1
0
mirror of https://github.com/goreleaser/goreleaser.git synced 2024-12-27 01:33:39 +02:00
goreleaser/go.mod

362 lines
19 KiB
Modula-2
Raw Normal View History

module github.com/goreleaser/goreleaser/v2
2018-10-29 02:54:15 +02:00
go 1.23.0
2018-10-29 02:54:15 +02:00
require (
chore(deps): bump code.gitea.io/sdk/gitea from 0.18.0 to 0.19.0 (#5033) Bumps code.gitea.io/sdk/gitea from 0.18.0 to 0.19.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=code.gitea.io/sdk/gitea&package-manager=go_modules&previous-version=0.18.0&new-version=0.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 14:20:21 +02:00
code.gitea.io/sdk/gitea v0.19.0
chore(deps): bump dario.cat/mergo from 1.0.0 to 1.0.1 (#5093) Bumps [dario.cat/mergo](https://github.com/imdario/mergo) from 1.0.0 to 1.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/imdario/mergo/releases">dario.cat/mergo's releases</a>.</em></p> <blockquote> <h2>v1.0.1</h2> <h2>What's Changed</h2> <ul> <li>fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a> by <a href="https://github.com/vsemichev"><code>@​vsemichev</code></a> in <a href="https://redirect.github.com/darccio/mergo/pull/253">darccio/mergo#253</a></li> <li>fix: <code>WithoutDereference</code> should respect non-nil struct pointers by <a href="https://github.com/joshkaplinsky"><code>@​joshkaplinsky</code></a> in <a href="https://redirect.github.com/darccio/mergo/pull/251">darccio/mergo#251</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vsemichev"><code>@​vsemichev</code></a> made their first contribution in <a href="https://redirect.github.com/darccio/mergo/pull/253">darccio/mergo#253</a></li> <li><a href="https://github.com/joshkaplinsky"><code>@​joshkaplinsky</code></a> made their first contribution in <a href="https://redirect.github.com/darccio/mergo/pull/251">darccio/mergo#251</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1">https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/darccio/mergo/commit/59ea6a9cd9f9c60cb6b1c58476f76cd3172ccebf"><code>59ea6a9</code></a> Merge pull request <a href="https://redirect.github.com/imdario/mergo/issues/251">#251</a> from joshkaplinsky/joshkaplinsky/without-dereference-...</li> <li><a href="https://github.com/darccio/mergo/commit/96f24afa924ff3b6f024de9f5aa72020078b06f9"><code>96f24af</code></a> Merge pull request <a href="https://redirect.github.com/imdario/mergo/issues/253">#253</a> from vsemichev/master</li> <li><a href="https://github.com/darccio/mergo/commit/2f1a6156ce0c8b8a6291926b75bc27b9b8fc2bfe"><code>2f1a615</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a>. adds test to verify the fix.</li> <li><a href="https://github.com/darccio/mergo/commit/4da170b81eef59e84cfa68070a73aea40f98ddbd"><code>4da170b</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a>. attempt <a href="https://redirect.github.com/imdario/mergo/issues/3">#3</a></li> <li><a href="https://github.com/darccio/mergo/commit/a13a1175be733af04b175c9fe616f594c5e8dfa9"><code>a13a117</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a>. attempt <a href="https://redirect.github.com/imdario/mergo/issues/2">#2</a></li> <li><a href="https://github.com/darccio/mergo/commit/6b830ffc3df09a6f22aafd7dfbf5f02d0da2ee22"><code>6b830ff</code></a> fixes issue <a href="https://redirect.github.com/imdario/mergo/issues/187">#187</a></li> <li><a href="https://github.com/darccio/mergo/commit/f33862a52373a787536aff7428212ce0ecb0cac0"><code>f33862a</code></a> WithoutDereference should respect structs</li> <li><a href="https://github.com/darccio/mergo/commit/cde9f0ea26cccb1168ee3900cf8ca457bb928c3c"><code>cde9f0e</code></a> Merge pull request <a href="https://redirect.github.com/imdario/mergo/issues/246">#246</a> from darccio/darccio/v1-frozen</li> <li><a href="https://github.com/darccio/mergo/commit/f1e2fe566a09b85177236eea3f03fc5dab009edc"><code>f1e2fe5</code></a> chore: frozen v1</li> <li><a href="https://github.com/darccio/mergo/commit/7f7b4afa33c905820aa75c473f3f13321dd499b5"><code>7f7b4af</code></a> Update FUNDING.yml</li> <li>Additional commits viewable in <a href="https://github.com/imdario/mergo/compare/v1.0.0...v1.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dario.cat/mergo&package-manager=go_modules&previous-version=1.0.0&new-version=1.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 14:25:23 +02:00
dario.cat/mergo v1.0.1
chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 (#5105) Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.2.1 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Masterminds/semver/releases">github.com/Masterminds/semver/v3's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Fix: bad package in README by <a href="https://github.com/sdelicata"><code>@​sdelicata</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li> <li>Updating the GitHub Actions and versions of Go used by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/229">Masterminds/semver#229</a></li> <li>Fix spelling in README by <a href="https://github.com/robinschneider"><code>@​robinschneider</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li> <li>Adding go build cache to fuzz output by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/232">Masterminds/semver#232</a></li> <li>Add caching to fuzz testing by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/234">Masterminds/semver#234</a></li> <li>updating github actions by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/235">Masterminds/semver#235</a></li> <li>feat: nil version equality by <a href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li> <li>add &gt;= and &lt;= by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li> <li>doc: hyphen range constraint without whitespace by <a href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li> <li>Removing reference to vert by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/245">Masterminds/semver#245</a></li> <li>simplify StrictNewVersion by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/241">Masterminds/semver#241</a></li> <li>Updating the testing version of Go used by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/246">Masterminds/semver#246</a></li> <li>bumping min version in go.mod based on what's tested by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/248">Masterminds/semver#248</a></li> <li>Updating changelog for 3.3.0 by <a href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/249">Masterminds/semver#249</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sdelicata"><code>@​sdelicata</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li> <li><a href="https://github.com/robinschneider"><code>@​robinschneider</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li> <li><a href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li> <li><a href="https://github.com/grosser"><code>@​grosser</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li> <li><a href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0">https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Masterminds/semver/blob/master/CHANGELOG.md">github.com/Masterminds/semver/v3's changelog</a>.</em></p> <blockquote> <h2>3.3.0 (2024-08-27)</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/238">#238</a>: Add LessThanEqual and GreaterThanEqual functions (thanks <a href="https://github.com/grosser"><code>@​grosser</code></a>)</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/213">#213</a>: nil version equality checking (thanks <a href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a>)</li> </ul> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a>: Simplify StrictNewVersion parsing (thanks <a href="https://github.com/grosser"><code>@​grosser</code></a>)</li> <li>Testing support up through Go 1.23</li> <li>Minimum version set to 1.21 as this is what's tested now</li> <li>Fuzz testing now supports caching</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Masterminds/semver/commit/e6e3d4d3cb1073f0ab8fb3d4be0869d1687b75f9"><code>e6e3d4d</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/249">#249</a> from mattfarina/update-changelog-3.3.0</li> <li><a href="https://github.com/Masterminds/semver/commit/e80c4ea7233523c64c380d944a3ed57c1666ac67"><code>e80c4ea</code></a> Updating changelog for 3.3.0</li> <li><a href="https://github.com/Masterminds/semver/commit/80427ad56e4fca2ef72e4050f01f1c9c347a0cd3"><code>80427ad</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/248">#248</a> from mattfarina/bump-min-version</li> <li><a href="https://github.com/Masterminds/semver/commit/b6108372278f95198bb85fd22464b3cdc894a3a2"><code>b610837</code></a> bumping min version in go.mod based on what's tested</li> <li><a href="https://github.com/Masterminds/semver/commit/a4cccd8ea5e6a94c09921a2dd4136e337ef069d1"><code>a4cccd8</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/246">#246</a> from mattfarina/bump-go-1.23</li> <li><a href="https://github.com/Masterminds/semver/commit/7c178cf0c64cb23c5fcf0a291a2c9fb968806819"><code>7c178cf</code></a> Updating the testing version of Go used</li> <li><a href="https://github.com/Masterminds/semver/commit/29f94c1119d901b8b4daf94be98df54ef044d3d9"><code>29f94c1</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a> from grosser/grosser/validate</li> <li><a href="https://github.com/Masterminds/semver/commit/2cf1b16b95d71b6f8ccd5fc0fe43e1896a3049cd"><code>2cf1b16</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/245">#245</a> from mattfarina/remove-vert</li> <li><a href="https://github.com/Masterminds/semver/commit/b55476af0ebb4f52e3f5fb5aca65960354bdc309"><code>b55476a</code></a> Removing reference to vert</li> <li><a href="https://github.com/Masterminds/semver/commit/d07450b7cfece0885549dce1ad5b798aa7844d95"><code>d07450b</code></a> simplify StrictNewVersion</li> <li>Additional commits viewable in <a href="https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/Masterminds/semver/v3&package-manager=go_modules&previous-version=3.2.1&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-28 16:26:33 +02:00
github.com/Masterminds/semver/v3 v3.3.0
chore(deps): bump github.com/atc0005/go-teams-notify/v2 from 2.12.0 to 2.13.0 (#5124) Bumps [github.com/atc0005/go-teams-notify/v2](https://github.com/atc0005/go-teams-notify) from 2.12.0 to 2.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/atc0005/go-teams-notify/releases">github.com/atc0005/go-teams-notify/v2's releases</a>.</em></p> <blockquote> <h2>v2.13.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>New Features or Enhancements 🎉</h3> <ul> <li>Add MSTeams CodeBlock element by <a href="https://github.com/MichaelUrman"><code>@​MichaelUrman</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/293">atc0005/go-teams-notify#293</a></li> <li>Update documentation for CodeBlock element by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/298">atc0005/go-teams-notify#298</a></li> </ul> <h3>Other Changes</h3> <ul> <li>Update CHANGELOG for v2.13.0 release by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/300">atc0005/go-teams-notify#300</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/MichaelUrman"><code>@​MichaelUrman</code></a> made their first contribution in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/293">atc0005/go-teams-notify#293</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/atc0005/go-teams-notify/compare/v2.12.0...v2.13.0">https://github.com/atc0005/go-teams-notify/compare/v2.12.0...v2.13.0</a></p> <h2>v2.13.0-rc.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>New Features or Enhancements 🎉</h3> <ul> <li>Add MSTeams CodeBlock element by <a href="https://github.com/MichaelUrman"><code>@​MichaelUrman</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/293">atc0005/go-teams-notify#293</a></li> <li>Update documentation for CodeBlock element by <a href="https://github.com/atc0005"><code>@​atc0005</code></a> in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/298">atc0005/go-teams-notify#298</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/MichaelUrman"><code>@​MichaelUrman</code></a> made their first contribution in <a href="https://redirect.github.com/atc0005/go-teams-notify/pull/293">atc0005/go-teams-notify#293</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/atc0005/go-teams-notify/compare/v2.12.0...v2.13.0-rc.1">https://github.com/atc0005/go-teams-notify/compare/v2.12.0...v2.13.0-rc.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/atc0005/go-teams-notify/blob/master/CHANGELOG.md">github.com/atc0005/go-teams-notify/v2's changelog</a>.</em></p> <blockquote> <h2>[v2.13.0] - 2024-09-08</h2> <h3>Added</h3> <ul> <li>(<a href="https://redirect.github.com/atc0005/go-teams-notify/issues/293">GH-293</a>) Add MSTeams CodeBlock element <ul> <li>credit: <a href="https://github.com/MichaelUrman"><code>@​MichaelUrman</code></a></li> </ul> </li> <li>(<a href="https://redirect.github.com/atc0005/go-teams-notify/issues/298">GH-298</a>) Update documentation for CodeBlock element</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/atc0005/go-teams-notify/commit/885b9d18822586780a4e3363d78e6b9570c6fafc"><code>885b9d1</code></a> Merge pull request <a href="https://redirect.github.com/atc0005/go-teams-notify/issues/300">#300</a> from atc0005/update-changelog-for-v2.13.0-release</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/7af366f7b6fc0e32aed84b1ad8e189c8edc53d0b"><code>7af366f</code></a> Update CHANGELOG for v2.13.0 release</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/6ac6dc041db981f2c2a4369cdb3060ea0a2955df"><code>6ac6dc0</code></a> Merge pull request <a href="https://redirect.github.com/atc0005/go-teams-notify/issues/298">#298</a> from atc0005/i288-codeblock-tweaks</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/05de9cafeb4c2eb457c9511070051adee4b45e9c"><code>05de9ca</code></a> Update documentation for CodeBlock element</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/c0d6d3e68e0ca6a06dd504e76918cb983c3faf7e"><code>c0d6d3e</code></a> Merge pull request <a href="https://redirect.github.com/atc0005/go-teams-notify/issues/293">#293</a> from MichaelUrman/codeblock</li> <li><a href="https://github.com/atc0005/go-teams-notify/commit/f91f9e37cf2226df7086851dd4074e06b2fae10c"><code>f91f9e3</code></a> Add MSTeams CodeBlock element</li> <li>See full diff in <a href="https://github.com/atc0005/go-teams-notify/compare/v2.12.0...v2.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/atc0005/go-teams-notify/v2&package-manager=go_modules&previous-version=2.12.0&new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 16:59:57 +02:00
github.com/atc0005/go-teams-notify/v2 v2.13.0
chore(deps): bump github.com/google/ko from 0.15.2 to 0.15.4 (#4885) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.2 to 0.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Refactor global values to be defaults by <a href="https://github.com/nmittler"><code>@​nmittler</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1318">ko-build/ko#1318</a></p> </li> <li> <p>Bump actions/checkout from 4.1.5 to 4.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1316">ko-build/ko#1316</a></p> </li> <li> <p>Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1315">ko-build/ko#1315</a></p> </li> <li> <p>Bump github/codeql-action from 2.13.4 to 3.25.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1319">ko-build/ko#1319</a></p> </li> <li> <p>Bump github/codeql-action from 3.25.5 to 3.25.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1321">ko-build/ko#1321</a></p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4">https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4</a></p> <h2>v0.15.3</h2> <p>🚨 We are investigating an issue with this release 🚨 See <a href="https://redirect.github.com/ko-build/ko/issues/1317">ko-build/ko#1317</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1244">ko-build/ko#1244</a></li> <li>Fix fly.io deployment docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1247">ko-build/ko#1247</a></li> <li>Bump golang.org/x/tools from 0.18.0 to 0.19.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1249">ko-build/ko#1249</a></li> <li>Update setup-ko action link in install.md by <a href="https://github.com/koki-develop"><code>@​koki-develop</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1256">ko-build/ko#1256</a></li> <li>Fix kind image names with --bare by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1027">ko-build/ko#1027</a></li> <li>fix: update github.com/awslabs/amazon-ecr-credential-helper to latest version by <a href="https://github.com/nesty92"><code>@​nesty92</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1267">ko-build/ko#1267</a></li> <li>drop go1.20 and start testing with go1.22 and ci updates by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1251">ko-build/ko#1251</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1265">ko-build/ko#1265</a></li> <li>Bump reviewdog/action-misspell from 1.15.0 to 1.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1252">ko-build/ko#1252</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1258">ko-build/ko#1258</a></li> <li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1255">ko-build/ko#1255</a></li> <li>Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1257">ko-build/ko#1257</a></li> <li>Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1253">ko-build/ko#1253</a></li> <li>Bump actions/setup-python from 5.0.0 to 5.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1269">ko-build/ko#1269</a></li> <li>Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1259">ko-build/ko#1259</a></li> <li>Bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1263">ko-build/ko#1263</a></li> <li>Bump reviewdog/action-misspell from 1.16.0 to 1.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1270">ko-build/ko#1270</a></li> <li>Add support for setting capabilities on the app binary by <a href="https://github.com/mejedi"><code>@​mejedi</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1271">ko-build/ko#1271</a></li> <li>Bump golang.org/x/sync from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1273">ko-build/ko#1273</a></li> <li>Bump golang.org/x/tools from 0.19.0 to 0.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1272">ko-build/ko#1272</a></li> <li>Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1275">ko-build/ko#1275</a></li> <li>Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1277">ko-build/ko#1277</a></li> <li>chore: fix function names in comment by <a href="https://github.com/camcui"><code>@​camcui</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1278">ko-build/ko#1278</a></li> <li>Bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1279">ko-build/ko#1279</a></li> <li>Fix AWS Lambda advanced docs by <a href="https://github.com/mattn"><code>@​mattn</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1281">ko-build/ko#1281</a></li> <li>Bump actions/upload-artifact from 4.3.1 to 4.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1284">ko-build/ko#1284</a></li> <li>Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1283">ko-build/ko#1283</a></li> <li>Bump actions/checkout from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1285">ko-build/ko#1285</a></li> <li>Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1286">ko-build/ko#1286</a></li> <li>Bump actions/upload-artifact from 4.3.2 to 4.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1288">ko-build/ko#1288</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1287">ko-build/ko#1287</a></li> <li>Bump actions/checkout from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1290">ko-build/ko#1290</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/c9e27f0dae0b9db53e19d521bbc5ee811ce00e39"><code>c9e27f0</code></a> Update integration_test.sh</li> <li><a href="https://github.com/ko-build/ko/commit/7cb29ac9b8f0dbdea83e2828fb9da040752b2053"><code>7cb29ac</code></a> Refactor global values to be defaults</li> <li><a href="https://github.com/ko-build/ko/commit/29e852e8bbd76d65722c57497106adb1378f885f"><code>29e852e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1321">#1321</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/74f02a8f5989e979bbc10ac067ae8d4cbd22537e"><code>74f02a8</code></a> ---</li> <li><a href="https://github.com/ko-build/ko/commit/81723216fa527be864baee6f6518fa0895e12710"><code>8172321</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1319">#1319</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/f979606b996aa20b6c6ad01226b726e1cb2777e7"><code>f979606</code></a> Bump github/codeql-action from 2.13.4 to 3.25.5</li> <li><a href="https://github.com/ko-build/ko/commit/bb99eccfe235e7b583c857bb1bafbf45f72178d1"><code>bb99ecc</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1315">#1315</a> from ko-build/dependabot/go_modules/github.com/docke...</li> <li><a href="https://github.com/ko-build/ko/commit/dcb8f4edfe8463aba0554e8cd03e58b1bd650f0a"><code>dcb8f4e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1316">#1316</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/7e47ec504a307bc63b4e2254434b9644dcf33841"><code>7e47ec5</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/ko-build/ko/commit/459bf48a23b48e5423109fd30ea0eca546279709"><code>459bf48</code></a> Bump github.com/docker/docker</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.15.2...v0.15.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.15.2&new-version=0.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-22 15:56:23 +02:00
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f
github.com/bluesky-social/indigo v0.0.0-20240813042137-4006c0eca043
github.com/caarlos0/ctrlc v1.2.0
github.com/caarlos0/env/v11 v11.2.2
github.com/caarlos0/go-reddit/v3 v3.0.1
github.com/caarlos0/go-shellwords v1.0.12
github.com/caarlos0/go-version v0.1.1
chore(deps): bump github.com/caarlos0/log from 0.4.5 to 0.4.6 (#4995) Bumps [github.com/caarlos0/log](https://github.com/caarlos0/log) from 0.4.5 to 0.4.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/caarlos0/log/releases">github.com/caarlos0/log's releases</a>.</em></p> <blockquote> <h2>v0.4.6</h2> <h2>Changelog</h2> <h3>Other work</h3> <ul> <li>06d70bcb12eea57ffa7971bc77e6c9f96824db3f: ci: update goreleaser conf (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <hr /> <p><em>Released with <a href="https://goreleaser.com/pro">GoReleaser Pro</a>!</em></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/caarlos0/log/commit/5a2932ab1d2887dc2c5148c9f316cf30e5001bdb"><code>5a2932a</code></a> chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.0 to 0.12.0 (<a href="https://redirect.github.com/caarlos0/log/issues/36">#36</a>)</li> <li><a href="https://github.com/caarlos0/log/commit/3e89e5b88f8a8b201a6f10a26c1b1e9b65e4b156"><code>3e89e5b</code></a> chore(deps): bump goreleaser/goreleaser-action from 5 to 6 (<a href="https://redirect.github.com/caarlos0/log/issues/34">#34</a>)</li> <li><a href="https://github.com/caarlos0/log/commit/06d70bcb12eea57ffa7971bc77e6c9f96824db3f"><code>06d70bc</code></a> ci: update goreleaser conf</li> <li>See full diff in <a href="https://github.com/caarlos0/log/compare/v0.4.5...v0.4.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/caarlos0/log&package-manager=go_modules&previous-version=0.4.5&new-version=0.4.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-15 14:37:45 +02:00
github.com/caarlos0/log v0.4.6
chore(deps): bump github.com/charmbracelet/keygen from 0.5.0 to 0.5.1 (#5084) Bumps [github.com/charmbracelet/keygen](https://github.com/charmbracelet/keygen) from 0.5.0 to 0.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/keygen/releases">github.com/charmbracelet/keygen's releases</a>.</em></p> <blockquote> <h2>v0.5.1</h2> <h2>Changelog</h2> <h3>Other work</h3> <ul> <li>11fd3c7e032fc1ac9fa28d2444c3a3a884111091: build: dependabot config (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>ac4889661d14406ece73e713e384b4d7f93ef152: build: fix golangci-lint config (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>66abd54ad630168d53f530d6e68598656e6bdc26: refactor: keygen: refactor same expression (<a href="https://redirect.github.com/charmbracelet/keygen/issues/16">#16</a>) (<a href="https://github.com/orangekame3"><code>@​orangekame3</code></a>)</li> <li>334fb4fe9fb3035360e421b305ba68e0834487fc: refactor: remove ioutil package (<a href="https://redirect.github.com/charmbracelet/keygen/issues/15">#15</a>) (<a href="https://github.com/orangekame3"><code>@​orangekame3</code></a>)</li> </ul> <hr /> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <p>Thoughts? Questions? We love hearing from you. Feel free to reach out on <a href="https://twitter.com/charmcli">Twitter</a>, <a href="https://mastodon.technology/@charm">The Fediverse</a>, or on <a href="https://charm.sh/chat">Discord</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/keygen/commit/11108ea758c1be31e409a29a87b8a47ffae36c40"><code>11108ea</code></a> chore(deps): bump actions/checkout from 2 to 4 (<a href="https://redirect.github.com/charmbracelet/keygen/issues/19">#19</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/8c30dda898430812a2add237234f730022c4255b"><code>8c30dda</code></a> chore(deps): bump golangci/golangci-lint-action from 2 to 6 (<a href="https://redirect.github.com/charmbracelet/keygen/issues/18">#18</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/030fd5343a36028338ef0bff8e7db4e741e991df"><code>030fd53</code></a> chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.26.0 (<a href="https://redirect.github.com/charmbracelet/keygen/issues/20">#20</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/ac4889661d14406ece73e713e384b4d7f93ef152"><code>ac48896</code></a> build: fix golangci-lint config</li> <li><a href="https://github.com/charmbracelet/keygen/commit/66abd54ad630168d53f530d6e68598656e6bdc26"><code>66abd54</code></a> refactor: keygen: refactor same expression (<a href="https://redirect.github.com/charmbracelet/keygen/issues/16">#16</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/334fb4fe9fb3035360e421b305ba68e0834487fc"><code>334fb4f</code></a> refactor: remove ioutil package (<a href="https://redirect.github.com/charmbracelet/keygen/issues/15">#15</a>)</li> <li><a href="https://github.com/charmbracelet/keygen/commit/11fd3c7e032fc1ac9fa28d2444c3a3a884111091"><code>11fd3c7</code></a> build: dependabot config</li> <li>See full diff in <a href="https://github.com/charmbracelet/keygen/compare/v0.5.0...v0.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/keygen&package-manager=go_modules&previous-version=0.5.0&new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 21:49:28 +02:00
github.com/charmbracelet/keygen v0.5.1
chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1 to 1.0.0 (#5237) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.13.1 to 1.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v1.0.0</h2> <h1>At last: v1.0.0</h1> <!-- raw HTML omitted --> <p>This is an honorary release indicating that Lip Gloss is now stable. Thank you, open source community, for all your love, support, contributions, and great style.</p> <p>Stay tuned for a v2 alpha!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/761d265f761271293f20f9bf62884b15f2d7c0cc"><code>761d265</code></a> feat(deps): bump github.com/charmbracelet/x/ansi from 0.4.0 to 0.4.2</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/342e7b051b45419b6f052c1d4b83e904e14414ff"><code>342e7b0</code></a> chore(ci): sync golangci-lint config</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/da324b123d09dc2d194c6911d440371ed463e4c8"><code>da324b1</code></a> feat(deps): bump github.com/charmbracelet/x/ansi from 0.3.2 to 0.4.0</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/78fd6fd42f6e6b028bac3dcc8dcd9652fc15afa0"><code>78fd6fd</code></a> chore(ci): sync golangci-lint config</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/407dc3d2cf84b9abeae83e7a12277a84ab01eab4"><code>407dc3d</code></a> feat(ci): add lint-sync workflow</li> <li>See full diff in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.13.1...v1.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.13.1&new-version=1.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 14:16:39 +02:00
github.com/charmbracelet/lipgloss v1.0.0
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
github.com/dghubble/go-twitter v0.0.0-20211115160449-93a8679adecb
chore(deps): bump github.com/dghubble/oauth1 from 0.7.2 to 0.7.3 (#4650) Bumps [github.com/dghubble/oauth1](https://github.com/dghubble/oauth1) from 0.7.2 to 0.7.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dghubble/oauth1/releases">github.com/dghubble/oauth1's releases</a>.</em></p> <blockquote> <h2>v0.7.3</h2> <h2>Changes</h2> <ul> <li>Percent encode special characters in HMAC-SHA1 secrets (<a href="https://redirect.github.com/dghubble/oauth1/pull/72">#72</a>)</li> <li>Strip whitespace from request token body (<a href="https://redirect.github.com/dghubble/oauth1/pull/56">#56</a>)</li> <li>Update Go module dependencies</li> </ul> <h2>Contributions</h2> <ul> <li>Use a centrally managed GitHub Workflow for go tests by <a href="https://github.com/dghubble"><code>@​dghubble</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/68">dghubble/oauth1#68</a></li> <li>Allow Go test Workflow to run on PRs by <a href="https://github.com/dghubble"><code>@​dghubble</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/69">dghubble/oauth1#69</a></li> <li>Fix HMAC-SHA1 key creation. by <a href="https://github.com/jerryryle"><code>@​jerryryle</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/72">dghubble/oauth1#72</a></li> <li>Fix oauth_callback_confirmed comparison when server returns extra whitespace by <a href="https://github.com/pscohn"><code>@​pscohn</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/56">dghubble/oauth1#56</a></li> <li>Add changelog for new release by <a href="https://github.com/dghubble"><code>@​dghubble</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/73A">dghubble/oauth1#73</a></li> </ul> <h2>Dependencies</h2> <ul> <li>Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/67">dghubble/oauth1#67</a></li> <li>Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/70">dghubble/oauth1#70</a></li> <li>Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dghubble/oauth1/pull/71">dghubble/oauth1#71</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jerryryle"><code>@​jerryryle</code></a> made their first contribution in <a href="https://redirect.github.com/dghubble/oauth1/pull/72">dghubble/oauth1#72</a></li> <li><a href="https://github.com/pscohn"><code>@​pscohn</code></a> made their first contribution in <a href="https://redirect.github.com/dghubble/oauth1/pull/56">dghubble/oauth1#56</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dghubble/oauth1/compare/v0.7.2...v0.7.3">https://github.com/dghubble/oauth1/compare/v0.7.2...v0.7.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dghubble/oauth1/blob/main/CHANGES.md">github.com/dghubble/oauth1's changelog</a>.</em></p> <blockquote> <h2>v0.7.3</h2> <ul> <li>Percent encode special characters in HMAC-SHA1 secrets (<a href="https://redirect.github.com/dghubble/oauth1/pull/72">#72</a>)</li> <li>Strip whitespace from request token body (<a href="https://redirect.github.com/dghubble/oauth1/pull/56">#56</a>)</li> <li>Update Go module dependencies</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dghubble/oauth1/commit/1f002e0d15d39ff470e50757a5f07403fcdb759d"><code>1f002e0</code></a> Add changelog for new release</li> <li><a href="https://github.com/dghubble/oauth1/commit/ef868072a599cf57fae2c86353c586dead2a8a57"><code>ef86807</code></a> Fix oauth_callback_confirmed comparison when server returns extra whitespace</li> <li><a href="https://github.com/dghubble/oauth1/commit/bb5618856237e63c3cb37534b7a8b738d518801b"><code>bb56188</code></a> Fix HMAC-SHA1 key creation.</li> <li><a href="https://github.com/dghubble/oauth1/commit/79e2ef8bf593ad9fcda570e35cfbb6e7b7f9206c"><code>79e2ef8</code></a> Bump github.com/stretchr/testify from 1.8.3 to 1.8.4</li> <li><a href="https://github.com/dghubble/oauth1/commit/e7f7a93e50be011b21c74ca86e0f0c4bd341ed77"><code>e7f7a93</code></a> Bump github.com/stretchr/testify from 1.8.2 to 1.8.3</li> <li><a href="https://github.com/dghubble/oauth1/commit/74c61479f9208cf0507b307b7379ca8279653d71"><code>74c6147</code></a> Allow Go test Workflow to run on PRs</li> <li><a href="https://github.com/dghubble/oauth1/commit/43ba0f7195a61293aaaf4b33190a217874f0a1bc"><code>43ba0f7</code></a> Bump github.com/stretchr/testify from 1.8.1 to 1.8.2</li> <li><a href="https://github.com/dghubble/oauth1/commit/2ceed997d3ed5779f03135a3268bb8acf1baaf4c"><code>2ceed99</code></a> Use a centrally managed GitHub Workflow for go tests</li> <li>See full diff in <a href="https://github.com/dghubble/oauth1/compare/v0.7.2...v0.7.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/dghubble/oauth1&package-manager=go_modules&previous-version=0.7.2&new-version=0.7.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-27 14:57:24 +02:00
github.com/dghubble/oauth1 v0.7.3
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
github.com/distribution/distribution/v3 v3.0.0-rc.1
github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1
github.com/google/go-containerregistry v0.20.2
github.com/google/go-github/v66 v66.0.0
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/google/ko v0.17.1
