Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.18.0 to 0.19.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="405cb3bdea"><code>405cb3b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="913d3ae741"><code>913d3ae</code></a>
x509roots/fallback: update bundle</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.18.0...v0.19.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.96.0 to 0.97.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="997404ba93"><code>997404b</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1872">#1872</a>
from johannges/main</li>
<li><a
href="cd614822bf"><code>cd61482</code></a>
Properly fix <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1744">#1744</a></li>
<li><a
href="b3aeb3b678"><code>b3aeb3b</code></a>
✨ Group-level CI/CD variables API: add description</li>
<li><a
href="def3c90df5"><code>def3c90</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1870">#1870</a>
from PatrickRice-KSC/add-restrict-pipeline-cancellat...</li>
<li><a
href="0342a41aaf"><code>0342a41</code></a>
Add support for the new ci_restrict_pipeline_cancellation_role attribute
to P...</li>
<li><a
href="0826177612"><code>0826177</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1869">#1869</a>
from PatrickRice-KSC/fix-path-encoding-for-protected...</li>
<li><a
href="88e8a9dca6"><code>88e8a9d</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1868">#1868</a>
from dfredell/main</li>
<li><a
href="0dfb7251a5"><code>0dfb725</code></a>
Fix an issue with environment names not being encoded</li>
<li><a
href="7af6bec41d"><code>7af6bec</code></a>
Use capital ID to follow go standards <a
href="https://go.dev/wiki/CodeReviewComments%5C">https://go.dev/wiki/CodeReviewComments\</a>...</li>
<li><a
href="68e79f23c2"><code>68e79f2</code></a>
Allow setting custom roles to users on projects</li>
<li>See full diff in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.96.0...v0.97.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.50.5 to 1.50.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.50.9 (2024-02-01)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/cognito-idp</code>: Updates service API and
documentation</li>
<li><code>service/ivs</code>: Updates service API, documentation, and
paginators</li>
<li><code>service/managedblockchain-query</code>: Updates service API
and documentation</li>
<li><code>service/mediaconvert</code>: Updates service API and
documentation
<ul>
<li>This release includes support for broadcast-mixed audio description
tracks.</li>
</ul>
</li>
</ul>
<h1>Release v1.50.8 (2024-01-31)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/cloudformation</code>: Updates service API,
documentation, paginators, and examples
<ul>
<li>CloudFormation IaC generator allows you to scan existing resources
in your account and select resources to generate a template for a new or
existing CloudFormation stack.</li>
</ul>
</li>
<li><code>service/elasticloadbalancingv2</code>: Updates service API and
documentation</li>
<li><code>service/glue</code>: Updates service API and documentation
<ul>
<li>Update page size limits for GetJobRuns and GetTriggers APIs.</li>
</ul>
</li>
<li><code>service/ssm</code>: Updates service API and documentation
<ul>
<li>This release adds an optional Duration parameter to StateManager
Associations. This allows customers to specify how long an
apply-only-on-cron association execution should run. Once the specified
Duration is out all the ongoing cancellable commands or automations are
cancelled.</li>
</ul>
</li>
</ul>
<h1>Release v1.50.7 (2024-01-30)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/datazone</code>: Updates service API and
documentation</li>
<li><code>service/route53</code>: Updates service documentation
<ul>
<li>Update the SDKs for text changes in the APIs.</li>
</ul>
</li>
</ul>
<h1>Release v1.50.6 (2024-01-29)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/autoscaling</code>: Updates service API and
documentation
<ul>
<li>EC2 Auto Scaling customers who use attribute based instance-type
selection can now intuitively define their Spot instances price
protection limit as a percentage of the lowest priced On-Demand instance
type.</li>
