730ec04ef8e8e848f71196faf311"><code>a755193</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.220 to 1.1.223 (<a href="https://redirect.github.com/anchore/quill/issues/439">#439</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf64d8a2fd68f72094080e2af3a4eca884b430d6"><code>bf64d8a</code></a> chore(deps): bump github.com/charmbracelet/bubbletea (<a href="https://redirect.github.com/anchore/quill/issues/440">#440</a>)</li> <li><a href="https://github.com/anchore/quill/commit/196e96e91826b422557a1f3b23ab59276dac46a9"><code>196e96e</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.2 to 1.54.12 (<a href="https://redirect.github.com/anchore/quill/issues/446">#446</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ff50f7a9dd90dff83c0c8536374085a0d73ebbcd"><code>ff50f7a</code></a> chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/anchore/quill/issues/427">#427</a>)</li> <li><a href="https://github.com/anchore/quill/commit/092a1387f060de85a8a8b0d2d5c987a68603b65e"><code>092a138</code></a> chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (<a href="https://redirect.github.com/anchore/quill/issues/432">#432</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/anchore/quill&package-manager=go_modules&previous-version=0.4.1&new-version=0.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 14:41:38 +02:00
github.com/blacktop/go-dwarf v1.0.10 // indirect
github.com/blacktop/go-macho v1.1.225 // indirect
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
github.com/buger/jsonparser v1.1.1 // indirect
github.com/carlmjohnson/versioninfo v0.22.5 // indirect
github.com/cavaliergopher/cpio v1.0.1 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
chore(deps): bump github.com/anchore/quill from 0.4.1 to 0.4.2 (#4988) Bumps [github.com/anchore/quill](https://github.com/anchore/quill) from 0.4.1 to 0.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/quill/releases">github.com/anchore/quill's releases</a>.</em></p> <blockquote> <h2>v0.4.2</h2> <h1>Changelog</h1> <h2><a href="https://github.com/anchore/quill/tree/v0.4.2">v0.4.2</a> (2024-07-11)</h2> <p><a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">Full Changelog</a></p> <h3>Bug Fixes</h3> <ul> <li>fix: terminal no longer clobbered [[PR <a href="https://redirect.github.com/anchore/quill/issues/142">#142</a>](https://redirect.github.com/anchore/quill/pull/142)] [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>fix: notarization should not fail [[Issue <a href="https://redirect.github.com/anchore/quill/issues/118">#118</a>](https://redirect.github.com/anchore/quill/issues/118)] [[PR <a href="https://redirect.github.com/anchore/quill/issues/119">#119</a>](https://redirect.github.com/anchore/quill/pull/119)] [<a href="https://github.com/wagoodman">wagoodman</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/quill/commit/4639bd62b2a88f6552bb3dea42e501f538919a93"><code>4639bd6</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.223 to 1.1.225 (<a href="https://redirect.github.com/anchore/quill/issues/455">#455</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ca419a618682341ec40798043358c0e4f69e4c91"><code>ca419a6</code></a> chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (<a href="https://redirect.github.com/anchore/quill/issues/449">#449</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf4af8169670bcab7e9b01fb2f56c969d694b22f"><code>bf4af81</code></a> chore(deps): bump github.com/charmbracelet/lipgloss (<a href="https://redirect.github.com/anchore/quill/issues/454">#454</a>)</li> <li><a href="https://github.com/anchore/quill/commit/8b306166bb4dbffa2419d05950c5039993f465d8"><code>8b30616</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.12 to 1.54.18 (<a href="https://redirect.github.com/anchore/quill/issues/456">#456</a>)</li> <li><a href="https://github.com/anchore/quill/commit/dd4e6c85c5c2493529c74fe94a58dd71fd2aa930"><code>dd4e6c8</code></a> chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (<a href="https://redirect.github.com/anchore/quill/issues/453">#453</a>)</li> <li><a href="https://github.com/anchore/quill/commit/a75519372136730ec04ef8e8e848f71196faf311"><code>a755193</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.220 to 1.1.223 (<a href="https://redirect.github.com/anchore/quill/issues/439">#439</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf64d8a2fd68f72094080e2af3a4eca884b430d6"><code>bf64d8a</code></a> chore(deps): bump github.com/charmbracelet/bubbletea (<a href="https://redirect.github.com/anchore/quill/issues/440">#440</a>)</li> <li><a href="https://github.com/anchore/quill/commit/196e96e91826b422557a1f3b23ab59276dac46a9"><code>196e96e</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.2 to 1.54.12 (<a href="https://redirect.github.com/anchore/quill/issues/446">#446</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ff50f7a9dd90dff83c0c8536374085a0d73ebbcd"><code>ff50f7a</code></a> chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/anchore/quill/issues/427">#427</a>)</li> <li><a href="https://github.com/anchore/quill/commit/092a1387f060de85a8a8b0d2d5c987a68603b65e"><code>092a138</code></a> chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (<a href="https://redirect.github.com/anchore/quill/issues/432">#432</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/anchore/quill&package-manager=go_modules&previous-version=0.4.1&new-version=0.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 14:41:38 +02:00
github.com/charmbracelet/bubbletea v0.26.6 // indirect
chore(deps): bump github.com/charmbracelet/lipgloss from 0.12.0 to 0.12.1 (#4994) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.12.0 to 0.12.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v0.12.1</h2> <p>This release fixes a regression with regard to border calculations introduced in Lip Gloss v0.11.1.</p> <hr /> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <p>Thoughts? Questions? We love hearing from you. Feel free to reach out on <a href="https://twitter.com/charmcli">Twitter</a>, <a href="https://mastodon.technology/@charm">The Fediverse</a>, or on <a href="https://charm.sh/chat">Discord</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/670898dc36d5bd9a8a8681a96e9c49e6f2c7f57a"><code>670898d</code></a> chore: retract v0.11.1</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/1b3672b3191abbeb7a69d52bc3a14f3b828baa16"><code>1b3672b</code></a> chore: upgrade x/ansi to v0.1.4</li> <li>See full diff in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.12.0...v0.12.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.12.0&new-version=0.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-15 14:47:27 +02:00
github.com/charmbracelet/x/ansi v0.1.4 // indirect
github.com/charmbracelet/x/input v0.1.0 // indirect
github.com/charmbracelet/x/term v0.1.1 // indirect
github.com/charmbracelet/x/windows v0.1.0 // indirect
github.com/cloudflare/circl v1.3.8 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/containerd/continuity v0.4.3 // indirect
feat(deps): bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 (#3878) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>Changelog</h2> <ul> <li>9306ebad Allow crane edit to generate non-image artifacts (<a href="https://redirect.github.com/google/go-containerregistry/issues/1545">#1545</a>)</li> <li>de35f0f7 Allow setting Content-Type in crane edit manifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1551">#1551</a>)</li> <li>4b081f80 Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li>1cfe1fc2 Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li>da1008fb Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1548">#1548</a>)</li> <li>86be45fb Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1547">#1547</a>)</li> <li>62f183e5 Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1556">#1556</a>)</li> <li>1b8dc2ba Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li>11843ba2 Enforce proper sha256 usage (<a href="https://redirect.github.com/google/go-containerregistry/issues/1544">#1544</a>)</li> <li>2ceebaaf Implement crane index subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1561">#1561</a>)</li> <li>9f42e028 Set mediaType for empty.ImageIndex in RawManifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1562">#1562</a>)</li> <li>759b19f7 Support artifactType, for images whose config.mediaType is not a config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1541">#1541</a>)</li> <li>b3c23b4c Support for OCI 1.1+ referrers via API (<a href="https://redirect.github.com/google/go-containerregistry/issues/1546">#1546</a>)</li> <li>061ee6bf Support for OCI 1.1+ referrers via fallback tag (<a href="https://redirect.github.com/google/go-containerregistry/issues/1543">#1543</a>)</li> <li>67703048 Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li>76bac933 Update release.yml (<a href="https://redirect.github.com/google/go-containerregistry/issues/1540">#1540</a>)</li> <li>eb7d746c authn: also read mount secrets (<a href="https://redirect.github.com/google/go-containerregistry/issues/1560">#1560</a>)</li> <li>e94d4089 bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li>4e95ae2b crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li>ff810c18 crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li>8ea5e0e8 crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li>824efc77 fix(mutate): also set timestamps only present in some formats (<a href="https://redirect.github.com/google/go-containerregistry/issues/1550">#1550</a>)</li> <li>e04520bc fix: Fix the crane release url and add more steps (<a href="https://redirect.github.com/google/go-containerregistry/issues/1532">#1532</a>)</li> <li>d8722327 hash: use generic instantiation (<a href="https://redirect.github.com/google/go-containerregistry/issues/1538">#1538</a>)</li> <li>57f010d2 replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li>9cd098e3 skip tls verification if default transport is used with insecure option (<a href="https://redirect.github.com/google/go-containerregistry/issues/1559">#1559</a>)</li> <li>36249683 tarball: pass imageToTags (<a href="https://redirect.github.com/google/go-containerregistry/issues/1563">#1563</a>)</li> </ul> <h3>Container Images</h3> <p><a href="https://gcr.io/go-containerregistry/crane:v0.14.0">https://gcr.io/go-containerregistry/crane:v0.14.0</a> <a href="https://gcr.io/go-containerregistry/gcrane:v0.14.0">https://gcr.io/go-containerregistry/gcrane:v0.14.0</a></p> <p>For example:</p> <pre><code>docker pull gcr.io/go-containerregistry/crane:v0.14.0 docker pull gcr.io/go-containerregistry/gcrane:v0.14.0 </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-containerregistry/commit/4b081f801f399fa293f23e42ba4c4ac6a6003f2c"><code>4b081f8</code></a> Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1cfe1fc25f233b40aa5d3b0edd572ed5c3f854c9"><code>1cfe1fc</code></a> Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/e94d40893b2d013992192f8a1a04fd1984fd24dc"><code>e94d408</code></a> bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/ff810c186c772e1056aa4081278ee84ee3fb565b"><code>ff810c1</code></a> crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/57f010d26af871587be87f5aed2550893d564a8c"><code>57f010d</code></a> replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/67703048992e9b025adf1a7b08f3bb195636be33"><code>6770304</code></a> Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1b8dc2babc55fd72d274e8f470f00e9e5ba43f1b"><code>1b8dc2b</code></a> Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/8ea5e0e8f045d827389d13bde5ae8269630e2e2e"><code>8ea5e0e</code></a> crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4e95ae2b72dd3b58fccb4ed579dbddf5c884822c"><code>4e95ae2</code></a> crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4a0e0af4bf958c0bfb17bdfac71c38204b930623"><code>4a0e0af</code></a> docs: Update crane installation and verification instructions (<a href="https://redirect.github.com/google/go-containerregistry/issues/1567">#1567</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-containerregistry&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 14:58:29 +02:00
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#4945) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p> <blockquote> <h2>v1.8.1</h2> <h2>✨ Features</h2> <ul> <li>Add env variable to suppress completion descriptions on create by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1938">spf13/cobra#1938</a></li> </ul> <h2>🐛 Bug fixes</h2> <ul> <li>Micro-optimizations by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1957">spf13/cobra#1957</a></li> </ul> <h2>🔧 Maintenance</h2> <ul> <li>build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2127">spf13/cobra#2127</a></li> <li>Consistent annotation names by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2140">spf13/cobra#2140</a></li> <li>Remove fully inactivated linters by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2148">spf13/cobra#2148</a></li> <li>Address golangci-lint deprecation warnings, enable some more linters by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2152">spf13/cobra#2152</a></li> </ul> <h2>🧪 Testing &amp; CI/CD</h2> <ul> <li>Add test for func in cobra.go by <a href="https://github.com/korovindenis"><code>@​korovindenis</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2094">spf13/cobra#2094</a></li> <li>ci: test golang 1.22 by <a href="https://github.com/cyrilico"><code>@​cyrilico</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2113">spf13/cobra#2113</a></li> <li>Optimized and added more linting by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2099">spf13/cobra#2099</a></li> <li>build(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2087">spf13/cobra#2087</a></li> <li>build(deps): bump actions/labeler from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2086">spf13/cobra#2086</a></li> <li>build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2108">spf13/cobra#2108</a></li> <li>build(deps): bump actions/cache from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2102">spf13/cobra#2102</a></li> </ul> <h2>✏️ Documentation</h2> <ul> <li>Fixes and docs for usage as plugin by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2070">spf13/cobra#2070</a></li> <li>flags: clarify documentation that LocalFlags related function do not modify the state by <a href="https://github.com/niamster"><code>@​niamster</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2064">spf13/cobra#2064</a></li> <li>chore: remove repetitive words by <a href="https://github.com/racerole"><code>@​racerole</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2122">spf13/cobra#2122</a></li> <li>Add LXC to the list of projects using Cobra <a href="https://github.com/VaradBelwalkar"><code>@​VaradBelwalkar</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2071">spf13/cobra#2071</a></li> <li>Update projects_using_cobra.md by <a href="https://github.com/marcuskohlberg"><code>@​marcuskohlberg</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2089">spf13/cobra#2089</a></li> <li>[chore]: update projects using cobra by <a href="https://github.com/cmwylie19"><code>@​cmwylie19</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2093">spf13/cobra#2093</a></li> <li>Add Taikun CLI to list of projects by <a href="https://github.com/Smidra"><code>@​Smidra</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2098">spf13/cobra#2098</a></li> <li>Add Incus to the list of projects using Cobra by <a href="https://github.com/montag451"><code>@​montag451</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2118">spf13/cobra#2118</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/cobra/commit/e94f6d0dd9a5e5738dca6bce03c4b1207ffbc0ec"><code>e94f6d0</code></a> Address golangci-lint deprecation warnings, enable some more linters (<a href="https://redirect.github.com/spf13/cobra/issues/2152">#2152</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/8003b74a10ef0d0d84fe3c408d3939d86fdeb210"><code>8003b74</code></a> Remove fully inactivated linters (<a href="https://redirect.github.com/spf13/cobra/issues/2148">#2148</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5c2c1d627d35a00153764a3d37400efc66eaca1c"><code>5c2c1d6</code></a> Consistent annotation names (<a href="https://redirect.github.com/spf13/cobra/issues/2140">#2140</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5a1acea3210649f3d70002818ec04b09f6347062"><code>5a1acea</code></a> build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 (<a href="https://redirect.github.com/spf13/cobra/issues/2127">#2127</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/0fc86c2ffd0326b6f6ed5fa36803d26993655c08"><code>0fc86c2</code></a> docs: update user guide (<a href="https://redirect.github.com/spf13/cobra/issues/2128">#2128</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/6b5f577ebce858ee70fcdd1f062ea3af4b1c03ab"><code>6b5f577</code></a> More linting (<a href="https://redirect.github.com/spf13/cobra/issues/2099">#2099</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/bd914e58d69d65e494b45bdb40e90ca816b92fcc"><code>bd914e5</code></a> fix: remove deprecated io/ioutils package (<a href="https://redirect.github.com/spf13/cobra/issues/2120">#2120</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/1f80fa2e23cc550c131e8a54dc72d11b265c6fcf"><code>1f80fa2</code></a> chore: remove repetitive words (<a href="https://redirect.github.com/spf13/cobra/issues/2122">#2122</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/c69ae4c36b134dd69e5ab9d3d6b9f571ca5afe1e"><code>c69ae4c</code></a> ci: test golang 1.22 (<a href="https://redirect.github.com/spf13/cobra/issues/2113">#2113</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/a30cee5e5ab0949cc888ef00ae6aee24e091e042"><code>a30cee5</code></a> build(deps): bump actions/cache from 3 to 4 (<a href="https://redirect.github.com/spf13/cobra/issues/2102">#2102</a>)</li> <li>Additional commits viewable in <a href="https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.8.0&new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 13:53:13 +02:00