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#4571) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/uuid/releases">github.com/google/uuid's releases</a>.</em></p> <blockquote> <h2>v1.6.0</h2> <h2><a href="https://github.com/google/uuid/compare/v1.5.0...v1.6.0">1.6.0</a> (2024-01-16)</h2> <h3>Features</h3> <ul> <li>add Max UUID constant (<a href="https://redirect.github.com/google/uuid/issues/149">#149</a>) (<a href="https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3">c58770e</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>fix typo in version 7 uuid documentation (<a href="https://redirect.github.com/google/uuid/issues/153">#153</a>) (<a href="https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06">016b199</a>)</li> <li>Monotonicity in UUIDv7 (<a href="https://redirect.github.com/google/uuid/issues/150">#150</a>) (<a href="https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6">a2b2b32</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/google/uuid/blob/master/CHANGELOG.md">github.com/google/uuid's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/google/uuid/compare/v1.5.0...v1.6.0">1.6.0</a> (2024-01-16)</h2> <h3>Features</h3> <ul> <li>add Max UUID constant (<a href="https://redirect.github.com/google/uuid/issues/149">#149</a>) (<a href="https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3">c58770e</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>fix typo in version 7 uuid documentation (<a href="https://redirect.github.com/google/uuid/issues/153">#153</a>) (<a href="https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06">016b199</a>)</li> <li>Monotonicity in UUIDv7 (<a href="https://redirect.github.com/google/uuid/issues/150">#150</a>) (<a href="https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6">a2b2b32</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/uuid/commit/0f11ee6918f41a04c201eceeadf612a377bc7fbc"><code>0f11ee6</code></a> chore(master): release 1.6.0 (<a href="https://redirect.github.com/google/uuid/issues/151">#151</a>)</li> <li><a href="https://github.com/google/uuid/commit/16939dafc37a38d2743810a8bdf60fdad6a0f3a3"><code>16939da</code></a> chore(tests): add strict monotonicity test case for uuid v7. (<a href="https://redirect.github.com/google/uuid/issues/154">#154</a>)</li> <li><a href="https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06"><code>016b199</code></a> fix: fix typo in version 7 uuid documentation (<a href="https://redirect.github.com/google/uuid/issues/153">#153</a>)</li> <li><a href="https://github.com/google/uuid/commit/1d8b6ea0990d688105843a9a67b1d07222350502"><code>1d8b6ea</code></a> ci: set token permissions to github workflows (<a href="https://redirect.github.com/google/uuid/issues/143">#143</a>)</li> <li><a href="https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6"><code>a2b2b32</code></a> fix: Monotonicity in UUIDv7 (<a href="https://redirect.github.com/google/uuid/issues/150">#150</a>)</li> <li><a href="https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3"><code>c58770e</code></a> feat: add Max UUID constant (<a href="https://redirect.github.com/google/uuid/issues/149">#149</a>)</li> <li>See full diff in <a href="https://github.com/google/uuid/compare/v1.5.0...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/uuid&package-manager=go_modules&previous-version=1.5.0&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-24 16:37:02 +02:00
github.com/google/uuid v1.6.0
github.com/goreleaser/fileglob v1.3.0
github.com/goreleaser/nfpm/v2 v2.41.1
github.com/goreleaser/quill v0.0.0-20241025150139-731751b4046d
github.com/hashicorp/go-multierror v1.1.1
feat(deps): bump github.com/invopop/jsonschema from 0.11.0 to 0.12.0 (#4348) Bumps [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema) from 0.11.0 to 0.12.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/invopop/jsonschema/commit/9b6bb6e8f15aa557c1df053de86d4e5043365ca9"><code>9b6bb6e</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/108">#108</a> from invopop/schema-property-alias</li> <li><a href="https://github.com/invopop/jsonschema/commit/f45517cf07169cf4e35eae0a4e47ad8086098583"><code>f45517c</code></a> Typo</li> <li><a href="https://github.com/invopop/jsonschema/commit/ab81e2aa6405fefd82b6958075d64d2de1844bcd"><code>ab81e2a</code></a> Fixing linting</li> <li><a href="https://github.com/invopop/jsonschema/commit/933814a23a0b8401d90625df47f4be2a0c9a3039"><code>933814a</code></a> support for JSONSchemaAlias y JSONSchemaProperty methods</li> <li><a href="https://github.com/invopop/jsonschema/commit/0108689b9f4e04f64a5986ea21650f07673c21cf"><code>0108689</code></a> Support for JSONSchemaAlias method</li> <li><a href="https://github.com/invopop/jsonschema/commit/12cbc49539c8deac9baeae7811fdcab42fd5def0"><code>12cbc49</code></a> Updating test output with new number parsing</li> <li><a href="https://github.com/invopop/jsonschema/commit/cada51da5649ccf919c51225dd8e2260a388b883"><code>cada51d</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/96">#96</a> from Hotdawg/regex_with_equals</li> <li><a href="https://github.com/invopop/jsonschema/commit/9d905a25553837495e11ecb6d61f5348110dc49f"><code>9d905a2</code></a> Limit split on genericKeywords</li> <li><a href="https://github.com/invopop/jsonschema/commit/080d97dda979ca9544cc362b9f1c7c02cfc03697"><code>080d97d</code></a> Merge branch 'invopop:main' into regex_with_equals</li> <li><a href="https://github.com/invopop/jsonschema/commit/8a098cbcb66558b5c55fccd24c7cc42825d906d6"><code>8a098cb</code></a> Fix linter issue</li> <li>See full diff in <a href="https://github.com/invopop/jsonschema/compare/v0.11.0...v0.12.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/invopop/jsonschema&package-manager=go_modules&previous-version=0.11.0&new-version=0.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 14:48:15 +02:00
github.com/invopop/jsonschema v0.12.0
feat(deps): bump github.com/jarcoal/httpmock from 1.3.0 to 1.3.1 (#4253) Bumps [github.com/jarcoal/httpmock](https://github.com/jarcoal/httpmock) from 1.3.0 to 1.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jarcoal/httpmock/releases">github.com/jarcoal/httpmock's releases</a>.</em></p> <blockquote> <h2>v1.3.1</h2> <p>Fix:</p> <ul> <li><a href="https://pkg.go.dev/github.com/jarcoal/httpmock#BodyContainsBytes">BodyContainsBytes</a> &amp; <a href="https://pkg.go.dev/github.com/jarcoal/httpmock#BodyContainsString">BodyContainsString</a> used with <a href="https://pkg.go.dev/github.com/jarcoal/httpmock#Matcher.And">And</a>/<a href="https://pkg.go.dev/github.com/jarcoal/httpmock#Matcher.Or">Or</a> by <a href="https://github.com/maxatome"><code>@​maxatome</code></a> in <a href="https://redirect.github.com/jarcoal/httpmock/issues/146">#146</a> thanks to <a href="https://github.com/Moon1706"><code>@​Moon1706</code></a> for the report → <a href="https://redirect.github.com/jarcoal/httpmock/issues/145">#145</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jarcoal/httpmock/commit/8b32cd6f52e32195f15b55c5217c12c29d6004b5"><code>8b32cd6</code></a> fix: BodyContainsBytes &amp; BodyContainsString used with And/Or</li> <li><a href="https://github.com/jarcoal/httpmock/commit/497153dd46a496640fe99428b2c833ddab93f119"><code>497153d</code></a> ci: test against go 1.21 &amp; use golangci-lint 1.54.1</li> <li><a href="https://github.com/jarcoal/httpmock/commit/070d3c85e0739c5ef0230c40f7b48b16d24c44ff"><code>070d3c8</code></a> ci: switch to install-go v3.4</li> <li><a href="https://github.com/jarcoal/httpmock/commit/1ddb9fa5c42c84afdca30c98914b42fda3005a57"><code>1ddb9fa</code></a> refactor: make golangci-lint v1.52.2 happy</li> <li><a href="https://github.com/jarcoal/httpmock/commit/507a05e8629b1661bbf08df649775319a6bde5d4"><code>507a05e</code></a> ci: add workflow_dispatch as event trigger</li> <li>See full diff in <a href="https://github.com/jarcoal/httpmock/compare/v1.3.0...v1.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/jarcoal/httpmock&package-manager=go_modules&previous-version=1.3.0&new-version=1.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-17 13:33:17 +02:00
github.com/jarcoal/httpmock v1.3.1
github.com/klauspost/pgzip v1.2.6
chore(deps): bump github.com/mattn/go-mastodon from 0.0.8 to 0.0.9 (#5224) Bumps [github.com/mattn/go-mastodon](https://github.com/mattn/go-mastodon) from 0.0.8 to 0.0.9. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mattn/go-mastodon/commit/1ef73e81961b12134b831d89ad4faa4b071eaca3"><code>1ef73e8</code></a> Fix ID type of report methods</li> <li><a href="https://github.com/mattn/go-mastodon/commit/b43f379b3221d313374093e05f1891a90134f38e"><code>b43f379</code></a> add comment about accessing AccessToken</li> <li><a href="https://github.com/mattn/go-mastodon/commit/c4d23bb80b07bb3a908a60f8b4e0558635db97aa"><code>c4d23bb</code></a> Best solution that's type-safe but also extensible</li> <li><a href="https://github.com/mattn/go-mastodon/commit/fa6f8ccee14d9c244d80af805f3fb59fabb8aee5"><code>fa6f8cc</code></a> Revert to simple <code>io.Writer</code> with client-resetting</li> <li><a href="https://github.com/mattn/go-mastodon/commit/019b11d9443f4a121fb9f88a0c544eb6a74650e4"><code>019b11d</code></a> Better handling of &quot;save the JSON&quot;</li> <li><a href="https://github.com/mattn/go-mastodon/commit/79bee3ed68a4af112de3623c2ad3347e6197d2ba"><code>79bee3e</code></a> A simple test for retained JSON</li> <li><a href="https://github.com/mattn/go-mastodon/commit/2d49fbb8831fd5dea4d270d185354806de5bfafc"><code>2d49fbb</code></a> Gate the JSON saving behind a client flag</li> <li><a href="https://github.com/mattn/go-mastodon/commit/0f299f722f8da25437490880b848274f221b2034"><code>0f299f7</code></a> Keep the API JSON around (briefly)</li> <li><a href="https://github.com/mattn/go-mastodon/commit/34bd0ff19fcd33d870fc758f96ab550240fcd2ea"><code>34bd0ff</code></a> Obtain streaming url from Mastodon instance info</li> <li><a href="https://github.com/mattn/go-mastodon/commit/d74af49e64bec02a672422286b7e6f7efd1648eb"><code>d74af49</code></a> go mod tidy</li> <li>See full diff in <a href="https://github.com/mattn/go-mastodon/compare/v0.0.8...v0.0.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/mattn/go-mastodon&package-manager=go_modules&previous-version=0.0.8&new-version=0.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:40 +02:00
github.com/mattn/go-mastodon v0.0.9
feat: add gitlab for releases (#1038) * outlines gitlab client integration * makes client parameter more explicit * adds gitlab url to config * changes releaseID to string to adapt to gitlab * updates to latest gitlab client lib 0.18 * fixes copy paster in gitlab upload func * fixes gitlab typo in config * adds gitlab token to env and context * release now uses the client factory method * skips brew pipe if it is not a github release * add github tokentype to publish tests * skips scoop pipe if it is not a github release * corrects brew skip msg * adds gitlab token to main test * adds gitlab to release docs * validates config and errors accordingly * adapt release pipe name to include gitlab * fixes gitlab client after testing * moves not-configured brew and scoop pipe checks as first check * adds more debug to gitlab client * adapts changelog generation for gitlab markdown * adds debug log for gitlab changelog * env needs to run before changelog pipe * moves gitlab default download url to default pipe * moves multiple releases check to from config to release pipe * release differs now for github and gitlab * adds debug gitlab release update msgs * moves env pipe as second after before because it determines the token type other pipes depend on * adaptes error check on gitlab release creation * Revert "adaptes error check on gitlab release creation" This reverts commit 032024571c76140f8e2207ee01cc08088f37594b. * simplifies gitlab client logic. removes comments * skips tls verification for gitlab client if specified in config * updates the docs * adds clarification that brew and scoop are not supported if it is a gitlab release * fixes copy paster in release.md * adds missing blob pipe in defaults and publish due to missing in merge * updates comment in gitlab client
2019-06-29 16:02:40 +02:00
github.com/mitchellh/go-homedir v1.1.0
github.com/muesli/mango-cobra v1.2.0
github.com/muesli/roff v0.1.0
feat(deps): bump github.com/muesli/termenv from 0.15.1 to 0.15.2 (#4148) Bumps [github.com/muesli/termenv](https://github.com/muesli/termenv) from 0.15.1 to 0.15.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/muesli/termenv/releases">github.com/muesli/termenv's releases</a>.</em></p> <blockquote> <h2>v0.15.2</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump actions/setup-go from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/126">muesli/termenv#126</a></li> <li>build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/128">muesli/termenv#128</a></li> <li>fix: Cloud Shell supports RGB colors by <a href="https://github.com/muesli"><code>@​muesli</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/127">muesli/termenv#127</a></li> <li>build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/129">muesli/termenv#129</a></li> <li>fix: wezterm is truecolor by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/muesli/termenv/pull/139">muesli/termenv#139</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2">https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/muesli/termenv/commit/51d72d34e2b9778a31aa5dd79fbdd8cdac50b4d5"><code>51d72d3</code></a> fix: wezterm is truecolor (<a href="https://redirect.github.com/muesli/termenv/issues/139">#139</a>)</li> <li><a href="https://github.com/muesli/termenv/commit/b57cbb11093e11f08bdeb3d54234909b8fa079fe"><code>b57cbb1</code></a> fix: lint</li> <li><a href="https://github.com/muesli/termenv/commit/e02986697d716017087dc725465e3d8691d317e4"><code>e029866</code></a> build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0</li> <li><a href="https://github.com/muesli/termenv/commit/9b3e79975a48df063aa7a7c1ca0c20c3c868332c"><code>9b3e799</code></a> fix: Cloud Shell supports RGB colors</li> <li><a href="https://github.com/muesli/termenv/commit/73a40463ff25452432bd4e588150285c6aeca58e"><code>73a4046</code></a> build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18</li> <li><a href="https://github.com/muesli/termenv/commit/39f5d6e77915ccc34a9e752ad0b7a3443b393058"><code>39f5d6e</code></a> build(deps): bump actions/setup-go from 3 to 4</li> <li>See full diff in <a href="https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/muesli/termenv&package-manager=go_modules&previous-version=0.15.1&new-version=0.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 14:46:00 +02:00
github.com/muesli/termenv v0.15.2
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/ory/dockertest/v3 v3.11.0
chore(deps): bump github.com/slack-go/slack from 0.14.0 to 0.15.0 (#5201) Bumps [github.com/slack-go/slack](https://github.com/slack-go/slack) from 0.14.0 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/slack-go/slack/releases">github.com/slack-go/slack's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <blockquote> <p>[!WARNING]<br /> This release includes a breaking change since the last release.</p> </blockquote> <h2>What's Changed</h2> <p>v0.15.0 is now available. It <strong>does contain minor breaking changes</strong> to two Block Kit elements along with a lot of new functionality.</p> <h3>Breaking Changes</h3> <p><strong>Block Kit - Rich Text Section Date Element</strong></p> <p>If you are using the <code>RichTextSectionDateElement</code> block kit element, there is a new field <code>Format</code> which is now required. It previously did not exist, but was marked as required in the <a href="https://api.slack.com/reference/block-kit/blocks#date-element-type">Block Kit Documentation</a>. Similarly, the function <code>NewRichTextSectionDateElement</code> function signature has been updated to require the new parameter. While this <em>may not</em> have previously worked, the non-backwards compatible signature change prompts it to be identified as breaking change.</p> <p><strong>Block Kit - Rich Text input Block Element</strong></p> <p>If you are using the <code>RichTextInputBlockElement</code> block kit element, the <code>InitialValue</code> field type has been changed from <code>string</code> to <code>*RichTextBlock</code> to provide a more strongly typed experience. If you were previously passing a pre-formatted JSON object you will need to update your input to use the <code>RichTextBlock</code> struct instead.</p> <h3>Enhancements</h3> <ul> <li>Added support for publishing a message to a specific thread by <a href="https://github.com/Nikolo"><code>@​Nikolo</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1309">slack-go/slack#1309</a></li> <li>Added support for unicode parameter in emoji type of rich text blocks by <a href="https://github.com/YutoKashiwagi"><code>@​YutoKashiwagi</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1319">slack-go/slack#1319</a></li> <li>Added endpoints for <code>calls.*</code> apis and <code>Type: call</code> in blockkit by <a href="https://github.com/winston-stripe"><code>@​winston-stripe</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1190">slack-go/slack#1190</a></li> <li>Added Convenience Methods to Block Elements by <a href="https://github.com/obed-sj"><code>@​obed-sj</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1279">slack-go/slack#1279</a></li> <li>Added functions.completeError and functions.completeSuccess by <a href="https://github.com/gideonw"><code>@​gideonw</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1328">slack-go/slack#1328</a></li> <li>Added support for external_limited option of inviteShared by <a href="https://github.com/bamo"><code>@​bamo</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1330">slack-go/slack#1330</a></li> <li>Added support for Canvas API methods by <a href="https://github.com/jarospisak-unity"><code>@​jarospisak-unity</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1334">slack-go/slack#1334</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>Added required <code>format</code> field to rich text date blocks by <a href="https://github.com/luke-josh"><code>@​luke-josh</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1317">slack-go/slack#1317</a></li> <li>Updated RichTextInputBlockElement InitialValue data type by <a href="https://github.com/Manjish"><code>@​Manjish</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1320">slack-go/slack#1320</a></li> </ul> <h3>Chores</h3> <ul> <li>Added go v1.23 to test matrix (test.yml) by <a href="https://github.com/nemuvski"><code>@​nemuvski</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1315">slack-go/slack#1315</a></li> <li>Bumped GitHub Actions to Latest Versions by <a href="https://github.com/shogo82148"><code>@​shogo82148</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1314">slack-go/slack#1314</a></li> <li>Updated deprecated comment for UploadFile and UploadFileContext by <a href="https://github.com/shogo82148"><code>@​shogo82148</code></a> in <a href="https://redirect.github.com/slack-go/slack/pull/1316">slack-go/slack#1316</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/shogo82148"><code>@​shogo82148</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1314">slack-go/slack#1314</a></li> <li><a href="https://github.com/Nikolo"><code>@​Nikolo</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1309">slack-go/slack#1309</a></li> <li><a href="https://github.com/luke-josh"><code>@​luke-josh</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1317">slack-go/slack#1317</a></li> <li><a href="https://github.com/Manjish"><code>@​Manjish</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1320">slack-go/slack#1320</a></li> <li><a href="https://github.com/YutoKashiwagi"><code>@​YutoKashiwagi</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1319">slack-go/slack#1319</a></li> <li><a href="https://github.com/obed-sj"><code>@​obed-sj</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1279">slack-go/slack#1279</a></li> <li><a href="https://github.com/gideonw"><code>@​gideonw</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1328">slack-go/slack#1328</a></li> <li><a href="https://github.com/bamo"><code>@​bamo</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1330">slack-go/slack#1330</a></li> <li><a href="https://github.com/jarospisak-unity"><code>@​jarospisak-unity</code></a> made their first contribution in <a href="https://redirect.github.com/slack-go/slack/pull/1334">slack-go/slack#1334</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/slack-go/slack/compare/v0.14.0...v0.15.0">https://github.com/slack-go/slack/compare/v0.14.0...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/slack-go/slack/commit/203cdb23051138817874315b0fe2c01f7ec96fd1"><code>203cdb2</code></a> feat: Add support for Canvas API methods (<a href="https://redirect.github.com/slack-go/slack/issues/1334">#1334</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/c5ef90eb5811bf3dee32387dc0154d5a86b63a9b"><code>c5ef90e</code></a> feat: Add support for external_limited option of inviteShared (<a href="https://redirect.github.com/slack-go/slack/issues/1330">#1330</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/21e61c5b39be2dc0e2edef68db4bedcb2598439e"><code>21e61c5</code></a> feat: Add functions.completeError and functions.completeSuccess (<a href="https://redirect.github.com/slack-go/slack/issues/1328">#1328</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/132e0d11f7a8ea96717e5ea7b009db525e6067f0"><code>132e0d1</code></a> feat: Add Convenience Methods to Block Elements (<a href="https://redirect.github.com/slack-go/slack/issues/1279">#1279</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/57aa84d9a8de89e967b28fef947821fd83c62136"><code>57aa84d</code></a> Add endpoints for <code>calls.*</code> apis and <code>Type: call</code> in blockkit (<a href="https://redirect.github.com/slack-go/slack/issues/1190">#1190</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/447b7cdae0f1c89ecc516bfa5faf7ddbef76dd8c"><code>447b7cd</code></a> feat: Add support for unicode parameter in emoji type of rich text blocks (<a href="https://redirect.github.com/slack-go/slack/issues/1">#1</a>...</li> <li><a href="https://github.com/slack-go/slack/commit/69981898f827dcf9603d6980cedfd7ec6bea3776"><code>6998189</code></a> fix: Updated RichTextInputBlockElement InitialValue data type (<a href="https://redirect.github.com/slack-go/slack/issues/1320">#1320</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/cd4e26e5ec35543cf2e17dffc2fc447aa88e6468"><code>cd4e26e</code></a> fix: Add required <code>format</code> field to rich text date blocks (<a href="https://redirect.github.com/slack-go/slack/issues/1317">#1317</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/6c4585b0289a5d04113cbd68404ecd3e9d53a84e"><code>6c4585b</code></a> Support publishing a messge to a specific thread (<a href="https://redirect.github.com/slack-go/slack/issues/1309">#1309</a>)</li> <li><a href="https://github.com/slack-go/slack/commit/5386d65cc483b335ebbc9e2030294ab6e380ef9d"><code>5386d65</code></a> fix: fix deprecated comment for UploadFile and UploadFileContext (<a href="https://redirect.github.com/slack-go/slack/issues/1316">#1316</a>)</li> <li>Additional commits viewable in <a href="https://github.com/slack-go/slack/compare/v0.14.0...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/slack-go/slack&package-manager=go_modules&previous-version=0.14.0&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-15 17:59:09 +02:00
github.com/slack-go/slack v0.15.0
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#4945) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p> <blockquote> <h2>v1.8.1</h2> <h2>✨ Features</h2> <ul> <li>Add env variable to suppress completion descriptions on create by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1938">spf13/cobra#1938</a></li> </ul> <h2>🐛 Bug fixes</h2> <ul> <li>Micro-optimizations by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1957">spf13/cobra#1957</a></li> </ul> <h2>🔧 Maintenance</h2> <ul> <li>build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2127">spf13/cobra#2127</a></li> <li>Consistent annotation names by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2140">spf13/cobra#2140</a></li> <li>Remove fully inactivated linters by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2148">spf13/cobra#2148</a></li> <li>Address golangci-lint deprecation warnings, enable some more linters by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2152">spf13/cobra#2152</a></li> </ul> <h2>🧪 Testing &amp; CI/CD</h2> <ul> <li>Add test for func in cobra.go by <a href="https://github.com/korovindenis"><code>@​korovindenis</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2094">spf13/cobra#2094</a></li> <li>ci: test golang 1.22 by <a href="https://github.com/cyrilico"><code>@​cyrilico</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2113">spf13/cobra#2113</a></li> <li>Optimized and added more linting by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2099">spf13/cobra#2099</a></li> <li>build(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2087">spf13/cobra#2087</a></li> <li>build(deps): bump actions/labeler from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2086">spf13/cobra#2086</a></li> <li>build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2108">spf13/cobra#2108</a></li> <li>build(deps): bump actions/cache from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2102">spf13/cobra#2102</a></li> </ul> <h2>✏️ Documentation</h2> <ul> <li>Fixes and docs for usage as plugin by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2070">spf13/cobra#2070</a></li> <li>flags: clarify documentation that LocalFlags related function do not modify the state by <a href="https://github.com/niamster"><code>@​niamster</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2064">spf13/cobra#2064</a></li> <li>chore: remove repetitive words by <a href="https://github.com/racerole"><code>@​racerole</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2122">spf13/cobra#2122</a></li> <li>Add LXC to the list of projects using Cobra <a href="https://github.com/VaradBelwalkar"><code>@​VaradBelwalkar</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2071">spf13/cobra#2071</a></li> <li>Update projects_using_cobra.md by <a href="https://github.com/marcuskohlberg"><code>@​marcuskohlberg</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2089">spf13/cobra#2089</a></li> <li>[chore]: update projects using cobra by <a href="https://github.com/cmwylie19"><code>@​cmwylie19</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2093">spf13/cobra#2093</a></li> <li>Add Taikun CLI to list of projects by <a href="https://github.com/Smidra"><code>@​Smidra</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2098">spf13/cobra#2098</a></li> <li>Add Incus to the list of projects using Cobra by <a href="https://github.com/montag451"><code>@​montag451</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2118">spf13/cobra#2118</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/cobra/commit/e94f6d0dd9a5e5738dca6bce03c4b1207ffbc0ec"><code>e94f6d0</code></a> Address golangci-lint deprecation warnings, enable some more linters (<a href="https://redirect.github.com/spf13/cobra/issues/2152">#2152</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/8003b74a10ef0d0d84fe3c408d3939d86fdeb210"><code>8003b74</code></a> Remove fully inactivated linters (<a href="https://redirect.github.com/spf13/cobra/issues/2148">#2148</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5c2c1d627d35a00153764a3d37400efc66eaca1c"><code>5c2c1d6</code></a> Consistent annotation names (<a href="https://redirect.github.com/spf13/cobra/issues/2140">#2140</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5a1acea3210649f3d70002818ec04b09f6347062"><code>5a1acea</code></a> build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 (<a href="https://redirect.github.com/spf13/cobra/issues/2127">#2127</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/0fc86c2ffd0326b6f6ed5fa36803d26993655c08"><code>0fc86c2</code></a> docs: update user guide (<a href="https://redirect.github.com/spf13/cobra/issues/2128">#2128</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/6b5f577ebce858ee70fcdd1f062ea3af4b1c03ab"><code>6b5f577</code></a> More linting (<a href="https://redirect.github.com/spf13/cobra/issues/2099">#2099</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/bd914e58d69d65e494b45bdb40e90ca816b92fcc"><code>bd914e5</code></a> fix: remove deprecated io/ioutils package (<a href="https://redirect.github.com/spf13/cobra/issues/2120">#2120</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/1f80fa2e23cc550c131e8a54dc72d11b265c6fcf"><code>1f80fa2</code></a> chore: remove repetitive words (<a href="https://redirect.github.com/spf13/cobra/issues/2122">#2122</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/c69ae4c36b134dd69e5ab9d3d6b9f571ca5afe1e"><code>c69ae4c</code></a> ci: test golang 1.22 (<a href="https://redirect.github.com/spf13/cobra/issues/2113">#2113</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/a30cee5e5ab0949cc888ef00ae6aee24e091e042"><code>a30cee5</code></a> build(deps): bump actions/cache from 3 to 4 (<a href="https://redirect.github.com/spf13/cobra/issues/2102">#2102</a>)</li> <li>Additional commits viewable in <a href="https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.8.0&new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 13:53:13 +02:00
github.com/spf13/cobra v1.8.1