</ul>
</li>
<li><code>service/comprehend</code>: Updates service documentation</li>
<li><code>service/ec2</code>: Updates service API and documentation
<ul>
<li>EC2 Fleet customers who use attribute based instance-type selection
can now intuitively define their Spot instances price protection limit
as a percentage of the lowest priced On-Demand instance type.</li>
</ul>
</li>
<li><code>service/mwaa</code>: Updates service API and
documentation</li>
<li><code>service/rds</code>: Updates service API, documentation,
waiters, paginators, and examples
<ul>
<li>Introduced support for the InsufficientDBInstanceCapacityFault error
in the RDS RestoreDBClusterFromSnapshot and
RestoreDBClusterToPointInTime API methods. This provides enhanced error
handling, ensuring a more robust experience.</li>
</ul>
</li>
<li><code>service/snowball</code>: Updates service documentation
<ul>
<li>Modified description of createaddress to include direction to add
path when providing a JSON file.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3248e69e16"><code>3248e69</code></a>
Release v1.50.9 (2024-02-01) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5159">#5159</a>)</li>
<li><a
href="3e2c844a50"><code>3e2c844</code></a>
Release v1.50.8 (2024-01-31) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5158">#5158</a>)</li>
<li><a
href="87be112c47"><code>87be112</code></a>
Merge pull request <a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5155">#5155</a>
from kellertk/main</li>
<li><a
href="160195237e"><code>1601952</code></a>
Release v1.50.7 (2024-01-30) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5157">#5157</a>)</li>
<li><a
href="e8a5e0e401"><code>e8a5e0e</code></a>
Release v1.50.6 (2024-01-29) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5156">#5156</a>)</li>
<li><a
href="9adcf752a6"><code>9adcf75</code></a>
chore: relax stale issue timings</li>
<li><a
href="8eb22a1123"><code>8eb22a1</code></a>
chore: a more polite closed issue message</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.50.5...v1.50.9">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from
2.35.2 to 2.35.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.35.3</h2>
<h2>Changelog</h2>
<h3>Bug fixes</h3>
<ul>
<li>f8ccc9df94eb9a4c91c3a1c78d4759a65f156731: fix: file mode when type:
tree (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/779">#779</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>e1ebfdad10ef98fe6c9d424efe3f97d7b2322f04: fix: honor
SOURCE_DATE_EPOCH for files (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/775">#775</a>)
(<a href="https://github.com/osm"><code>@osm</code></a>)</li>
</ul>
<h3>Dependency updates</h3>
<ul>
<li>9c48b79596993dd653087f91861794b7da6267e6: feat(deps): bump
github.com/ProtonMail/go-crypto (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/771">#771</a>)
(<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li>
<li>d7a5dc79573e4bf5d65c3f00d9cac81736f12597: feat(deps): bump
github.com/cloudflare/circl from 1.3.3 to 1.3.7 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/765">#765</a>)
(<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li>
<li>fbc55c56be14ac5de4207becb98c908c615dee7e: feat(deps): bump
github.com/klauspost/compress from 1.17.4 to 1.17.5 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/774">#774</a>)
(<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li>
<li>9bb94d758ce739fc27c19bbe04bf1c1d33ce3fa9: fix(deps): update
go-rpmutils (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/764">#764</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>5ace4da2fd3162383a16218e2ef405dc2676bdfc: ci: update changelog (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Other work</h3>
<ul>
<li>cd6b94108561b9ef1b06e1db8bfe9e3b3f643253: docs: update cmd docs (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>672f8c6537228848062786d7ad2d2956f6808986: docs: update starchart url
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3">https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3</a></p>
<h2>Helping out</h2>
<p>This release is only possible thanks to <strong>all</strong> the
support of <strong>awesome people</strong>!</p>
<p>Want to be one of them?