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/davidmz/go-pageant v1.0.2 // indirect
github.com/dghubble/sling v1.4.0 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-beta.1 (#4983) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-alpha.1 to 3.0.0-beta.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-beta.1</h2> <p>Welcome to the <code>3.0.0-beta.1</code> release of registry!</p> <p>This is the last major <strong>pre-release</strong> of registry.</p> <p>See the changelog below for full list of changes.</p> <h2>Deprecated</h2> <ul> <li>the default configuration path has changed to <code>/etc/distribution/config.yml</code></li> </ul> <h2>Notable Changes</h2> <ul> <li>Support for sparse indexes enables selective mirroring of platform images</li> <li>Auth config now requires explicit declaration of token signing algorithms if using an unsupported signing algorithm</li> <li>Support for OpenTelemetry tracing has been added</li> <li>Redis cache now supports clustering and custom TLS config</li> <li>Caching proxy bug fixes and minor improvements</li> <li>Garbage collection fixes and improvements</li> <li>Documentation has received several updates</li> </ul> <h2>What's Changed</h2> <ul> <li>update: set User-Agent header in GCS storage driver by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4203">distribution/distribution#4203</a></li> <li>version: export getter functions by <a href="https://github.com/corhere"><code>@​corhere</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4204">distribution/distribution#4204</a></li> <li>feat: add GH issue template by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4206">distribution/distribution#4206</a></li> <li>fix: build status badge by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4207">distribution/distribution#4207</a></li> <li>docs: remove legacy kramdown options from link by <a href="https://github.com/SKalt"><code>@​SKalt</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4209">distribution/distribution#4209</a></li> <li>update: readme cleanup and fxes by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4208">distribution/distribution#4208</a></li> <li>feat: add PR labeler by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4205">distribution/distribution#4205</a></li> <li>fix: add missing skip in s3 driver test by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4219">distribution/distribution#4219</a></li> <li>vendor: github.com/mitchellh/mapstructure v1.5.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4222">distribution/distribution#4222</a></li> <li>chore: dependabot to keep gha up to date by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4217">distribution/distribution#4217</a></li> <li>build(deps): bump github/codeql-action from 1.0.26 to 3.22.12 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4225">distribution/distribution#4225</a></li> <li>build(deps): bump actions/deploy-pages from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4224">distribution/distribution#4224</a></li> <li>build(deps): bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4226">distribution/distribution#4226</a></li> <li>build(deps): bump actions/setup-go from 3 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4228">distribution/distribution#4228</a></li> <li>build(deps): bump actions/configure-pages from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4227">distribution/distribution#4227</a></li> <li>chore: generate authors and update mailmap by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4215">distribution/distribution#4215</a></li> <li>chore: use no-cache-filter for outdated stage by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4216">distribution/distribution#4216</a></li> <li>build(deps): bump actions/upload-pages-artifact from 2 to 3 by <a href="https://github.com/dvdksn"><code>@​dvdksn</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4234">distribution/distribution#4234</a></li> <li>build(deps): bump docker/login-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4239">distribution/distribution#4239</a></li> <li>build(deps): bump docker/metadata-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4240">distribution/distribution#4240</a></li> <li>update to alpine 3.19 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4210">distribution/distribution#4210</a></li> <li>build(deps): bump docker/setup-buildx-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4230">distribution/distribution#4230</a></li> <li>fix: load gcs credentials and client inside DriverConstructor by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4218">distribution/distribution#4218</a></li> <li>build(deps): bump docker/bake-action from 2 to 4 by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4253">distribution/distribution#4253</a></li> <li>build(deps): bump actions/upload-artifact from 3.0.0 to 4.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4254">distribution/distribution#4254</a></li> <li>remove deprecated ReadSeekCloser interfaces by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4245">distribution/distribution#4245</a></li> <li>vendor: github.com/gorilla/handlers v1.5.2 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4211">distribution/distribution#4211</a></li> <li>fix: update Dockerfile version output by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4212">distribution/distribution#4212</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/c709432b917488208fa78a7932843d91eca59801"><code>c709432</code></a> Prep for v3-beta1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4399">#4399</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/c72db4109c6259a6b53d7b071e5912dbdc166332"><code>c72db41</code></a> Prep for v3-beta1 release</li> <li><a href="https://github.com/distribution/distribution/commit/60da1934b6c5ca04a5e3abc820f288209b97bc5c"><code>60da193</code></a> Bump Go and golang linter (<a href="https://redirect.github.com/distribution/distribution/issues/4389">#4389</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/948a39d358e0a89e9704eff9270d76b9506393ca"><code>948a39d</code></a> Update docs: JWKS credentials and AZ identity (<a href="https://redirect.github.com/distribution/distribution/issues/4397">#4397</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/d3cc664fa2219d5ac6e7a724dbb755f27b08a2e6"><code>d3cc664</code></a> Update docs: JWKS credentials and AZ identity</li> <li><a href="https://github.com/distribution/distribution/commit/4dd0ac977e9674cc0c2f3b206edb43475dac91c1"><code>4dd0ac9</code></a> feat: implement 'rewrite' storage middleware (<a href="https://redirect.github.com/distribution/distribution/issues/4146">#4146</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/306f4ff71eae432a323723eb4ffaf9aa861ca603"><code>306f4ff</code></a> Replace custom Redis config struct with go-redis UniversalOptions (adds senti...</li> <li><a href="https://github.com/distribution/distribution/commit/558ace139143057e0f8e3dbbcc5b695dda33462a"><code>558ace1</code></a> feat: implement 'rewrite' storage middleware</li> <li><a href="https://github.com/distribution/distribution/commit/6d5911900a793318e61324584a144d2b06b40b2b"><code>6d59119</code></a> Update Redis configuration docs with TLS options</li> <li><a href="https://github.com/distribution/distribution/commit/3a8499541a8d624b909c1e16a8d41e22b756457e"><code>3a84995</code></a> docs: disable base element override (<a href="https://redirect.github.com/distribution/distribution/issues/4391">#4391</a>)</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-alpha.1...v3.0.0-beta.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-alpha.1&new-version=3.0.0-beta.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 02:49:48 +02:00
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v27.1.1+incompatible // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker v27.1.1+incompatible // indirect
chore(deps): bump github.com/google/ko from 0.15.2 to 0.15.4 (#4885) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.2 to 0.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Refactor global values to be defaults by <a href="https://github.com/nmittler"><code>@​nmittler</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1318">ko-build/ko#1318</a></p> </li> <li> <p>Bump actions/checkout from 4.1.5 to 4.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1316">ko-build/ko#1316</a></p> </li> <li> <p>Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1315">ko-build/ko#1315</a></p> </li> <li> <p>Bump github/codeql-action from 2.13.4 to 3.25.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1319">ko-build/ko#1319</a></p> </li> <li> <p>Bump github/codeql-action from 3.25.5 to 3.25.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1321">ko-build/ko#1321</a></p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4">https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4</a></p> <h2>v0.15.3</h2> <p>🚨 We are investigating an issue with this release 🚨 See <a href="https://redirect.github.com/ko-build/ko/issues/1317">ko-build/ko#1317</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1244">ko-build/ko#1244</a></li> <li>Fix fly.io deployment docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1247">ko-build/ko#1247</a></li> <li>Bump golang.org/x/tools from 0.18.0 to 0.19.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1249">ko-build/ko#1249</a></li> <li>Update setup-ko action link in install.md by <a href="https://github.com/koki-develop"><code>@​koki-develop</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1256">ko-build/ko#1256</a></li> <li>Fix kind image names with --bare by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1027">ko-build/ko#1027</a></li> <li>fix: update github.com/awslabs/amazon-ecr-credential-helper to latest version by <a href="https://github.com/nesty92"><code>@​nesty92</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1267">ko-build/ko#1267</a></li> <li>drop go1.20 and start testing with go1.22 and ci updates by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1251">ko-build/ko#1251</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1265">ko-build/ko#1265</a></li> <li>Bump reviewdog/action-misspell from 1.15.0 to 1.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1252">ko-build/ko#1252</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1258">ko-build/ko#1258</a></li> <li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1255">ko-build/ko#1255</a></li> <li>Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1257">ko-build/ko#1257</a></li> <li>Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1253">ko-build/ko#1253</a></li> <li>Bump actions/setup-python from 5.0.0 to 5.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1269">ko-build/ko#1269</a></li> <li>Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1259">ko-build/ko#1259</a></li> <li>Bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1263">ko-build/ko#1263</a></li> <li>Bump reviewdog/action-misspell from 1.16.0 to 1.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1270">ko-build/ko#1270</a></li> <li>Add support for setting capabilities on the app binary by <a href="https://github.com/mejedi"><code>@​mejedi</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1271">ko-build/ko#1271</a></li> <li>Bump golang.org/x/sync from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1273">ko-build/ko#1273</a></li> <li>Bump golang.org/x/tools from 0.19.0 to 0.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1272">ko-build/ko#1272</a></li> <li>Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1275">ko-build/ko#1275</a></li> <li>Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1277">ko-build/ko#1277</a></li> <li>chore: fix function names in comment by <a href="https://github.com/camcui"><code>@​camcui</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1278">ko-build/ko#1278</a></li> <li>Bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1279">ko-build/ko#1279</a></li> <li>Fix AWS Lambda advanced docs by <a href="https://github.com/mattn"><code>@​mattn</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1281">ko-build/ko#1281</a></li> <li>Bump actions/upload-artifact from 4.3.1 to 4.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1284">ko-build/ko#1284</a></li> <li>Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1283">ko-build/ko#1283</a></li> <li>Bump actions/checkout from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1285">ko-build/ko#1285</a></li> <li>Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1286">ko-build/ko#1286</a></li> <li>Bump actions/upload-artifact from 4.3.2 to 4.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1288">ko-build/ko#1288</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1287">ko-build/ko#1287</a></li> <li>Bump actions/checkout from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1290">ko-build/ko#1290</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/c9e27f0dae0b9db53e19d521bbc5ee811ce00e39"><code>c9e27f0</code></a> Update integration_test.sh</li> <li><a href="https://github.com/ko-build/ko/commit/7cb29ac9b8f0dbdea83e2828fb9da040752b2053"><code>7cb29ac</code></a> Refactor global values to be defaults</li> <li><a href="https://github.com/ko-build/ko/commit/29e852e8bbd76d65722c57497106adb1378f885f"><code>29e852e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1321">#1321</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/74f02a8f5989e979bbc10ac067ae8d4cbd22537e"><code>74f02a8</code></a> ---</li> <li><a href="https://github.com/ko-build/ko/commit/81723216fa527be864baee6f6518fa0895e12710"><code>8172321</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1319">#1319</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/f979606b996aa20b6c6ad01226b726e1cb2777e7"><code>f979606</code></a> Bump github/codeql-action from 2.13.4 to 3.25.5</li> <li><a href="https://github.com/ko-build/ko/commit/bb99eccfe235e7b583c857bb1bafbf45f72178d1"><code>bb99ecc</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1315">#1315</a> from ko-build/dependabot/go_modules/github.com/docke...</li> <li><a href="https://github.com/ko-build/ko/commit/dcb8f4edfe8463aba0554e8cd03e58b1bd650f0a"><code>dcb8f4e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1316">#1316</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/7e47ec504a307bc63b4e2254434b9644dcf33841"><code>7e47ec5</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/ko-build/ko/commit/459bf48a23b48e5423109fd30ea0eca546279709"><code>459bf48</code></a> Bump github.com/docker/docker</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.15.2...v0.15.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.15.2&new-version=0.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-22 15:56:23 +02:00