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#4663) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's releases</a>.</em></p> <blockquote> <h2>v1.9.0</h2> <h2>What's Changed</h2> <ul> <li>Fix Go modules version by <a href="https://github.com/SuperQ"><code>@​SuperQ</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1394">stretchr/testify#1394</a></li> <li>Document that require is not safe to call in created goroutines by <a href="https://github.com/programmer04"><code>@​programmer04</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1392">stretchr/testify#1392</a></li> <li>Remove myself from MAINTAINERS.md by <a href="https://github.com/mvdkleijn"><code>@​mvdkleijn</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1367">stretchr/testify#1367</a></li> <li>Correct spelling/grammar by <a href="https://github.com/echarrod"><code>@​echarrod</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1389">stretchr/testify#1389</a></li> <li>docs: Update URLs in README by <a href="https://github.com/davidjb"><code>@​davidjb</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1349">stretchr/testify#1349</a></li> <li>Update mockery link to Github Pages in README by <a href="https://github.com/LandonTClipp"><code>@​LandonTClipp</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1346">stretchr/testify#1346</a></li> <li>docs: Fix typos in tests and comments by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1410">stretchr/testify#1410</a></li> <li>CI: tests from go1.17 by <a href="https://github.com/SuperQ"><code>@​SuperQ</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1409">stretchr/testify#1409</a></li> <li>Fix adding ? when no values passed by <a href="https://github.com/lesichkovm"><code>@​lesichkovm</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1320">stretchr/testify#1320</a></li> <li>codegen: use standard header for generated files by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1406">stretchr/testify#1406</a></li> <li>mock: AssertExpectations log reason only on failure by <a href="https://github.com/hikyaru-suzuki"><code>@​hikyaru-suzuki</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1360">stretchr/testify#1360</a></li> <li>assert: fix flaky TestNeverTrue by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1417">stretchr/testify#1417</a></li> <li>README: fix typos &quot;set up&quot; vs &quot;setup&quot; by <a href="https://github.com/ossan-dev"><code>@​ossan-dev</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1428">stretchr/testify#1428</a></li> <li>mock: move regexp compilation outside of <code>Called</code> by <a href="https://github.com/aud10slave"><code>@​aud10slave</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/631">stretchr/testify#631</a></li> <li>assert: refactor internal func getLen() by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1445">stretchr/testify#1445</a></li> <li>mock: deprecate type AnythingOfTypeArgument (<a href="https://redirect.github.com/stretchr/testify/issues/1434">#1434</a>) by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1441">stretchr/testify#1441</a></li> <li>Remove no longer needed assert.canConvert by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1470">stretchr/testify#1470</a></li> <li>assert: ObjectsAreEqual: use time.Equal for time.Time types by <a href="https://github.com/tscales"><code>@​tscales</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1464">stretchr/testify#1464</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1466">stretchr/testify#1466</a></li> <li>Bump actions/setup-go from 3.2.0 to 4.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1451">stretchr/testify#1451</a></li> <li>fix: make EventuallyWithT concurrency safe by <a href="https://github.com/czeslavo"><code>@​czeslavo</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1395">stretchr/testify#1395</a></li> <li>assert: fix httpCode and HTTPBody occur panic when http.Handler read Body by <a href="https://github.com/hidu"><code>@​hidu</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1484">stretchr/testify#1484</a></li> <li>assert.EqualExportedValues: fix handling of arrays by <a href="https://github.com/zrbecker"><code>@​zrbecker</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1473">stretchr/testify#1473</a></li> <li>.github: use latest Go versions by <a href="https://github.com/kevinburkesegment"><code>@​kevinburkesegment</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1489">stretchr/testify#1489</a></li> <li>assert: Deprecate EqualExportedValues by <a href="https://github.com/HaraldNordgren"><code>@​HaraldNordgren</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1488">stretchr/testify#1488</a></li> <li>suite: refactor test assertions by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1474">stretchr/testify#1474</a></li> <li>suite: fix SetupSubTest and TearDownSubTest execution order by <a href="https://github.com/linusbarth"><code>@​linusbarth</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1471">stretchr/testify#1471</a></li> <li>docs: Fix deprecation comments for http package by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1335">stretchr/testify#1335</a></li> <li>Add map support doc comments to Subset and NotSubset by <a href="https://github.com/jedevc"><code>@​jedevc</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1306">stretchr/testify#1306</a></li> <li>TestErrorIs/TestNotErrorIs: check error message contents by <a href="https://github.com/craig65535"><code>@​craig65535</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1435">stretchr/testify#1435</a></li> <li>suite: fix subtest names (fix <a href="https://redirect.github.com/stretchr/testify/issues/1501">#1501</a>) by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1504">stretchr/testify#1504</a></li> <li>assert: improve unsafe.Pointer tests by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1505">stretchr/testify#1505</a></li> <li>assert: simplify isNil implementation by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1506">stretchr/testify#1506</a></li> <li>assert.InEpsilonSlice: fix expected/actual order and other improvements by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1483">stretchr/testify#1483</a></li> <li>Fix dependency cycle with objx <a href="https://redirect.github.com/stretchr/testify/issues/1292">#1292</a> by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1453">stretchr/testify#1453</a></li> <li>mock: refactor TestIsArgsEqual by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1444">stretchr/testify#1444</a></li> <li>mock: optimize argument matching checks by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1416">stretchr/testify#1416</a></li> <li>assert: fix TestEventuallyTimeout by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1412">stretchr/testify#1412</a></li> <li>CI: add go 1.21 in GitHub Actions by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1450">stretchr/testify#1450</a></li> <li>suite: fix recoverAndFailOnPanic to report test failure at the right location by <a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1502">stretchr/testify#1502</a></li> <li>Update maintainers by <a href="https://github.com/brackendawson"><code>@​brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1533">stretchr/testify#1533</a></li> <li>assert: Fix EqualValues to handle overflow/underflow by <a href="https://github.com/arjunmahishi"><code>@​arjunmahishi</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1531">stretchr/testify#1531</a></li> <li>assert: better formatting for Len() error by <a href="https://github.com/kevinburkesegment"><code>@​kevinburkesegment</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1485">stretchr/testify#1485</a></li> <li>Ensure AssertExpectations does not fail in skipped tests by <a href="https://github.com/ianrose14"><code>@​ianrose14</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1331">stretchr/testify#1331</a></li> <li>suite: fix deadlock in suite.Require()/Assert() by <a href="https://github.com/arjunmahishi"><code>@​arjunmahishi</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1535">stretchr/testify#1535</a></li> <li>Revert &quot;assert: ObjectsAreEqual: use time.Equal for time.Time type&quot; by <a href="https://github.com/brackendawson"><code>@​brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1537">stretchr/testify#1537</a></li> <li>[chore] Add issue templates by <a href="https://github.com/arjunmahishi"><code>@​arjunmahishi</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1538">stretchr/testify#1538</a></li> <li>Update the build status badge by <a href="https://github.com/brackendawson"><code>@​brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1540">stretchr/testify#1540</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stretchr/testify/commit/bb548d0473d4e1c9b7bbfd6602c7bf12f7a84dd2"><code>bb548d0</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1552">#1552</a> from stretchr/dependabot/go_modules/github.com/stret...</li> <li><a href="https://github.com/stretchr/testify/commit/814075f391adffd2bf2b5110a74c51827ba132c4"><code>814075f</code></a> build(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2</li> <li><a href="https://github.com/stretchr/testify/commit/e0456122451b1839c8d58d32df6364e4d0f0a709"><code>e045612</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1339">#1339</a> from bogdandrutu/uintptr</li> <li><a href="https://github.com/stretchr/testify/commit/5b6926d686d412518f50e888b9ae9b938355e011"><code>5b6926d</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1385">#1385</a> from hslatman/not-implements</li> <li><a href="https://github.com/stretchr/testify/commit/9f97d67703eff02136d487e6c907e76fdea31a8b"><code>9f97d67</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1550">#1550</a> from stretchr/release-notes</li> <li><a href="https://github.com/stretchr/testify/commit/bcb0d3fe49ff300fb78288cc144bc61a881f58ec"><code>bcb0d3f</code></a> Include the auto-release notes in releases</li> <li><a href="https://github.com/stretchr/testify/commit/fb770f8238261aa22f8e0c56f18168ccb90f4a09"><code>fb770f8</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1247">#1247</a> from ccoVeille/typos</li> <li><a href="https://github.com/stretchr/testify/commit/85d8bb6eea715dcbbb68f7c87b50e1956e20f892"><code>85d8bb6</code></a> fix typos in comments, tests and github templates</li> <li><a href="https://github.com/stretchr/testify/commit/e2741fa4e9bf2fdfe3ed48d976a7eeebe76c5009"><code>e2741fa</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1548">#1548</a> from arjunmahishi/msgAndArgs</li> <li><a href="https://github.com/stretchr/testify/commit/6e59f20c0d3883d2bdc589a9e48374ea30601851"><code>6e59f20</code></a> http_assertions: assert that the msgAndArgs actually works in tests</li> <li>Additional commits viewable in <a href="https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.8.4&new-version=1.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-04 13:56:06 +02:00
github.com/stretchr/testify v1.9.0
chore(deps): bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12 (#4751) Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.11 to 0.5.12. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ulikunitz/xz/commit/4f11dce79b9977ec2976a978d6c594ea1c23cf29"><code>4f11dce</code></a> Update README.md and SECURITY.md to address security questions</li> <li><a href="https://github.com/ulikunitz/xz/commit/f56ebbfaa2400067dcda8ade26ce912c2873ca08"><code>f56ebbf</code></a> TODO.md: fix a typo</li> <li>See full diff in <a href="https://github.com/ulikunitz/xz/compare/v0.5.11...v0.5.12">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ulikunitz/xz&package-manager=go_modules&previous-version=0.5.11&new-version=0.5.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-04 14:35:29 +02:00
github.com/ulikunitz/xz v0.5.12
chore(deps): bump github.com/xanzy/go-gitlab from 0.113.0 to 0.114.0 (#5296) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.113.0 to 0.114.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xanzy/go-gitlab/releases">github.com/xanzy/go-gitlab's releases</a>.</em></p> <blockquote> <h2>v0.114.0</h2> <h2>What's Changed</h2> <ul> <li>Add project setting ci_pipeline_variables_minimum_override_role by <a href="https://github.com/vindvaki"><code>@​vindvaki</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/2057">xanzy/go-gitlab#2057</a></li> <li>feat: implement 'allowed_email_domains_list' group attribute by <a href="https://github.com/jeremad"><code>@​jeremad</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/2059">xanzy/go-gitlab#2059</a></li> <li>Implement <code>externalK8sProxyUrl</code> field in Metadata API by <a href="https://github.com/timofurrer"><code>@​timofurrer</code></a> in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/2062">xanzy/go-gitlab#2062</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vindvaki"><code>@​vindvaki</code></a> made their first contribution in <a href="https://redirect.github.com/xanzy/go-gitlab/pull/2057">xanzy/go-gitlab#2057</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/xanzy/go-gitlab/compare/v0.113.0...v0.114.0">https://github.com/xanzy/go-gitlab/compare/v0.113.0...v0.114.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xanzy/go-gitlab/commit/912f9bf48d5e253b9cf73b3d7ed3e8dfdb4ec868"><code>912f9bf</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/2062">#2062</a> from xanzy/metadata-proxy</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/29c7d054ce9c4937b175323fbc9f9f5e94a2113c"><code>29c7d05</code></a> Implement <code>externalK8sProxyUrl</code> field in Metadata API</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/24eba2678c1b61a4362b2c831b911e33a523325b"><code>24eba26</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/2059">#2059</a> from jeremad/jrm/email_domains</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/4f7ea733c05d3596e6c5f9404ddc7a93bcd6d403"><code>4f7ea73</code></a> chore: improve IPRestrictionRanges test</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/f285de48fa4041365857386d5ce6dd55a2e6e323"><code>f285de4</code></a> fix: 'ip_restriction_ranges' is not a create group field</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/cfed26b9ed7d7c201fd2b949cf2037c7de01b770"><code>cfed26b</code></a> feat: implement 'allowed_email_domains_list' group attribute</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/8eaea58d4b682df465466b8c5ecc0b202f0a77e4"><code>8eaea58</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/2057">#2057</a> from vindvaki/main</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/b1400c57906732b4eb695c7f2563a8d3ad0fca34"><code>b1400c5</code></a> Update types.go</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/0a513db73b6bc4980763bea7dbbd52a3d62305f1"><code>0a513db</code></a> Update projects_test.go</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/b1a9eacd1d9e8b05c95555a59fc98d250b010300"><code>b1a9eac</code></a> Add documentation comments for new type</li> <li>Additional commits viewable in <a href="https://github.com/xanzy/go-gitlab/compare/v0.113.0...v0.114.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/xanzy/go-gitlab&package-manager=go_modules&previous-version=0.113.0&new-version=0.114.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 10:54:14 +02:00
github.com/xanzy/go-gitlab v0.114.0
gocloud.dev v0.40.0
chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#5261) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.29.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/6018723c74059e3b91c84268b212c2f6cdab1f64"><code>6018723</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/71ed71b4faf97caafd1863fed003e9ac311f10ee"><code>71ed71b</code></a> README: don't recommend go get</li> <li><a href="https://github.com/golang/crypto/commit/750a45fe5e473d5afa193e9088f3d135e64eca26"><code>750a45f</code></a> sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary</li> <li><a href="https://github.com/golang/crypto/commit/36b172546bd03a74c79e109ec84c599b672ea9e4"><code>36b1725</code></a> sha3: avoid trailing permutation</li> <li><a href="https://github.com/golang/crypto/commit/80ea76eb17c0c52f5d5d04e833d6aeb6b062d81d"><code>80ea76e</code></a> sha3: fix padding for long cSHAKE parameters</li> <li><a href="https://github.com/golang/crypto/commit/c17aa50fbd32393e5d52fa65ca51cbfff0a75aea"><code>c17aa50</code></a> sha3: avoid buffer copy</li> <li><a href="https://github.com/golang/crypto/commit/7cfb9161e8d828fd6d9f34560e78460435b63503"><code>7cfb916</code></a> ssh: return unexpected msg error when server fails keyboard-interactive auth ...</li> <li><a href="https://github.com/golang/crypto/commit/b61b08db44b86a0fb8510036a4655fc4a3d37cd3"><code>b61b08d</code></a> chacha20: extend ppc64le support to ppc64</li> <li><a href="https://github.com/golang/crypto/commit/6c2174895805a9c4273cf0052c9ff61ba3e75812"><code>6c21748</code></a> internal/poly1305: extend ppc64le support to ppc64</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.28.0...v0.29.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.28.0&new-version=0.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 11:18:33 +02:00
golang.org/x/crypto v0.29.0
chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#5262) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.23.0 to 0.24.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/oauth2/commit/22134a41033e44c2cd074106770ab5b7ca910d15"><code>22134a4</code></a> README: don't recommend go get</li> <li>See full diff in <a href="https://github.com/golang/oauth2/compare/v0.23.0...v0.24.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 11:00:24 +02:00
golang.org/x/oauth2 v0.24.0
chore(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 (#5258) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.8.0 to 0.9.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sync/commit/151027eb5637d626749783009eab9f0a7cfb446a"><code>151027e</code></a> README: don't recommend go get</li> <li>See full diff in <a href="https://github.com/golang/sync/compare/v0.8.0...v0.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/sync&package-manager=go_modules&previous-version=0.8.0&new-version=0.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:33:09 +02:00
golang.org/x/sync v0.9.0
chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#5261) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.29.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/6018723c74059e3b91c84268b212c2f6cdab1f64"><code>6018723</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/71ed71b4faf97caafd1863fed003e9ac311f10ee"><code>71ed71b</code></a> README: don't recommend go get</li> <li><a href="https://github.com/golang/crypto/commit/750a45fe5e473d5afa193e9088f3d135e64eca26"><code>750a45f</code></a> sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary</li> <li><a href="https://github.com/golang/crypto/commit/36b172546bd03a74c79e109ec84c599b672ea9e4"><code>36b1725</code></a> sha3: avoid trailing permutation</li> <li><a href="https://github.com/golang/crypto/commit/80ea76eb17c0c52f5d5d04e833d6aeb6b062d81d"><code>80ea76e</code></a> sha3: fix padding for long cSHAKE parameters</li> <li><a href="https://github.com/golang/crypto/commit/c17aa50fbd32393e5d52fa65ca51cbfff0a75aea"><code>c17aa50</code></a> sha3: avoid buffer copy</li> <li><a href="https://github.com/golang/crypto/commit/7cfb9161e8d828fd6d9f34560e78460435b63503"><code>7cfb916</code></a> ssh: return unexpected msg error when server fails keyboard-interactive auth ...</li> <li><a href="https://github.com/golang/crypto/commit/b61b08db44b86a0fb8510036a4655fc4a3d37cd3"><code>b61b08d</code></a> chacha20: extend ppc64le support to ppc64</li> <li><a href="https://github.com/golang/crypto/commit/6c2174895805a9c4273cf0052c9ff61ba3e75812"><code>6c21748</code></a> internal/poly1305: extend ppc64le support to ppc64</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.28.0...v0.29.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.28.0&new-version=0.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 11:18:33 +02:00
golang.org/x/text v0.20.0
chore(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0 (#5264) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.26.0 to 0.27.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/4d2b19f26de18fb5fcfe5fa93e63cc44a98f1fcf"><code>4d2b19f</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/636867761e007eb34c5cf070be078f1f52e42052"><code>6368677</code></a> gopls/internal/golang: strength reduce ComputeImportFixEdits</li> <li><a href="https://github.com/golang/tools/commit/777f15531169c97bcdedd3657ca88c4f6a3df154"><code>777f155</code></a> gopls/internal/golang: show package attributes on hover</li> <li><a href="https://github.com/golang/tools/commit/8a0e08fb12a5dfb9ce62a770c69b3890114dafc9"><code>8a0e08f</code></a> gopls/doc: add missing doc link</li> <li><a href="https://github.com/golang/tools/commit/61415bee33fa1d798499691290df4eaf9e438c03"><code>61415be</code></a> gopls/internal/cache: guard against malformed paths in port.matches</li> <li><a href="https://github.com/golang/tools/commit/9a89d3a9850fd26cb9aee85127007257ea7ed951"><code>9a89d3a</code></a> internal/analysisinternal: avoid sub-token spans in TypeErrorEndPos</li> <li><a href="https://github.com/golang/tools/commit/1115af6fe6cfbcc9467f11ea249f1f25f6fb551e"><code>1115af6</code></a> internal/expect: support named arguments f(a, b, c=d, e=&quot;f&quot;)</li> <li><a href="https://github.com/golang/tools/commit/0b9e4998c4183c8162199d19632f38120a165c1b"><code>0b9e499</code></a> go/{expect,packages/packagestest}: mention the tag+delete proposal</li> <li><a href="https://github.com/golang/tools/commit/efcd2bdbd90a444d84eb8096da49c9c248a43233"><code>efcd2bd</code></a> internal/packagestest: fork go/packages/packagestest</li> <li><a href="https://github.com/golang/tools/commit/0e9ed3dc7ad85c9b9bfc03b5c956ea1334221e48"><code>0e9ed3d</code></a> go/packages: do not mutate Config</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.26.0...v0.27.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.26.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-11 10:34:30 +02:00
golang.org/x/tools v0.27.0
gopkg.in/mail.v2 v2.3.1
gopkg.in/yaml.v3 v3.0.1
)
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
require (
cel.dev/expr v0.16.1 // indirect
cloud.google.com/go/monitoring v1.21.0 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
github.com/envoyproxy/go-control-plane v0.13.0 // indirect
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
go.opentelemetry.io/contrib/bridges/prometheus v0.54.0 // indirect
go.opentelemetry.io/contrib/detectors/gcp v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.5.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.5.0 // indirect
go.opentelemetry.io/otel/log v0.5.0 // indirect
go.opentelemetry.io/otel/sdk/log v0.5.0 // indirect
google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a // indirect
)
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
require (
cloud.google.com/go v0.115.1 // indirect
cloud.google.com/go/auth v0.9.3 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
cloud.google.com/go/compute/metadata v0.5.1 // indirect
cloud.google.com/go/iam v1.2.1 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
cloud.google.com/go/kms v1.19.0 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
cloud.google.com/go/longrunning v0.6.1 // indirect
cloud.google.com/go/storage v1.45.0 // indirect
github.com/AlekSi/pointer v1.2.0 // indirect
feat(deps): bump github.com/google/ko from 0.12.0 to 0.13.0 (#3880) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>What's Changed</h2> <ul> <li>SPDX: Fix package manager label by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/801">ko-build/ko#801</a></li> <li>SPDX 2.3 support by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/803">ko-build/ko#803</a></li> <li>ci: build and test using 1.18 and 1.19 (drop 1.17) by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/812">ko-build/ko#812</a></li> <li>removes repo move message by <a href="https://github.com/mchmarny"><code>@​mchmarny</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/814">ko-build/ko#814</a></li> <li>feat: write sbom result to disk by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/822">ko-build/ko#822</a></li> <li>feat: adding support for using multiple keychain for sending sbom results to a different repository by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/821">ko-build/ko#821</a></li> <li>Move docs to ko.build by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/749">ko-build/ko#749</a></li> <li>Update setup-ko version by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> <li>Add -- usage in readme by <a href="https://github.com/jwcesign"><code>@​jwcesign</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/840">ko-build/ko#840</a></li> <li>add CONTRIBUTING, code of conduct, roadmap by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/837">ko-build/ko#837</a></li> <li>attempt to fix GH Pages publishing by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/843">ko-build/ko#843</a></li> <li>doc: fix link to Installation page in Getting Started by <a href="https://github.com/antoineco"><code>@​antoineco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/846">ko-build/ko#846</a></li> <li>.ko.yaml: bump golang 1.18 -&gt; 1.19 by <a href="https://github.com/srenatus"><code>@​srenatus</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/848">ko-build/ko#848</a></li> <li>truncate -image-refs file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/855">ko-build/ko#855</a></li> <li>update docs: fix broken links, align with README by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/854">ko-build/ko#854</a></li> <li>Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/820">ko-build/ko#820</a></li> <li>another docs update by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/856">ko-build/ko#856</a></li> <li>ko.build: support some common shortlinks by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/872">ko-build/ko#872</a></li> <li>install: fail with 404 instead of gzip error when url was wrong by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/879">ko-build/ko#879</a></li> <li>feat: deduplicate tags by <a href="https://github.com/bluebrown"><code>@​bluebrown</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/884">ko-build/ko#884</a></li> <li>install mkdocs-redirect when publishing site by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/873">ko-build/ko#873</a></li> <li>nit: replace one-item slice with const by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/885">ko-build/ko#885</a></li> <li>Temp fix for SLSA generators by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/886">ko-build/ko#886</a></li> <li>Fix verifier by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/891">ko-build/ko#891</a></li> <li>Fix link in static-assets.md by <a href="https://github.com/yuryu"><code>@​yuryu</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/893">ko-build/ko#893</a></li> <li>add KO_DEFAULTBASEIMAGE usage to docs by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/895">ko-build/ko#895</a></li> <li>Publish an tagged image on release by <a href="https://github.com/vdemeester"><code>@​vdemeester</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/868">ko-build/ko#868</a></li> <li>Add option to configure default platforms by <a href="https://github.com/ReToCode"><code>@​ReToCode</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/897">ko-build/ko#897</a></li> <li>Fix broken SLSA link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/899">ko-build/ko#899</a></li> <li>add MAINTAINERS.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/905">ko-build/ko#905</a></li> <li>fix: possible race condition when applying templates to flags/ldflags by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/913">ko-build/ko#913</a></li> <li>update docs to reflect actual default base image by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/903">ko-build/ko#903</a></li> <li>remove repeated error message on failure by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/921">ko-build/ko#921</a></li> <li>website: update CNCF announcement by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/920">ko-build/ko#920</a></li> <li>fix KO_CONFIG_PATH pointing to a file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/923">ko-build/ko#923</a></li> <li>upgrade to cosign v2.0.0-rc.0 by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/933">ko-build/ko#933</a></li> <li>Feature: Add ECR presubmit testing. by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/934">ko-build/ko#934</a></li> <li>remove 'ko deps' by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/937">ko-build/ko#937</a></li> <li>feat: Add KO_GO_PATH env var by <a href="https://github.com/embano1"><code>@​embano1</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/930">ko-build/ko#930</a></li> <li>add ko.build/slack short link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/945">ko-build/ko#945</a></li> <li>update link to ko goreleaser docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/936">ko-build/ko#936</a></li> <li>add ko community meeting details by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/938">ko-build/ko#938</a></li> <li>fix cosign by adding --yes by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/973">ko-build/ko#973</a></li> <li>fix: handle docker's unknown/unknown platform in index manifests by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/975">ko-build/ko#975</a></li> <li>fix file extension for cyclonedx by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/974">ko-build/ko#974</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/e22e7a15ffb988adc14c3fc6a964f61ed711812f"><code>e22e7a1</code></a> bump ggcr dep to <a href="https://github.com/main"><code>@​main</code></a> (<a href="https://redirect.github.com/google/ko/issues/976">#976</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/8e075ae1f1822bb61a871f11197566b362c342f0"><code>8e075ae</code></a> fix file extension for cyclonedx (<a href="https://redirect.github.com/google/ko/issues/974">#974</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/11670b7498be63bc0e04e7ba36433fd22f9654ce"><code>11670b7</code></a> fix: handle docker's unknown/unknown platform in index manifests (<a href="https://redirect.github.com/google/ko/issues/975">#975</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/7ce947817e2f59942cb181aa833bfd13533bcc19"><code>7ce9478</code></a> fix cosign by adding --yes (<a href="https://redirect.github.com/google/ko/issues/973">#973</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/9302da78dc995b2b2dd70c044708c3c4c6a056b6"><code>9302da7</code></a> Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (<a href="https://redirect.github.com/google/ko/issues/972">#972</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/a1588838ba1698c3ca3f6785363a1a9f82ed4baa"><code>a158883</code></a> Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (<a href="https://redirect.github.com/google/ko/issues/971">#971</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/86b6c2854f8a7c321ce1b8ea121938ce9cc79475"><code>86b6c28</code></a> Bump actions/checkout from 2 to 3 (<a href="https://redirect.github.com/google/ko/issues/966">#966</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/0bd12fb106ed9d03994a6b8883f8a5d834a2aa15"><code>0bd12fb</code></a> Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (<a href="https://redirect.github.com/google/ko/issues/967">#967</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/d5125daacd07306d3814a6910cc54422824331e6"><code>d5125da</code></a> Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (<a href="https://redirect.github.com/google/ko/issues/965">#965</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/03f4aed68268fb320b32195c80292300056b264c"><code>03f4aed</code></a> add ko community meeting details (<a href="https://redirect.github.com/google/ko/issues/938">#938</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2023-03-29 19:38:57 +02:00
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
feat(deps): bump gocloud.dev from 0.29.0 to 0.30.0 (#4129) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.29.0 to 0.30.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.30.0</h2> <p><strong>blob</strong></p> <ul> <li><strong>all</strong>: Add <code>Upload</code> and <code>Download</code> methods that may be more efficient for some drivers.</li> <li><strong>s3blob</strong>: Add support for per-request <code>s3v2.Options</code>.</li> <li><strong>s3blob</strong>: Stop escaping second <code>/</code> in <code>//</code>; it's no longer necessary.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>gcppubsub</strong>: Make it possible to configure <code>max_send_batch_size</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/d2d5bedb50683e2a6b893b75aafc193eca2715db"><code>d2d5bed</code></a> all: prep for release (<a href="https://redirect.github.com/google/go-cloud/issues/3263">#3263</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/c2e172b5a78def74973f7f3a8ece7c0bd6967432"><code>c2e172b</code></a> all: update dependencies (<a href="https://redirect.github.com/google/go-cloud/issues/3262">#3262</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/098177a48cae1bebfc90f88ed43d319444cab804"><code>098177a</code></a> blob/s3blob: fix the 'awssdk' argument examples</li> <li><a href="https://github.com/google/go-cloud/commit/2e4fad43f0b2606833b6a0de3e18628c70e11398"><code>2e4fad4</code></a> all: remove refs to deprecated xerrors</li> <li><a href="https://github.com/google/go-cloud/commit/1db413f1b3c4e344618b36401ba7e6dca3892929"><code>1db413f</code></a> pubsub/gcppubsub: make it possible to configure max_send_batch_size</li> <li><a href="https://github.com/google/go-cloud/commit/0c8428bf433136e7a4d96de0841f6373c6eacb53"><code>0c8428b</code></a> blob: Add Upload and Download methods that may be more efficient for some dri...</li> <li><a href="https://github.com/google/go-cloud/commit/54c71241a56f4c89eb64f587e5dc55667eaa40a3"><code>54c7124</code></a> all: cleanup duplicate import statements</li> <li><a href="https://github.com/google/go-cloud/commit/28b1328ae4fee939441faa5ee2e4eeba74c88ce7"><code>28b1328</code></a> all: minor code simplifications for returned boolean expressions</li> <li><a href="https://github.com/google/go-cloud/commit/2a407f5e6a71951384531445e25c58194f235062"><code>2a407f5</code></a> blob/gcsblob: Refresh goldens</li> <li><a href="https://github.com/google/go-cloud/commit/0cc16c8ae11e47028df24c4973debd6c56d29729"><code>0cc16c8</code></a> all: update goldens (<a href="https://redirect.github.com/google/go-cloud/issues/3252">#3252</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.29.0...v0.30.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.29.0&new-version=0.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 14:04:08 +02:00
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect
feat(deps): bump gocloud.dev from 0.27.0 to 0.28.0 (#3689) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.27.0 to 0.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.28.0</h2> <p><strong>BREAKING CHANGES</strong>:</p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK.</li> <li><strong>blob/azureblob</strong>: Updated to match recent breaking changes in the Azure packages (yes, again).</li> <li><strong>pubsub/awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>blob</strong></p> <ul> <li><strong>memblob</strong>: Fixed bug where use of <code>BeforeCopy</code> callback would drop the actual copying.</li> <li><strong>azureblob</strong>: Updated to match recent breaking changes in the Azure packages.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>all</strong>: Simplified and improved batch sizing, should resolve issues with too-frequent polling in some situations.</li> <li><strong>azurepubsub</strong>: Made <code>ListenerTimeout</code> configurable.</li> <li><strong>gcppubsub</strong> and <strong>awssnssqs</strong>: Support lazy mode for <code>Nack</code> (where no explicit <code>Nack</code> is sent).</li> <li><strong>awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>secrets</strong></p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK. Use azidentity.NewDefaultAzureCredential.</li> </ul> <p><strong>sql</strong></p> <ul> <li><strong>gcp/cloudsql</strong>: Fixed IAM login.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/24166090495b8e084a23aa7d11fcc81ec33e4729"><code>2416609</code></a> all: prep for v0.28.0 (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3207">#3207</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/13f46eb8065d5ea62b757f5f0f11a56f48faf7cc"><code>13f46eb</code></a> pubsub: simplify and improve batch sizing, especially for low message rates</li> <li><a href="https://github.com/google/go-cloud/commit/8f2c2b9a392a8e4a3d7a4942f88f3df607f8f6d0"><code>8f2c2b9</code></a> pubsub/memsub: Add Options for batching (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3205">#3205</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/fe0a3d75fe43c039258df25ebf102602526e3052"><code>fe0a3d7</code></a> pubsub/awssqs: Fix BeforeSend/As to enable changes to the sqs input message (...</li> <li><a href="https://github.com/google/go-cloud/commit/dfaf95af34dd9022a69a061028e0ceec98e9c670"><code>dfaf95a</code></a> secrets/azurekeyvault: Use azidentity.NewDefaultAzureCredential to support ot...</li> <li><a href="https://github.com/google/go-cloud/commit/1e26311532928f060c490a7fbf2be92b55ee12c4"><code>1e26311</code></a> blob: Remove some debug logging (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3197">#3197</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/43ed5a499864c08b7b6549ff7085f19634a1f02c"><code>43ed5a4</code></a> pubsub/gcppubsub: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3195">#3195</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/be80e70b3dcf7a6b86481881c7ac0b44a8095178"><code>be80e70</code></a> pubsub/awssnssqs: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3194">#3194</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/7d690993a53cf8cc2e7af07872876d58601f1261"><code>7d69099</code></a> blob/azblob: Update to latest, and restore As for dirlist (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3191">#3191</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/e942f3c339f0eb617ac4dbc7f37cc4e5920ee7cc"><code>e942f3c</code></a> blob/azblob: Restore As for List entry (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3188">#3188</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.27.0...v0.28.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.27.0&new-version=0.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 14:09:51 +02:00