You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a
href="https://goreleaser.com/contributing">contribute with code</a>.</p>
<h2>Where to go next?</h2>
<ul>
<li>nFPM is a satellite project from GoReleaser. <a
href="https://goreleaser.com">Check it out</a>!</li>
<li>Find examples and commented usage of all options in our <a
href="https://nfpm.goreleaser.com/">website</a>.</li>
<li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and
<a href="https://twitter.com/goreleaser">Twitter</a>!</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5ace4da2fd"><code>5ace4da</code></a>
ci: update changelog</li>
<li><a
href="f8ccc9df94"><code>f8ccc9d</code></a>
fix: file mode when type: tree (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/779">#779</a>)</li>
<li><a
href="48d1a19eb6"><code>48d1a19</code></a>
chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/778">#778</a>)</li>
<li><a
href="e1ebfdad10"><code>e1ebfda</code></a>
fix: honor SOURCE_DATE_EPOCH for files (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/775">#775</a>)</li>
<li><a
href="25f6f2b736"><code>25f6f2b</code></a>
chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/776">#776</a>)</li>
<li><a
href="fbc55c56be"><code>fbc55c5</code></a>
feat(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/774">#774</a>)</li>
<li><a
href="d83a672428"><code>d83a672</code></a>
chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/773">#773</a>)</li>
<li><a
href="995a27a6fb"><code>995a27a</code></a>
chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/772">#772</a>)</li>
<li><a
href="9c48b79596"><code>9c48b79</code></a>
feat(deps): bump github.com/ProtonMail/go-crypto (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/771">#771</a>)</li>
<li><a
href="e8832cc97b"><code>e8832cc</code></a>
chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/770">#770</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/goreleaser/nfpm/compare/v2.35.2...v2.35.3">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| github.com/goreleaser/nfpm/v2 | [>= 2.24.a, < 2.25] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once it's up-to-date and CI passes on it,
as requested by @caarlos0.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/opencontainers/runc](https://github.com/opencontainers/runc)
from 1.1.5 to 1.1.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/runc/releases">github.com/opencontainers/runc's
releases</a>.</em></p>
<blockquote>
<h2>runc 1.1.12 -- "Now you're thinking with Portals™!"</h2>
<p>This is the twelfth patch release in the 1.1.z release branch of
runc.
It fixes a high-severity container breakout vulnerability involving
leaked file descriptors, and users are strongly encouraged to update as
soon as possible.</p>
<ul>
<li>
<p>Fix <a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a>,
a container breakout attack that took advantage of
a file descriptor that was leaked internally within runc (but never
leaked to the container process).</p>
<p>In addition to fixing the leak, several strict hardening measures
were
added to ensure that future internal leaks could not be used to break
out in this manner again.</p>
<p>Based on our research, while no other container runtime had a similar
leak, none had any of the hardening steps we've introduced (and some
runtimes would not check for any file descriptors that a calling
process may have leaked to them, allowing for container breakouts due
to basic user error).</p>
</li>
</ul>
<h3>Static Linking Notices</h3>
<p>The <code>runc</code> binary distributed with this release are
<em>statically linked</em> with
the following <a
href="https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html">GNU
LGPL-2.1</a> licensed libraries, with <code>runc</code> acting
as a "work that uses the Library":</p>
<ul>
<li><a href="https://github.com/seccomp/libseccomp">libseccomp</a></li>
</ul>
<p>The versions of these libraries were not modified from their upstream
versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the
attached
runc source code) may be used to exercise your rights under the
LGPL-2.1.</p>
<p>However we strongly suggest that you make use of your distribution's
packages
or download them from the authoritative upstream sources, especially
since
these libraries are related to the security of your containers.</p>
<!-- raw HTML omitted -->
<p>Thanks to all of the contributors who made this release possible:</p>
<ul>
<li>Aleksa Sarai <a
href="mailto:cyphar@cyphar.com">cyphar@cyphar.com</a></li>
<li>hang.jiang <a
href="mailto:hang.jiang@daocloud.io">hang.jiang@daocloud.io</a></li>
<li>lfbzhm <a
href="mailto:lifubang@acmcoder.com">lifubang@acmcoder.com</a></li>
</ul>
<p>Signed-off-by: Aleksa Sarai <a
href="mailto:cyphar@cyphar.com">cyphar@cyphar.com</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md">github.com/opencontainers/runc's
changelog</a>.</em></p>
<blockquote>
<h2>[1.1.12] - 2024-01-31</h2>
<blockquote>
<p>Now you're thinking with Portals™!</p>
</blockquote>
<h3>Security</h3>
<ul>
<li>Fix <a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a>,
a container breakout attack that took
advantage of a file descriptor that was leaked internally within runc
(but
never leaked to the container process). In addition to fixing the leak,
several strict hardening measures were added to ensure that future
internal
leaks could not be used to break out in this manner again. Based on our
research, while no other container runtime had a similar leak, none had
any
of the hardening steps we've introduced (and some runtimes would not
check
for any file descriptors that a calling process may have leaked to them,
allowing for container breakouts due to basic user error).</li>
</ul>
<h2>[1.1.11] - 2024-01-01</h2>
<blockquote>
<p>Happy New Year!</p>
</blockquote>
<h3>Fixed</h3>
<ul>
<li>Fix several issues with userns path handling. (<a
href="https://redirect.github.com/opencontainers/runc/issues/4122">#4122</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/4124">#4124</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/4134">#4134</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/4144">#4144</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Support memory.peak and memory.swap.peak in cgroups v2.