github.com/docker/docker-credential-helpers v0.8.1 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
feat(deps): bump github.com/xanzy/go-gitlab from 0.82.0 to 0.83.0 (#3955) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.82.0 to 0.83.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xanzy/go-gitlab/commit/9560b5bd1bf3fd02fe427e15c91ec7bfaecd51f9"><code>9560b5b</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1704">#1704</a> from cloudquery/master</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/5950ae0e1896664199337f50283cf936a3c30968"><code>5950ae0</code></a> newline</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/ad8af11b52f3d4cfe9f6590ee02c62e0c12eecb1"><code>ad8af11</code></a> ignore vendor</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/36a098515464b46cb9683ea684ff92d536951179"><code>36a0985</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1702">#1702</a> from cloudquery/feat/group_members/email</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/cc52c831af098fc64fe67675ba14d8d29e4d5536"><code>cc52c83</code></a> fix typo</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/12342600079f984cbcdb2fb7d2caebea6b05099b"><code>1234260</code></a> revert gitignore change</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/931c6625bcfa56e1279fede9b7b162940489518b"><code>931c662</code></a> Add <code>email</code> field to <code>GroupMember</code></li> <li><a href="https://github.com/xanzy/go-gitlab/commit/195295c1d3bb9f9ab754a2bcf0791d1c9d02ef31"><code>195295c</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1689">#1689</a> from smit-modi/issue-comment-event</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/f459ed34e662c06b6fed5dd248d67261d125b2bf"><code>f459ed3</code></a> Fixed order</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/e7028c3cfed78024bb6f0dfb96a468c6e5fa3413"><code>e7028c3</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1670">#1670</a> from skast96/feature/project_templates</li> <li>Additional commits viewable in <a href="https://github.com/xanzy/go-gitlab/compare/v0.82.0...v0.83.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/xanzy/go-gitlab&package-manager=go_modules&previous-version=0.82.0&new-version=0.83.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 13:47:21 +02:00
github.com/docker/go-units v0.5.0
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/elliotchance/orderedmap/v2 v2.2.0 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/fsnotify/fsnotify v1.7.0 // indirect
chore(deps): bump github.com/anchore/quill from 0.4.1 to 0.4.2 (#4988) Bumps [github.com/anchore/quill](https://github.com/anchore/quill) from 0.4.1 to 0.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/quill/releases">github.com/anchore/quill's releases</a>.</em></p> <blockquote> <h2>v0.4.2</h2> <h1>Changelog</h1> <h2><a href="https://github.com/anchore/quill/tree/v0.4.2">v0.4.2</a> (2024-07-11)</h2> <p><a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">Full Changelog</a></p> <h3>Bug Fixes</h3> <ul> <li>fix: terminal no longer clobbered [[PR <a href="https://redirect.github.com/anchore/quill/issues/142">#142</a>](https://redirect.github.com/anchore/quill/pull/142)] [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>fix: notarization should not fail [[Issue <a href="https://redirect.github.com/anchore/quill/issues/118">#118</a>](https://redirect.github.com/anchore/quill/issues/118)] [[PR <a href="https://redirect.github.com/anchore/quill/issues/119">#119</a>](https://redirect.github.com/anchore/quill/pull/119)] [<a href="https://github.com/wagoodman">wagoodman</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/quill/commit/4639bd62b2a88f6552bb3dea42e501f538919a93"><code>4639bd6</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.223 to 1.1.225 (<a href="https://redirect.github.com/anchore/quill/issues/455">#455</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ca419a618682341ec40798043358c0e4f69e4c91"><code>ca419a6</code></a> chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (<a href="https://redirect.github.com/anchore/quill/issues/449">#449</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf4af8169670bcab7e9b01fb2f56c969d694b22f"><code>bf4af81</code></a> chore(deps): bump github.com/charmbracelet/lipgloss (<a href="https://redirect.github.com/anchore/quill/issues/454">#454</a>)</li> <li><a href="https://github.com/anchore/quill/commit/8b306166bb4dbffa2419d05950c5039993f465d8"><code>8b30616</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.12 to 1.54.18 (<a href="https://redirect.github.com/anchore/quill/issues/456">#456</a>)</li> <li><a href="https://github.com/anchore/quill/commit/dd4e6c85c5c2493529c74fe94a58dd71fd2aa930"><code>dd4e6c8</code></a> chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (<a href="https://redirect.github.com/anchore/quill/issues/453">#453</a>)</li> <li><a href="https://github.com/anchore/quill/commit/a75519372136730ec04ef8e8e848f71196faf311"><code>a755193</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.220 to 1.1.223 (<a href="https://redirect.github.com/anchore/quill/issues/439">#439</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf64d8a2fd68f72094080e2af3a4eca884b430d6"><code>bf64d8a</code></a> chore(deps): bump github.com/charmbracelet/bubbletea (<a href="https://redirect.github.com/anchore/quill/issues/440">#440</a>)</li> <li><a href="https://github.com/anchore/quill/commit/196e96e91826b422557a1f3b23ab59276dac46a9"><code>196e96e</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.2 to 1.54.12 (<a href="https://redirect.github.com/anchore/quill/issues/446">#446</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ff50f7a9dd90dff83c0c8536374085a0d73ebbcd"><code>ff50f7a</code></a> chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/anchore/quill/issues/427">#427</a>)</li> <li><a href="https://github.com/anchore/quill/commit/092a1387f060de85a8a8b0d2d5c987a68603b65e"><code>092a138</code></a> chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (<a href="https://redirect.github.com/anchore/quill/issues/432">#432</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/anchore/quill&package-manager=go_modules&previous-version=0.4.1&new-version=0.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 14:41:38 +02:00
github.com/gabriel-vasile/mimetype v1.4.4 // indirect
github.com/github/smimesign v0.2.0 // indirect
github.com/go-fed/httpsig v1.1.0 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
sec(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 (#4505) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.11.0</h2> <h2>What's Changed</h2> <ul> <li>git: validate reference names (<a href="https://redirect.github.com/go-git/go-git/issues/929">#929</a>) by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/950">go-git/go-git#950</a></li> <li>git: stop iterating at oldest shallow when pulling. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/305">#305</a> by <a href="https://github.com/dhoizner"><code>@​dhoizner</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/939">go-git/go-git#939</a></li> <li>plumbing: object, enable renames in getFileStatsFromFilePatches by <a href="https://github.com/djmoch"><code>@​djmoch</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/941">go-git/go-git#941</a></li> <li>storage: filesystem, Add option to set a specific FS for alternates by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/953">go-git/go-git#953</a></li> <li>Align worktree validation with upstream and remove build warnings by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/958">go-git/go-git#958</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dhoizner"><code>@​dhoizner</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/939">go-git/go-git#939</a></li> <li><a href="https://github.com/djmoch"><code>@​djmoch</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/941">go-git/go-git#941</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0">https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0</a></p> <h2>v5.10.1</h2> <h2>What's Changed</h2> <ul> <li>Worktree, ignore ModeSocket files by <a href="https://github.com/steiler"><code>@​steiler</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/930">go-git/go-git#930</a></li> <li>git: add tracer package by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/916">go-git/go-git#916</a></li> <li>remote: Flip clause for fast-forward only check by <a href="https://github.com/adityasaky"><code>@​adityasaky</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/875">go-git/go-git#875</a></li> <li>plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/900">#900</a> by <a href="https://github.com/anandf"><code>@​anandf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/901">go-git/go-git#901</a></li> <li>plumbing: uppload-server-info, implement upload-server-info by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/896">go-git/go-git#896</a></li> <li>plumbing: optimise memory consumption for filesystem storage by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/799">go-git/go-git#799</a></li> <li>plumbing: format/packfile, Refactor patch delta by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/908">go-git/go-git#908</a></li> <li>plumbing: fix empty uploadpack request error by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/932">go-git/go-git#932</a></li> <li>plumbing: transport/git, Improve tests error message by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/752">go-git/go-git#752</a></li> <li>plumbing: format/pktline, Respect pktline error-line errors by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/936">go-git/go-git#936</a></li> <li>utils: remove ioutil.Pipe and use std library io.Pipe by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/922">go-git/go-git#922</a></li> <li>utils: move trace to utils by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/931">go-git/go-git#931</a></li> <li>cli: separate go module for cli by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/914">go-git/go-git#914</a></li> <li>build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/887">go-git/go-git#887</a></li> <li>build: bump actions/setup-go from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/891">go-git/go-git#891</a></li> <li>build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/888">go-git/go-git#888</a></li> <li>build: bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/890">go-git/go-git#890</a></li> <li>build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/907">go-git/go-git#907</a></li> <li>build: bump golang.org/x/text from 0.13.0 to 0.14.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/906">go-git/go-git#906</a></li> <li>build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/917">go-git/go-git#917</a></li> <li>build: bump golang.org/x/net from 0.17.0 to 0.18.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/918">go-git/go-git#918</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/anandf"><code>@​anandf</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/901">go-git/go-git#901</a></li> <li><a href="https://github.com/steiler"><code>@​steiler</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/930">go-git/go-git#930</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1">https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1</a></p> <h2>v5.10.0</h2> <h2>What's Changed</h2> <ul> <li>PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by <a href="https://github.com/ThinkChaos"><code>@​ThinkChaos</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/782">go-git/go-git#782</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/5d08d3bd94c65a3b6c25c6fba6907d12b0dac4ca"><code>5d08d3b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/958">#958</a> from pjbgf/workval</li> <li><a href="https://github.com/go-git/go-git/commit/5bd1d8f4abcfbf1345a1e5a5ec9a96121f3746dc"><code>5bd1d8f</code></a> build: Ensure checkout is the first operation</li> <li><a href="https://github.com/go-git/go-git/commit/b2c19824771bbcbb21abb51abb319c1a610aa6b3"><code>b2c1982</code></a> git: worktree, Align validation with upstream rules</li> <li><a href="https://github.com/go-git/go-git/commit/cec7da63ca0412fce55a0bf0715b7ba44a41eaa2"><code>cec7da6</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/953">#953</a> from pjbgf/alternates</li> <li><a href="https://github.com/go-git/go-git/commit/8b47ceb1aa854f3c3bfa1c347157a04324fcd51e"><code>8b47ceb</code></a> storage: filesystem, Add option to set a specific FS for alternates</li> <li><a href="https://github.com/go-git/go-git/commit/4f614891047bae5d0f7a253f014175505b9821d7"><code>4f61489</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/941">#941</a> from djmoch/filestats-rename</li> <li><a href="https://github.com/go-git/go-git/commit/ae552ce0bf32cddb689727c4c9fa6bf4d3bd6499"><code>ae552ce</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/939">#939</a> from dhoizner/fix-pull-after-shallow</li> <li><a href="https://github.com/go-git/go-git/commit/cc1895b905ebadb09504d88444ff05932fa6e928"><code>cc1895b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/950">#950</a> from aymanbagabas/validate-ref</li> <li><a href="https://github.com/go-git/go-git/commit/de1d5a5978b9599ca3dacd58bbf699e4bb4cf6bd"><code>de1d5a5</code></a> git: validate reference names</li> <li><a href="https://github.com/go-git/go-git/commit/d87110b492c94d99ebdaea732b23a54b7efba94b"><code>d87110b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/948">#948</a> from go-git/dependabot/go_modules/cli/go-git/github.c...</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.7.0...v5.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.7.0&new-version=5.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-28 14:46:28 +02:00
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-git/go-git/v5 v5.12.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
github.com/go-openapi/errors v0.22.0 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/loads v0.22.0 // indirect
github.com/go-openapi/runtime v0.28.0 // indirect
github.com/go-openapi/spec v0.21.0 // indirect
github.com/go-openapi/strfmt v0.23.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-openapi/validate v0.24.0 // indirect
github.com/go-restruct/restruct v1.2.0-alpha // indirect
github.com/go-viper/mapstructure/v2 v2.0.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