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 // indirect
feat(deps): bump github.com/google/ko from 0.13.0 to 0.14.1 (#4132) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.13.0 to 0.14.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.14.1</h2> <h2>What's Changed</h2> <ul> <li>fix: Use attestation-name output by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/980">ko-build/ko#980</a></li> <li>Upgrade to go120 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/984">ko-build/ko#984</a></li> <li>fix release workflow by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/977">ko-build/ko#977</a></li> <li>fix deprecated attestation name by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/983">ko-build/ko#983</a></li> <li>refactor release job by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/986">ko-build/ko#986</a></li> <li>use git hash instead of git tag by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/988">ko-build/ko#988</a></li> <li>Correct a typo in resolver.go by <a href="https://github.com/felixonmars"><code>@​felixonmars</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/989">ko-build/ko#989</a></li> <li>feat: add riscv64 to goreleaser goarch by <a href="https://github.com/ernado"><code>@​ernado</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/990">ko-build/ko#990</a></li> <li>try to fix codeql workflow by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/994">ko-build/ko#994</a></li> <li>Push images faster by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1005">ko-build/ko#1005</a></li> <li>Don't publish tags twice by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1010">ko-build/ko#1010</a></li> <li>Add context to many gobuild errors by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1016">ko-build/ko#1016</a></li> <li>Fix --local with KO_DOCKER_REPO by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1017">ko-build/ko#1017</a></li> <li>Fix: Incorporate platform architecture by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1029">ko-build/ko#1029</a></li> <li>Update community.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1035">ko-build/ko#1035</a></li> <li>mention ko tekton task by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1039">ko-build/ko#1039</a></li> <li>Update community.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1037">ko-build/ko#1037</a></li> <li>Fix kind image loading for MacOS by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1026">ko-build/ko#1026</a></li> <li>Revert &quot;Fix kind image loading for MacOS&quot; by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1054">ko-build/ko#1054</a></li> <li>update boilerplate file to be KO Build Authors by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1056">ko-build/ko#1056</a></li> <li>Pin setup-ko to previous release by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1082">ko-build/ko#1082</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/felixonmars"><code>@​felixonmars</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/989">ko-build/ko#989</a></li> <li><a href="https://github.com/ernado"><code>@​ernado</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/990">ko-build/ko#990</a></li> <li><a href="https://github.com/aidy"><code>@​aidy</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1026">ko-build/ko#1026</a></li> <li><a href="https://github.com/luhring"><code>@​luhring</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1073">ko-build/ko#1073</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.13.0...v0.14.1">https://github.com/ko-build/ko/compare/v0.13.0...v0.14.1</a></p> <h2>v0.14.0</h2> <p>No release notes provided.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/200db7243f02b5c0303e21d8ab8e3b4ad3a229d0"><code>200db72</code></a> Pin setup-ko to previous release (<a href="https://redirect.github.com/google/ko/issues/1082">#1082</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/4366ded82cdda05ef85bc5483d19daa241d08f38"><code>4366ded</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1079">#1079</a> from ko-build/dependabot/github_actions/slsa-framewo...</li> <li><a href="https://github.com/ko-build/ko/commit/adbea950c10e2c69c7bf0589a6bf0b4e7ceafbfa"><code>adbea95</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1078">#1078</a> from ko-build/dependabot/github_actions/goreleaser/g...</li> <li><a href="https://github.com/ko-build/ko/commit/6175237fe6539a48206da87c239ad98b4f7d7312"><code>6175237</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1077">#1077</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/5e5fe2e703c1f0c9186975b06090ae563283f48d"><code>5e5fe2e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1076">#1076</a> from ko-build/dependabot/github_actions/aws-actions/...</li> <li><a href="https://github.com/ko-build/ko/commit/dc9b3eebef9818e2efab17cec8dd3eebff72e074"><code>dc9b3ee</code></a> Bump github.com/spf13/viper from 1.15.0 to 1.16.0</li> <li><a href="https://github.com/ko-build/ko/commit/ed445128e25c7bd0b6643b58ac44383a583d84f5"><code>ed44512</code></a> Bump golang.org/x/tools from 0.9.3 to 0.10.0 (<a href="https://redirect.github.com/google/ko/issues/1080">#1080</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/fcd95ec958cad910b4746245662506b1f974f40e"><code>fcd95ec</code></a> Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0</li> <li><a href="https://github.com/ko-build/ko/commit/974f09cdeacd7042c3db573366768ecbb32246a5"><code>974f09c</code></a> Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0</li> <li><a href="https://github.com/ko-build/ko/commit/893f6e877f7c352261c13e078bb8fc9709bb285c"><code>893f6e8</code></a> Bump aws-actions/configure-aws-credentials from 2.1.0 to 2.2.0</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.13.0...v0.14.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 18:56:50 +02:00
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
feat(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4044) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/rekor/blob/main/CHANGELOG.md">github.com/sigstore/rekor's changelog</a>.</em></p> <blockquote> <h1>v1.2.0</h1> <h2>Functional Enhancements</h2> <ul> <li>add client method to generate TLE struct (<a href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li> <li>add dsse type (<a href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li> <li>support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (<a href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li> <li>Add concurrency to backfill-redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li> <li>omit informational message if machine-parseable output has been requested (<a href="https://redirect.github.com/sigstore/rekor/issues/1486">#1486</a>)</li> <li>Publish stable checkpoint periodically to Redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1461">#1461</a>)</li> <li>Add intoto v0.0.2 to backfill script (<a href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li> <li>add new method to test insertability of proposed entries into log (<a href="https://redirect.github.com/sigstore/rekor/issues/1410">#1410</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>use t.Skip() in fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li> <li>improve fuzzing coverage (<a href="https://redirect.github.com/sigstore/rekor/issues/1499">#1499</a>)</li> <li>Remove watcher script (<a href="https://redirect.github.com/sigstore/rekor/issues/1484">#1484</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-frqx-jfcm-6jjr</li> <li>Remove requirement of PayloadHash for intoto 0.0.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li> <li>fix lint errors, bump linter up to 1.52 (<a href="https://redirect.github.com/sigstore/rekor/issues/1485">#1485</a>)</li> <li>Remove dependencies from pkg/util (<a href="https://redirect.github.com/sigstore/rekor/issues/1469">#1469</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Ceridwen Coghlan</li> <li>Cody Soyland</li> <li>Hayden B</li> <li>Miloslav Trmač</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/rekor/commit/20a995116b1548b79e62ba0ad9c29800387e8641"><code>20a9951</code></a> update for v1.2.0 (<a href="https://redirect.github.com/sigstore/rekor/issues/1507">#1507</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4"><code>140c5ad</code></a> Merge pull request from GHSA-frqx-jfcm-6jjr</li> <li><a href="https://github.com/sigstore/rekor/commit/85bb2bc7a35dcc94cd94e18984711806f437dcb6"><code>85bb2bc</code></a> use t.Skip() in fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/3adca0d2528699d2ff93bf78babef8b5cac46122"><code>3adca0d</code></a> Add concurrency to backfill-redis (<a href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/795a23619d5db1c9625a71f776474033c6712b56"><code>795a236</code></a> add client method to generate TLE struct (<a href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/161a796f91d7255443aa6ce98e7981e6926762f0"><code>161a796</code></a> build(deps): bump github/codeql-action from 2.3.3 to 2.3.4 (<a href="https://redirect.github.com/sigstore/rekor/issues/1505">#1505</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/35c4489abcff256298f1bc9f7caaf5a946750dac"><code>35c4489</code></a> add dsse type (<a href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/d318e2bf433d398d95923f3509557777a2fe5abb"><code>d318e2b</code></a> support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (<a href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/d508ebad91ef4e39d8e0dd3543cebe20321dc752"><code>d508eba</code></a> Remove requirement of PayloadHash for intoto 0.0.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/b387701f27aace3e3396ad4fdbb8d3ccc869fb5f"><code>b387701</code></a> Add intoto v0.0.2 to backfill script (<a href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/rekor&package-manager=go_modules&previous-version=1.1.1&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-27 05:24:50 +02:00
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
feat(deps): bump gocloud.dev from 0.29.0 to 0.30.0 (#4129) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.29.0 to 0.30.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.30.0</h2> <p><strong>blob</strong></p> <ul> <li><strong>all</strong>: Add <code>Upload</code> and <code>Download</code> methods that may be more efficient for some drivers.</li> <li><strong>s3blob</strong>: Add support for per-request <code>s3v2.Options</code>.</li> <li><strong>s3blob</strong>: Stop escaping second <code>/</code> in <code>//</code>; it's no longer necessary.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>gcppubsub</strong>: Make it possible to configure <code>max_send_batch_size</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/d2d5bedb50683e2a6b893b75aafc193eca2715db"><code>d2d5bed</code></a> all: prep for release (<a href="https://redirect.github.com/google/go-cloud/issues/3263">#3263</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/c2e172b5a78def74973f7f3a8ece7c0bd6967432"><code>c2e172b</code></a> all: update dependencies (<a href="https://redirect.github.com/google/go-cloud/issues/3262">#3262</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/098177a48cae1bebfc90f88ed43d319444cab804"><code>098177a</code></a> blob/s3blob: fix the 'awssdk' argument examples</li> <li><a href="https://github.com/google/go-cloud/commit/2e4fad43f0b2606833b6a0de3e18628c70e11398"><code>2e4fad4</code></a> all: remove refs to deprecated xerrors</li> <li><a href="https://github.com/google/go-cloud/commit/1db413f1b3c4e344618b36401ba7e6dca3892929"><code>1db413f</code></a> pubsub/gcppubsub: make it possible to configure max_send_batch_size</li> <li><a href="https://github.com/google/go-cloud/commit/0c8428bf433136e7a4d96de0841f6373c6eacb53"><code>0c8428b</code></a> blob: Add Upload and Download methods that may be more efficient for some dri...</li> <li><a href="https://github.com/google/go-cloud/commit/54c71241a56f4c89eb64f587e5dc55667eaa40a3"><code>54c7124</code></a> all: cleanup duplicate import statements</li> <li><a href="https://github.com/google/go-cloud/commit/28b1328ae4fee939441faa5ee2e4eeba74c88ce7"><code>28b1328</code></a> all: minor code simplifications for returned boolean expressions</li> <li><a href="https://github.com/google/go-cloud/commit/2a407f5e6a71951384531445e25c58194f235062"><code>2a407f5</code></a> blob/gcsblob: Refresh goldens</li> <li><a href="https://github.com/google/go-cloud/commit/0cc16c8ae11e47028df24c4973debd6c56d29729"><code>0cc16c8</code></a> all: update goldens (<a href="https://redirect.github.com/google/go-cloud/issues/3252">#3252</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.29.0...v0.30.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.29.0&new-version=0.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 14:04:08 +02:00
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
feat(deps): bump github.com/google/ko from 0.12.0 to 0.13.0 (#3880) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>What's Changed</h2> <ul> <li>SPDX: Fix package manager label by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/801">ko-build/ko#801</a></li> <li>SPDX 2.3 support by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/803">ko-build/ko#803</a></li> <li>ci: build and test using 1.18 and 1.19 (drop 1.17) by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/812">ko-build/ko#812</a></li> <li>removes repo move message by <a href="https://github.com/mchmarny"><code>@​mchmarny</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/814">ko-build/ko#814</a></li> <li>feat: write sbom result to disk by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/822">ko-build/ko#822</a></li> <li>feat: adding support for using multiple keychain for sending sbom results to a different repository by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/821">ko-build/ko#821</a></li> <li>Move docs to ko.build by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/749">ko-build/ko#749</a></li> <li>Update setup-ko version by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> <li>Add -- usage in readme by <a href="https://github.com/jwcesign"><code>@​jwcesign</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/840">ko-build/ko#840</a></li> <li>add CONTRIBUTING, code of conduct, roadmap by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/837">ko-build/ko#837</a></li> <li>attempt to fix GH Pages publishing by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/843">ko-build/ko#843</a></li> <li>doc: fix link to Installation page in Getting Started by <a href="https://github.com/antoineco"><code>@​antoineco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/846">ko-build/ko#846</a></li> <li>.ko.yaml: bump golang 1.18 -&gt; 1.19 by <a href="https://github.com/srenatus"><code>@​srenatus</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/848">ko-build/ko#848</a></li> <li>truncate -image-refs file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/855">ko-build/ko#855</a></li> <li>update docs: fix broken links, align with README by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/854">ko-build/ko#854</a></li> <li>Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/820">ko-build/ko#820</a></li> <li>another docs update by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/856">ko-build/ko#856</a></li> <li>ko.build: support some common shortlinks by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/872">ko-build/ko#872</a></li> <li>install: fail with 404 instead of gzip error when url was wrong by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/879">ko-build/ko#879</a></li> <li>feat: deduplicate tags by <a href="https://github.com/bluebrown"><code>@​bluebrown</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/884">ko-build/ko#884</a></li> <li>install mkdocs-redirect when publishing site by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/873">ko-build/ko#873</a></li> <li>nit: replace one-item slice with const by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/885">ko-build/ko#885</a></li> <li>Temp fix for SLSA generators by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/886">ko-build/ko#886</a></li> <li>Fix verifier by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/891">ko-build/ko#891</a></li> <li>Fix link in static-assets.md by <a href="https://github.com/yuryu"><code>@​yuryu</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/893">ko-build/ko#893</a></li> <li>add KO_DEFAULTBASEIMAGE usage to docs by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/895">ko-build/ko#895</a></li> <li>Publish an tagged image on release by <a href="https://github.com/vdemeester"><code>@​vdemeester</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/868">ko-build/ko#868</a></li> <li>Add option to configure default platforms by <a href="https://github.com/ReToCode"><code>@​ReToCode</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/897">ko-build/ko#897</a></li> <li>Fix broken SLSA link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/899">ko-build/ko#899</a></li> <li>add MAINTAINERS.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/905">ko-build/ko#905</a></li> <li>fix: possible race condition when applying templates to flags/ldflags by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/913">ko-build/ko#913</a></li> <li>update docs to reflect actual default base image by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/903">ko-build/ko#903</a></li> <li>remove repeated error message on failure by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/921">ko-build/ko#921</a></li> <li>website: update CNCF announcement by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/920">ko-build/ko#920</a></li> <li>fix KO_CONFIG_PATH pointing to a file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/923">ko-build/ko#923</a></li> <li>upgrade to cosign v2.0.0-rc.0 by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/933">ko-build/ko#933</a></li> <li>Feature: Add ECR presubmit testing. by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/934">ko-build/ko#934</a></li> <li>remove 'ko deps' by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/937">ko-build/ko#937</a></li> <li>feat: Add KO_GO_PATH env var by <a href="https://github.com/embano1"><code>@​embano1</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/930">ko-build/ko#930</a></li> <li>add ko.build/slack short link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/945">ko-build/ko#945</a></li> <li>update link to ko goreleaser docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/936">ko-build/ko#936</a></li> <li>add ko community meeting details by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/938">ko-build/ko#938</a></li> <li>fix cosign by adding --yes by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/973">ko-build/ko#973</a></li> <li>fix: handle docker's unknown/unknown platform in index manifests by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/975">ko-build/ko#975</a></li> <li>fix file extension for cyclonedx by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/974">ko-build/ko#974</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/e22e7a15ffb988adc14c3fc6a964f61ed711812f"><code>e22e7a1</code></a> bump ggcr dep to <a href="https://github.com/main"><code>@​main</code></a> (<a href="https://redirect.github.com/google/ko/issues/976">#976</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/8e075ae1f1822bb61a871f11197566b362c342f0"><code>8e075ae</code></a> fix file extension for cyclonedx (<a href="https://redirect.github.com/google/ko/issues/974">#974</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/11670b7498be63bc0e04e7ba36433fd22f9654ce"><code>11670b7</code></a> fix: handle docker's unknown/unknown platform in index manifests (<a href="https://redirect.github.com/google/ko/issues/975">#975</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/7ce947817e2f59942cb181aa833bfd13533bcc19"><code>7ce9478</code></a> fix cosign by adding --yes (<a href="https://redirect.github.com/google/ko/issues/973">#973</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/9302da78dc995b2b2dd70c044708c3c4c6a056b6"><code>9302da7</code></a> Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (<a href="https://redirect.github.com/google/ko/issues/972">#972</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/a1588838ba1698c3ca3f6785363a1a9f82ed4baa"><code>a158883</code></a> Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (<a href="https://redirect.github.com/google/ko/issues/971">#971</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/86b6c2854f8a7c321ce1b8ea121938ce9cc79475"><code>86b6c28</code></a> Bump actions/checkout from 2 to 3 (<a href="https://redirect.github.com/google/ko/issues/966">#966</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/0bd12fb106ed9d03994a6b8883f8a5d834a2aa15"><code>0bd12fb</code></a> Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (<a href="https://redirect.github.com/google/ko/issues/967">#967</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/d5125daacd07306d3814a6910cc54422824331e6"><code>d5125da</code></a> Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (<a href="https://redirect.github.com/google/ko/issues/965">#965</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/03f4aed68268fb320b32195c80292300056b264c"><code>03f4aed</code></a> add ko community meeting details (<a href="https://redirect.github.com/google/ko/issues/938">#938</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2023-03-29 19:38:57 +02:00
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
chore(deps): bump gocloud.dev from 0.36.0 to 0.37.0 (#4688) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.36.0&new-version=0.37.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-13 19:59:13 +02:00
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/BurntSushi/toml v1.4.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
chore(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.2 to 2.35.3 (#4596) Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.35.2 to 2.35.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's releases</a>.</em></p> <blockquote> <h2>v2.35.3</h2> <h2>Changelog</h2> <h3>Bug fixes</h3> <ul> <li>f8ccc9df94eb9a4c91c3a1c78d4759a65f156731: fix: file mode when type: tree (<a href="https://redirect.github.com/goreleaser/nfpm/issues/779">#779</a>) (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>e1ebfdad10ef98fe6c9d424efe3f97d7b2322f04: fix: honor SOURCE_DATE_EPOCH for files (<a href="https://redirect.github.com/goreleaser/nfpm/issues/775">#775</a>) (<a href="https://github.com/osm"><code>@​osm</code></a>)</li> </ul> <h3>Dependency updates</h3> <ul> <li>9c48b79596993dd653087f91861794b7da6267e6: feat(deps): bump github.com/ProtonMail/go-crypto (<a href="https://redirect.github.com/goreleaser/nfpm/issues/771">#771</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>d7a5dc79573e4bf5d65c3f00d9cac81736f12597: feat(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/765">#765</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>fbc55c56be14ac5de4207becb98c908c615dee7e: feat(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/774">#774</a>) (<a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li> <li>9bb94d758ce739fc27c19bbe04bf1c1d33ce3fa9: fix(deps): update go-rpmutils (<a href="https://redirect.github.com/goreleaser/nfpm/issues/764">#764</a>) (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <h3>Build process updates</h3> <ul> <li>5ace4da2fd3162383a16218e2ef405dc2676bdfc: ci: update changelog (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <h3>Other work</h3> <ul> <li>cd6b94108561b9ef1b06e1db8bfe9e3b3f643253: docs: update cmd docs (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> <li>672f8c6537228848062786d7ad2d2956f6808986: docs: update starchart url (<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3">https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3</a></p> <h2>Helping out</h2> <p>This release is only possible thanks to <strong>all</strong> the support of <strong>awesome people</strong>!</p> <p>Want to be one of them? You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a href="https://goreleaser.com/contributing">contribute with code</a>.</p> <h2>Where to go next?</h2> <ul> <li>nFPM is a satellite project from GoReleaser. <a href="https://goreleaser.com">Check it out</a>!</li> <li>Find examples and commented usage of all options in our <a href="https://nfpm.goreleaser.com/">website</a>.</li> <li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and <a href="https://twitter.com/goreleaser">Twitter</a>!</li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML omitted --></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/goreleaser/nfpm/commit/5ace4da2fd3162383a16218e2ef405dc2676bdfc"><code>5ace4da</code></a> ci: update changelog</li> <li><a href="https://github.com/goreleaser/nfpm/commit/f8ccc9df94eb9a4c91c3a1c78d4759a65f156731"><code>f8ccc9d</code></a> fix: file mode when type: tree (<a href="https://redirect.github.com/goreleaser/nfpm/issues/779">#779</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/48d1a19eb6c3b6fa7cf69295aa2e7bf8d2b2f520"><code>48d1a19</code></a> chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/778">#778</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/e1ebfdad10ef98fe6c9d424efe3f97d7b2322f04"><code>e1ebfda</code></a> fix: honor SOURCE_DATE_EPOCH for files (<a href="https://redirect.github.com/goreleaser/nfpm/issues/775">#775</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/25f6f2b7368585e0534b668ef76094f107e1fe4f"><code>25f6f2b</code></a> chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/776">#776</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/fbc55c56be14ac5de4207becb98c908c615dee7e"><code>fbc55c5</code></a> feat(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/774">#774</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/d83a6724284364757db5b61c7b2bd9bf0918264e"><code>d83a672</code></a> chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/773">#773</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/995a27a6fb5009a2a7e13e7747c9a7ef5a3e8098"><code>995a27a</code></a> chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/772">#772</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/9c48b79596993dd653087f91861794b7da6267e6"><code>9c48b79</code></a> feat(deps): bump github.com/ProtonMail/go-crypto (<a href="https://redirect.github.com/goreleaser/nfpm/issues/771">#771</a>)</li> <li><a href="https://github.com/goreleaser/nfpm/commit/e8832cc97b405ce3af1a6026f010d19e521bb1ff"><code>e8832cc</code></a> chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (<a href="https://redirect.github.com/goreleaser/nfpm/issues/770">#770</a>)</li> <li>Additional commits viewable in <a href="https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | github.com/goreleaser/nfpm/v2 | [>= 2.24.a, < 2.25] | </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/goreleaser/nfpm/v2&package-manager=go_modules&previous-version=2.35.2&new-version=2.35.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 20:56:17 +02:00
github.com/ProtonMail/go-crypto v1.0.0 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/alessio/shellescape v1.4.2 // indirect
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
feat(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.1 (#3979) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.0.1 to 1.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/rekor/releases">github.com/sigstore/rekor's releases</a>.</em></p> <blockquote> <h1>v1.1.1</h1> <h2>Functional Enhancements</h2> <ul> <li>Refactor Trillian client with exported methods (<a href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li> <li>Switch to official redis-go client (<a href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li> <li>Remove replace in go.mod (<a href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li> <li>Add Rekor OID info. (<a href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>remove legacy encrypted cosign key (<a href="https://redirect.github.com/sigstore/rekor/issues/1446">#1446</a>)</li> <li>swap cjson dependency (<a href="https://redirect.github.com/sigstore/rekor/issues/1441">#1441</a>)</li> <li>Update release readme (<a href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-2h5h-59f5-c5x9</li> </ul> <h2>Contributors</h2> <ul> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Ceridwen Coghlan</li> <li>Hayden B</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/rekor/compare/v1.1.0...v1.1.1">https://github.com/sigstore/rekor/compare/v1.1.0...v1.1.1</a></p> <h1>v1.1.0</h1> <h2>Functional Enhancements</h2> <ul> <li>improve validation on intoto v0.0.2 type (<a href="https://redirect.github.com/sigstore/rekor/issues/1351">#1351</a>)</li> <li>add feature to limit HTTP request body length to process (<a href="https://redirect.github.com/sigstore/rekor/issues/1334">#1334</a>)</li> <li>add information about the file size limit (<a href="https://redirect.github.com/sigstore/rekor/issues/1313">#1313</a>)</li> <li>Add script to backfill Redis from Rekor (<a href="https://redirect.github.com/sigstore/rekor/issues/1163">#1163</a>)</li> <li>Feature: add search support for sha512 (<a href="https://redirect.github.com/sigstore/rekor/issues/1142">#1142</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>fuzzing: refactor OSS-Fuzz build script (<a href="https://redirect.github.com/sigstore/rekor/issues/1377">#1377</a>)</li> <li>Update cloudbuild for cosign 2.0 (<a href="https://redirect.github.com/sigstore/rekor/issues/1375">#1375</a>)</li> <li>Tests - Additional sharding tests (<a href="https://redirect.github.com/sigstore/rekor/issues/1180">#1180</a>)</li> <li>jar type: add fuzzer for 3rd-party dep (<a href="https://redirect.github.com/sigstore/rekor/issues/1360">#1360</a>)</li> <li>update cosign to 2.0.0 and builder image and also cosign flags (<a href="https://redirect.github.com/sigstore/rekor/issues/1368">#1368</a>)</li> <li>fuzzing: move alpine utils to fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1335">#1335</a>)</li> <li>fuzzing: add seed for alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1342">#1342</a>)</li> <li>jar: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1327">#1327</a>)</li> <li>fuzzing: open writer later in fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1326">#1326</a>)</li> <li>fuzzing: remove tar operations in alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1322">#1322</a>)</li> <li>alpine: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1316">#1316</a>)</li> <li>hashedrekord: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1315">#1315</a>)</li> <li>fuzzing: add call to IndexKeys in multiple fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1302">#1302</a>)</li> <li>fuzzing: improve cose fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1300">#1300</a>)</li> <li>fuzzing: improve fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1298">#1298</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/rekor/blob/main/CHANGELOG.md">github.com/sigstore/rekor's changelog</a>.</em></p> <blockquote> <h1>v1.1.1</h1> <h2>Functional Enhancements</h2> <ul> <li>Refactor Trillian client with exported methods (<a href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li> <li>Switch to official redis-go client (<a href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li> <li>Remove replace in go.mod (<a href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li> <li>Add Rekor OID info. (<a href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>remove legacy encrypted cosign key (<a href="https://redirect.github.com/sigstore/rekor/issues/1446">#1446</a>)</li> <li>swap cjson dependency (<a href="https://redirect.github.com/sigstore/rekor/issues/1441">#1441</a>)</li> <li>Update release readme (<a href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-2h5h-59f5-c5x9</li> </ul> <h2>Contributors</h2> <ul> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Ceridwen Coghlan</li> <li>Hayden B</li> </ul> <h1>v1.1.0</h1> <h2>Functional Enhancements</h2> <ul> <li>improve validation on intoto v0.0.2 type (<a href="https://redirect.github.com/sigstore/rekor/issues/1351">#1351</a>)</li> <li>add feature to limit HTTP request body length to process (<a href="https://redirect.github.com/sigstore/rekor/issues/1334">#1334</a>)</li> <li>add information about the file size limit (<a href="https://redirect.github.com/sigstore/rekor/issues/1313">#1313</a>)</li> <li>Add script to backfill Redis from Rekor (<a href="https://redirect.github.com/sigstore/rekor/issues/1163">#1163</a>)</li> <li>Feature: add search support for sha512 (<a href="https://redirect.github.com/sigstore/rekor/issues/1142">#1142</a>)</li> </ul> <h2>Quality Enhancements</h2> <ul> <li>fuzzing: refactor OSS-Fuzz build script (<a href="https://redirect.github.com/sigstore/rekor/issues/1377">#1377</a>)</li> <li>Update cloudbuild for cosign 2.0 (<a href="https://redirect.github.com/sigstore/rekor/issues/1375">#1375</a>)</li> <li>Tests - Additional sharding tests (<a href="https://redirect.github.com/sigstore/rekor/issues/1180">#1180</a>)</li> <li>jar type: add fuzzer for 3rd-party dep (<a href="https://redirect.github.com/sigstore/rekor/issues/1360">#1360</a>)</li> <li>update cosign to 2.0.0 and builder image and also cosign flags (<a href="https://redirect.github.com/sigstore/rekor/issues/1368">#1368</a>)</li> <li>fuzzing: move alpine utils to fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1335">#1335</a>)</li> <li>fuzzing: add seed for alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1342">#1342</a>)</li> <li>jar: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1327">#1327</a>)</li> <li>fuzzing: open writer later in fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1326">#1326</a>)</li> <li>fuzzing: remove tar operations in alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1322">#1322</a>)</li> <li>alpine: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1316">#1316</a>)</li> <li>hashedrekord: add v001 fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1315">#1315</a>)</li> <li>fuzzing: add call to IndexKeys in multiple fuzzers (<a href="https://redirect.github.com/sigstore/rekor/issues/1302">#1302</a>)</li> <li>fuzzing: improve cose fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1300">#1300</a>)</li> <li>fuzzing: improve fuzz utils (<a href="https://redirect.github.com/sigstore/rekor/issues/1298">#1298</a>)</li> <li>fuzzing: improve alpine fuzzer (<a href="https://redirect.github.com/sigstore/rekor/issues/1273">#1273</a>)</li> <li>fuzzing: go mod edit go-fuzz-headers (<a href="https://redirect.github.com/sigstore/rekor/issues/1272">#1272</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/rekor/commit/0c1914e5e955cb9f514e32b222cf61a13e91ab08"><code>0c1914e</code></a> update CHANGELOG for v1.1.1 (<a href="https://redirect.github.com/sigstore/rekor/issues/1462">#1462</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48"><code>cf42ace</code></a> Merge pull request from GHSA-2h5h-59f5-c5x9</li> <li><a href="https://github.com/sigstore/rekor/commit/46ac0b224e673b969457597b15af2d125ae8c5c2"><code>46ac0b2</code></a> Refactor Trillian client with exported methods (<a href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/5d6e9723b1d251001906c5583b0fd6fe7e3a1cb3"><code>5d6e972</code></a> build(deps): bump github.com/redis/go-redis/v9 from 9.0.3 to 9.0.4 (<a href="https://redirect.github.com/sigstore/rekor/issues/1460">#1460</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/baa14ce4ebe621399ff8330dd8ddc4a6ca2e2533"><code>baa14ce</code></a> Switch to official redis-go client (<a href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/059e097a0b6856ff6ed79c96cba171df691eb3d8"><code>059e097</code></a> build(deps): bump github.com/go-playground/validator/v10 (<a href="https://redirect.github.com/sigstore/rekor/issues/1457">#1457</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/1f75c792567e6a4b2fa0ebb5e12fe500434d33b1"><code>1f75c79</code></a> Update release readme (<a href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/98163f336ce3db11d776c0eabc4c7bccda7612dd"><code>98163f3</code></a> build(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (<a href="https://redirect.github.com/sigstore/rekor/issues/1455">#1455</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/24cb647106d74051ba70ce867b5c7319ad29e3b9"><code>24cb647</code></a> Remove replace in go.mod (<a href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li> <li><a href="https://github.com/sigstore/rekor/commit/39bd69bc7c474ff07fef392ff139d0c01c2e116a"><code>39bd69b</code></a> Add Rekor OID info. (<a href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/rekor/compare/v1.0.1...v1.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/rekor&package-manager=go_modules&previous-version=1.0.1&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-04 04:11:29 +02:00