Add <code>swapOnlyUsage</code> in <code>MemoryStats</code>. This field
reports swap-only usage.
For cgroupv1, <code>Usage</code> and <code>Failcnt</code> are set by
subtracting memory usage
from memory+swap usage. For cgroupv2, <code>Usage</code>,
<code>Limit</code>, and <code>MaxUsage</code>
are set. (<a
href="https://redirect.github.com/opencontainers/runc/issues/4000">#4000</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/4010">#4010</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/4131">#4131</a>)</li>
<li>build(deps): bump github.com/cyphar/filepath-securejoin. (<a
href="https://redirect.github.com/opencontainers/runc/issues/4140">#4140</a>)</li>
</ul>
<h2>[1.1.10] - 2023-10-31</h2>
<blockquote>
<p>Śruba, przykręcona we śnie, nie zmieni sytuacji, jaka panuje na
jawie.</p>
</blockquote>
<h3>Added</h3>
<ul>
<li>Support for <code>hugetlb.<pagesize>.rsvd</code> limiting and
accounting. Fixes the
issue of postres failing when hugepage limits are set. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3859">#3859</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/4077">#4077</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fixed permissions of a newly created directories to not depend on
the value
of umask in tmpcopyup feature implementation. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3991">#3991</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/4060">#4060</a>)</li>
<li>libcontainer: cgroup v1 GetStats now ignores missing
<code>kmem.limit_in_bytes</code>
(fixes the compatibility with Linux kernel 6.1+). (<a
href="https://redirect.github.com/opencontainers/runc/issues/4028">#4028</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="51d5e94601"><code>51d5e94</code></a>
VERSION: release 1.1.12</li>
<li><a
href="2a4ed3e75b"><code>2a4ed3e</code></a>
merge 1.1-ghsa-xr7r-f8xq-vfvv into release-1.1</li>
<li><a
href="e9665f4d60"><code>e9665f4</code></a>
init: don't special-case logrus fds</li>
<li><a
href="683ad2ff3b"><code>683ad2f</code></a>
libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init</li>
<li><a
href="b6633f48a8"><code>b6633f4</code></a>
cgroup: plug leaks of /sys/fs/cgroup handle</li>
<li><a
href="284ba3057e"><code>284ba30</code></a>
init: close internal fds before execve</li>
<li><a
href="fbe3eed1e5"><code>fbe3eed</code></a>
setns init: do explicit lookup of execve argument early</li>
<li><a
href="0994249a5e"><code>0994249</code></a>
init: verify after chdir that cwd is inside the container</li>
<li><a
href="506552a88b"><code>506552a</code></a>
Fix File to Close</li>
<li><a
href="099ff69336"><code>099ff69</code></a>
merge <a
href="https://redirect.github.com/opencontainers/runc/issues/4177">#4177</a>
into opencontainers/runc:release-1.1</li>
<li>Additional commits viewable in <a
href="https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/google/go-containerregistry](https://github.com/google/go-containerregistry)
from 0.18.0 to 0.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's
releases</a>.</em></p>
<blockquote>
<h2>v0.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Work around docker v25 tarballs by <a
href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a>
in <a
href="https://redirect.github.com/google/go-containerregistry/pull/1872">google/go-containerregistry#1872</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0">https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8dadbe76ff"><code>8dadbe7</code></a>
Work around docker v25 tarballs (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1872">#1872</a>)</li>
<li>See full diff in <a
href="https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.50.2 to 1.50.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.50.5 (2024-01-26)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/connect</code>: Updates service API</li>
<li><code>service/inspector2</code>: Updates service API and
documentation</li>
<li><code>service/sagemaker</code>: Updates service API and
documentation
<ul>
<li>Amazon SageMaker Automatic Model Tuning now provides an API to
programmatically delete tuning jobs.</li>
</ul>
</li>
</ul>
<h1>Release v1.50.4 (2024-01-25)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/acm-pca</code>: Updates service API, documentation,
and waiters</li>
<li><code>service/lightsail</code>: Updates service API and
documentation
<ul>
<li>This release adds support for IPv6-only instance plans.</li>
</ul>
</li>
</ul>
<h1>Release v1.50.3 (2024-01-24)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/ec2</code>: Updates service API and documentation
<ul>
<li>Introduced a new clientToken request parameter on CreateNetworkAcl