feat(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4044) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/rekor/blob/main/CHANGELOG.md">github.com/sigstore/rekor's changelog</a>.</em></p> <blockquote> <h1>v1.2.0</h1> <h2>Functional Enhancements</h2> <ul> <li>add client method to generate TLE struct (<a href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li> <li>add dsse type (<a href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li> <li>support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (<a href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li> <li>Add concurrency to backfill-redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li> <li>omit informational message if machine-parseable output has been requested (<a href="https://redirect.github.com/sigstore/rekor/issues/1486">#1486</a>)</li> <li>Publish stable checkpoint periodically to Redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1461">#1461</a>)</li> <li>Add intoto v0.0.2 to backfill script (<a href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li> <li>add new method to test insertability of proposed entries into log (<a href="https://redirect.github.com/sigstore/rekor/issues/1410">#1410</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>use t.Skip() in fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li> <li>improve fuzzing coverage (<a href="https://redirect.github.com/sigstore/rekor/issues/1499">#1499</a>)</li> <li>Remove watcher script (<a href="https://redirect.github.com/sigstore/rekor/issues/1484">#1484</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-frqx-jfcm-6jjr</li> <li>Remove requirement of PayloadHash for intoto 0.0.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li> <li>fix lint errors, bump linter up to 1.52 (<a href="https://redirect.github.com/sigstore/rekor/issues/1485">#1485</a>)</li> <li>Remove dependencies from pkg/util (<a href="https://redirect.github.com/sigstore/rekor/issues/1469">#1469</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Ceridwen Coghlan</li> <li>Cody Soyland</li> <li>Hayden B</li> <li>Miloslav Trmač</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/rekor/commit/20a995116b1548b79e62ba0ad9c29800387e8641"><code>20a9951</code></a> update for v1.2.0 (<a href="https://redirect.github.com/sigstore/rekor/issues/1507">#1507</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4"><code>140c5ad</code></a> Merge pull request from GHSA-frqx-jfcm-6jjr</li> <li><a href="https://github.com/sigstore/rekor/commit/85bb2bc7a35dcc94cd94e18984711806f437dcb6"><code>85bb2bc</code></a> use t.Skip() in fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/3adca0d2528699d2ff93bf78babef8b5cac46122"><code>3adca0d</code></a> Add concurrency to backfill-redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/795a23619d5db1c9625a71f776474033c6712b56"><code>795a236</code></a> add client method to generate TLE struct (<a href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/161a796f91d7255443aa6ce98e7981e6926762f0"><code>161a796</code></a> build(deps): bump github/codeql-action from 2.3.3 to 2.3.4 (<a href="https://redirect.github.com/sigstore/rekor/issues/1505">#1505</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/35c4489abcff256298f1bc9f7caaf5a946750dac"><code>35c4489</code></a> add dsse type (<a href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/d318e2bf433d398d95923f3509557777a2fe5abb"><code>d318e2b</code></a> support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (<a href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/d508ebad91ef4e39d8e0dd3543cebe20321dc752"><code>d508eba</code></a> Remove requirement of PayloadHash for intoto 0.0.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/b387701f27aace3e3396ad4fdbb8d3ccc869fb5f"><code>b387701</code></a> Add intoto v0.0.2 to backfill script (<a href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/rekor&package-manager=go_modules&previous-version=1.1.1&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-27 05:24:50 +02:00
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/rpmpack v0.6.1-0.20240329070804-c2247cbb881a // indirect
github.com/google/s2a-go v0.1.8 // indirect
feat(deps): bump github.com/google/ko from 0.12.0 to 0.13.0 (#3880) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>What's Changed</h2> <ul> <li>SPDX: Fix package manager label by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/801">ko-build/ko#801</a></li> <li>SPDX 2.3 support by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/803">ko-build/ko#803</a></li> <li>ci: build and test using 1.18 and 1.19 (drop 1.17) by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/812">ko-build/ko#812</a></li> <li>removes repo move message by <a href="https://github.com/mchmarny"><code>@​mchmarny</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/814">ko-build/ko#814</a></li> <li>feat: write sbom result to disk by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/822">ko-build/ko#822</a></li> <li>feat: adding support for using multiple keychain for sending sbom results to a different repository by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/821">ko-build/ko#821</a></li> <li>Move docs to ko.build by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/749">ko-build/ko#749</a></li> <li>Update setup-ko version by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> <li>Add -- usage in readme by <a href="https://github.com/jwcesign"><code>@​jwcesign</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/840">ko-build/ko#840</a></li> <li>add CONTRIBUTING, code of conduct, roadmap by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/837">ko-build/ko#837</a></li> <li>attempt to fix GH Pages publishing by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/843">ko-build/ko#843</a></li> <li>doc: fix link to Installation page in Getting Started by <a href="https://github.com/antoineco"><code>@​antoineco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/846">ko-build/ko#846</a></li> <li>.ko.yaml: bump golang 1.18 -&gt; 1.19 by <a href="https://github.com/srenatus"><code>@​srenatus</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/848">ko-build/ko#848</a></li> <li>truncate -image-refs file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/855">ko-build/ko#855</a></li> <li>update docs: fix broken links, align with README by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/854">ko-build/ko#854</a></li> <li>Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/820">ko-build/ko#820</a></li> <li>another docs update by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/856">ko-build/ko#856</a></li> <li>ko.build: support some common shortlinks by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/872">ko-build/ko#872</a></li> <li>install: fail with 404 instead of gzip error when url was wrong by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/879">ko-build/ko#879</a></li> <li>feat: deduplicate tags by <a href="https://github.com/bluebrown"><code>@​bluebrown</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/884">ko-build/ko#884</a></li> <li>install mkdocs-redirect when publishing site by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/873">ko-build/ko#873</a></li> <li>nit: replace one-item slice with const by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/885">ko-build/ko#885</a></li> <li>Temp fix for SLSA generators by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/886">ko-build/ko#886</a></li> <li>Fix verifier by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/891">ko-build/ko#891</a></li> <li>Fix link in static-assets.md by <a href="https://github.com/yuryu"><code>@​yuryu</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/893">ko-build/ko#893</a></li> <li>add KO_DEFAULTBASEIMAGE usage to docs by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/895">ko-build/ko#895</a></li> <li>Publish an tagged image on release by <a href="https://github.com/vdemeester"><code>@​vdemeester</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/868">ko-build/ko#868</a></li> <li>Add option to configure default platforms by <a href="https://github.com/ReToCode"><code>@​ReToCode</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/897">ko-build/ko#897</a></li> <li>Fix broken SLSA link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/899">ko-build/ko#899</a></li> <li>add MAINTAINERS.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/905">ko-build/ko#905</a></li> <li>fix: possible race condition when applying templates to flags/ldflags by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/913">ko-build/ko#913</a></li> <li>update docs to reflect actual default base image by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/903">ko-build/ko#903</a></li> <li>remove repeated error message on failure by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/921">ko-build/ko#921</a></li> <li>website: update CNCF announcement by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/920">ko-build/ko#920</a></li> <li>fix KO_CONFIG_PATH pointing to a file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/923">ko-build/ko#923</a></li> <li>upgrade to cosign v2.0.0-rc.0 by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/933">ko-build/ko#933</a></li> <li>Feature: Add ECR presubmit testing. by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/934">ko-build/ko#934</a></li> <li>remove 'ko deps' by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/937">ko-build/ko#937</a></li> <li>feat: Add KO_GO_PATH env var by <a href="https://github.com/embano1"><code>@​embano1</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/930">ko-build/ko#930</a></li> <li>add ko.build/slack short link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/945">ko-build/ko#945</a></li> <li>update link to ko goreleaser docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/936">ko-build/ko#936</a></li> <li>add ko community meeting details by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/938">ko-build/ko#938</a></li> <li>fix cosign by adding --yes by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/973">ko-build/ko#973</a></li> <li>fix: handle docker's unknown/unknown platform in index manifests by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/975">ko-build/ko#975</a></li> <li>fix file extension for cyclonedx by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/974">ko-build/ko#974</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/e22e7a15ffb988adc14c3fc6a964f61ed711812f"><code>e22e7a1</code></a> bump ggcr dep to <a href="https://github.com/main"><code>@​main</code></a> (<a href="https://redirect.github.com/google/ko/issues/976">#976</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/8e075ae1f1822bb61a871f11197566b362c342f0"><code>8e075ae</code></a> fix file extension for cyclonedx (<a href="https://redirect.github.com/google/ko/issues/974">#974</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/11670b7498be63bc0e04e7ba36433fd22f9654ce"><code>11670b7</code></a> fix: handle docker's unknown/unknown platform in index manifests (<a href="https://redirect.github.com/google/ko/issues/975">#975</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/7ce947817e2f59942cb181aa833bfd13533bcc19"><code>7ce9478</code></a> fix cosign by adding --yes (<a href="https://redirect.github.com/google/ko/issues/973">#973</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/9302da78dc995b2b2dd70c044708c3c4c6a056b6"><code>9302da7</code></a> Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (<a href="https://redirect.github.com/google/ko/issues/972">#972</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/a1588838ba1698c3ca3f6785363a1a9f82ed4baa"><code>a158883</code></a> Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (<a href="https://redirect.github.com/google/ko/issues/971">#971</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/86b6c2854f8a7c321ce1b8ea121938ce9cc79475"><code>86b6c28</code></a> Bump actions/checkout from 2 to 3 (<a href="https://redirect.github.com/google/ko/issues/966">#966</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/0bd12fb106ed9d03994a6b8883f8a5d834a2aa15"><code>0bd12fb</code></a> Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (<a href="https://redirect.github.com/google/ko/issues/967">#967</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/d5125daacd07306d3814a6910cc54422824331e6"><code>d5125da</code></a> Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (<a href="https://redirect.github.com/google/ko/issues/965">#965</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/03f4aed68268fb320b32195c80292300056b264c"><code>03f4aed</code></a> add ko community meeting details (<a href="https://redirect.github.com/google/ko/issues/938">#938</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2023-03-29 19:38:57 +02:00
github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
chore(deps): bump gocloud.dev from 0.36.0 to 0.37.0 (#4688) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.36.0&new-version=0.37.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-13 19:59:13 +02:00
github.com/google/wire v0.6.0 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.13.0 // indirect
github.com/goreleaser/chglog v0.6.1 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-20221021092657-c47a966fded8 to 3.0.0-alpha.1 (#4604) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-20221021092657-c47a966fded8 to 3.0.0-alpha.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-alpha.1</h2> <p>This is the first major release in years!</p> <p>It's an accumulation of effort that's bringing major improvements in performance, security and general code quality!</p> <p>See the abridged changelog below and the full release log <a href="https://github.com/distribution/distribution/blob/576d93fee39c22ef1e4735d932ccef32ee49f7fd/releases/v3.0.0.toml">here</a>.</p> <h3>Deprecations</h3> <ul> <li>Image Manifest v2 Schema v1</li> <li><code>oss</code> and <code>swift</code> storage drivers</li> <li><a href="https://github.com/docker/libtrust"><code>docker/libtrust</code></a> has been replaced with <a href="https://github.com/go-jose/go-jose"><code>go-jose/go-jose</code></a></li> <li><code>reference</code> package has been moved to a dedicated repository (see <a href="https://github.com/distribution/reference">here</a>)</li> <li><code>client</code> is no longer supported as a standalone package</li> </ul> <h3>Notable Changes</h3> <ul> <li><code>reference</code> package has been moved to its own dedicated <a href="https://github.com/distribution/reference">repository</a></li> <li>Go module has changed from <code>docker/distribution</code> to <code>distribution/distribution/v3</code></li> <li>Major performance improvements across all supported storage drivers</li> <li>Major dependencies updates (see the full list below)</li> <li>Online documentation is available at <a href="https://distribution.github.io/distribution/">https://distribution.github.io/distribution/</a></li> </ul> <h2>What's Changed</h2> <ul> <li>default autoredirect to false by <a href="https://github.com/davidswu"><code>@​davidswu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2800">distribution/distribution#2800</a></li> <li>Add docs for autoredirect config parameter by <a href="https://github.com/caervs"><code>@​caervs</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2801">distribution/distribution#2801</a></li> <li>Registry - make minimum TLS version user configurable by <a href="https://github.com/gregrebholz"><code>@​gregrebholz</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2808">distribution/distribution#2808</a></li> <li>Support BYOK for OSS storage driver by <a href="https://github.com/denverdino"><code>@​denverdino</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2791">distribution/distribution#2791</a></li> <li>Add reference. ParseDockerRef utility function by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2786">distribution/distribution#2786</a></li> <li>Fix gometalint errors by <a href="https://github.com/manishtomar"><code>@​manishtomar</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2840">distribution/distribution#2840</a></li> <li>registry: fix binary JSON content-type by <a href="https://github.com/lucab"><code>@​lucab</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2813">distribution/distribution#2813</a></li> <li>Log authorized username by <a href="https://github.com/manishtomar"><code>@​manishtomar</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2854">distribution/distribution#2854</a></li> <li>Fix cloudfront middleware by <a href="https://github.com/vishesh92"><code>@​vishesh92</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2837">distribution/distribution#2837</a></li> <li>support Alibaba Cloud CDN storage middleware by <a href="https://github.com/Shawnpku"><code>@​Shawnpku</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2849">distribution/distribution#2849</a></li> <li>replace rsc.io/letsencrypt in favour of golang.org/x/crypto by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2926">distribution/distribution#2926</a></li> <li>migrate to go modules from vndr by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2941">distribution/distribution#2941</a></li> <li>Fix typo: offest -&gt; offset by <a href="https://github.com/jabrown85"><code>@​jabrown85</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2894">distribution/distribution#2894</a></li> <li>Fix s3 driver for supporting ceph radosgw by <a href="https://github.com/tbe"><code>@​tbe</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2879">distribution/distribution#2879</a></li> <li>Fixes <a href="https://redirect.github.com/distribution/distribution/issues/2835">#2835</a> Process Accept header MIME types in case-insensitive way by <a href="https://github.com/yuwaMSFT2"><code>@​yuwaMSFT2</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2861">distribution/distribution#2861</a></li> <li>change default Dockerfile to install ssl utils by <a href="https://github.com/andyzhangx"><code>@​andyzhangx</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2809">distribution/distribution#2809</a></li> <li>Append the written bytes to the blob writer's size by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2920">distribution/distribution#2920</a></li> <li>fix no error returned in fetchTokenWithOAuth by <a href="https://github.com/sevki"><code>@​sevki</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2900">distribution/distribution#2900</a></li> <li>use latest version of alpine when building the Docker container by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2946">distribution/distribution#2946</a></li> <li>Extract blob upload resume into its own method by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2930">distribution/distribution#2930</a></li> <li>Handle Blob Create when the underlying registry doesn't provide 'Docker-Upload-UUID' by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2927">distribution/distribution#2927</a></li> <li>Implement Repository ServeBlob by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2921">distribution/distribution#2921</a></li> <li>Add notification metrics by <a href="https://github.com/tifayuki"><code>@​tifayuki</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2522">distribution/distribution#2522</a></li> <li>Update the versions of several dependencies by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2947">distribution/distribution#2947</a></li> <li>Implement Repository Blobs upload resuming by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2917">distribution/distribution#2917</a></li> <li>allow for VERSION and REVISION to be passed in during docker builds by <a href="https://github.com/alex-laties"><code>@​alex-laties</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2955">distribution/distribution#2955</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/distribution/distribution/commits/v3.0.0-alpha.