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.55.5
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 // indirect
chore(deps): bump github.com/google/ko from 0.15.2 to 0.15.4 (#4885) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.2 to 0.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Refactor global values to be defaults by <a href="https://github.com/nmittler"><code>@​nmittler</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1318">ko-build/ko#1318</a></p> </li> <li> <p>Bump actions/checkout from 4.1.5 to 4.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1316">ko-build/ko#1316</a></p> </li> <li> <p>Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1315">ko-build/ko#1315</a></p> </li> <li> <p>Bump github/codeql-action from 2.13.4 to 3.25.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1319">ko-build/ko#1319</a></p> </li> <li> <p>Bump github/codeql-action from 3.25.5 to 3.25.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1321">ko-build/ko#1321</a></p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4">https://github.com/ko-build/ko/compare/v0.15.3...v0.15.4</a></p> <h2>v0.15.3</h2> <p>🚨 We are investigating an issue with this release 🚨 See <a href="https://redirect.github.com/ko-build/ko/issues/1317">ko-build/ko#1317</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1244">ko-build/ko#1244</a></li> <li>Fix fly.io deployment docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1247">ko-build/ko#1247</a></li> <li>Bump golang.org/x/tools from 0.18.0 to 0.19.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1249">ko-build/ko#1249</a></li> <li>Update setup-ko action link in install.md by <a href="https://github.com/koki-develop"><code>@​koki-develop</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1256">ko-build/ko#1256</a></li> <li>Fix kind image names with --bare by <a href="https://github.com/aidy"><code>@​aidy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1027">ko-build/ko#1027</a></li> <li>fix: update github.com/awslabs/amazon-ecr-credential-helper to latest version by <a href="https://github.com/nesty92"><code>@​nesty92</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1267">ko-build/ko#1267</a></li> <li>drop go1.20 and start testing with go1.22 and ci updates by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1251">ko-build/ko#1251</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1265">ko-build/ko#1265</a></li> <li>Bump reviewdog/action-misspell from 1.15.0 to 1.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1252">ko-build/ko#1252</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1258">ko-build/ko#1258</a></li> <li>Bump actions/checkout from 4.1.1 to 4.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1255">ko-build/ko#1255</a></li> <li>Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1257">ko-build/ko#1257</a></li> <li>Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1253">ko-build/ko#1253</a></li> <li>Bump actions/setup-python from 5.0.0 to 5.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1269">ko-build/ko#1269</a></li> <li>Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1259">ko-build/ko#1259</a></li> <li>Bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1263">ko-build/ko#1263</a></li> <li>Bump reviewdog/action-misspell from 1.16.0 to 1.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1270">ko-build/ko#1270</a></li> <li>Add support for setting capabilities on the app binary by <a href="https://github.com/mejedi"><code>@​mejedi</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1271">ko-build/ko#1271</a></li> <li>Bump golang.org/x/sync from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1273">ko-build/ko#1273</a></li> <li>Bump golang.org/x/tools from 0.19.0 to 0.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1272">ko-build/ko#1272</a></li> <li>Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1275">ko-build/ko#1275</a></li> <li>Bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1277">ko-build/ko#1277</a></li> <li>chore: fix function names in comment by <a href="https://github.com/camcui"><code>@​camcui</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1278">ko-build/ko#1278</a></li> <li>Bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1279">ko-build/ko#1279</a></li> <li>Fix AWS Lambda advanced docs by <a href="https://github.com/mattn"><code>@​mattn</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1281">ko-build/ko#1281</a></li> <li>Bump actions/upload-artifact from 4.3.1 to 4.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1284">ko-build/ko#1284</a></li> <li>Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1283">ko-build/ko#1283</a></li> <li>Bump actions/checkout from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1285">ko-build/ko#1285</a></li> <li>Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1286">ko-build/ko#1286</a></li> <li>Bump actions/upload-artifact from 4.3.2 to 4.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1288">ko-build/ko#1288</a></li> <li>Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1287">ko-build/ko#1287</a></li> <li>Bump actions/checkout from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1290">ko-build/ko#1290</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/c9e27f0dae0b9db53e19d521bbc5ee811ce00e39"><code>c9e27f0</code></a> Update integration_test.sh</li> <li><a href="https://github.com/ko-build/ko/commit/7cb29ac9b8f0dbdea83e2828fb9da040752b2053"><code>7cb29ac</code></a> Refactor global values to be defaults</li> <li><a href="https://github.com/ko-build/ko/commit/29e852e8bbd76d65722c57497106adb1378f885f"><code>29e852e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1321">#1321</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/74f02a8f5989e979bbc10ac067ae8d4cbd22537e"><code>74f02a8</code></a> ---</li> <li><a href="https://github.com/ko-build/ko/commit/81723216fa527be864baee6f6518fa0895e12710"><code>8172321</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1319">#1319</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li><a href="https://github.com/ko-build/ko/commit/f979606b996aa20b6c6ad01226b726e1cb2777e7"><code>f979606</code></a> Bump github/codeql-action from 2.13.4 to 3.25.5</li> <li><a href="https://github.com/ko-build/ko/commit/bb99eccfe235e7b583c857bb1bafbf45f72178d1"><code>bb99ecc</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1315">#1315</a> from ko-build/dependabot/go_modules/github.com/docke...</li> <li><a href="https://github.com/ko-build/ko/commit/dcb8f4edfe8463aba0554e8cd03e58b1bd650f0a"><code>dcb8f4e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1316">#1316</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/7e47ec504a307bc63b4e2254434b9644dcf33841"><code>7e47ec5</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/ko-build/ko/commit/459bf48a23b48e5423109fd30ea0eca546279709"><code>459bf48</code></a> Bump github.com/docker/docker</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.15.2...v0.15.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.15.2&new-version=0.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-22 15:56:23 +02:00
github.com/aws/aws-sdk-go-v2/service/ecr v1.28.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.5 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
github.com/aws/smithy-go v1.20.4 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/bahlo/generic-list-go v0.2.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
chore(deps): bump github.com/anchore/quill from 0.4.1 to 0.4.2 (#4988) Bumps [github.com/anchore/quill](https://github.com/anchore/quill) from 0.4.1 to 0.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/quill/releases">github.com/anchore/quill's releases</a>.</em></p> <blockquote> <h2>v0.4.2</h2> <h1>Changelog</h1> <h2><a href="https://github.com/anchore/quill/tree/v0.4.2">v0.4.2</a> (2024-07-11)</h2> <p><a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">Full Changelog</a></p> <h3>Bug Fixes</h3> <ul> <li>fix: terminal no longer clobbered [[PR <a href="https://redirect.github.com/anchore/quill/issues/142">#142</a>](https://redirect.github.com/anchore/quill/pull/142)] [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>fix: notarization should not fail [[Issue <a href="https://redirect.github.com/anchore/quill/issues/118">#118</a>](https://redirect.github.com/anchore/quill/issues/118)] [[PR <a href="https://redirect.github.com/anchore/quill/issues/119">#119</a>](https://redirect.github.com/anchore/quill/pull/119)] [<a href="https://github.com/wagoodman">wagoodman</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/quill/commit/4639bd62b2a88f6552bb3dea42e501f538919a93"><code>4639bd6</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.223 to 1.1.225 (<a href="https://redirect.github.com/anchore/quill/issues/455">#455</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ca419a618682341ec40798043358c0e4f69e4c91"><code>ca419a6</code></a> chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (<a href="https://redirect.github.com/anchore/quill/issues/449">#449</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf4af8169670bcab7e9b01fb2f56c969d694b22f"><code>bf4af81</code></a> chore(deps): bump github.com/charmbracelet/lipgloss (<a href="https://redirect.github.com/anchore/quill/issues/454">#454</a>)</li> <li><a href="https://github.com/anchore/quill/commit/8b306166bb4dbffa2419d05950c5039993f465d8"><code>8b30616</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.12 to 1.54.18 (<a href="https://redirect.github.com/anchore/quill/issues/456">#456</a>)</li> <li><a href="https://github.com/anchore/quill/commit/dd4e6c85c5c2493529c74fe94a58dd71fd2aa930"><code>dd4e6c8</code></a> chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (<a href="https://redirect.github.com/anchore/quill/issues/453">#453</a>)</li> <li><a href="https://github.com/anchore/quill/commit/a75519372136730ec04ef8e8e848f71196faf311"><code>a755193</code></a> chore(deps): bump github.com/blacktop/go-macho from 1.1.220 to 1.1.223 (<a href="https://redirect.github.com/anchore/quill/issues/439">#439</a>)</li> <li><a href="https://github.com/anchore/quill/commit/bf64d8a2fd68f72094080e2af3a4eca884b430d6"><code>bf64d8a</code></a> chore(deps): bump github.com/charmbracelet/bubbletea (<a href="https://redirect.github.com/anchore/quill/issues/440">#440</a>)</li> <li><a href="https://github.com/anchore/quill/commit/196e96e91826b422557a1f3b23ab59276dac46a9"><code>196e96e</code></a> chore(deps): bump github.com/aws/aws-sdk-go from 1.54.2 to 1.54.12 (<a href="https://redirect.github.com/anchore/quill/issues/446">#446</a>)</li> <li><a href="https://github.com/anchore/quill/commit/ff50f7a9dd90dff83c0c8536374085a0d73ebbcd"><code>ff50f7a</code></a> chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/anchore/quill/issues/427">#427</a>)</li> <li><a href="https://github.com/anchore/quill/commit/092a1387f060de85a8a8b0d2d5c987a68603b65e"><code>092a138</code></a> chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (<a href="https://redirect.github.com/anchore/quill/issues/432">#432</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/quill/compare/v0.4.1...v0.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/anchore/quill&package-manager=go_modules&previous-version=0.4.1&new-version=0.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 14:41:38 +02:00
github.com/blacktop/go-dwarf v1.0.10 // indirect
github.com/blacktop/go-macho v1.1.231 // indirect
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/buger/jsonparser v1.1.1 // indirect
github.com/carlmjohnson/versioninfo v0.22.5 // indirect
github.com/cavaliergopher/cpio v1.0.1 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1 to 1.0.0 (#5237) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.13.1 to 1.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v1.0.0</h2> <h1>At last: v1.0.0</h1> <!-- raw HTML omitted --> <p>This is an honorary release indicating that Lip Gloss is now stable. Thank you, open source community, for all your love, support, contributions, and great style.</p> <p>Stay tuned for a v2 alpha!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/761d265f761271293f20f9bf62884b15f2d7c0cc"><code>761d265</code></a> feat(deps): bump github.com/charmbracelet/x/ansi from 0.4.0 to 0.4.2</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/342e7b051b45419b6f052c1d4b83e904e14414ff"><code>342e7b0</code></a> chore(ci): sync golangci-lint config</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/da324b123d09dc2d194c6911d440371ed463e4c8"><code>da324b1</code></a> feat(deps): bump github.com/charmbracelet/x/ansi from 0.3.2 to 0.4.0</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/78fd6fd42f6e6b028bac3dcc8dcd9652fc15afa0"><code>78fd6fd</code></a> chore(ci): sync golangci-lint config</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/407dc3d2cf84b9abeae83e7a12277a84ab01eab4"><code>407dc3d</code></a> feat(ci): add lint-sync workflow</li> <li>See full diff in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.13.1...v1.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.13.1&new-version=1.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 14:16:39 +02:00
github.com/charmbracelet/x/ansi v0.4.2 // indirect
github.com/cloudflare/circl v1.3.8 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/containerd/continuity v0.4.3 // indirect
feat(deps): bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 (#3878) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>Changelog</h2> <ul> <li>9306ebad Allow crane edit to generate non-image artifacts (<a href="https://redirect.github.com/google/go-containerregistry/issues/1545">#1545</a>)</li> <li>de35f0f7 Allow setting Content-Type in crane edit manifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1551">#1551</a>)</li> <li>4b081f80 Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li>1cfe1fc2 Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li>da1008fb Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1548">#1548</a>)</li> <li>86be45fb Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1547">#1547</a>)</li> <li>62f183e5 Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1556">#1556</a>)</li> <li>1b8dc2ba Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li>11843ba2 Enforce proper sha256 usage (<a href="https://redirect.github.com/google/go-containerregistry/issues/1544">#1544</a>)</li> <li>2ceebaaf Implement crane index subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1561">#1561</a>)</li> <li>9f42e028 Set mediaType for empty.ImageIndex in RawManifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1562">#1562</a>)</li> <li>759b19f7 Support artifactType, for images whose config.mediaType is not a config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1541">#1541</a>)</li> <li>b3c23b4c Support for OCI 1.1+ referrers via API (<a href="https://redirect.github.com/google/go-containerregistry/issues/1546">#1546</a>)</li> <li>061ee6bf Support for OCI 1.1+ referrers via fallback tag (<a href="https://redirect.github.com/google/go-containerregistry/issues/1543">#1543</a>)</li> <li>67703048 Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li>76bac933 Update release.yml (<a href="https://redirect.github.com/google/go-containerregistry/issues/1540">#1540</a>)</li> <li>eb7d746c authn: also read mount secrets (<a href="https://redirect.github.com/google/go-containerregistry/issues/1560">#1560</a>)</li> <li>e94d4089 bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li>4e95ae2b crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li>ff810c18 crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li>8ea5e0e8 crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li>824efc77 fix(mutate): also set timestamps only present in some formats (<a href="https://redirect.github.com/google/go-containerregistry/issues/1550">#1550</a>)</li> <li>e04520bc fix: Fix the crane release url and add more steps (<a href="https://redirect.github.com/google/go-containerregistry/issues/1532">#1532</a>)</li> <li>d8722327 hash: use generic instantiation (<a href="https://redirect.github.com/google/go-containerregistry/issues/1538">#1538</a>)</li> <li>57f010d2 replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li>9cd098e3 skip tls verification if default transport is used with insecure option (<a href="https://redirect.github.com/google/go-containerregistry/issues/1559">#1559</a>)</li> <li>36249683 tarball: pass imageToTags (<a href="https://redirect.github.com/google/go-containerregistry/issues/1563">#1563</a>)</li> </ul> <h3>Container Images</h3> <p><a href="https://gcr.io/go-containerregistry/crane:v0.14.0">https://gcr.io/go-containerregistry/crane:v0.14.0</a> <a href="https://gcr.io/go-containerregistry/gcrane:v0.14.0">https://gcr.io/go-containerregistry/gcrane:v0.14.0</a></p> <p>For example:</p> <pre><code>docker pull gcr.io/go-containerregistry/crane:v0.14.0 docker pull gcr.io/go-containerregistry/gcrane:v0.14.0 </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-containerregistry/commit/4b081f801f399fa293f23e42ba4c4ac6a6003f2c"><code>4b081f8</code></a> Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1cfe1fc25f233b40aa5d3b0edd572ed5c3f854c9"><code>1cfe1fc</code></a> Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/e94d40893b2d013992192f8a1a04fd1984fd24dc"><code>e94d408</code></a> bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/ff810c186c772e1056aa4081278ee84ee3fb565b"><code>ff810c1</code></a> crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/57f010d26af871587be87f5aed2550893d564a8c"><code>57f010d</code></a> replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/67703048992e9b025adf1a7b08f3bb195636be33"><code>6770304</code></a> Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1b8dc2babc55fd72d274e8f470f00e9e5ba43f1b"><code>1b8dc2b</code></a> Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/8ea5e0e8f045d827389d13bde5ae8269630e2e2e"><code>8ea5e0e</code></a> crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4e95ae2b72dd3b58fccb4ed579dbddf5c884822c"><code>4e95ae2</code></a> crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4a0e0af4bf958c0bfb17bdfac71c38204b930623"><code>4a0e0af</code></a> docs: Update crane installation and verification instructions (<a href="https://redirect.github.com/google/go-containerregistry/issues/1567">#1567</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-containerregistry&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 14:58:29 +02:00
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#4945) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p> <blockquote> <h2>v1.8.1</h2> <h2>✨ Features</h2> <ul> <li>Add env variable to suppress completion descriptions on create by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1938">spf13/cobra#1938</a></li> </ul> <h2>🐛 Bug fixes</h2> <ul> <li>Micro-optimizations by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/1957">spf13/cobra#1957</a></li> </ul> <h2>🔧 Maintenance</h2> <ul> <li>build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2127">spf13/cobra#2127</a></li> <li>Consistent annotation names by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2140">spf13/cobra#2140</a></li> <li>Remove fully inactivated linters by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2148">spf13/cobra#2148</a></li> <li>Address golangci-lint deprecation warnings, enable some more linters by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2152">spf13/cobra#2152</a></li> </ul> <h2>🧪 Testing &amp; CI/CD</h2> <ul> <li>Add test for func in cobra.go by <a href="https://github.com/korovindenis"><code>@​korovindenis</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2094">spf13/cobra#2094</a></li> <li>ci: test golang 1.22 by <a href="https://github.com/cyrilico"><code>@​cyrilico</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2113">spf13/cobra#2113</a></li> <li>Optimized and added more linting by <a href="https://github.com/scop"><code>@​scop</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2099">spf13/cobra#2099</a></li> <li>build(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2087">spf13/cobra#2087</a></li> <li>build(deps): bump actions/labeler from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2086">spf13/cobra#2086</a></li> <li>build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2108">spf13/cobra#2108</a></li> <li>build(deps): bump actions/cache from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2102">spf13/cobra#2102</a></li> </ul> <h2>✏️ Documentation</h2> <ul> <li>Fixes and docs for usage as plugin by <a href="https://github.com/nirs"><code>@​nirs</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2070">spf13/cobra#2070</a></li> <li>flags: clarify documentation that LocalFlags related function do not modify the state by <a href="https://github.com/niamster"><code>@​niamster</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2064">spf13/cobra#2064</a></li> <li>chore: remove repetitive words by <a href="https://github.com/racerole"><code>@​racerole</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2122">spf13/cobra#2122</a></li> <li>Add LXC to the list of projects using Cobra <a href="https://github.com/VaradBelwalkar"><code>@​VaradBelwalkar</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2071">spf13/cobra#2071</a></li> <li>Update projects_using_cobra.md by <a href="https://github.com/marcuskohlberg"><code>@​marcuskohlberg</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2089">spf13/cobra#2089</a></li> <li>[chore]: update projects using cobra by <a href="https://github.com/cmwylie19"><code>@​cmwylie19</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2093">spf13/cobra#2093</a></li> <li>Add Taikun CLI to list of projects by <a href="https://github.com/Smidra"><code>@​Smidra</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2098">spf13/cobra#2098</a></li> <li>Add Incus to the list of projects using Cobra by <a href="https://github.com/montag451"><code>@​montag451</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2118">spf13/cobra#2118</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/cobra/commit/e94f6d0dd9a5e5738dca6bce03c4b1207ffbc0ec"><code>e94f6d0</code></a> Address golangci-lint deprecation warnings, enable some more linters (<a href="https://redirect.github.com/spf13/cobra/issues/2152">#2152</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/8003b74a10ef0d0d84fe3c408d3939d86fdeb210"><code>8003b74</code></a> Remove fully inactivated linters (<a href="https://redirect.github.com/spf13/cobra/issues/2148">#2148</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5c2c1d627d35a00153764a3d37400efc66eaca1c"><code>5c2c1d6</code></a> Consistent annotation names (<a href="https://redirect.github.com/spf13/cobra/issues/2140">#2140</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/5a1acea3210649f3d70002818ec04b09f6347062"><code>5a1acea</code></a> build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 (<a href="https://redirect.github.com/spf13/cobra/issues/2127">#2127</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/0fc86c2ffd0326b6f6ed5fa36803d26993655c08"><code>0fc86c2</code></a> docs: update user guide (<a href="https://redirect.github.com/spf13/cobra/issues/2128">#2128</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/6b5f577ebce858ee70fcdd1f062ea3af4b1c03ab"><code>6b5f577</code></a> More linting (<a href="https://redirect.github.com/spf13/cobra/issues/2099">#2099</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/bd914e58d69d65e494b45bdb40e90ca816b92fcc"><code>bd914e5</code></a> fix: remove deprecated io/ioutils package (<a href="https://redirect.github.com/spf13/cobra/issues/2120">#2120</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/1f80fa2e23cc550c131e8a54dc72d11b265c6fcf"><code>1f80fa2</code></a> chore: remove repetitive words (<a href="https://redirect.github.com/spf13/cobra/issues/2122">#2122</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/c69ae4c36b134dd69e5ab9d3d6b9f571ca5afe1e"><code>c69ae4c</code></a> ci: test golang 1.22 (<a href="https://redirect.github.com/spf13/cobra/issues/2113">#2113</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/a30cee5e5ab0949cc888ef00ae6aee24e091e042"><code>a30cee5</code></a> build(deps): bump actions/cache from 3 to 4 (<a href="https://redirect.github.com/spf13/cobra/issues/2102">#2102</a>)</li> <li>Additional commits viewable in <a href="https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.8.0&new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 13:53:13 +02:00
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/davidmz/go-pageant v1.0.2 // indirect
github.com/dghubble/sling v1.4.0 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-beta.1 (#4983) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-alpha.1 to 3.0.0-beta.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-beta.1</h2> <p>Welcome to the <code>3.0.0-beta.1</code> release of registry!</p> <p>This is the last major <strong>pre-release</strong> of registry.</p> <p>See the changelog below for full list of changes.</p> <h2>Deprecated</h2> <ul> <li>the default configuration path has changed to <code>/etc/distribution/config.yml</code></li> </ul> <h2>Notable Changes</h2> <ul> <li>Support for sparse indexes enables selective mirroring of platform images</li> <li>Auth config now requires explicit declaration of token signing algorithms if using an unsupported signing algorithm</li> <li>Support for OpenTelemetry tracing has been added</li> <li>Redis cache now supports clustering and custom TLS config</li> <li>Caching proxy bug fixes and minor improvements</li> <li>Garbage collection fixes and improvements</li> <li>Documentation has received several updates</li> </ul> <h2>What's Changed</h2> <ul> <li>update: set User-Agent header in GCS storage driver by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4203">distribution/distribution#4203</a></li> <li>version: export getter functions by <a href="https://github.com/corhere"><code>@​corhere</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4204">distribution/distribution#4204</a></li> <li>feat: add GH issue template by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4206">distribution/distribution#4206</a></li> <li>fix: build status badge by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4207">distribution/distribution#4207</a></li> <li>docs: remove legacy kramdown options from link by <a href="https://github.com/SKalt"><code>@​SKalt</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4209">distribution/distribution#4209</a></li> <li>update: readme cleanup and fxes by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4208">distribution/distribution#4208</a></li> <li>feat: add PR labeler by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4205">distribution/distribution#4205</a></li> <li>fix: add missing skip in s3 driver test by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4219">distribution/distribution#4219</a></li> <li>vendor: github.com/mitchellh/mapstructure v1.5.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4222">distribution/distribution#4222</a></li> <li>chore: dependabot to keep gha up to date by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4217">distribution/distribution#4217</a></li> <li>build(deps): bump github/codeql-action from 1.0.26 to 3.22.12 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4225">distribution/distribution#4225</a></li> <li>build(deps): bump actions/deploy-pages from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4224">distribution/distribution#4224</a></li> <li>build(deps): bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4226">distribution/distribution#4226</a></li> <li>build(deps): bump actions/setup-go from 3 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4228">distribution/distribution#4228</a></li> <li>build(deps): bump actions/configure-pages from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4227">distribution/distribution#4227</a></li> <li>chore: generate authors and update mailmap by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4215">distribution/distribution#4215</a></li> <li>chore: use no-cache-filter for outdated stage by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4216">distribution/distribution#4216</a></li> <li>build(deps): bump actions/upload-pages-artifact from 2 to 3 by <a href="https://github.com/dvdksn"><code>@​dvdksn</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4234">distribution/distribution#4234</a></li> <li>build(deps): bump docker/login-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4239">distribution/distribution#4239</a></li> <li>build(deps): bump docker/metadata-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4240">distribution/distribution#4240</a></li> <li>update to alpine 3.19 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4210">distribution/distribution#4210</a></li> <li>build(deps): bump docker/setup-buildx-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4230">distribution/distribution#4230</a></li> <li>fix: load gcs credentials and client inside DriverConstructor by <a href="https://github.com/katexochen"><code>@​katexochen</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4218">distribution/distribution#4218</a></li> <li>build(deps): bump docker/bake-action from 2 to 4 by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4253">distribution/distribution#4253</a></li> <li>build(deps): bump actions/upload-artifact from 3.0.0 to 4.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4254">distribution/distribution#4254</a></li> <li>remove deprecated ReadSeekCloser interfaces by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4245">distribution/distribution#4245</a></li> <li>vendor: github.com/gorilla/handlers v1.5.2 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4211">distribution/distribution#4211</a></li> <li>fix: update Dockerfile version output by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4212">distribution/distribution#4212</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/c709432b917488208fa78a7932843d91eca59801"><code>c709432</code></a> Prep for v3-beta1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4399">#4399</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/c72db4109c6259a6b53d7b071e5912dbdc166332"><code>c72db41</code></a> Prep for v3-beta1 release</li> <li><a href="https://github.com/distribution/distribution/commit/60da1934b6c5ca04a5e3abc820f288209b97bc5c"><code>60da193</code></a> Bump Go and golang linter (<a href="https://redirect.github.com/distribution/distribution/issues/4389">#4389</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/948a39d358e0a89e9704eff9270d76b9506393ca"><code>948a39d</code></a> Update docs: JWKS credentials and AZ identity (<a href="https://redirect.github.com/distribution/distribution/issues/4397">#4397</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/d3cc664fa2219d5ac6e7a724dbb755f27b08a2e6"><code>d3cc664</code></a> Update docs: JWKS credentials and AZ identity</li> <li><a href="https://github.com/distribution/distribution/commit/4dd0ac977e9674cc0c2f3b206edb43475dac91c1"><code>4dd0ac9</code></a> feat: implement 'rewrite' storage middleware (<a href="https://redirect.github.com/distribution/distribution/issues/4146">#4146</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/306f4ff71eae432a323723eb4ffaf9aa861ca603"><code>306f4ff</code></a> Replace custom Redis config struct with go-redis UniversalOptions (adds senti...</li> <li><a href="https://github.com/distribution/distribution/commit/558ace139143057e0f8e3dbbcc5b695dda33462a"><code>558ace1</code></a> feat: implement 'rewrite' storage middleware</li> <li><a href="https://github.com/distribution/distribution/commit/6d5911900a793318e61324584a144d2b06b40b2b"><code>6d59119</code></a> Update Redis configuration docs with TLS options</li> <li><a href="https://github.com/distribution/distribution/commit/3a8499541a8d624b909c1e16a8d41e22b756457e"><code>3a84995</code></a> docs: disable base element override (<a href="https://redirect.github.com/distribution/distribution/issues/4391">#4391</a>)</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-alpha.1...v3.0.0-beta.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-alpha.1&new-version=3.0.0-beta.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-12 02:49:48 +02:00