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-20221021092657-c47a966fded8&new-version=3.0.0-alpha.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-08 15:22:12 +02:00
github.com/gorilla/mux v1.8.1 // indirect
feat(deps): bump github.com/disgoorg/disgo from 0.16.12 to 0.17.0 (#4434) Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo) from 0.16.12 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/disgoorg/disgo/commit/c4ffb0537d5a1db28e68730eb4685434d4c9bbe6"><code>c4ffb05</code></a> fix checking timeouts when calculating permissions</li> <li><a href="https://github.com/disgoorg/disgo/commit/7e8c825d82051a11460aab8a80ea828fa46aa9aa"><code>7e8c825</code></a> Address Discord having shitty API design</li> <li><a href="https://github.com/disgoorg/disgo/commit/c9a23642bd7b45423361411c520ae5a8033d6306"><code>c9a2364</code></a> Add new expressions and events permissions (<a href="https://redirect.github.com/disgoorg/disgo/issues/292">#292</a>)</li> <li><a href="https://github.com/disgoorg/disgo/commit/f19739c45e4043e06728aa78557e128ee268f568"><code>f19739c</code></a> update dependencies</li> <li><a href="https://github.com/disgoorg/disgo/commit/0c2c0328fadb2426ff5b3349cc013bd9b1d7f18a"><code>0c2c032</code></a> migrate to slog &amp; go 1.21 (<a href="https://redirect.github.com/disgoorg/disgo/issues/294">#294</a>)</li> <li>See full diff in <a href="https://github.com/disgoorg/disgo/compare/v0.16.12...v0.17.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/disgoorg/disgo&package-manager=go_modules&previous-version=0.16.12&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-23 22:38:25 +02:00
github.com/gorilla/websocket v1.5.1 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 (#4955) Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.5 to 0.7.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md">github.com/hashicorp/go-retryablehttp's changelog</a>.</em></p> <blockquote> <h2>0.7.7 (May 30, 2024)</h2> <p>BUG FIXES:</p> <ul> <li>client: avoid potentially leaking URL-embedded basic authentication credentials in logs (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/158">#158</a>)</li> </ul> <h2>0.7.6 (May 9, 2024)</h2> <p>ENHANCEMENTS:</p> <ul> <li>client: support a <code>RetryPrepare</code> function for modifying the request before retrying (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/216">#216</a>)</li> <li>client: support HTTP-date values for <code>Retry-After</code> header value (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/138">#138</a>)</li> <li>client: avoid reading entire body when the body is a <code>*bytes.Reader</code> (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/197">#197</a>)</li> </ul> <p>BUG FIXES:</p> <ul> <li>client: fix a broken check for invalid server certificate in go 1.20+ (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/210">#210</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/1542b31176d3973a6ecbc06c05a2d0df89b59afb"><code>1542b31</code></a> v0.7.7</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/defb9f441dcf67a2a56fae733482836ea83349ac"><code>defb9f4</code></a> v0.7.7</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a"><code>a99f07b</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/158">#158</a> from dany74q/danny/redacted-url-in-logs</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/8a28c574da4098c0612fe1c7135f1f6de113d411"><code>8a28c57</code></a> Merge branch 'main' into danny/redacted-url-in-logs</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/86e852df43aa0d94150c4629d74e5116d1ff3348"><code>86e852d</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/227">#227</a> from hashicorp/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/47fe99e6460cddc5f433aad2b54dcf32281f8a53"><code>47fe99e</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/490fc06be0931548d3523a4245d15e9dc5d9214d"><code>490fc06</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/226">#226</a> from testwill/ioutil</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/f3e9417dbfcd0dc2b4a02a1dfdeb75f1e636b692"><code>f3e9417</code></a> chore: remove refs to deprecated io/ioutil</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/d969eaa9c97860482749df718a35b4a269361055"><code>d969eaa</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/225">#225</a> from hashicorp/manicminer-patch-2</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/2ad8ed4a1d9e632284f6937e91b2f9a1d30e8298"><code>2ad8ed4</code></a> v0.7.6</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/go-retryablehttp/compare/v0.7.5...v0.7.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-retryablehttp&package-manager=go_modules&previous-version=0.7.5&new-version=0.7.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 03:57:20 +02:00
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/huandu/xstrings v1.3.3 // indirect
github.com/imdario/mergo v0.3.16 // indirect
feat(deps): bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 (#3878) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>Changelog</h2> <ul> <li>9306ebad Allow crane edit to generate non-image artifacts (<a href="https://redirect.github.com/google/go-containerregistry/issues/1545">#1545</a>)</li> <li>de35f0f7 Allow setting Content-Type in crane edit manifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1551">#1551</a>)</li> <li>4b081f80 Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li>1cfe1fc2 Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li>da1008fb Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1548">#1548</a>)</li> <li>86be45fb Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1547">#1547</a>)</li> <li>62f183e5 Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1556">#1556</a>)</li> <li>1b8dc2ba Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li>11843ba2 Enforce proper sha256 usage (<a href="https://redirect.github.com/google/go-containerregistry/issues/1544">#1544</a>)</li> <li>2ceebaaf Implement crane index subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1561">#1561</a>)</li> <li>9f42e028 Set mediaType for empty.ImageIndex in RawManifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1562">#1562</a>)</li> <li>759b19f7 Support artifactType, for images whose config.mediaType is not a config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1541">#1541</a>)</li> <li>b3c23b4c Support for OCI 1.1+ referrers via API (<a href="https://redirect.github.com/google/go-containerregistry/issues/1546">#1546</a>)</li> <li>061ee6bf Support for OCI 1.1+ referrers via fallback tag (<a href="https://redirect.github.com/google/go-containerregistry/issues/1543">#1543</a>)</li> <li>67703048 Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li>76bac933 Update release.yml (<a href="https://redirect.github.com/google/go-containerregistry/issues/1540">#1540</a>)</li> <li>eb7d746c authn: also read mount secrets (<a href="https://redirect.github.com/google/go-containerregistry/issues/1560">#1560</a>)</li> <li>e94d4089 bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li>4e95ae2b crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li>ff810c18 crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li>8ea5e0e8 crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li>824efc77 fix(mutate): also set timestamps only present in some formats (<a href="https://redirect.github.com/google/go-containerregistry/issues/1550">#1550</a>)</li> <li>e04520bc fix: Fix the crane release url and add more steps (<a href="https://redirect.github.com/google/go-containerregistry/issues/1532">#1532</a>)</li> <li>d8722327 hash: use generic instantiation (<a href="https://redirect.github.com/google/go-containerregistry/issues/1538">#1538</a>)</li> <li>57f010d2 replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li>9cd098e3 skip tls verification if default transport is used with insecure option (<a href="https://redirect.github.com/google/go-containerregistry/issues/1559">#1559</a>)</li> <li>36249683 tarball: pass imageToTags (<a href="https://redirect.github.com/google/go-containerregistry/issues/1563">#1563</a>)</li> </ul> <h3>Container Images</h3> <p><a href="https://gcr.io/go-containerregistry/crane:v0.14.0">https://gcr.io/go-containerregistry/crane:v0.14.0</a> <a href="https://gcr.io/go-containerregistry/gcrane:v0.14.0">https://gcr.io/go-containerregistry/gcrane:v0.14.0</a></p> <p>For example:</p> <pre><code>docker pull gcr.io/go-containerregistry/crane:v0.14.0 docker pull gcr.io/go-containerregistry/gcrane:v0.14.0 </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-containerregistry/commit/4b081f801f399fa293f23e42ba4c4ac6a6003f2c"><code>4b081f8</code></a> Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1cfe1fc25f233b40aa5d3b0edd572ed5c3f854c9"><code>1cfe1fc</code></a> Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/e94d40893b2d013992192f8a1a04fd1984fd24dc"><code>e94d408</code></a> bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/ff810c186c772e1056aa4081278ee84ee3fb565b"><code>ff810c1</code></a> crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/57f010d26af871587be87f5aed2550893d564a8c"><code>57f010d</code></a> replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/67703048992e9b025adf1a7b08f3bb195636be33"><code>6770304</code></a> Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1b8dc2babc55fd72d274e8f470f00e9e5ba43f1b"><code>1b8dc2b</code></a> Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/8ea5e0e8f045d827389d13bde5ae8269630e2e2e"><code>8ea5e0e</code></a> crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4e95ae2b72dd3b58fccb4ed579dbddf5c884822c"><code>4e95ae2</code></a> crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4a0e0af4bf958c0bfb17bdfac71c38204b930623"><code>4a0e0af</code></a> docs: Update crane installation and verification instructions (<a href="https://redirect.github.com/google/go-containerregistry/issues/1567">#1567</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-containerregistry&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 14:58:29 +02:00
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/ipfs/bbloom v0.0.4 // indirect
github.com/ipfs/go-block-format v0.2.0 // indirect
github.com/ipfs/go-cid v0.4.1 // indirect
github.com/ipfs/go-datastore v0.6.0 // indirect
github.com/ipfs/go-ipfs-blockstore v1.3.1 // indirect
github.com/ipfs/go-ipfs-ds-help v1.1.1 // indirect
github.com/ipfs/go-ipfs-util v0.0.3 // indirect
github.com/ipfs/go-ipld-cbor v0.1.0 // indirect
github.com/ipfs/go-ipld-format v0.6.0 // indirect
github.com/ipfs/go-log v1.0.5 // indirect
github.com/ipfs/go-log/v2 v2.5.1 // indirect
github.com/ipfs/go-metrics-interface v0.0.1 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jbenet/goprocess v0.1.4 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
chore(deps): bump github.com/klauspost/compress from 1.17.8 to 1.17.9 (#4930) Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.8 to 1.17.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/klauspost/compress/releases">github.com/klauspost/compress's releases</a>.</em></p> <blockquote> <h2>v1.17.9</h2> <h2>What's Changed</h2> <ul> <li>s2: Reduce ReadFrom temporary allocations by <a href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/949">klauspost/compress#949</a></li> <li>Fix arm64 vet issues by <a href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/964">klauspost/compress#964</a></li> <li>flate, zstd: Shave some bytes off amd64 matchLen by <a href="https://github.com/greatroar"><code>@​greatroar</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/963">klauspost/compress#963</a></li> <li>Upgrade zip to 1.22.4 upstream by <a href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/970">klauspost/compress#970</a></li> <li>zstd: BuildDict fails with RLE table by <a href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/951">klauspost/compress#951</a></li> <li>Upgrade zlib to upstream by <a href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/971">klauspost/compress#971</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/klauspost/compress/compare/v1.17.8...v1.17.9">https://github.com/klauspost/compress/compare/v1.17.8...v1.17.9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/klauspost/compress/commit/7ae2138b16cc43afcea3ce7d3d2f2625fb389d51"><code>7ae2138</code></a> Upgrade zlib to upstream (<a href="https://redirect.github.com/klauspost/compress/issues/971">#971</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/039617872161e65ba0ca9c06efa90c292ee6b8f9"><code>0396178</code></a> zstd: BuildDict fails with RLE table (<a href="https://redirect.github.com/klauspost/compress/issues/951">#951</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/8411e1d1cc0d8619eb8207d6342fe4878470f7aa"><code>8411e1d</code></a> zip: Upgrade to 1.22.4 upstream (<a href="https://redirect.github.com/klauspost/compress/issues/970">#970</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/d9f6f55f919d5348016ac45fada6467f195981f5"><code>d9f6f55</code></a> build(deps): bump the github-actions group across 1 directory with 2 updates ...</li> <li><a href="https://github.com/klauspost/compress/commit/5f7dd2527fb39ce24feb24a4b75323cf64729d57"><code>5f7dd25</code></a> flate, zstd: Shave some bytes off amd64 matchLen (<a href="https://redirect.github.com/klauspost/compress/issues/963">#963</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/3a0faf36e3ff603b28fcee9266af2a1a76963771"><code>3a0faf3</code></a> Fix arm64 vet issues (<a href="https://redirect.github.com/klauspost/compress/issues/964">#964</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/8bd3916ec655c728bb368f27772429d0704d7785"><code>8bd3916</code></a> s2: Reduce ReadFrom temporary allocations (<a href="https://redirect.github.com/klauspost/compress/issues/949">#949</a>)</li> <li>See full diff in <a href="https://github.com/klauspost/compress/compare/v1.17.8...v1.17.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/klauspost/compress&package-manager=go_modules&previous-version=1.17.8&new-version=1.17.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-13 19:34:25 +02:00