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v27.1.1+incompatible // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/docker/distribution v2.8.3+incompatible // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/docker/docker v27.3.1+incompatible // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
github.com/docker/docker-credential-helpers v0.8.2 // indirect
chore(deps): bump github.com/ory/dockertest/v3 from 3.10.0 to 3.11.0 (#5070) Bumps [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) from 3.10.0 to 3.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ory/dockertest/releases">github.com/ory/dockertest/v3's releases</a>.</em></p> <blockquote> <h2>v3.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/435">ory/dockertest#435</a></li> <li>chore(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/437">ory/dockertest#437</a></li> <li>chore(deps): bump github.com/lib/pq from 0.0.0-20180327071824-d34b9ff171c2 to 1.10.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/438">ory/dockertest#438</a></li> <li>chore(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.24+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/426">ory/dockertest#426</a></li> <li>chore(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/427">ory/dockertest#427</a></li> <li>chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/450">ory/dockertest#450</a></li> <li>chore(deps): bump github.com/containerd/continuity from 0.3.0 to 0.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/451">ory/dockertest#451</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/449">ory/dockertest#449</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/442">ory/dockertest#442</a></li> <li>chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/445">ory/dockertest#445</a></li> <li>chore(deps): bump github.com/moby/term from 0.0.0-20201216013528-df9cb8a40635 to 0.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/446">ory/dockertest#446</a></li> <li>chore(deps): bump github.com/docker/cli from 20.10.17+incompatible to 24.0.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/448">ory/dockertest#448</a></li> <li>chore: bump dependencies and fix some lint by <a href="https://github.com/alnr"><code>@​alnr</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li>chore(deps): bump golang.org/x/sys from 0.19.0 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/501">ory/dockertest#501</a></li> <li>chore(deps): bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/475">ory/dockertest#475</a></li> <li>feat: fall back to podman if available by <a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li>test: refactor asserts by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/497">ory/dockertest#497</a></li> <li>use defer instead of os.Exit(m.Run()) by <a href="https://github.com/pmenglund"><code>@​pmenglund</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/493">ory/dockertest#493</a></li> <li>docs: remove outdated dep install instruction by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/505">ory/dockertest#505</a></li> <li>chore: remove direct dependency on gotest.tools/v3 by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/504">ory/dockertest#504</a></li> <li>chore: replace deprecated ioutil.TempDir with os.MkdirTemp by <a href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/506">ory/dockertest#506</a></li> <li>chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/509">ory/dockertest#509</a></li> <li>move tests to dockertest_test package by <a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li>chore(deps): bump github.com/opencontainers/image-spec from 1.0.2 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/510">ory/dockertest#510</a></li> <li>chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/503">ory/dockertest#503</a></li> <li>chore(deps): bump actions/setup-go from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/508">ory/dockertest#508</a></li> <li>chore(deps): bump actions/stale from 4 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/507">ory/dockertest#507</a></li> <li>feat: introduce cve scanners by <a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li>chore: update docker to v27.1.1 by <a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alnr"><code>@​alnr</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/499">ory/dockertest#499</a></li> <li><a href="https://github.com/SoMuchForSubtlety"><code>@​SoMuchForSubtlety</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/452">ory/dockertest#452</a></li> <li><a href="https://github.com/siraj-mx51"><code>@​siraj-mx51</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/490">ory/dockertest#490</a></li> <li><a href="https://github.com/Demonsthere"><code>@​Demonsthere</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/500">ory/dockertest#500</a></li> <li><a href="https://github.com/adamwalach"><code>@​adamwalach</code></a> made their first contribution in <a href="https://redirect.github.com/ory/dockertest/pull/522">ory/dockertest#522</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ory/dockertest/commit/6110e9a38fa9f7118d7baa38ac2437170520c3b5"><code>6110e9a</code></a> chore: update docker to v27.1.1 (<a href="https://redirect.github.com/ory/dockertest/issues/522">#522</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/d229e74b748daa9d889156981aee4d521a9fa226"><code>d229e74</code></a> feat: introduce cve scanners (<a href="https://redirect.github.com/ory/dockertest/issues/500">#500</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1b46b2915aed35799f1cb91e76ad499ff91b7d9c"><code>1b46b29</code></a> chore(deps): bump actions/stale from 4 to 9 (<a href="https://redirect.github.com/ory/dockertest/issues/507">#507</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/44496a38aa7769d525977b2c8f74047c231162e1"><code>44496a3</code></a> chore(deps): bump actions/setup-go from 4 to 5 (<a href="https://redirect.github.com/ory/dockertest/issues/508">#508</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/1aa8cd7bf823a7e369a54bcec74ac39ae5141eff"><code>1aa8cd7</code></a> chore(deps): bump actions/setup-node from 2.pre.beta to 4.0.2 (<a href="https://redirect.github.com/ory/dockertest/issues/503">#503</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/0c91bda2b499ac97a0f6c027dc25b213cbf726a0"><code>0c91bda</code></a> chore(deps): bump github.com/opencontainers/image-spec (<a href="https://redirect.github.com/ory/dockertest/issues/510">#510</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/3328cf9343b8091879695d1489aa3154544e7e23"><code>3328cf9</code></a> move tests to dockertest_test package (<a href="https://redirect.github.com/ory/dockertest/issues/490">#490</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/05f634764ebdde194ee996f9d6b4ebf91e7bc738"><code>05f6347</code></a> chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.13 (<a href="https://redirect.github.com/ory/dockertest/issues/509">#509</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/6539ccd9aa0828a791bf577d5290ed5201de4c72"><code>6539ccd</code></a> chore: replace deprecated ioutil.TempDir with os.MkdirTemp (<a href="https://redirect.github.com/ory/dockertest/issues/506">#506</a>)</li> <li><a href="https://github.com/ory/dockertest/commit/84015fd57ca4c3248e114be72046b90752aab334"><code>84015fd</code></a> chore: remove direct dependency on gotest.tools/v3 (<a href="https://redirect.github.com/ory/dockertest/issues/504">#504</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ory/dockertest/compare/v3.10.0...v3.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ory/dockertest/v3&package-manager=go_modules&previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 14:31:51 +02:00
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
feat(deps): bump github.com/xanzy/go-gitlab from 0.82.0 to 0.83.0 (#3955) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.82.0 to 0.83.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xanzy/go-gitlab/commit/9560b5bd1bf3fd02fe427e15c91ec7bfaecd51f9"><code>9560b5b</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1704">#1704</a> from cloudquery/master</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/5950ae0e1896664199337f50283cf936a3c30968"><code>5950ae0</code></a> newline</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/ad8af11b52f3d4cfe9f6590ee02c62e0c12eecb1"><code>ad8af11</code></a> ignore vendor</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/36a098515464b46cb9683ea684ff92d536951179"><code>36a0985</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1702">#1702</a> from cloudquery/feat/group_members/email</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/cc52c831af098fc64fe67675ba14d8d29e4d5536"><code>cc52c83</code></a> fix typo</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/12342600079f984cbcdb2fb7d2caebea6b05099b"><code>1234260</code></a> revert gitignore change</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/931c6625bcfa56e1279fede9b7b162940489518b"><code>931c662</code></a> Add <code>email</code> field to <code>GroupMember</code></li> <li><a href="https://github.com/xanzy/go-gitlab/commit/195295c1d3bb9f9ab754a2bcf0791d1c9d02ef31"><code>195295c</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1689">#1689</a> from smit-modi/issue-comment-event</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/f459ed34e662c06b6fed5dd248d67261d125b2bf"><code>f459ed3</code></a> Fixed order</li> <li><a href="https://github.com/xanzy/go-gitlab/commit/e7028c3cfed78024bb6f0dfb96a468c6e5fa3413"><code>e7028c3</code></a> Merge pull request <a href="https://redirect.github.com/xanzy/go-gitlab/issues/1670">#1670</a> from skast96/feature/project_templates</li> <li>Additional commits viewable in <a href="https://github.com/xanzy/go-gitlab/compare/v0.82.0...v0.83.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/xanzy/go-gitlab&package-manager=go_modules&previous-version=0.82.0&new-version=0.83.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 13:47:21 +02:00
github.com/docker/go-units v0.5.0
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/elliotchance/orderedmap/v2 v2.2.0 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.5 // indirect
github.com/github/smimesign v0.2.0 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-fed/httpsig v1.1.0 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
sec(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 (#4505) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.11.0</h2> <h2>What's Changed</h2> <ul> <li>git: validate reference names (<a href="https://redirect.github.com/go-git/go-git/issues/929">#929</a>) by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/950">go-git/go-git#950</a></li> <li>git: stop iterating at oldest shallow when pulling. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/305">#305</a> by <a href="https://github.com/dhoizner"><code>@​dhoizner</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/939">go-git/go-git#939</a></li> <li>plumbing: object, enable renames in getFileStatsFromFilePatches by <a href="https://github.com/djmoch"><code>@​djmoch</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/941">go-git/go-git#941</a></li> <li>storage: filesystem, Add option to set a specific FS for alternates by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/953">go-git/go-git#953</a></li> <li>Align worktree validation with upstream and remove build warnings by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/958">go-git/go-git#958</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dhoizner"><code>@​dhoizner</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/939">go-git/go-git#939</a></li> <li><a href="https://github.com/djmoch"><code>@​djmoch</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/941">go-git/go-git#941</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0">https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0</a></p> <h2>v5.10.1</h2> <h2>What's Changed</h2> <ul> <li>Worktree, ignore ModeSocket files by <a href="https://github.com/steiler"><code>@​steiler</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/930">go-git/go-git#930</a></li> <li>git: add tracer package by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/916">go-git/go-git#916</a></li> <li>remote: Flip clause for fast-forward only check by <a href="https://github.com/adityasaky"><code>@​adityasaky</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/875">go-git/go-git#875</a></li> <li>plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/900">#900</a> by <a href="https://github.com/anandf"><code>@​anandf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/901">go-git/go-git#901</a></li> <li>plumbing: uppload-server-info, implement upload-server-info by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/896">go-git/go-git#896</a></li> <li>plumbing: optimise memory consumption for filesystem storage by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/799">go-git/go-git#799</a></li> <li>plumbing: format/packfile, Refactor patch delta by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/908">go-git/go-git#908</a></li> <li>plumbing: fix empty uploadpack request error by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/932">go-git/go-git#932</a></li> <li>plumbing: transport/git, Improve tests error message by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/752">go-git/go-git#752</a></li> <li>plumbing: format/pktline, Respect pktline error-line errors by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/936">go-git/go-git#936</a></li> <li>utils: remove ioutil.Pipe and use std library io.Pipe by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/922">go-git/go-git#922</a></li> <li>utils: move trace to utils by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/931">go-git/go-git#931</a></li> <li>cli: separate go module for cli by <a href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/914">go-git/go-git#914</a></li> <li>build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/887">go-git/go-git#887</a></li> <li>build: bump actions/setup-go from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/891">go-git/go-git#891</a></li> <li>build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/888">go-git/go-git#888</a></li> <li>build: bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/890">go-git/go-git#890</a></li> <li>build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/907">go-git/go-git#907</a></li> <li>build: bump golang.org/x/text from 0.13.0 to 0.14.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/906">go-git/go-git#906</a></li> <li>build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/917">go-git/go-git#917</a></li> <li>build: bump golang.org/x/net from 0.17.0 to 0.18.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/918">go-git/go-git#918</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/anandf"><code>@​anandf</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/901">go-git/go-git#901</a></li> <li><a href="https://github.com/steiler"><code>@​steiler</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/930">go-git/go-git#930</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1">https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1</a></p> <h2>v5.10.0</h2> <h2>What's Changed</h2> <ul> <li>PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by <a href="https://github.com/ThinkChaos"><code>@​ThinkChaos</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/782">go-git/go-git#782</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/5d08d3bd94c65a3b6c25c6fba6907d12b0dac4ca"><code>5d08d3b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/958">#958</a> from pjbgf/workval</li> <li><a href="https://github.com/go-git/go-git/commit/5bd1d8f4abcfbf1345a1e5a5ec9a96121f3746dc"><code>5bd1d8f</code></a> build: Ensure checkout is the first operation</li> <li><a href="https://github.com/go-git/go-git/commit/b2c19824771bbcbb21abb51abb319c1a610aa6b3"><code>b2c1982</code></a> git: worktree, Align validation with upstream rules</li> <li><a href="https://github.com/go-git/go-git/commit/cec7da63ca0412fce55a0bf0715b7ba44a41eaa2"><code>cec7da6</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/953">#953</a> from pjbgf/alternates</li> <li><a href="https://github.com/go-git/go-git/commit/8b47ceb1aa854f3c3bfa1c347157a04324fcd51e"><code>8b47ceb</code></a> storage: filesystem, Add option to set a specific FS for alternates</li> <li><a href="https://github.com/go-git/go-git/commit/4f614891047bae5d0f7a253f014175505b9821d7"><code>4f61489</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/941">#941</a> from djmoch/filestats-rename</li> <li><a href="https://github.com/go-git/go-git/commit/ae552ce0bf32cddb689727c4c9fa6bf4d3bd6499"><code>ae552ce</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/939">#939</a> from dhoizner/fix-pull-after-shallow</li> <li><a href="https://github.com/go-git/go-git/commit/cc1895b905ebadb09504d88444ff05932fa6e928"><code>cc1895b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/950">#950</a> from aymanbagabas/validate-ref</li> <li><a href="https://github.com/go-git/go-git/commit/de1d5a5978b9599ca3dacd58bbf699e4bb4cf6bd"><code>de1d5a5</code></a> git: validate reference names</li> <li><a href="https://github.com/go-git/go-git/commit/d87110b492c94d99ebdaea732b23a54b7efba94b"><code>d87110b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/948">#948</a> from go-git/dependabot/go_modules/cli/go-git/github.c...</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.7.0...v5.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.7.0&new-version=5.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-28 14:46:28 +02:00
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-git/go-git/v5 v5.12.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
github.com/go-openapi/errors v0.22.0 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/loads v0.22.0 // indirect
github.com/go-openapi/runtime v0.28.0 // indirect
github.com/go-openapi/spec v0.21.0 // indirect
github.com/go-openapi/strfmt v0.23.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-openapi/validate v0.24.0 // indirect
github.com/go-restruct/restruct v1.2.0-alpha // indirect
github.com/go-viper/mapstructure/v2 v2.0.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#5244) Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.5.0 to 4.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang-jwt/jwt/releases">github.com/golang-jwt/jwt/v4's releases</a>.</em></p> <blockquote> <h2>v4.5.1</h2> <h1>Security</h1> <p>Unclear documentation of the error behavior in <code>ParseWithClaims</code> in &lt;= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by <code>ParseWithClaims</code> return both error codes. If users only check for the <code>jwt.ErrTokenExpired </code> using <code>error.Is</code>, they will ignore the embedded <code>jwt.ErrTokenSignatureInvalid</code> and thus potentially accept invalid tokens.</p> <p>This issue was documented in <a href="https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r">https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r</a> and fixed in this release.</p> <p>Note: <code>v5</code> was not affected by this issue. So upgrading to this release version is also recommended.</p> <h1>What's Changed</h1> <ul> <li>Back-ported error-handling logic in <code>ParseWithClaims</code> from <code>v5</code> branch. This fixes <a href="https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r">https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r</a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1">https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c"><code>7b1c1c0</code></a> Merge commit from fork</li> <li>See full diff in <a href="https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/golang-jwt/jwt/v4&package-manager=go_modules&previous-version=4.5.0&new-version=4.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2024-11-05 14:37:47 +02:00
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/rpmpack v0.6.1-0.20240329070804-c2247cbb881a // indirect
github.com/google/s2a-go v0.1.8 // indirect
feat(deps): bump github.com/google/ko from 0.12.0 to 0.13.0 (#3880) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>What's Changed</h2> <ul> <li>SPDX: Fix package manager label by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/801">ko-build/ko#801</a></li> <li>SPDX 2.3 support by <a href="https://github.com/puerco"><code>@​puerco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/803">ko-build/ko#803</a></li> <li>ci: build and test using 1.18 and 1.19 (drop 1.17) by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/812">ko-build/ko#812</a></li> <li>removes repo move message by <a href="https://github.com/mchmarny"><code>@​mchmarny</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/814">ko-build/ko#814</a></li> <li>feat: write sbom result to disk by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/822">ko-build/ko#822</a></li> <li>feat: adding support for using multiple keychain for sending sbom results to a different repository by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/821">ko-build/ko#821</a></li> <li>Move docs to ko.build by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/749">ko-build/ko#749</a></li> <li>Update setup-ko version by <a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> <li>Add -- usage in readme by <a href="https://github.com/jwcesign"><code>@​jwcesign</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/840">ko-build/ko#840</a></li> <li>add CONTRIBUTING, code of conduct, roadmap by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/837">ko-build/ko#837</a></li> <li>attempt to fix GH Pages publishing by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/843">ko-build/ko#843</a></li> <li>doc: fix link to Installation page in Getting Started by <a href="https://github.com/antoineco"><code>@​antoineco</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/846">ko-build/ko#846</a></li> <li>.ko.yaml: bump golang 1.18 -&gt; 1.19 by <a href="https://github.com/srenatus"><code>@​srenatus</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/848">ko-build/ko#848</a></li> <li>truncate -image-refs file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/855">ko-build/ko#855</a></li> <li>update docs: fix broken links, align with README by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/854">ko-build/ko#854</a></li> <li>Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/820">ko-build/ko#820</a></li> <li>another docs update by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/856">ko-build/ko#856</a></li> <li>ko.build: support some common shortlinks by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/872">ko-build/ko#872</a></li> <li>install: fail with 404 instead of gzip error when url was wrong by <a href="https://github.com/grosser"><code>@​grosser</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/879">ko-build/ko#879</a></li> <li>feat: deduplicate tags by <a href="https://github.com/bluebrown"><code>@​bluebrown</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/884">ko-build/ko#884</a></li> <li>install mkdocs-redirect when publishing site by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/873">ko-build/ko#873</a></li> <li>nit: replace one-item slice with const by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/885">ko-build/ko#885</a></li> <li>Temp fix for SLSA generators by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/886">ko-build/ko#886</a></li> <li>Fix verifier by <a href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/891">ko-build/ko#891</a></li> <li>Fix link in static-assets.md by <a href="https://github.com/yuryu"><code>@​yuryu</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/893">ko-build/ko#893</a></li> <li>add KO_DEFAULTBASEIMAGE usage to docs by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/895">ko-build/ko#895</a></li> <li>Publish an tagged image on release by <a href="https://github.com/vdemeester"><code>@​vdemeester</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/868">ko-build/ko#868</a></li> <li>Add option to configure default platforms by <a href="https://github.com/ReToCode"><code>@​ReToCode</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/897">ko-build/ko#897</a></li> <li>Fix broken SLSA link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/899">ko-build/ko#899</a></li> <li>add MAINTAINERS.md by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/905">ko-build/ko#905</a></li> <li>fix: possible race condition when applying templates to flags/ldflags by <a href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/913">ko-build/ko#913</a></li> <li>update docs to reflect actual default base image by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/903">ko-build/ko#903</a></li> <li>remove repeated error message on failure by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/921">ko-build/ko#921</a></li> <li>website: update CNCF announcement by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/920">ko-build/ko#920</a></li> <li>fix KO_CONFIG_PATH pointing to a file by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/923">ko-build/ko#923</a></li> <li>upgrade to cosign v2.0.0-rc.0 by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/933">ko-build/ko#933</a></li> <li>Feature: Add ECR presubmit testing. by <a href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/934">ko-build/ko#934</a></li> <li>remove 'ko deps' by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/937">ko-build/ko#937</a></li> <li>feat: Add KO_GO_PATH env var by <a href="https://github.com/embano1"><code>@​embano1</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/930">ko-build/ko#930</a></li> <li>add ko.build/slack short link by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/945">ko-build/ko#945</a></li> <li>update link to ko goreleaser docs by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/936">ko-build/ko#936</a></li> <li>add ko community meeting details by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/938">ko-build/ko#938</a></li> <li>fix cosign by adding --yes by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/973">ko-build/ko#973</a></li> <li>fix: handle docker's unknown/unknown platform in index manifests by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/975">ko-build/ko#975</a></li> <li>fix file extension for cyclonedx by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/974">ko-build/ko#974</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ianlewis"><code>@​ianlewis</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/e22e7a15ffb988adc14c3fc6a964f61ed711812f"><code>e22e7a1</code></a> bump ggcr dep to <a href="https://github.com/main"><code>@​main</code></a> (<a href="https://redirect.github.com/google/ko/issues/976">#976</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/8e075ae1f1822bb61a871f11197566b362c342f0"><code>8e075ae</code></a> fix file extension for cyclonedx (<a href="https://redirect.github.com/google/ko/issues/974">#974</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/11670b7498be63bc0e04e7ba36433fd22f9654ce"><code>11670b7</code></a> fix: handle docker's unknown/unknown platform in index manifests (<a href="https://redirect.github.com/google/ko/issues/975">#975</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/7ce947817e2f59942cb181aa833bfd13533bcc19"><code>7ce9478</code></a> fix cosign by adding --yes (<a href="https://redirect.github.com/google/ko/issues/973">#973</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/9302da78dc995b2b2dd70c044708c3c4c6a056b6"><code>9302da7</code></a> Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (<a href="https://redirect.github.com/google/ko/issues/972">#972</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/a1588838ba1698c3ca3f6785363a1a9f82ed4baa"><code>a158883</code></a> Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (<a href="https://redirect.github.com/google/ko/issues/971">#971</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/86b6c2854f8a7c321ce1b8ea121938ce9cc79475"><code>86b6c28</code></a> Bump actions/checkout from 2 to 3 (<a href="https://redirect.github.com/google/ko/issues/966">#966</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/0bd12fb106ed9d03994a6b8883f8a5d834a2aa15"><code>0bd12fb</code></a> Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (<a href="https://redirect.github.com/google/ko/issues/967">#967</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/d5125daacd07306d3814a6910cc54422824331e6"><code>d5125da</code></a> Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (<a href="https://redirect.github.com/google/ko/issues/965">#965</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/03f4aed68268fb320b32195c80292300056b264c"><code>03f4aed</code></a> add ko community meeting details (<a href="https://redirect.github.com/google/ko/issues/938">#938</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos A Becker <caarlos0@users.noreply.github.com>
2023-03-29 19:38:57 +02:00
github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
chore(deps): bump gocloud.dev from 0.36.0 to 0.37.0 (#4688) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.36.0&new-version=0.37.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-13 19:59:13 +02:00
github.com/google/wire v0.6.0 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
github.com/googleapis/gax-go/v2 v2.13.0 // indirect
github.com/goreleaser/chglog v0.6.1 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-20221021092657-c47a966fded8 to 3.0.0-alpha.1 (#4604) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-20221021092657-c47a966fded8 to 3.0.0-alpha.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-alpha.1</h2> <p>This is the first major release in years!</p> <p>It's an accumulation of effort that's bringing major improvements in performance, security and general code quality!</p> <p>See the abridged changelog below and the full release log <a href="https://github.com/distribution/distribution/blob/576d93fee39c22ef1e4735d932ccef32ee49f7fd/releases/v3.0.0.toml">here</a>.</p> <h3>Deprecations</h3> <ul> <li>Image Manifest v2 Schema v1</li> <li><code>oss</code> and <code>swift</code> storage drivers</li> <li><a href="https://github.com/docker/libtrust"><code>docker/libtrust</code></a> has been replaced with <a href="https://github.com/go-jose/go-jose"><code>go-jose/go-jose</code></a></li> <li><code>reference</code> package has been moved to a dedicated repository (see <a href="https://github.com/distribution/reference">here</a>)</li> <li><code>client</code> is no longer supported as a standalone package</li> </ul> <h3>Notable Changes</h3> <ul> <li><code>reference</code> package has been moved to its own dedicated <a href="https://github.com/distribution/reference">repository</a></li> <li>Go module has changed from <code>docker/distribution</code> to <code>distribution/distribution/v3</code></li> <li>Major performance improvements across all supported storage drivers</li> <li>Major dependencies updates (see the full list below)</li> <li>Online documentation is available at <a href="https://distribution.github.io/distribution/">https://distribution.github.io/distribution/</a></li> </ul> <h2>What's Changed</h2> <ul> <li>default autoredirect to false by <a href="https://github.com/davidswu"><code>@​davidswu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2800">distribution/distribution#2800</a></li> <li>Add docs for autoredirect config parameter by <a href="https://github.com/caervs"><code>@​caervs</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2801">distribution/distribution#2801</a></li> <li>Registry - make minimum TLS version user configurable by <a href="https://github.com/gregrebholz"><code>@​gregrebholz</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2808">distribution/distribution#2808</a></li> <li>Support BYOK for OSS storage driver by <a href="https://github.com/denverdino"><code>@​denverdino</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2791">distribution/distribution#2791</a></li> <li>Add reference. ParseDockerRef utility function by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2786">distribution/distribution#2786</a></li> <li>Fix gometalint errors by <a href="https://github.com/manishtomar"><code>@​manishtomar</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2840">distribution/distribution#2840</a></li> <li>registry: fix binary JSON content-type by <a href="https://github.com/lucab"><code>@​lucab</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2813">distribution/distribution#2813</a></li> <li>Log authorized username by <a href="https://github.com/manishtomar"><code>@​manishtomar</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2854">distribution/distribution#2854</a></li> <li>Fix cloudfront middleware by <a href="https://github.com/vishesh92"><code>@​vishesh92</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2837">distribution/distribution#2837</a></li> <li>support Alibaba Cloud CDN storage middleware by <a href="https://github.com/Shawnpku"><code>@​Shawnpku</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2849">distribution/distribution#2849</a></li> <li>replace rsc.io/letsencrypt in favour of golang.org/x/crypto by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2926">distribution/distribution#2926</a></li> <li>migrate to go modules from vndr by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2941">distribution/distribution#2941</a></li> <li>Fix typo: offest -&gt; offset by <a href="https://github.com/jabrown85"><code>@​jabrown85</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2894">distribution/distribution#2894</a></li> <li>Fix s3 driver for supporting ceph radosgw by <a href="https://github.com/tbe"><code>@​tbe</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2879">distribution/distribution#2879</a></li> <li>Fixes <a href="https://redirect.github.com/distribution/distribution/issues/2835">#2835</a> Process Accept header MIME types in case-insensitive way by <a href="https://github.com/yuwaMSFT2"><code>@​yuwaMSFT2</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2861">distribution/distribution#2861</a></li> <li>change default Dockerfile to install ssl utils by <a href="https://github.com/andyzhangx"><code>@​andyzhangx</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2809">distribution/distribution#2809</a></li> <li>Append the written bytes to the blob writer's size by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2920">distribution/distribution#2920</a></li> <li>fix no error returned in fetchTokenWithOAuth by <a href="https://github.com/sevki"><code>@​sevki</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2900">distribution/distribution#2900</a></li> <li>use latest version of alpine when building the Docker container by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2946">distribution/distribution#2946</a></li> <li>Extract blob upload resume into its own method by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2930">distribution/distribution#2930</a></li> <li>Handle Blob Create when the underlying registry doesn't provide 'Docker-Upload-UUID' by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2927">distribution/distribution#2927</a></li> <li>Implement Repository ServeBlob by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2921">distribution/distribution#2921</a></li> <li>Add notification metrics by <a href="https://github.com/tifayuki"><code>@​tifayuki</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2522">distribution/distribution#2522</a></li> <li>Update the versions of several dependencies by <a href="https://github.com/tariq1890"><code>@​tariq1890</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2947">distribution/distribution#2947</a></li> <li>Implement Repository Blobs upload resuming by <a href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2917">distribution/distribution#2917</a></li> <li>allow for VERSION and REVISION to be passed in during docker builds by <a href="https://github.com/alex-laties"><code>@​alex-laties</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/2955">distribution/distribution#2955</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/distribution/distribution/commits/v3.0.0-alpha.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-20221021092657-c47a966fded8&new-version=3.0.0-alpha.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-08 15:22:12 +02:00
github.com/gorilla/mux v1.8.1 // indirect
feat(deps): bump github.com/disgoorg/disgo from 0.16.12 to 0.17.0 (#4434) Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo) from 0.16.12 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/disgoorg/disgo/commit/c4ffb0537d5a1db28e68730eb4685434d4c9bbe6"><code>c4ffb05</code></a> fix checking timeouts when calculating permissions</li> <li><a href="https://github.com/disgoorg/disgo/commit/7e8c825d82051a11460aab8a80ea828fa46aa9aa"><code>7e8c825</code></a> Address Discord having shitty API design</li> <li><a href="https://github.com/disgoorg/disgo/commit/c9a23642bd7b45423361411c520ae5a8033d6306"><code>c9a2364</code></a> Add new expressions and events permissions (<a href="https://redirect.github.com/disgoorg/disgo/issues/292">#292</a>)</li> <li><a href="https://github.com/disgoorg/disgo/commit/f19739c45e4043e06728aa78557e128ee268f568"><code>f19739c</code></a> update dependencies</li> <li><a href="https://github.com/disgoorg/disgo/commit/0c2c0328fadb2426ff5b3349cc013bd9b1d7f18a"><code>0c2c032</code></a> migrate to slog &amp; go 1.21 (<a href="https://redirect.github.com/disgoorg/disgo/issues/294">#294</a>)</li> <li>See full diff in <a href="https://github.com/disgoorg/disgo/compare/v0.16.12...v0.17.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/disgoorg/disgo&package-manager=go_modules&previous-version=0.16.12&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-23 22:38:25 +02:00
github.com/gorilla/websocket v1.5.1 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 (#4955) Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.5 to 0.7.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md">github.com/hashicorp/go-retryablehttp's changelog</a>.</em></p> <blockquote> <h2>0.7.7 (May 30, 2024)</h2> <p>BUG FIXES:</p> <ul> <li>client: avoid potentially leaking URL-embedded basic authentication credentials in logs (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/158">#158</a>)</li> </ul> <h2>0.7.6 (May 9, 2024)</h2> <p>ENHANCEMENTS:</p> <ul> <li>client: support a <code>RetryPrepare</code> function for modifying the request before retrying (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/216">#216</a>)</li> <li>client: support HTTP-date values for <code>Retry-After</code> header value (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/138">#138</a>)</li> <li>client: avoid reading entire body when the body is a <code>*bytes.Reader</code> (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/197">#197</a>)</li> </ul> <p>BUG FIXES:</p> <ul> <li>client: fix a broken check for invalid server certificate in go 1.20+ (<a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/210">#210</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/1542b31176d3973a6ecbc06c05a2d0df89b59afb"><code>1542b31</code></a> v0.7.7</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/defb9f441dcf67a2a56fae733482836ea83349ac"><code>defb9f4</code></a> v0.7.7</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a"><code>a99f07b</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/158">#158</a> from dany74q/danny/redacted-url-in-logs</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/8a28c574da4098c0612fe1c7135f1f6de113d411"><code>8a28c57</code></a> Merge branch 'main' into danny/redacted-url-in-logs</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/86e852df43aa0d94150c4629d74e5116d1ff3348"><code>86e852d</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/227">#227</a> from hashicorp/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/47fe99e6460cddc5f433aad2b54dcf32281f8a53"><code>47fe99e</code></a> Bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/490fc06be0931548d3523a4245d15e9dc5d9214d"><code>490fc06</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/226">#226</a> from testwill/ioutil</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/f3e9417dbfcd0dc2b4a02a1dfdeb75f1e636b692"><code>f3e9417</code></a> chore: remove refs to deprecated io/ioutil</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/d969eaa9c97860482749df718a35b4a269361055"><code>d969eaa</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-retryablehttp/issues/225">#225</a> from hashicorp/manicminer-patch-2</li> <li><a href="https://github.com/hashicorp/go-retryablehttp/commit/2ad8ed4a1d9e632284f6937e91b2f9a1d30e8298"><code>2ad8ed4</code></a> v0.7.6</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/go-retryablehttp/compare/v0.7.5...v0.7.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-retryablehttp&package-manager=go_modules&previous-version=0.7.5&new-version=0.7.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 03:57:20 +02:00
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/huandu/xstrings v1.3.3 // indirect
github.com/imdario/mergo v0.3.16 // indirect
feat(deps): bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 (#3878) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>Changelog</h2> <ul> <li>9306ebad Allow crane edit to generate non-image artifacts (<a href="https://redirect.github.com/google/go-containerregistry/issues/1545">#1545</a>)</li> <li>de35f0f7 Allow setting Content-Type in crane edit manifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1551">#1551</a>)</li> <li>4b081f80 Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li>1cfe1fc2 Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li>da1008fb Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1548">#1548</a>)</li> <li>86be45fb Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1547">#1547</a>)</li> <li>62f183e5 Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1556">#1556</a>)</li> <li>1b8dc2ba Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li>11843ba2 Enforce proper sha256 usage (<a href="https://redirect.github.com/google/go-containerregistry/issues/1544">#1544</a>)</li> <li>2ceebaaf Implement crane index subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1561">#1561</a>)</li> <li>9f42e028 Set mediaType for empty.ImageIndex in RawManifest (<a href="https://redirect.github.com/google/go-containerregistry/issues/1562">#1562</a>)</li> <li>759b19f7 Support artifactType, for images whose config.mediaType is not a config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1541">#1541</a>)</li> <li>b3c23b4c Support for OCI 1.1+ referrers via API (<a href="https://redirect.github.com/google/go-containerregistry/issues/1546">#1546</a>)</li> <li>061ee6bf Support for OCI 1.1+ referrers via fallback tag (<a href="https://redirect.github.com/google/go-containerregistry/issues/1543">#1543</a>)</li> <li>67703048 Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li>76bac933 Update release.yml (<a href="https://redirect.github.com/google/go-containerregistry/issues/1540">#1540</a>)</li> <li>eb7d746c authn: also read mount secrets (<a href="https://redirect.github.com/google/go-containerregistry/issues/1560">#1560</a>)</li> <li>e94d4089 bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li>4e95ae2b crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li>ff810c18 crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li>8ea5e0e8 crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li>824efc77 fix(mutate): also set timestamps only present in some formats (<a href="https://redirect.github.com/google/go-containerregistry/issues/1550">#1550</a>)</li> <li>e04520bc fix: Fix the crane release url and add more steps (<a href="https://redirect.github.com/google/go-containerregistry/issues/1532">#1532</a>)</li> <li>d8722327 hash: use generic instantiation (<a href="https://redirect.github.com/google/go-containerregistry/issues/1538">#1538</a>)</li> <li>57f010d2 replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li>9cd098e3 skip tls verification if default transport is used with insecure option (<a href="https://redirect.github.com/google/go-containerregistry/issues/1559">#1559</a>)</li> <li>36249683 tarball: pass imageToTags (<a href="https://redirect.github.com/google/go-containerregistry/issues/1563">#1563</a>)</li> </ul> <h3>Container Images</h3> <p><a href="https://gcr.io/go-containerregistry/crane:v0.14.0">https://gcr.io/go-containerregistry/crane:v0.14.0</a> <a href="https://gcr.io/go-containerregistry/gcrane:v0.14.0">https://gcr.io/go-containerregistry/gcrane:v0.14.0</a></p> <p>For example:</p> <pre><code>docker pull gcr.io/go-containerregistry/crane:v0.14.0 docker pull gcr.io/go-containerregistry/gcrane:v0.14.0 </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-containerregistry/commit/4b081f801f399fa293f23e42ba4c4ac6a6003f2c"><code>4b081f8</code></a> Avoid v1.Manifest in crane edit config (<a href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1cfe1fc25f233b40aa5d3b0edd572ed5c3f854c9"><code>1cfe1fc</code></a> Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/e94d40893b2d013992192f8a1a04fd1984fd24dc"><code>e94d408</code></a> bump deps using ./hack/bump-deps.sh (<a href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/ff810c186c772e1056aa4081278ee84ee3fb565b"><code>ff810c1</code></a> crane: add serve subcommand (<a href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/57f010d26af871587be87f5aed2550893d564a8c"><code>57f010d</code></a> replace manual slsa-verifier installation with action (<a href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/67703048992e9b025adf1a7b08f3bb195636be33"><code>6770304</code></a> Update descriptor &quot;data&quot; field (when valid) during &quot;crane edit config&quot; (<a href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/1b8dc2babc55fd72d274e8f470f00e9e5ba43f1b"><code>1b8dc2b</code></a> Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/8ea5e0e8f045d827389d13bde5ae8269630e2e2e"><code>8ea5e0e</code></a> crane: support --omit-digest-tags in crane ls (<a href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4e95ae2b72dd3b58fccb4ed579dbddf5c884822c"><code>4e95ae2</code></a> crane: add --flatten for index append (<a href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/4a0e0af4bf958c0bfb17bdfac71c38204b930623"><code>4a0e0af</code></a> docs: Update crane installation and verification instructions (<a href="https://redirect.github.com/google/go-containerregistry/issues/1567">#1567</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-containerregistry&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 14:58:29 +02:00
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/ipfs/bbloom v0.0.4 // indirect
github.com/ipfs/go-block-format v0.2.0 // indirect
github.com/ipfs/go-cid v0.4.1 // indirect
github.com/ipfs/go-datastore v0.6.0 // indirect
github.com/ipfs/go-ipfs-blockstore v1.3.1 // indirect
github.com/ipfs/go-ipfs-ds-help v1.1.1 // indirect
github.com/ipfs/go-ipfs-util v0.0.3 // indirect
github.com/ipfs/go-ipld-cbor v0.1.0 // indirect
github.com/ipfs/go-ipld-format v0.6.0 // indirect
github.com/ipfs/go-log v1.0.5 // indirect
github.com/ipfs/go-log/v2 v2.5.1 // indirect
github.com/ipfs/go-metrics-interface v0.0.1 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jbenet/goprocess v0.1.4 // indirect
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
chore(deps): bump github.com/klauspost/compress from 1.17.10 to 1.17.11 (#5197) Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.10 to 1.17.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/klauspost/compress/releases">github.com/klauspost/compress's releases</a>.</em></p> <blockquote> <h2>v1.17.11</h2> <h2>What's Changed</h2> <ul> <li>zstd: Fix extra CRC written with multiple Close calls by <a href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1017">klauspost/compress#1017</a></li> <li>s2: Don't use stack for index tables by <a href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1014">klauspost/compress#1014</a></li> <li>gzhttp: No content-type on no body response code by <a href="https://github.com/juliens"><code>@​juliens</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1011">klauspost/compress#1011</a></li> <li>gzhttp: Do not set the content-type when response has no body by <a href="https://github.com/kevinpollet"><code>@​kevinpollet</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1013">klauspost/compress#1013</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/juliens"><code>@​juliens</code></a> made their first contribution in <a href="https://redirect.github.com/klauspost/compress/pull/1011">klauspost/compress#1011</a></li> <li><a href="https://github.com/kevinpollet"><code>@​kevinpollet</code></a> made their first contribution in <a href="https://redirect.github.com/klauspost/compress/pull/1013">klauspost/compress#1013</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/klauspost/compress/compare/v1.17.10...v1.17.11">https://github.com/klauspost/compress/compare/v1.17.10...v1.17.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/klauspost/compress/commit/72cd4a92a8b13e722763e6b6a3467163c2028d3d"><code>72cd4a9</code></a> zstd: Fix extra CRC written with multiple Close calls (<a href="https://redirect.github.com/klauspost/compress/issues/1017">#1017</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/dbd6c381492aabac7654ebe41879e64e4d31cf40"><code>dbd6c38</code></a> s2: Don't use stack for index tables (<a href="https://redirect.github.com/klauspost/compress/issues/1014">#1014</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/f73ab1e79f98362cca776cf09fc6c0c84842c87e"><code>f73ab1e</code></a> Do not set the content-type when response has no body (<a href="https://redirect.github.com/klauspost/compress/issues/1013">#1013</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/f2a4f2583ec1755229873697d1426f1ecd16219a"><code>f2a4f25</code></a> build(deps): bump github/codeql-action in the github-actions group (<a href="https://redirect.github.com/klauspost/compress/issues/1012">#1012</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/8e14b1b5a913606155428531ccb2652a90df77a3"><code>8e14b1b</code></a> No content-type on no body response code (<a href="https://redirect.github.com/klauspost/compress/issues/1011">#1011</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/13a1ce6df1e03c38e389e32b10b8cca2534612f0"><code>13a1ce6</code></a> ci: Match goreleaser version (<a href="https://redirect.github.com/klauspost/compress/issues/1009">#1009</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/6c5a1959864afb1c2fe3e8ccf1c82a4f4a6b7fa7"><code>6c5a195</code></a> Update README.md</li> <li>See full diff in <a href="https://github.com/klauspost/compress/compare/v1.17.10...v1.17.11">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/klauspost/compress&package-manager=go_modules&previous-version=1.17.10&new-version=1.17.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-14 14:23:49 +02:00
github.com/klauspost/compress v1.17.11
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
feat(deps): bump gocloud.dev from 0.26.0 to 0.27.0 (#3430) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.27.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.27.0</h2> <p><strong>ANNOUNCEMENT</strong>: In the next release we plan to switch over from using OpenCensus to using OpenTelemetry; see <a href="https://github-redirect.dependabot.com/google/go-cloud/issues/2877">#2877</a> for discussion. Please comment on that issue if this is a concern for you.</p> <p><strong>BREAKING CHANGES</strong>: <strong>blob/azureblob, pubsub/azuresb</strong>: Switched over to using the new Azure beta release. Constructors and <code>As</code> types have changed.</p> <p><strong>pubsub</strong>: <strong>all</strong>: Added support for overriding batching for AWS, GCP, Azure.</p> <p><strong>blob</strong>: <strong>fileblob</strong>: Fixed file permissions on temporary files.</p> <p><strong>runtimevar</strong>: <strong>etcdvar</strong>: Brought back this package now that the upstream issues have been resolved.</p> <p><strong>secrets</strong>: <strong>awskms</strong>: Added support for EncryptionContext parameters.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/3c635fdcb2e648272296b12a4b23d593a965609e"><code>3c635fd</code></a> all: prep for v0.27.0 release</li> <li><a href="https://github.com/google/go-cloud/commit/132c6952d06448b5325f6b856d742a2e535eaf65"><code>132c695</code></a> internal: remove unused package for tracing (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3167">#3167</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/b078f175bb3d0de54df4b2ff1497ce19f9583fce"><code>b078f17</code></a> Add a custom createTemp function that uses consistent file permissions. (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3166">#3166</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/2c69298b18a5e169e9b6b4f4fb338487006b5f47"><code>2c69298</code></a> pubsub/kafka: Allow overriding batching options for Topic (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3163">#3163</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/2ae6e177616a04b94100982ad9f1197af3c41d71"><code>2ae6e17</code></a> blob/azureblob: add storage_account query parameter (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3159">#3159</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/58fd16630bd7ce978bf53ec5a3974cac4299e105"><code>58fd166</code></a> blob/azureblob: Use azidentity.NewDefaultAzureCredential the default/fallback...</li> <li><a href="https://github.com/google/go-cloud/commit/bb5165b76b81ce64c0e769965c0eb293ccd938ac"><code>bb5165b</code></a> pubsub: Add support for overriding batching for AWS, GCP, Azure drivers (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3158">#3158</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/0c45fa60411312d52335c521a8a8411a15e1ce71"><code>0c45fa6</code></a> blob/azureblob: Update to new azblob package BREAKING_CHANGE_OK (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3156">#3156</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/cf4fa6ff18f951d45ec6f1997a3b70695f3a0b17"><code>cf4fa6f</code></a> runtimevar/etcdvar: Bring back runtimevar/etcdvar (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3157">#3157</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/8cd52867f0776832bdc91cc2f1151920351380b2"><code>8cd5286</code></a> all: update deps and regenerate goldens (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3153">#3153</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.26.0...v0.27.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.26.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-05 14:49:30 +02:00
github.com/kylelemons/godebug v1.1.0 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
feat(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#4364) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v0.9.0</h2> <h1>My, how the tables have turned</h1> <p>Now you can draw <code>Table</code>s with Lip Gloss! 💅</p> <!-- raw HTML omitted --> <p>View <a href="https://github.com/charmbracelet/lipgloss/tree/master/examples/table/pokemon/main.go">the source code</a>.</p> <h2>Let's get started</h2> <pre lang="go"><code>import &quot;github.com/charmbracelet/lipgloss/table&quot; </code></pre> <p>Define some rows of data.</p> <pre lang="go"><code>rows := [][]string{ {&quot;Chinese&quot;, &quot;您好&quot;, &quot;你好&quot;}, {&quot;Japanese&quot;, &quot;こんにちは&quot;, &quot;やあ&quot;}, {&quot;Arabic&quot;, &quot;أهلين&quot;, &quot;أهلا&quot;}, {&quot;Russian&quot;, &quot;Здравствуйте&quot;, &quot;Привет&quot;}, {&quot;Spanish&quot;, &quot;Hola&quot;, &quot;¿Qué tal?&quot;}, } </code></pre> <p>Use the table package to style and render the table.</p> <pre lang="go"><code>t := table.New(). Border(lipgloss.NormalBorder()). BorderStyle(lipgloss.NewStyle().Foreground(lipgloss.Color(&quot;99&quot;))). StyleFunc(func(row, col int) lipgloss.Style { switch { case row == 0: return HeaderStyle case row%2 == 0: return EvenRowStyle default: return OddRowStyle } }). Headers(&quot;LANGUAGE&quot;, &quot;FORMAL&quot;, &quot;INFORMAL&quot;). Rows(rows...) <p>// You can also add tables row-by-row t.Row(&quot;English&quot;, &quot;You look absolutely fabulous.&quot;, &quot;How's it going?&quot;) </code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/4476263d0598a0799b48f75d1bfb394b4dce79f4"><code>4476263</code></a> Feature: Tables (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/218">#218</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/408dcf3b9ec535cddf7d343bf5b1a3dd0eba4a00"><code>408dcf3</code></a> feat: add <code>Middle</code> borders (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/230">#230</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/93cd5e0d35ae7fed6884560097b304cec79f0fc1"><code>93cd5e0</code></a> feat: bump minimum go version to 1.18 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/216">#216</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/b766f24d454396ae75c1b0e86310dffadf4ceb77"><code>b766f24</code></a> feat(deps): bump github.com/mattn/go-runewidth from 0.0.14 to 0.0.15 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/215">#215</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/b0eb95dbc18f712ad939ab7193cb69951a95361f"><code>b0eb95d</code></a> fix(border): both GetHorizontalBorderSize and GetVerticalBorderSize (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/225">#225</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/2d2a577e2d32c9b23e64be859b8af98599bba243"><code>2d2a577</code></a> fix(border): GetBorderRightSize (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/224">#224</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/18166eaa8adf46a03c4b732ab1dec81fad1c691b"><code>18166ea</code></a> chore(deps): bump actions/checkout from 3 to 4 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/222">#222</a>)</li> <li>See full diff in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.8.0&new-version=0.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 14:05:53 +02:00
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/minio/sha256-simd v1.0.1 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/moby/term v0.5.0 // indirect
github.com/mr-tron/base58 v1.2.0 // indirect
github.com/muesli/mango v0.1.0 // indirect
github.com/muesli/mango-pflag v0.1.0 // indirect
github.com/multiformats/go-base32 v0.1.0 // indirect
github.com/multiformats/go-base36 v0.2.0 // indirect
github.com/multiformats/go-multibase v0.2.0 // indirect
github.com/multiformats/go-multihash v0.2.3 // indirect
github.com/multiformats/go-varint v0.0.7 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/onsi/gomega v1.31.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/opencontainers/runc v1.1.14 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
github.com/pkg/errors v0.9.1 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/polydawn/refmt v0.89.1-0.20221221234430-40501e09de1f // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/prometheus/client_golang v1.20.2 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.55.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#4672) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.1 to 0.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/charmbracelet/lipgloss/releases">github.com/charmbracelet/lipgloss's releases</a>.</em></p> <blockquote> <h2>v0.10.0</h2> <h1>String Transforms 💄</h1> <p>Lip Gloss <code>v0.10.0</code> features a brand new <code>Transform</code> function for Styles to alter strings at render time. As well as some bug fixes, like ANSI-aware table cell truncation. 🧹</p> <p>Simply define a <code>Transform</code> function as <code>func (string) string</code> and apply it to any style:</p> <pre lang="go"><code>// Example: s := NewStyle().Transform(strings.ToUpper) fmt.Println(s.Render(&quot;raow!&quot;) // &quot;RAOW!&quot; </code></pre> <p>Or, if you prefer:</p> <pre lang="go"><code>// Example: reverse := func(s string) string { n := 0 rune := make([]rune, len(s)) for _, r := range s { rune[n] = r n++ } rune = rune[0:n] for i := 0; i &lt; n/2; i++ { rune[i], rune[n-1-i] = rune[n-1-i], rune[i] } return string(rune) } <p>s := NewStyle().Transform(reverse) fmt.Println(s.Render(&quot;The quick brown 狐 jumped over the lazy 犬&quot;) // &quot;犬 yzal eht revo depmuj 狐 nworb kciuq ehT&quot;, </code></pre></p> <h2>What's Changed?</h2> <ul> <li>Corrected border shorthand functions explanation by <a href="https://github.com/ReidMason"><code>@​ReidMason</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/237">charmbracelet/lipgloss#237</a></li> <li>Align help by <a href="https://github.com/schmurfy"><code>@​schmurfy</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/239">charmbracelet/lipgloss#239</a></li> <li><code>Style.Transform</code> for altering strings at render time by <a href="https://github.com/meowgorithm"><code>@​meowgorithm</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/232">charmbracelet/lipgloss#232</a></li> <li>Adding right padding to empty string by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/253">charmbracelet/lipgloss#253</a></li> <li>Refactor padding functions by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/254">charmbracelet/lipgloss#254</a></li> <li>Fix truncate of table cells containing ANSI by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/256">charmbracelet/lipgloss#256</a></li> <li>Improve maximum width of characters in a string by <a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/257">charmbracelet/lipgloss#257</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ReidMason"><code>@​ReidMason</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/237">charmbracelet/lipgloss#237</a></li> <li><a href="https://github.com/schmurfy"><code>@​schmurfy</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/239">charmbracelet/lipgloss#239</a></li> <li><a href="https://github.com/mikelorant"><code>@​mikelorant</code></a> made their first contribution in <a href="https://redirect.github.com/charmbracelet/lipgloss/pull/253">charmbracelet/lipgloss#253</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/charmbracelet/lipgloss/commit/439c06fae64d2f53261b692fcfcbe464d8e18d89"><code>439c06f</code></a> docs(table): ANSI-aware cell example</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/652c37dd07489c7c484711c8e21f4b221f57d056"><code>652c37d</code></a> feat(deps): bump github.com/rivo/uniseg from 0.4.6 to 0.4.7 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/262">#262</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/8464a7c90b02905ea471be3bc20951dce981b3ff"><code>8464a7c</code></a> chore(deps): bump golangci/golangci-lint-action from 3 to 4 (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/259">#259</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/207eb25c9f720e48e2d46b5c2f213d07b2006052"><code>207eb25</code></a> Create CODEOWNERS</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/13584f26deeb5f6188fa1e80e43aa2ca04f297cb"><code>13584f2</code></a> chore: go mod tidy</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/bb7ffe226d40ba75dda2bf62dd5577af3c635b66"><code>bb7ffe2</code></a> fix(ci): update coverage workflow</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/2745d8a3d83029e649b21bf6bf26298b3c51ce3a"><code>2745d8a</code></a> Improve maximum width of characters in a string (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/257">#257</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/de4601232b791a1397d6c645904b001a311a5693"><code>de46012</code></a> Fix truncate of table cells containing ANSI (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/256">#256</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/92946d34c2342f6e061d72cf6bec57526c9da3d2"><code>92946d3</code></a> chore: refactor padding functions (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/254">#254</a>)</li> <li><a href="https://github.com/charmbracelet/lipgloss/commit/59874c2afabe9d8b65123ef2279ce4e61c113181"><code>59874c2</code></a> chore: apply gofumpt to all files (<a href="https://redirect.github.com/charmbracelet/lipgloss/issues/255">#255</a>)</li> <li>Additional commits viewable in <a href="https://github.com/charmbracelet/lipgloss/compare/v0.9.1...v0.10.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/lipgloss&package-manager=go_modules&previous-version=0.9.1&new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-08 18:39:53 +02:00
github.com/rivo/uniseg v0.4.7 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/sigstore/cosign/v2 v2.4.1 // indirect
github.com/sigstore/protobuf-specs v0.3.2 // indirect
github.com/sigstore/rekor v1.3.6 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
github.com/sigstore/sigstore v1.8.9 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/skeema/knownhosts v1.2.2 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.19.0 // indirect