github.com/klauspost/compress v1.17.9
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
feat(deps): bump gocloud.dev from 0.26.0 to 0.27.0 (#3430) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.27.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.27.0</h2> <p><strong>ANNOUNCEMENT</strong>: In the next release we plan to switch over from using OpenCensus to using OpenTelemetry; see <a href="https://github-redirect.dependabot.com/google/go-cloud/issues/2877">#2877</a> for discussion. Please comment on that issue if this is a concern for you.</p> <p><strong>BREAKING CHANGES</strong>: <strong>blob/azureblob, pubsub/azuresb</strong>: Switched over to using the new Azure beta release. Constructors and <code>As</code> types have changed.</p> <p><strong>pubsub</strong>: <strong>all</strong>: Added support for overriding batching for AWS, GCP, Azure.</p> <p><strong>blob</strong>: <strong>fileblob</strong>: Fixed file permissions on temporary files.</p> <p><strong>runtimevar</strong>: <strong>etcdvar</strong>: Brought back this package now that the upstream issues have been resolved.</p> <p><strong>secrets</strong>: <strong>awskms</strong>: Added support for EncryptionContext parameters.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/3c635fdcb2e648272296b12a4b23d593a965609e"><code>3c635fd</code></a> all: prep for v0.27.0 release</li> <li><a href="https://github.com/google/go-cloud/commit/132c6952d06448b5325f6b856d742a2e535eaf65"><code>132c695</code></a> internal: remove unused package for tracing (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3167">#3167</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/b078f175bb3d0de54df4b2ff1497ce19f9583fce"><code>b078f17</code></a> Add a custom createTemp function that uses consistent file permissions. (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3166">#3166</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/2c69298b18a5e169e9b6b4f4fb338487006b5f47"><code>2c69298</code></a> pubsub/kafka: Allow overriding batching options for Topic (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3163">#3163</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/2ae6e177616a04b94100982ad9f1197af3c41d71"><code>2ae6e17</code></a> blob/azureblob: add storage_account query parameter (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3159">#3159</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/58fd16630bd7ce978bf53ec5a3974cac4299e105"><code>58fd166</code></a> blob/azureblob: Use azidentity.NewDefaultAzureCredential the default/fallback...</li> <li><a href="https://github.com/google/go-cloud/commit/bb5165b76b81ce64c0e769965c0eb293ccd938ac"><code>bb5165b</code></a> pubsub: Add support for overriding batching for AWS, GCP, Azure drivers (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3158">#3158</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/0c45fa60411312d52335c521a8a8411a15e1ce71"><code>0c45fa6</code></a> blob/azureblob: Update to new azblob package BREAKING_CHANGE_OK (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3156">#3156</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/cf4fa6ff18f951d45ec6f1997a3b70695f3a0b17"><code>cf4fa6f</code></a> runtimevar/etcdvar: Bring back runtimevar/etcdvar (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3157">#3157</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/8cd52867f0776832bdc91cc2f1151920351380b2"><code>8cd5286</code></a> all: update deps and regenerate goldens (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3153">#3153</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.26.0...v0.27.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.26.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-05 14:49:30 +02:00
github.com/kylelemons/godebug v1.1.0 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-localereader v0.0.1 // indirect
feat(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#4364) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v0.9.0</h2> <h1>My, how the tables have turned</h1> <p>Now you can draw <code>Table</code>s with Lip Gloss! 💅</p> <!-- raw HTML omitted --> <p>View <a href="https://github.com/charmbracelet/lipgloss/tree/master/examples/table/pokemon/main.go">the source code</a>.</p> <h2>Let's get started</h2> <pre lang="go"><code>import &quot;github.com/charmbracelet/lipgloss/table&quot; </code></pre> <p>Define some rows of data.</p> <pre lang="go"><code>rows := [][]string{ {&quot;Chinese&quot;, &quot;您好&quot;, &quot;你好&quot;}, {&quot;Japanese&quot;, &quot;こんにちは&quot;, &quot;やあ&quot;}, {&quot;Arabic&quot;, &quot;أهلين&quot;, &quot;أهلا&quot;}, {&quot;Russian&quot;, &quot;Здравствуйте&quot;, &quot;Привет&quot;}, {&quot;Spanish&quot;, &quot;Hola&quot;, &quot;¿Qué tal?&quot;}, } </code></pre> <p>Use the table package to style and render the table.</p> <pre lang="go"><code>t := table.New(). Border(lipgloss.NormalBorder()). BorderStyle(lipgloss.NewStyle().Foreground(lipgloss.Color(&quot;99&quot;))). StyleFunc(func(row, col int) lipgloss.Style { switch { case row == 0: return HeaderStyle case row%2 == 0: return EvenRowStyle default: return OddRowStyle } }). Headers(&quot;LANGUAGE&quot;, &quot;FORMAL&quot;, &quot;INFORMAL&quot;). Rows(rows...) <p>// You can also add tables row-by-row t.Row(&quot;English&quot;, &quot;You look absolutely fabulous.&quot;, &quot;How's it going?&quot;) </code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/4476263d0598a0799b48f75d1bfb394b4dce79f4"><code>4476263</code></a> Feature: Tables (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/218">#218</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/408dcf3b9ec535cddf7d343bf5b1a3dd0eba4a00"><code>408dcf3</code></a> feat: add <code>Middle</code> borders (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/230">#230</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/93cd5e0d35ae7fed6884560097b304cec79f0fc1"><code>93cd5e0</code></a> feat: bump minimum go version to 1.18 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/216">#216</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/b766f24d454396ae75c1b0e86310dffadf4ceb77"><code>b766f24</code></a> feat(deps): bump github.com/mattn/go-runewidth from 0.0.14 to 0.0.15 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/215">#215</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/b0eb95dbc18f712ad939ab7193cb69951a95361f"><code>b0eb95d</code></a> fix(border): both GetHorizontalBorderSize and GetVerticalBorderSize (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/225">#225</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/2d2a577e2d32c9b23e64be859b8af98599bba243"><code>2d2a577</code></a> fix(border): GetBorderRightSize (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/224">#224</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/18166eaa8adf46a03c4b732ab1dec81fad1c691b"><code>18166ea</code></a> chore(deps): bump actions/checkout from 3 to 4 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/222">#222</a>)</li> <li>See full diff in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.8.0&new-version=0.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 14:05:53 +02:00
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/minio/sha256-simd v1.0.1 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/moby/term v0.5.0 // indirect
github.com/mr-tron/base58 v1.2.0 // indirect
chore(deps): bump github.com/anchore/quill from 0.4.1 to 0.4.2 (#4988) Bumps [github.com/anchore/quill](https://github.com/anchore/quill) from 0.4.1 to 0.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/quill/releases">github.com/anchore/quill's releases</a>.</em></p> <blockquote> <h2>v0.4.2</h2> <h1>Changelog</h1> <h2><a href="https://github.com/anchore/quill/tree/v0.4.2">v0.4.2</a> (2024-07-11)</h2> <p><a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">Full Changelog</a></p> <h3>Bug Fixes</h3> <ul> <li>fix: terminal no longer clobbered [[PR <a href="https://redirect.github.com/anchore/quill/issues/142">#142</a>](https://redirect.github.com/anchore/quill/pull/142)] [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>fix: notarization should not fail [[Issue <a href="https://redirect.github.com/anchore/quill/issues/118">#118</a>](https://redirect.github.com/anchore/quill/issues/118)] [[PR <a href="https://redirect.github.com/anchore/quill/issues/119">#119</a>](https://redirect.github.com/anchore/quill/pull/119)] [<a href="https://github.com/wagoodman">wagoodman</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/quill/commit/4639bd62b2a88f6552bb3dea42e501f538919a93"><code>4639bd6</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.223 to 1.1.225 (<a href="https://redirect.github.com/anchore/quill/issues/455">#455</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ca419a618682341ec40798043358c0e4f69e4c91"><code>ca419a6</code></a> chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (<a href="https://redirect.github.com/anchore/quill/issues/449">#449</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf4af8169670bcab7e9b01fb2f56c969d694b22f"><code>bf4af81</code></a> chore(deps): bump github.com/charmbracelet/lipgloss (<a href="https://redirect.github.com/anchore/quill/issues/454">#454</a>)</li> <li><a href="https://github.com/anchore/quill/commit/8b306166bb4dbffa2419d05950c5039993f465d8"><code>8b30616</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.12 to 1.54.18 (<a href="https://redirect.github.com/anchore/quill/issues/456">#456</a>)</li> <li><a href="https://github.com/anchore/quill/commit/dd4e6c85c5c2493529c74fe94a58dd71fd2aa930"><code>dd4e6c8</code></a> chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (<a href="https://redirect.github.com/anchore/quill/issues/453">#453</a>)</li> <li><a href="https://github.com/anchore/quill/commit/a75519372136730ec04ef8e8e848f71196faf311"><code>a755193</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.220 to 1.1.223 (<a href="https://redirect.github.com/anchore/quill/issues/439">#439</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf64d8a2fd68f72094080e2af3a4eca884b430d6"><code>bf64d8a</code></a> chore(deps): bump github.com/charmbracelet/bubbletea (<a href="https://redirect.github.com/anchore/quill/issues/440">#440</a>)</li> <li><a href="https://github.com/anchore/quill/commit/196e96e91826b422557a1f3b23ab59276dac46a9"><code>196e96e</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.2 to 1.54.12 (<a href="https://redirect.github.com/anchore/quill/issues/446">#446</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ff50f7a9dd90dff83c0c8536374085a0d73ebbcd"><code>ff50f7a</code></a> chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/anchore/quill/issues/427">#427</a>)</li> <li><a href="https://github.com/anchore/quill/commit/092a1387f060de85a8a8b0d2d5c987a68603b65e"><code>092a138</code></a> chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (<a href="https://redirect.github.com/anchore/quill/issues/432">#432</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/anchore/quill&package-manager=go_modules&previous-version=0.4.1&new-version=0.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 14:41:38 +02:00
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
github.com/muesli/cancelreader v0.2.2 // indirect
github.com/muesli/mango v0.1.0 // indirect
github.com/muesli/mango-pflag v0.1.0 // indirect
github.com/multiformats/go-base32 v0.1.0 // indirect
github.com/multiformats/go-base36 v0.2.0 // indirect
github.com/multiformats/go-multibase v0.2.0 // indirect
github.com/multiformats/go-multihash v0.2.3 // indirect
github.com/multiformats/go-varint v0.0.7 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/onsi/gomega v1.31.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/opencontainers/runc v1.1.14 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
github.com/pkg/errors v0.9.1 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/polydawn/refmt v0.89.1-0.20221221234430-40501e09de1f // indirect
github.com/prometheus/client_golang v1.19.0 // indirect
github.com/prometheus/client_model v0.6.0 // indirect
github.com/prometheus/common v0.51.1 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/prometheus/procfs v0.12.0 // indirect
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#4672) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.1 to 0.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v0.10.0</h2> <h1>String Transforms 💄</h1> <p>Lip Gloss <code>v0.10.0</code> features a brand new <code>Transform</code> function for Styles to alter strings at render time. As well as some bug fixes, like ANSI-aware table cell truncation. 🧹</p> <p>Simply define a <code>Transform</code> function as <code>func (string) string</code> and apply it to any style:</p> <pre lang="go"><code>// Example: s := NewStyle().Transform(strings.ToUpper) fmt.Println(s.Render(&quot;raow!&quot;) // &quot;RAOW!&quot; </code></pre> <p>Or, if you prefer:</p> <pre lang="go"><code>// Example: reverse := func(s string) string { n := 0 rune := make([]rune, len(s)) for _, r := range s { rune[n] = r n++ } rune = rune[0:n] for i := 0; i &lt; n/2; i++ { rune[i], rune[n-1-i] = rune[n-1-i], rune[i] } return string(rune) } <p>s := NewStyle().Transform(reverse) fmt.Println(s.Render(&quot;The quick brown 狐 jumped over the lazy 犬&quot;) // &quot;犬 yzal eht revo depmuj 狐 nworb kciuq ehT&quot;, </code></pre></p> <h2>What's Changed?</h2> <ul> <li>Corrected border shorthand functions explanation by <a href="https://github.com/ReidMason"><code>@​ReidMason</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/237">charmbracelet/lipgloss#237</a></li> <li>Align help by <a href="https://github.com/schmurfy"><code>@​schmurfy</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/239">charmbracelet/lipgloss#239</a></li> <li><code>Style.Transform</code> for altering strings at render time by <a href="https://github.com/meowgorithm"><code>@​meowgorithm</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/232">charmbracelet/lipgloss#232</a></li> <li>Adding right padding to empty string by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/253">charmbracelet/lipgloss#253</a></li> <li>Refactor padding functions by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/254">charmbracelet/lipgloss#254</a></li> <li>Fix truncate of table cells containing ANSI by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/256">charmbracelet/lipgloss#256</a></li> <li>Improve maximum width of characters in a string by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/257">charmbracelet/lipgloss#257</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ReidMason"><code>@​ReidMason</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/237">charmbracelet/lipgloss#237</a></li> <li><a href="https://github.com/schmurfy"><code>@​schmurfy</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/239">charmbracelet/lipgloss#239</a></li> <li><a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/253">charmbracelet/lipgloss#253</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/439c06fae64d2f53261b692fcfcbe464d8e18d89"><code>439c06f</code></a> docs(table): ANSI-aware cell example</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/652c37dd07489c7c484711c8e21f4b221f57d056"><code>652c37d</code></a> feat(deps): bump github.com/rivo/uniseg from 0.4.6 to 0.4.7 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/262">#262</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/8464a7c90b02905ea471be3bc20951dce981b3ff"><code>8464a7c</code></a> chore(deps): bump golangci/golangci-lint-action from 3 to 4 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/259">#259</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/207eb25c9f720e48e2d46b5c2f213d07b2006052"><code>207eb25</code></a> Create CODEOWNERS</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/13584f26deeb5f6188fa1e80e43aa2ca04f297cb"><code>13584f2</code></a> chore: go mod tidy</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/bb7ffe226d40ba75dda2bf62dd5577af3c635b66"><code>bb7ffe2</code></a> fix(ci): update coverage workflow</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/2745d8a3d83029e649b21bf6bf26298b3c51ce3a"><code>2745d8a</code></a> Improve maximum width of characters in a string (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/257">#257</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/de4601232b791a1397d6c645904b001a311a5693"><code>de46012</code></a> Fix truncate of table cells containing ANSI (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/256">#256</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/92946d34c2342f6e061d72cf6bec57526c9da3d2"><code>92946d3</code></a> chore: refactor padding functions (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/254">#254</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/59874c2afabe9d8b65123ef2279ce4e61c113181"><code>59874c2</code></a> chore: apply gofumpt to all files (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/255">#255</a>)</li> <li>Additional commits viewable in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.9.1...v0.10.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.9.1&new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-08 18:39:53 +02:00