feat(deps): bump github.com/google/ko from 0.14.1 to 0.15.0 (#4373) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>What's Changed</h2> <ul> <li>implement dumb cache for images by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1102">ko-build/ko#1102</a></li> <li>fixed typo in configuration.md by <a href="https://github.com/samlaf"><code>@​samlaf</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li>pkg/commands: fix dropped errors by <a href="https://github.com/alrs"><code>@​alrs</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li>ci: add govulncheck by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1110">ko-build/ko#1110</a></li> <li>chore: remove refs to deprecated io/ioutil by <a href="https://github.com/testwill"><code>@​testwill</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li>Update install docs to install ko using Scoop by <a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> <li>include go build output in build error by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1127">ko-build/ko#1127</a></li> <li>Use go1.21, clean up ci and drop go1.19 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1137">ko-build/ko#1137</a></li> <li>Update e2e.yaml by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1141">ko-build/ko#1141</a></li> <li>handle newfound lint errors by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1142">ko-build/ko#1142</a></li> <li>fix test broken by lint fix by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1143">ko-build/ko#1143</a></li> <li>Bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1136">ko-build/ko#1136</a></li> <li>fix env var for go env by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1140">ko-build/ko#1140</a></li> <li>docs: add docs for TF and Lambda by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1139">ko-build/ko#1139</a></li> <li>docs: add Lambda and TF pages to sidebar by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1144">ko-build/ko#1144</a></li> <li>include example using go packages by <a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1145">ko-build/ko#1145</a></li> <li>fix the release workflow and install instructions by <a href="https://github.com/developer-guy"><code>@​developer-guy</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1150">ko-build/ko#1150</a></li> <li>update missing places that was using go1.20 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1163">ko-build/ko#1163</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/samlaf"><code>@​samlaf</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1105">ko-build/ko#1105</a></li> <li><a href="https://github.com/alrs"><code>@​alrs</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1109">ko-build/ko#1109</a></li> <li><a href="https://github.com/testwill"><code>@​testwill</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1092">ko-build/ko#1092</a></li> <li><a href="https://github.com/pgrunm"><code>@​pgrunm</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1118">ko-build/ko#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0">https://github.com/ko-build/ko/compare/v0.14.1...v0.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/31035ad2026bfbafaa4f009baefe72463af1b3a7"><code>31035ad</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1164">#1164</a> from ko-build/dependabot/go_modules/golang.org/x/net...</li> <li><a href="https://github.com/ko-build/ko/commit/ba952fd091f9d27ee5c136e842b5e94dd715100c"><code>ba952fd</code></a> Bump golang.org/x/net from 0.16.0 to 0.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/277f5d74353950c8663fc04b7546f66e57bd6aaf"><code>277f5d7</code></a> update missing places that was using go1.20 (<a href="https://redirect.github.com/google/ko/issues/1163">#1163</a>)</li> <li><a href="https://github.com/ko-build/ko/commit/b8b3b21f8348d7cab863fe1b4eaa47dfc47632da"><code>b8b3b21</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1162">#1162</a> from ko-build/dependabot/go_modules/github.com/googl...</li> <li><a href="https://github.com/ko-build/ko/commit/4890ab2887b653d3c340de4d119bfd17b703f182"><code>4890ab2</code></a> Bump github.com/google/go-cmp from 0.5.9 to 0.6.0</li> <li><a href="https://github.com/ko-build/ko/commit/30b62aee3faf6866cee6513ea7eb13f5a27cd7ca"><code>30b62ae</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1161">#1161</a> from ko-build/dependabot/go_modules/github.com/spf13...</li> <li><a href="https://github.com/ko-build/ko/commit/449bcb61926cb3e3bcf191e8ca53fad5ab3a4e3c"><code>449bcb6</code></a> Bump github.com/spf13/viper from 1.16.0 to 1.17.0</li> <li><a href="https://github.com/ko-build/ko/commit/c543dd83cc75cd849fb95637ea29e3c7c66d6f87"><code>c543dd8</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1160">#1160</a> from ko-build/dependabot/go_modules/golang.org/x/too...</li> <li><a href="https://github.com/ko-build/ko/commit/c1ae5f5ce4fe058830f24827c853d4db39a95250"><code>c1ae5f5</code></a> Bump golang.org/x/tools from 0.13.0 to 0.14.0</li> <li><a href="https://github.com/ko-build/ko/commit/e50d2fd5ff0ec88ac837ffe6f6c2f122eb54b9f8"><code>e50d2fd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1159">#1159</a> from ko-build/dependabot/go_modules/golang.org/x/syn...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.14.1...v0.15.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.14.1&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 17:47:47 +02:00
github.com/subosito/gotenv v1.6.0 // indirect
github.com/theupdateframework/go-tuf v0.7.0 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
github.com/vbatts/tar-split v0.11.5 // indirect
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
github.com/wagoodman/go-progress v0.0.0-20220614130704-4b1c25a33c7c // indirect
github.com/whyrusleeping/cbor-gen v0.1.3-0.20240731173018-74d74643234c // indirect
github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
feat(deps): bump gocloud.dev from 0.27.0 to 0.28.0 (#3689) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.27.0 to 0.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.28.0</h2> <p><strong>BREAKING CHANGES</strong>:</p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK.</li> <li><strong>blob/azureblob</strong>: Updated to match recent breaking changes in the Azure packages (yes, again).</li> <li><strong>pubsub/awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>blob</strong></p> <ul> <li><strong>memblob</strong>: Fixed bug where use of <code>BeforeCopy</code> callback would drop the actual copying.</li> <li><strong>azureblob</strong>: Updated to match recent breaking changes in the Azure packages.</li> </ul> <p><strong>pubsub</strong></p> <ul> <li><strong>all</strong>: Simplified and improved batch sizing, should resolve issues with too-frequent polling in some situations.</li> <li><strong>azurepubsub</strong>: Made <code>ListenerTimeout</code> configurable.</li> <li><strong>gcppubsub</strong> and <strong>awssnssqs</strong>: Support lazy mode for <code>Nack</code> (where no explicit <code>Nack</code> is sent).</li> <li><strong>awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that it can be modified.</li> </ul> <p><strong>secrets</strong></p> <ul> <li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK. Use azidentity.NewDefaultAzureCredential.</li> </ul> <p><strong>sql</strong></p> <ul> <li><strong>gcp/cloudsql</strong>: Fixed IAM login.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-cloud/commit/24166090495b8e084a23aa7d11fcc81ec33e4729"><code>2416609</code></a> all: prep for v0.28.0 (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3207">#3207</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/13f46eb8065d5ea62b757f5f0f11a56f48faf7cc"><code>13f46eb</code></a> pubsub: simplify and improve batch sizing, especially for low message rates</li> <li><a href="https://github.com/google/go-cloud/commit/8f2c2b9a392a8e4a3d7a4942f88f3df607f8f6d0"><code>8f2c2b9</code></a> pubsub/memsub: Add Options for batching (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3205">#3205</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/fe0a3d75fe43c039258df25ebf102602526e3052"><code>fe0a3d7</code></a> pubsub/awssqs: Fix BeforeSend/As to enable changes to the sqs input message (...</li> <li><a href="https://github.com/google/go-cloud/commit/dfaf95af34dd9022a69a061028e0ceec98e9c670"><code>dfaf95a</code></a> secrets/azurekeyvault: Use azidentity.NewDefaultAzureCredential to support ot...</li> <li><a href="https://github.com/google/go-cloud/commit/1e26311532928f060c490a7fbf2be92b55ee12c4"><code>1e26311</code></a> blob: Remove some debug logging (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3197">#3197</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/43ed5a499864c08b7b6549ff7085f19634a1f02c"><code>43ed5a4</code></a> pubsub/gcppubsub: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3195">#3195</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/be80e70b3dcf7a6b86481881c7ac0b44a8095178"><code>be80e70</code></a> pubsub/awssnssqs: Support lazy mode for Nacks (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3194">#3194</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/7d690993a53cf8cc2e7af07872876d58601f1261"><code>7d69099</code></a> blob/azblob: Update to latest, and restore As for dirlist (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3191">#3191</a>)</li> <li><a href="https://github.com/google/go-cloud/commit/e942f3c339f0eb617ac4dbc7f37cc4e5920ee7cc"><code>e942f3c</code></a> blob/azblob: Restore As for List entry (<a href="https://github-redirect.dependabot.com/google/go-cloud/issues/3188">#3188</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-cloud/compare/v0.27.0...v0.28.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gocloud.dev&package-manager=go_modules&previous-version=0.27.0&new-version=0.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 14:09:51 +02:00
go.opencensus.io v0.24.0 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
go.opentelemetry.io/contrib/exporters/autoexport v0.54.0 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
go.opentelemetry.io/otel v1.29.0 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/prometheus v0.51.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.29.0 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
go.opentelemetry.io/otel/metric v1.29.0 // indirect
go.opentelemetry.io/otel/sdk v1.29.0 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
go.opentelemetry.io/otel/sdk/metric v1.29.0 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
go.opentelemetry.io/otel/trace v1.29.0 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
go.uber.org/atomic v1.11.0 // indirect
chore(deps): bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 (#5152) Bumps [go.uber.org/automaxprocs](https://github.com/uber-go/automaxprocs) from 1.5.3 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uber-go/automaxprocs/releases">go.uber.org/automaxprocs's releases</a>.</em></p> <blockquote> <h2>v1.6.0</h2> <ul> <li>Add RoundQuotaFunc option that allows configuration of rounding behavior for floating point CPU quota.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/uber-go/automaxprocs/blob/master/CHANGELOG.md">go.uber.org/automaxprocs's changelog</a>.</em></p> <blockquote> <h2>v1.6.0 (2024-07-24)</h2> <ul> <li>Add RoundQuotaFunc option that allows configuration of rounding behavior for floating point CPU quota.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/uber-go/automaxprocs/commit/1ea14c35ce47a73089b824e504d1c92eeb61a5a6"><code>1ea14c3</code></a> Release v1.6.0 (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/90">#90</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/144f5c188c7b80e280487f6d7e571c1717d73036"><code>144f5c1</code></a> Remove glide.yaml (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/89">#89</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/8553d3bb214968c2be2cf9052880164cdf4fc2f8"><code>8553d3b</code></a> Add option to round up CPU quota (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/79">#79</a>)</li> <li><a href="https://github.com/uber-go/automaxprocs/commit/c9adbb9be700880d75fad74117eda9cf3ea6211a"><code>c9adbb9</code></a> Use Go 1.21 (<a href="https://redirect.github.com/uber-go/automaxprocs/issues/82">#82</a>)</li> <li>See full diff in <a href="https://github.com/uber-go/automaxprocs/compare/v1.5.3...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=go.uber.org/automaxprocs&package-manager=go_modules&previous-version=1.5.3&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-24 15:55:47 +02:00
go.uber.org/automaxprocs v1.6.0
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
chore(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0 (#5264) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.26.0 to 0.27.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/4d2b19f26de18fb5fcfe5fa93e63cc44a98f1fcf"><code>4d2b19f</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/636867761e007eb34c5cf070be078f1f52e42052"><code>6368677</code></a> gopls/internal/golang: strength reduce ComputeImportFixEdits</li> <li><a href="https://github.com/golang/tools/commit/777f15531169c97bcdedd3657ca88c4f6a3df154"><code>777f155</code></a> gopls/internal/golang: show package attributes on hover</li> <li><a href="https://github.com/golang/tools/commit/8a0e08fb12a5dfb9ce62a770c69b3890114dafc9"><code>8a0e08f</code></a> gopls/doc: add missing doc link</li> <li><a href="https://github.com/golang/tools/commit/61415bee33fa1d798499691290df4eaf9e438c03"><code>61415be</code></a> gopls/internal/cache: guard against malformed paths in port.matches</li> <li><a href="https://github.com/golang/tools/commit/9a89d3a9850fd26cb9aee85127007257ea7ed951"><code>9a89d3a</code></a> internal/analysisinternal: avoid sub-token spans in TypeErrorEndPos</li> <li><a href="https://github.com/golang/tools/commit/1115af6fe6cfbcc9467f11ea249f1f25f6fb551e"><code>1115af6</code></a> internal/expect: support named arguments f(a, b, c=d, e=&quot;f&quot;)</li> <li><a href="https://github.com/golang/tools/commit/0b9e4998c4183c8162199d19632f38120a165c1b"><code>0b9e499</code></a> go/{expect,packages/packagestest}: mention the tag+delete proposal</li> <li><a href="https://github.com/golang/tools/commit/efcd2bdbd90a444d84eb8096da49c9c248a43233"><code>efcd2bd</code></a> internal/packagestest: fork go/packages/packagestest</li> <li><a href="https://github.com/golang/tools/commit/0e9ed3dc7ad85c9b9bfc03b5c956ea1334221e48"><code>0e9ed3d</code></a> go/packages: do not mutate Config</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.26.0...v0.27.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.26.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-11 10:34:30 +02:00
golang.org/x/mod v0.22.0 // indirect
golang.org/x/net v0.31.0 // indirect
chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#5261) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.29.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/6018723c74059e3b91c84268b212c2f6cdab1f64"><code>6018723</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/71ed71b4faf97caafd1863fed003e9ac311f10ee"><code>71ed71b</code></a> README: don't recommend go get</li> <li><a href="https://github.com/golang/crypto/commit/750a45fe5e473d5afa193e9088f3d135e64eca26"><code>750a45f</code></a> sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary</li> <li><a href="https://github.com/golang/crypto/commit/36b172546bd03a74c79e109ec84c599b672ea9e4"><code>36b1725</code></a> sha3: avoid trailing permutation</li> <li><a href="https://github.com/golang/crypto/commit/80ea76eb17c0c52f5d5d04e833d6aeb6b062d81d"><code>80ea76e</code></a> sha3: fix padding for long cSHAKE parameters</li> <li><a href="https://github.com/golang/crypto/commit/c17aa50fbd32393e5d52fa65ca51cbfff0a75aea"><code>c17aa50</code></a> sha3: avoid buffer copy</li> <li><a href="https://github.com/golang/crypto/commit/7cfb9161e8d828fd6d9f34560e78460435b63503"><code>7cfb916</code></a> ssh: return unexpected msg error when server fails keyboard-interactive auth ...</li> <li><a href="https://github.com/golang/crypto/commit/b61b08db44b86a0fb8510036a4655fc4a3d37cd3"><code>b61b08d</code></a> chacha20: extend ppc64le support to ppc64</li> <li><a href="https://github.com/golang/crypto/commit/6c2174895805a9c4273cf0052c9ff61ba3e75812"><code>6c21748</code></a> internal/poly1305: extend ppc64le support to ppc64</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.28.0...v0.29.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.28.0&new-version=0.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 11:18:33 +02:00
golang.org/x/sys v0.27.0 // indirect
golang.org/x/term v0.26.0 // indirect
golang.org/x/time v0.6.0 // indirect
golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
google.golang.org/api v0.197.0 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-beta.1 to 3.0.0-rc.1 (#5260) Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-beta.1 to 3.0.0-rc.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's releases</a>.</em></p> <blockquote> <h2>v3.0.0-rc.1</h2> <p>Welcome to the <code>v3.0.0-rc.1</code> release of registry!</p> <p>This is the the first <strong>release candidate</strong> of registry!</p> <p>See the changelog below for full list of changes.</p> <h3>Deprecated</h3> <ul> <li><code>ManifestBuilder</code> interface <a href="https://redirect.github.com/distribution/distribution/pull/3886">3886</a></li> <li><code>Versioned</code> in favor of <code>oci.Versioned</code> <a href="https://redirect.github.com/distribution/distribution/pull/3887">3887</a></li> </ul> <h3>Notable Changes</h3> <ul> <li>Attempt HeadObject on Stat call first before failing over to List in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4401">4401</a></li> <li>Use a consistent multipart chunk size in S3 driver <a href="https://redirect.github.com/distribution/distribution/pull/4424">4424</a></li> <li>Build artifacts and images for linux/riscv64 <a href="https://redirect.github.com/distribution/distribution/pull/4444">4444</a></li> <li>Fix token verification chain in auth <a href="https://redirect.github.com/distribution/distribution/pull/4415">4415</a></li> <li>Support custom exec-based credential helper in proxy mode <a href="https://redirect.github.com/distribution/distribution/pull/4438">distribution/distribution#4438</a></li> </ul> <h2>What's Changed</h2> <ul> <li>vendor: github.com/opencontainers/image-spec v1.1.0 by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3889">distribution/distribution#3889</a></li> <li>Descriptor: do not implement Describable interface by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3886">distribution/distribution#3886</a></li> <li>S3 driver: Attempt HeadObject on Stat first, fail over to List by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4401">distribution/distribution#4401</a></li> <li>manifest: slight cleanup of init / registration by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4403">distribution/distribution#4403</a></li> <li>ci:bump Go version by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4402">distribution/distribution#4402</a></li> <li>deprecate Versioned in favor of oci.Versioned by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/3887">distribution/distribution#3887</a></li> <li>fix logic for handling regionEndpoint by <a href="https://github.com/Ankurk99"><code>@​Ankurk99</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4341">distribution/distribution#4341</a></li> <li>fix nil pointer in s3 list api by <a href="https://github.com/jkroepke"><code>@​jkroepke</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4412">distribution/distribution#4412</a></li> <li>build(deps): bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4407">distribution/distribution#4407</a></li> <li>build(deps): bump docker/bake-action from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4410">distribution/distribution#4410</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4416">distribution/distribution#4416</a></li> <li>chore: fix typos returned in some errors by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4414">distribution/distribution#4414</a></li> <li>auth: fix token verification chain by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4415">distribution/distribution#4415</a></li> <li>build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4426">distribution/distribution#4426</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4422">distribution/distribution#4422</a></li> <li>build(deps): bump actions/configure-pages from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4409">distribution/distribution#4409</a></li> <li>fix: skip removing layer's link file when '--dry-run' option specified by <a href="https://github.com/microyahoo"><code>@​microyahoo</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4425">distribution/distribution#4425</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4428">distribution/distribution#4428</a></li> <li>Use <code>x.y.0</code> format for the go module version by <a href="https://github.com/ialidzhikov"><code>@​ialidzhikov</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4423">distribution/distribution#4423</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4430">distribution/distribution#4430</a></li> <li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4431">distribution/distribution#4431</a></li> <li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4434">distribution/distribution#4434</a></li> <li>chore: fix typo in rewrite storage middleware init by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4435">distribution/distribution#4435</a></li> <li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4441">distribution/distribution#4441</a></li> <li>Build artifacts and images for linux/riscv64 by <a href="https://github.com/macabu"><code>@​macabu</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4444">distribution/distribution#4444</a></li> <li>build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4446">distribution/distribution#4446</a></li> <li>chore: bump golangci-lint and fix govet issues by <a href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4454">distribution/distribution#4454</a></li> <li>Remove deprecated version field by <a href="https://github.com/tiborrr"><code>@​tiborrr</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4459">distribution/distribution#4459</a></li> <li>Add a note regarding redirects to pre-signed URLs by <a href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a href="https://redirect.github.com/distribution/distribution/pull/4466">distribution/distribution#4466</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/distribution/distribution/commit/3ddd142339615c1e13550f021af4eebf1172fa95"><code>3ddd142</code></a> Prep for v3-rc.1 release (<a href="https://redirect.github.com/distribution/distribution/issues/4502">#4502</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/4118c80a99071425b6ba3ee18d7cfaa3eebcc056"><code>4118c80</code></a> Prep for v3-rc.1 release</li> <li><a href="https://github.com/distribution/distribution/commit/d67b46a05be84764c249b5fc97b267bd2c3c9ec5"><code>d67b46a</code></a> Bump dependencies (<a href="https://redirect.github.com/distribution/distribution/issues/4498">#4498</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/f7236ab04105c876bf379ebd42f00edfd6e799f6"><code>f7236ab</code></a> feat: support custom exec-based credential helper in proxy mode (<a href="https://redirect.github.com/distribution/distribution/issues/4438">#4438</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/099201addeaebb8779dc3c547970e05fb093fb2a"><code>099201a</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...</li> <li><a href="https://github.com/distribution/distribution/commit/3ac2285631c4cf600dec74e8dac5d149e5d965e3"><code>3ac2285</code></a> Bump otel dependencies</li> <li><a href="https://github.com/distribution/distribution/commit/bd52394e81c60db7793c5d715d75d6c7688bfee3"><code>bd52394</code></a> Update lint.Dockerfile</li> <li><a href="https://github.com/distribution/distribution/commit/85e99bce34aa0b4d5a95c2e60e128e68995fcbef"><code>85e99bc</code></a> docs: update hugo and theme versions (<a href="https://redirect.github.com/distribution/distribution/issues/4499">#4499</a>)</li> <li><a href="https://github.com/distribution/distribution/commit/da2f24e2054605c89c353286f70bcc65d4626c52"><code>da2f24e</code></a> docs: update hugo and theme versions</li> <li><a href="https://github.com/distribution/distribution/commit/5ee5aaa058c53bf881327164c323eadca85d0766"><code>5ee5aaa</code></a> fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size</li> <li>Additional commits viewable in <a href="https://github.com/distribution/distribution/compare/v3.0.0-beta.1...v3.0.0-rc.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-beta.1&new-version=3.0.0-rc.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 10:34:16 +02:00
google.golang.org/grpc v1.66.2 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
lukechampine.com/blake3 v1.2.1 // indirect
chore(deps): bump github.com/google/ko from 0.16.0 to 0.17.1 (#5223) Bumps [github.com/google/ko](https://github.com/google/ko) from 0.16.0 to 0.17.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.17.1</h2> <h2>What's Changed</h2> <ul> <li>Remove cycle in release process by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1435">ko-build/ko#1435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1">https://github.com/ko-build/ko/compare/v0.17.0...v0.17.1</a></p> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>allow setting annotations by <a href="https://github.com/seankhliao"><code>@​seankhliao</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1426">ko-build/ko#1426</a></li> <li>Update recorder to lazy create file. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1379">ko-build/ko#1379</a></li> <li>Change OCI Layout publisher to lazy create layout after build. by <a href="https://github.com/jeffmendoza"><code>@​jeffmendoza</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1385">ko-build/ko#1385</a></li> <li>feat: add image user option by <a href="https://github.com/maxbrunet"><code>@​maxbrunet</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1266">ko-build/ko#1266</a></li> </ul> <h4>Other changes</h4> <ul> <li>update k8s for kind e2e tests by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1352">ko-build/ko#1352</a></li> <li>Bump github.com/docker/docker from 26.1.4+incompatible to 27.2.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1387">ko-build/ko#1387</a></li> <li>Bump golang.org/x/tools from 0.21.0 to 0.25.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1386">ko-build/ko#1386</a></li> <li>Bump reviewdog/action-misspell from 1.19.0 to 1.23.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1357">ko-build/ko#1357</a></li> <li>Bump github/codeql-action from 3.25.7 to 3.26.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1383">ko-build/ko#1383</a></li> <li>Bump imjasonh/setup-crane from 0.3 to 0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1335">ko-build/ko#1335</a></li> <li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1336">ko-build/ko#1336</a></li> <li>Bump github.com/google/go-containerregistry from 0.19.1 to 0.20.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1370">ko-build/ko#1370</a></li> <li>Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1341">ko-build/ko#1341</a></li> <li>Bump k8s.io/apimachinery from 0.30.1 to 0.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1374">ko-build/ko#1374</a></li> <li>Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1328">ko-build/ko#1328</a></li> <li>Bump ko-build/setup-ko from 0.6 to 0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1392">ko-build/ko#1392</a></li> <li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1390">ko-build/ko#1390</a></li> <li>Bump actions/setup-python from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1388">ko-build/ko#1388</a></li> <li>Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1389">ko-build/ko#1389</a></li> <li>Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1391">ko-build/ko#1391</a></li> <li>docs: kamaji is a ko adopter by <a href="https://github.com/prometherion"><code>@​prometherion</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1384">ko-build/ko#1384</a></li> <li>Bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1394">ko-build/ko#1394</a></li> <li>build with go1.23 and general housekeeping by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1396">ko-build/ko#1396</a></li> <li>Bump actions/upload-artifact from 4.3.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1397">ko-build/ko#1397</a></li> <li>Bump github/codeql-action from 3.26.6 to 3.26.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1399">ko-build/ko#1399</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1393">ko-build/ko#1393</a></li> <li>Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1398">ko-build/ko#1398</a></li> <li>Bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1402">ko-build/ko#1402</a></li> <li>Bump github/codeql-action from 3.26.7 to 3.26.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1401">ko-build/ko#1401</a></li> <li>Bump github.com/docker/docker from 27.3.0+incompatible to 27.3.1+incompatible by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1404">ko-build/ko#1404</a></li> <li>Bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1405">ko-build/ko#1405</a></li> <li>Bump github/codeql-action from 3.26.8 to 3.26.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1406">ko-build/ko#1406</a></li> <li>Bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1408">ko-build/ko#1408</a></li> <li>Bump github/codeql-action from 3.26.9 to 3.26.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1410">ko-build/ko#1410</a></li> <li>Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1411">ko-build/ko#1411</a></li> <li>Bump github/codeql-action from 3.26.10 to 3.26.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1414">ko-build/ko#1414</a></li> <li>Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1412">ko-build/ko#1412</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ko-build/ko/commit/fd1f25182dd0f916eaae4996bbad4618e8f3d567"><code>fd1f251</code></a> Remove cycle in release process</li> <li><a href="https://github.com/ko-build/ko/commit/ac22328979cdb74b20efd8e7fd8d749d2794e1b0"><code>ac22328</code></a> feat: add image user option</li> <li><a href="https://github.com/ko-build/ko/commit/6541f6e2170cb8597d405f0e4875711c208583f9"><code>6541f6e</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1421">#1421</a> from ko-build/dependabot/github_actions/actions/uplo...</li> <li><a href="https://github.com/ko-build/ko/commit/bfaef8b9bb8e1a2c37d61ddbf14beb570208d5aa"><code>bfaef8b</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1431">#1431</a> from ko-build/dependabot/github_actions/actions/chec...</li> <li><a href="https://github.com/ko-build/ko/commit/13b49554cd3a05fe9c708024b5f1b605246426c9"><code>13b4955</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1432">#1432</a> from ko-build/dependabot/go_modules/k8s.io/apimachin...</li> <li><a href="https://github.com/ko-build/ko/commit/37013283ec91829b831642fd06b2407e57419324"><code>3701328</code></a> Bump k8s.io/apimachinery from 0.31.1 to 0.31.2</li> <li><a href="https://github.com/ko-build/ko/commit/4e5d543714ffb46e5757b27e33999e137282b19d"><code>4e5d543</code></a> Bump actions/checkout from 4.2.1 to 4.2.2</li> <li><a href="https://github.com/ko-build/ko/commit/711779e82940e0d454830a0305bf19d0083011d9"><code>711779e</code></a> Document linux_capabilities in builds section</li> <li><a href="https://github.com/ko-build/ko/commit/4761e07a0d3cff5612b0d7b477e0fff4937e8101"><code>4761e07</code></a> Bump actions/upload-artifact from 4.4.2 to 4.4.3</li> <li><a href="https://github.com/ko-build/ko/commit/43baebd2d8c4e3f98219452566825c7847be6624"><code>43baebd</code></a> Merge pull request <a href="https://redirect.github.com/google/ko/issues/1429">#1429</a> from ko-build/dependabot/github_actions/github/codeq...</li> <li>Additional commits viewable in <a href="https://github.com/google/ko/compare/v0.16.0...v0.17.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.16.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 16:15:31 +02:00
sigs.k8s.io/kind v0.24.0 // indirect
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att &amp; sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/12cbf9ea177d22bbf5cf028bcb4712b5f174ebc6"><code>12cbf9e</code></a> add changelog for v2.2.1 release (<a href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/827f24e9d4a1f8e845cb1597d02053410f5bbe2a"><code>827f24e</code></a> feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8ac891ff0e29ddc67965423bee8f826219c6eb0f"><code>8ac891f</code></a> Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li><a href="https://github.com/sigstore/cosign/commit/8b366c497bd22b9be7742d057b8f59083dcadee0"><code>8b366c4</code></a> add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/23920de5623a505921ba4e62fa97e2553eff4699"><code>23920de</code></a> chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e022e1c13240d1ae5b3c408bc53e389154331713"><code>e022e1c</code></a> chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/28c59c5eca6386924cc8f381afe94efe1e957679"><code>28c59c5</code></a> add missing groups key (<a href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/8e5bdcc0ff39b8dc1b477251fef521601df76ec0"><code>8e5bdcc</code></a> chore(deps): bump github.com/google/certificate-transparency-go (<a href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/510cac4ef54274823599082e3a57a556ccd5c9e5"><code>510cac4</code></a> chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/063902b1d78fed7c12c9d9ce06248d36963e8169"><code>063902b</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/goreleaser/goreleaser/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-18 18:39:49 +02:00
sigs.k8s.io/yaml v1.4.0 // indirect
software.sslmate.com/src/go-pkcs12 v0.4.0 // indirect
)