github.com/rivo/uniseg v0.4.7 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
github.com/sigstore/cosign/v2 v2.2.4 // indirect
github.com/sigstore/rekor v1.3.6 // indirect
github.com/sigstore/sigstore v1.8.3 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/skeema/knownhosts v1.2.2 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.19.0 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/subosito/gotenv v1.6.0 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/vbatts/tar-split v0.11.5 // indirect
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
github.com/wagoodman/go-progress v0.0.0-20220614130704-4b1c25a33c7c // indirect
github.com/whyrusleeping/cbor-gen v0.1.3-0.20240731173018-74d74643234c // indirect
github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
feat(deps): bump gocloud.dev from 0.27.0 to 0.28.0 (#3689) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.27.0 to 0.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.28.0</h2> <p><strong>BREAKING CHANGES</strong>:</p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK.</li> <li><strong>blob/azureblob</strong>: Updated to match recent breaking changes in the Azure packages (yes, again).</li> <li><strong>pubsub/awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>blob</strong></p> <ul> <li><strong>memblob</strong>: Fixed bug where use of <code>BeforeCopy</code> callback would drop the actual copying.</li> <li><strong>azureblob</strong>: Updated to match recent breaking changes in the Azure packages.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>all</strong>: Simplified and improved batch sizing, should resolve issues with too-frequent polling in some situations.</li> <li><strong>azurepubsub</strong>: Made <code>ListenerTimeout</code> configurable.</li> <li><strong>gcppubsub</strong> and <strong>awssnssqs</strong>: Support lazy mode for <code>Nack</code> (where no explicit <code>Nack</code> is sent).</li> <li><strong>awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>secrets</strong></p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK. Use azidentity.NewDefaultAzureCredential.</li> </ul> <p><strong>sql</strong></p> <ul> <li><strong>gcp/cloudsql</strong>: Fixed IAM login.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/24166090495b8e084a23aa7d11fcc81ec33e4729"><code>2416609</code></a> all: prep for v0.28.0 (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3207">#3207</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/13f46eb8065d5ea62b757f5f0f11a56f48faf7cc"><code>13f46eb</code></a> pubsub: simplify and improve batch sizing, especially for low message rates</li> <li><a href="https://github.com/google/go-cloud/commit/8f2c2b9a392a8e4a3d7a4942f88f3df607f8f6d0"><code>8f2c2b9</code></a> pubsub/memsub: Add Options for batching (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3205">#3205</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/fe0a3d75fe43c039258df25ebf102602526e3052"><code>fe0a3d7</code></a> pubsub/awssqs: Fix BeforeSend/As to enable changes to the sqs input message (...</li> <li><a href="https://github.com/google/go-cloud/commit/dfaf95af34dd9022a69a061028e0ceec98e9c670"><code>dfaf95a</code></a> secrets/azurekeyvault: Use azidentity.NewDefaultAzureCredential to support ot...</li> <li><a href="https://github.com/google/go-cloud/commit/1e26311532928f060c490a7fbf2be92b55ee12c4"><code>1e26311</code></a> blob: Remove some debug logging (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3197">#3197</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/43ed5a499864c08b7b6549ff7085f19634a1f02c"><code>43ed5a4</code></a> pubsub/gcppubsub: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3195">#3195</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/be80e70b3dcf7a6b86481881c7ac0b44a8095178"><code>be80e70</code></a> pubsub/awssnssqs: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3194">#3194</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/7d690993a53cf8cc2e7af07872876d58601f1261"><code>7d69099</code></a> blob/azblob: Update to latest, and restore As for dirlist (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3191">#3191</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/e942f3c339f0eb617ac4dbc7f37cc4e5920ee7cc"><code>e942f3c</code></a> blob/azblob: Restore As for List entry (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3188">#3188</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.27.0...v0.28.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.27.0&new-version=0.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 14:09:51 +02:00
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
go.opentelemetry.io/otel v1.28.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 // indirect
go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.28.0 // indirect
go.opentelemetry.io/otel/sdk v1.28.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.28.0 // indirect
go.opentelemetry.io/otel/trace v1.28.0 // indirect
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
go.uber.org/atomic v1.11.0 // indirect
feat(deps): bump the gomod-deps group with 3 updates (#4200) Bumps the gomod-deps group with 3 updates: [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab), [gocloud.dev](https://github.com/google/go-cloud) and [go.uber.org/automaxprocs](https://github.com/uber-go/automaxprocs). Updates `github.com/xanzy/go-gitlab` from 0.86.0 to 0.88.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xanzy/go-gitlab/commit/7e3c23c9c221c0a334e11356503a99d41f206651"><code>7e3c23c</code></a> Update pipeline tests</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/2ac3eea05ffd9c096624ce3f88bf88132940b025"><code>2ac3eea</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1758">#1758</a> from billiechar/billiechar-snippet-moves</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/ddb5ca097455e3087ade383fec32ab07d24cb2c0"><code>ddb5ca0</code></a> Update the PR to make the code consistent</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/a4d27d6848beb49923d87d6201330f869f230f8b"><code>a4d27d6</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1759">#1759</a> from PatrickRice-KSC/add-missing-housekeeping-setting</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/a42af8593e45e5a55a6008e482ecbc3dc6f5d06b"><code>a42af85</code></a> Change PipelineTestCases.SystemOutput to interface{}</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/89486a0530374b782bb0267664a5bd49394fbb31"><code>89486a0</code></a> Add missing housekeeping setting</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/852645c7728d7a4284053806b68682b2905c856a"><code>852645c</code></a> Update tests</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/f2c344ca14c5829c55154263b6504d57b26126c3"><code>f2c344c</code></a> Use separate options for each schedule</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/86dd6321cdc296bc3f9a065718e58ea33cb1e686"><code>86dd632</code></a> Add snippet repository storage move APIs</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/3c1f9bfa0d349acfb0aba8991a1abdf62495ee81"><code>3c1f9bf</code></a> Use io.ReadAll instead of ioutil.ReadAll</li> <li>Additional commits viewable in <a href="https://github.com/xanzy/go-gitlab/compare/v0.86.0...v0.88.0">compare view</a></li> </ul> </details> <br /> Updates `gocloud.dev` from 0.30.0 to 0.32.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.32.0</h2> <p>Redoing <code>v0.31.0</code> since I think I messed up the tags. Copying the release notes:</p> <p><strong>all</strong></p> <ul> <li>Update <code>go</code> version in <code>go.mod</code> to maintain cleaner <code>go.mod</code> and <code>go.sum</code> files.</li> </ul> <p><strong>blob</strong></p> <ul> <li><strong>all</strong>: Pass through reader/writer to <code>WriteTo</code>/<code>ReadFrom</code> if available (optimization).</li> <li><strong>all</strong>: Make <code>blob.Bucket</code> implement <code>io/fs.FS</code> and <code>io/fs.SubFS</code>.</li> <li><strong>gcsblob</strong>: Add support for forcing an unauthenticated client.</li> </ul> <p><strong>server</strong></p> <ul> <li>Make <code>requestlog</code> internal structs implement <code>http.Flusher</code>.</li> <li>Don't always read the full request in order to calculate the request size; use <code>Content-Length</code> when available.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/728b7c1395cb35d23e85ee0a8e957744e2560183"><code>728b7c1</code></a> all: prerelease take 2 (<a href="https://redirect.github.com/google/go-cloud/issues/3278">#3278</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/838a8fd9b6b7efc90b55cb5ed10e19463cbb1262"><code>838a8fd</code></a> all: prerelease (<a href="https://redirect.github.com/google/go-cloud/issues/3277">#3277</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/0f33c81c8dbec9d5302d9615b95c5ba878e0ede9"><code>0f33c81</code></a> all: add dragonfly build to test suite (<a href="https://redirect.github.com/google/go-cloud/issues/3268">#3268</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/bfd1b284ad86ce55bd0a7bc3e1c27fc8814fb87a"><code>bfd1b28</code></a> all: update dependencies (<a href="https://redirect.github.com/google/go-cloud/issues/3276">#3276</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/8d4590ac1e51bca704bc85422cb0a2f2d0b1b7ba"><code>8d4590a</code></a> server/requestlog: Don't consume entire body just to get a request size (<a href="https://redirect.github.com/google/go-cloud/issues/3274">#3274</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/a1d9f4295c59f30b30a085682b47e314c6960673"><code>a1d9f42</code></a> server/requestlog: make responseStats implement http.Flusher (<a href="https://redirect.github.com/google/go-cloud/issues/3275">#3275</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/8cab06ea136cfdd73f67300332994f81234469bc"><code>8cab06e</code></a> blob/gcsblob: add support for forcing an authenticated client (<a href="https://redirect.github.com/google/go-cloud/issues/3273">#3273</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/0e5728dd337838e82e07e03dcef9f54dfc04cc52"><code>0e5728d</code></a> blob: make blob.Bucket implement io/fs.FS and io/fs.SubFS (<a href="https://redirect.github.com/google/go-cloud/issues/3272">#3272</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/a6551792237ccc995a6e95169210ac8e77dbcd94"><code>a655179</code></a> all: update go.mod files to go 1.19 (<a href="https://redirect.github.com/google/go-cloud/issues/3271">#3271</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/8385fc39c70f6589823ca019e399f5514feb377d"><code>8385fc3</code></a> blob: pass through reader/writer to <code>WriteTo</code>/<code>ReadFrom</code> if available (<a href="https://redirect.github.com/google/go-cloud/issues/3267">#3267</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.30.0...v0.32.0">compare view</a></li> </ul> </details> <br /> Updates `go.uber.org/automaxprocs` from 1.5.2 to 1.5.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uber-go/automaxprocs/releases">go.uber.org/automaxprocs's releases</a>.</em></p> <blockquote> <h2>v1.5.3</h2> <ul> <li>Fix mountinfo parsing when super options have fields with spaces.</li> <li>Fix division by zero while parsing cgroups.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/uber-go/automaxprocs/blob/master/CHANGELOG.md">go.uber.org/automaxprocs's changelog</a>.</em></p> <blockquote> <h2>v1.5.3 (2023-07-19)</h2> <ul> <li>Fix mountinfo parsing when super options have fields with spaces.</li> <li>Fix division by zero while parsing cgroups.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/uber-go/automaxprocs/commit/e83e959d8845f659d02749ba5598fd62a7129e4e"><code>e83e959</code></a> Release v1.5.3 (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/77">#77</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/94404505e072633727945d6adc276be8759dadcf"><code>9440450</code></a> Update actions (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/76">#76</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/4b0a5c9c3c30af086d1251cecd4114b7d4b55a45"><code>4b0a5c9</code></a> set CI perms to readonly (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/75">#75</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/c64632e175f532a5fe994622797d70b06338337e"><code>c64632e</code></a> Drop Go 1.17 and Go 1.18 from CI (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/74">#74</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/60f22786b2d20055ca8d888ed455a25aed935bea"><code>60f2278</code></a> fix: mountinfo parsing (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/73">#73</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/d064ede19db88036b1a2fb6b41113717a84dfda2"><code>d064ede</code></a> Fix division by zero (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/71">#71</a>)</li> <li>See full diff in <a href="https://github.com/uber-go/automaxprocs/compare/v1.5.2...v1.5.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-20 14:56:26 +02:00
go.uber.org/automaxprocs v1.5.3
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
feat(deps): bump github.com/goreleaser/nfpm/v2 from 2.34.0 to 2.35.0 (#4492) Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.34.0 to 2.35.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's releases</a>.</em></p> <blockquote> <h2>v2.35.0</h2> <h2>Changelog</h2> <h3>New Features</h3> <ul> <li>9c4fc0e886dabcd359967cdeca9107973e93c4b9: feat: reproducible packages (<a href="https://redirect.github.com/goreleaser/nfpm/issues/748">#748</a>) (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>3485ec3edaba34f90ab57c287ac71eaabfc816be: fix(deb): blank line in package description (<a href="https://redirect.github.com/goreleaser/nfpm/issues/742">#742</a>) (<a href="https://github.com/abemedia"><code>@​abemedia</code></a>)</li> <li>60cff806c953650d9bda31fda43452003552784b: fix: Ensure reproducable Deb package (<a href="https://redirect.github.com/goreleaser/nfpm/issues/747">#747</a>) (<a href="https://github.com/keliramu"><code>@​keliramu</code></a>)</li> <li>2c8f9e0d70ccc37e2eb6433daccc3ca2f67841a1: fix: config merge (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>216b17ffff80a5faad835fc53cbe461322d4bf6a: fix: example should not have prefixed version (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>cdd9a621e98bb5e1b41798b74b720a3273e743ab: fix: use parent owner/group on typedir (<a href="https://redirect.github.com/goreleaser/nfpm/issues/754">#754</a>) (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <h3>Dependency updates</h3> <ul> <li>a8707cd42874f46a192ec2ef9918d3a75631afb6: feat(deps): bump github.com/klauspost/compress from 1.17.2 to 1.17.3 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/737">#737</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>6f2eb59cd263e4a8516ca6addb40e4a5d87b1084: feat(deps): bump github.com/klauspost/compress from 1.17.3 to 1.17.4 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/745">#745</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>6c241370ccdd5718730556f2b8c13e4733d0fda7: feat(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/732">#732</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>d56350e61f34f7a596d2383b365da633798aed97: feat(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/756">#756</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> </ul> <h3>Build process updates</h3> <ul> <li>560c42ca3c87a2938e3b9cc841ec6cde05c8984b: build: added shell.nix (<a href="https://redirect.github.com/goreleaser/nfpm/issues/743">#743</a>) (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>29c85136454eabe774558c1b67e3ecf025269f55: build: setup nur and winget (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <h3>Other work</h3> <ul> <li>c4f2da3568bdd0d2882a02a29b60101f944e0f33: docs: correct GOARCH docs (<a href="https://redirect.github.com/goreleaser/nfpm/issues/733">#733</a>) (<a href="https://github.com/cognifloyd"><code>@​cognifloyd</code></a>)</li> <li>aaaa3fbb8625a9fe03ba2cb5e2c0f050d2393e6b: docs: fix systemd note (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>f0941db79b18d292a921e0ea778fcf5d1c282e0e: docs: update cmd docs (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>7439013fb5dc9357e84aabb36823a21c1b97e8ba: docs: update cmd docs (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/goreleaser/nfpm/compare/v2.34.0...v2.35.0">https://github.com/goreleaser/nfpm/compare/v2.34.0...v2.35.0</a></p> <h2>Helping out</h2> <p>This release is only possible thanks to <strong>all</strong> the support of <strong>awesome people</strong>!</p> <p>Want to be one of them? You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a href="https://goreleaser.com/contributing">contribute with code</a>.</p> <h2>Where to go next?</h2> <ul> <li>nFPM is a satellite project from GoReleaser. <a href="https://goreleaser.com">Check it out</a>!</li> <li>Find examples and commented usage of all options in our <a href="https://nfpm.goreleaser.com/">website</a>.</li> <li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and <a href="https://twitter.com/goreleaser">Twitter</a>!</li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML omitted --></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/goreleaser/nfpm/commit/29c85136454eabe774558c1b67e3ecf025269f55"><code>29c8513</code></a> build: setup nur and winget</li> <li><a href="https://github.com/goreleaser/nfpm/commit/cdd9a621e98bb5e1b41798b74b720a3273e743ab"><code>cdd9a62</code></a> fix: use parent owner/group on typedir (<a href="https://redirect.github.com/goreleaser/nfpm/issues/754">#754</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/d56350e61f34f7a596d2383b365da633798aed97"><code>d56350e</code></a> feat(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/756">#756</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/99bf0d0cf933113d23f200f6d4201f3cf3d93f22"><code>99bf0d0</code></a> test: testifylint fixes (<a href="https://redirect.github.com/goreleaser/nfpm/issues/753">#753</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/8c91e5ebefb281051472fe33c1f68dc3e1587a41"><code>8c91e5e</code></a> chore(deps): bump github/codeql-action from 2 to 3 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/752">#752</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/e43aa7f7d1ec6752af8af47987981cf882f22fa0"><code>e43aa7f</code></a> chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/751">#751</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/2c8f9e0d70ccc37e2eb6433daccc3ca2f67841a1"><code>2c8f9e0</code></a> fix: config merge</li> <li><a href="https://github.com/goreleaser/nfpm/commit/7439013fb5dc9357e84aabb36823a21c1b97e8ba"><code>7439013</code></a> docs: update cmd docs</li> <li><a href="https://github.com/goreleaser/nfpm/commit/9c4fc0e886dabcd359967cdeca9107973e93c4b9"><code>9c4fc0e</code></a> feat: reproducible packages (<a href="https://redirect.github.com/goreleaser/nfpm/issues/748">#748</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/c3142513c990e867c93c1acad256c9960a059fa1"><code>c314251</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/749">#749</a>)</li> <li>Additional commits viewable in <a href="https://github.com/goreleaser/nfpm/compare/v2.34.0...v2.35.0">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | github.com/goreleaser/nfpm/v2 | [>= 2.24.a, < 2.25] | </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/goreleaser/nfpm/v2&package-manager=go_modules&previous-version=2.34.0&new-version=2.35.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-21 14:16:43 +02:00
golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb
chore(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 (#5060) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.23.0 to 0.24.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/3057be8f634fdb03e1da1cad9fff3415299ad3ad"><code>3057be8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/4653e48eb85159eef93c4634029cd73b0430f1e0"><code>4653e48</code></a> gopls/internal/analysis: add skipped analysis simplify on generated code</li> <li><a href="https://github.com/golang/tools/commit/f855a53930c65e6f12a11fba18f587a94ee13c55"><code>f855a53</code></a> gopls/internal/telemetry/cmd/stacks: use authentication token</li> <li><a href="https://github.com/golang/tools/commit/3ffd605b1ee7615054ae2b283575f86fc14af7cf"><code>3ffd605</code></a> gopls/doc/features: fix prominent typo</li> <li><a href="https://github.com/golang/tools/commit/a5df6ad55c875ec6f513fabb9f5161df0866f924"><code>a5df6ad</code></a> go/analysis/passes/printf: report non-constant format, no args</li> <li><a href="https://github.com/golang/tools/commit/c03e5c28b0de2baba6bca5e509da618d0c3a4692"><code>c03e5c2</code></a> go/packages: do not nullify Fset when NeedSyntax is set</li> <li><a href="https://github.com/golang/tools/commit/6a6fd991e914cbc2859fd968949132085277a6d0"><code>6a6fd99</code></a> go/ssa: substitute type parameterized aliases</li> <li><a href="https://github.com/golang/tools/commit/f6a239054ffc17a8c69ba7ae95a2b0d0131bef2a"><code>f6a2390</code></a> gopls/doc: delete commands.md</li> <li><a href="https://github.com/golang/tools/commit/2154cbf88df752a2011d2c01b43eb8c8af7373ee"><code>2154cbf</code></a> gopls/internal/golang: add &quot;Browse gopls features&quot; code action</li> <li><a href="https://github.com/golang/tools/commit/ead76ab5e90b139287fe5f5dfffd8d3b314b3eb5"><code>ead76ab</code></a> go/analysis: Add modules to Pass</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.23.0...v0.24.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-09 14:38:04 +02:00
golang.org/x/mod v0.20.0 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/sys v0.24.0 // indirect
chore(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 (#5060) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.23.0 to 0.24.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/3057be8f634fdb03e1da1cad9fff3415299ad3ad"><code>3057be8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/4653e48eb85159eef93c4634029cd73b0430f1e0"><code>4653e48</code></a> gopls/internal/analysis: add skipped analysis simplify on generated code</li> <li><a href="https://github.com/golang/tools/commit/f855a53930c65e6f12a11fba18f587a94ee13c55"><code>f855a53</code></a> gopls/internal/telemetry/cmd/stacks: use authentication token</li> <li><a href="https://github.com/golang/tools/commit/3ffd605b1ee7615054ae2b283575f86fc14af7cf"><code>3ffd605</code></a> gopls/doc/features: fix prominent typo</li> <li><a href="https://github.com/golang/tools/commit/a5df6ad55c875ec6f513fabb9f5161df0866f924"><code>a5df6ad</code></a> go/analysis/passes/printf: report non-constant format, no args</li> <li><a href="https://github.com/golang/tools/commit/c03e5c28b0de2baba6bca5e509da618d0c3a4692"><code>c03e5c2</code></a> go/packages: do not nullify Fset when NeedSyntax is set</li> <li><a href="https://github.com/golang/tools/commit/6a6fd991e914cbc2859fd968949132085277a6d0"><code>6a6fd99</code></a> go/ssa: substitute type parameterized aliases</li> <li><a href="https://github.com/golang/tools/commit/f6a239054ffc17a8c69ba7ae95a2b0d0131bef2a"><code>f6a2390</code></a> gopls/doc: delete commands.md</li> <li><a href="https://github.com/golang/tools/commit/2154cbf88df752a2011d2c01b43eb8c8af7373ee"><code>2154cbf</code></a> gopls/internal/golang: add &quot;Browse gopls features&quot; code action</li> <li><a href="https://github.com/golang/tools/commit/ead76ab5e90b139287fe5f5dfffd8d3b314b3eb5"><code>ead76ab</code></a> go/analysis: Add modules to Pass</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.23.0...v0.24.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-09 14:38:04 +02:00
golang.org/x/term v0.23.0 // indirect
golang.org/x/time v0.6.0 // indirect
golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
google.golang.org/api v0.191.0 // indirect
google.golang.org/genproto v0.0.0-20240812133136-8ffd90a71988 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240812133136-8ffd90a71988 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240812133136-8ffd90a71988 // indirect
google.golang.org/grpc v1.65.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
lukechampine.com/blake3 v1.2.1 // indirect
chore(deps): bump github.com/google/ko from 0.15.2 to 0.15.4 (#4885) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.2 to 0.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Refactor global values to be defaults by <a href="https://github.com/nmittler"><code>@​nmittler</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1318">ko-build/ko#1318</a></p> </li> <li> <p>Bump actions/checkout from 4.1.5 to 4.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1316">ko-build/ko#1316</a></p> </li> <li> <p>Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1315">ko-build/ko#1315</a></p> </li> <li> <p>Bump github/codeql-action from 2.13.4 to 3.25.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1319">ko-build/ko#1319</a></p> </li> <li> <p>Bump github/codeql-action from 3.25.5 to 3.25.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1321">ko-build/ko#1321</a></p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4">https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4</a></p> <h2>v0.15.3</h2> <p>🚨 We are investigating an issue with this release 🚨 See <a href="https://redirect.github.com/ko-build/ko/issues/1317">ko-build/ko#1317</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1244">ko-build/ko#1244</a></li> <li>Fix fly.io deployment docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1247">ko-build/ko#1247</a></li> <li>Bump golang.org/x/tools from 0.18.0 to 0.19.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1249">ko-build/ko#1249</a></li> <li>Update setup-ko action link in install.md by <a href="https://github.com/koki-develop"><code>@​koki-develop</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1256">ko-build/ko#1256</a></li> <li>Fix kind image names with --bare by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1027">ko-build/ko#1027</a></li> <li>fix: update github.com/awslabs/amazon-ecr-credential-helper to latest version by <a href="https://github.com/nesty92"><code>@​nesty92</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1267">ko-build/ko#1267</a></li> <li>drop go1.20 and start testing with go1.22 and ci updates by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1251">ko-build/ko#1251</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1265">ko-build/ko#1265</a></li> <li>Bump reviewdog/action-misspell from 1.15.0 to 1.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1252">ko-build/ko#1252</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1258">ko-build/ko#1258</a></li> <li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1255">ko-build/ko#1255</a></li> <li>Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1257">ko-build/ko#1257</a></li> <li>Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1253">ko-build/ko#1253</a></li> <li>Bump actions/setup-python from 5.0.0 to 5.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1269">ko-build/ko#1269</a></li> <li>Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1259">ko-build/ko#1259</a></li> <li>Bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1263">ko-build/ko#1263</a></li> <li>Bump reviewdog/action-misspell from 1.16.0 to 1.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1270">ko-build/ko#1270</a></li> <li>Add support for setting capabilities on the app binary by <a href="https://github.com/mejedi"><code>@​mejedi</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1271">ko-build/ko#1271</a></li> <li>Bump golang.org/x/sync from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1273">ko-build/ko#1273</a></li> <li>Bump golang.org/x/tools from 0.19.0 to 0.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1272">ko-build/ko#1272</a></li> <li>Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1275">ko-build/ko#1275</a></li> <li>Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1277">ko-build/ko#1277</a></li> <li>chore: fix function names in comment by <a href="https://github.com/camcui"><code>@​camcui</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1278">ko-build/ko#1278</a></li> <li>Bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1279">ko-build/ko#1279</a></li> <li>Fix AWS Lambda advanced docs by <a href="https://github.com/mattn"><code>@​mattn</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1281">ko-build/ko#1281</a></li> <li>Bump actions/upload-artifact from 4.3.1 to 4.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1284">ko-build/ko#1284</a></li> <li>Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1283">ko-build/ko#1283</a></li> <li>Bump actions/checkout from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1285">ko-build/ko#1285</a></li> <li>Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1286">ko-build/ko#1286</a></li> <li>Bump actions/upload-artifact from 4.3.2 to 4.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1288">ko-build/ko#1288</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1287">ko-build/ko#1287</a></li> <li>Bump actions/checkout from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1290">ko-build/ko#1290</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/c9e27f0dae0b9db53e19d521bbc5ee811ce00e39"><code>c9e27f0</code></a> Update integration_test.sh</li> <li><a href="https://github.com/ko-build/ko/commit/7cb29ac9b8f0dbdea83e2828fb9da040752b2053"><code>7cb29ac</code></a> Refactor global values to be defaults</li> <li><a href="https://github.com/ko-build/ko/commit/29e852e8bbd76d65722c57497106adb1378f885f"><code>29e852e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1321">#1321</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/74f02a8f5989e979bbc10ac067ae8d4cbd22537e"><code>74f02a8</code></a> ---</li> <li><a href="https://github.com/ko-build/ko/commit/81723216fa527be864baee6f6518fa0895e12710"><code>8172321</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1319">#1319</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/f979606b996aa20b6c6ad01226b726e1cb2777e7"><code>f979606</code></a> Bump github/codeql-action from 2.13.4 to 3.25.5</li> <li><a href="https://github.com/ko-build/ko/commit/bb99eccfe235e7b583c857bb1bafbf45f72178d1"><code>bb99ecc</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1315">#1315</a> from ko-build/dependabot/go_modules/github.com/docke...</li> <li><a href="https://github.com/ko-build/ko/commit/dcb8f4edfe8463aba0554e8cd03e58b1bd650f0a"><code>dcb8f4e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1316">#1316</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/7e47ec504a307bc63b4e2254434b9644dcf33841"><code>7e47ec5</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/ko-build/ko/commit/459bf48a23b48e5423109fd30ea0eca546279709"><code>459bf48</code></a> Bump github.com/docker/docker</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.15.2...v0.15.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.15.2&new-version=0.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-22 15:56:23 +02:00
sigs.k8s.io/kind v0.23.0 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
sigs.k8s.io/yaml v1.4.0 // indirect
software.sslmate.com/src/go-pkcs12 v0.4.0 // indirect
)