and CreateRouteTable APIs. The clientToken parameter allows idempotent
operations on the APIs.</li>
</ul>
</li>
<li><code>service/ecs</code>: Updates service documentation
<ul>
<li>Documentation updates for Amazon ECS.</li>
</ul>
</li>
<li><code>service/outposts</code>: Updates service API</li>
<li><code>service/rds</code>: Updates service API, documentation,
waiters, paginators, and examples
<ul>
<li>This release adds support for Aurora Limitless Database.</li>
</ul>
</li>
<li><code>service/storagegateway</code>: Updates service API and
documentation
<ul>
<li>Add DeprecationDate and SoftwareVersion to response of
ListGateways.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32e0058e28"><code>32e0058</code></a>
Release v1.50.5 (2024-01-26) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5154">#5154</a>)</li>
<li><a
href="d5e1369ac3"><code>d5e1369</code></a>
Release v1.50.4 (2024-01-25) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5152">#5152</a>)</li>
<li><a
href="15beed0ddd"><code>15beed0</code></a>
Release v1.50.3 (2024-01-24) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5151">#5151</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.50.2...v1.50.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.50.1 to 1.50.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.50.2 (2024-01-23)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/inspector2</code>: Updates service API, documentation,
and paginators</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8fd61086a3"><code>8fd6108</code></a>
Release v1.50.2 (2024-01-23) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5150">#5150</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.50.1...v1.50.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.50.0 to 1.50.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.50.1 (2024-01-22)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/appconfigdata</code>: Adds new service</li>
<li><code>service/cloud9</code>: Updates service documentation
<ul>
<li>Doc-only update around removing AL1 from list of available AMIs for
Cloud9</li>
</ul>
</li>
<li><code>service/connectcases</code>: Updates service API,
documentation, and paginators</li>
<li><code>service/ec2</code>: Updates service documentation
<ul>
<li>Documentation updates for Amazon EC2.</li>
</ul>
</li>
<li><code>service/ecs</code>: Updates service API and documentation
<ul>
<li>This release adds support for Transport Layer Security (TLS) and
Configurable Timeout to ECS Service Connect. TLS facilitates privacy and
data security for inter-service communications, while Configurable
Timeout allows customized per-request timeout and idle timeout for
Service Connect services.</li>
</ul>
</li>
<li><code>service/finspace</code>: Updates service API</li>
<li><code>service/organizations</code>: Updates service documentation
<ul>
<li>Doc only update for quota increase change</li>
</ul>
</li>
<li><code>service/rds</code>: Updates service API, documentation,
waiters, paginators, and examples
<ul>
<li>Introduced support for the InsufficientDBInstanceCapacityFault error
in the RDS CreateDBCluster API method. This provides enhanced error
handling, ensuring a more robust experience when creating database
clusters with insufficient instance capacity.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a91b4e6eea"><code>a91b4e6</code></a>
Release v1.50.1 (2024-01-22) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5149">#5149</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.50.0...v1.50.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.49.24 to 1.50.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.50.0 (2024-01-19)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/athena</code>: Updates service API and documentation
<ul>
<li>Introducing new NotebookS3LocationUri parameter to Athena
ImportNotebook API. Payload is no longer required and either Payload or
NotebookS3LocationUri needs to be provided (not both) for a successful
ImportNotebook API call. If both are provided, an
InvalidRequestException will be thrown.</li>
</ul>
</li>
<li><code>service/codebuild</code>: Updates service API, documentation,
and paginators
<ul>
<li>Release CodeBuild Reserved Capacity feature</li>
</ul>
</li>
<li><code>service/dynamodb</code>: Updates service API, documentation,
waiters, paginators, and examples
<ul>
<li>This release adds support for including
ApproximateCreationDateTimePrecision configurations in
EnableKinesisStreamingDestination API, adds the same as an optional
field in the response of DescribeKinesisStreamingDestination, and adds
support for a new UpdateKinesisStreamingDestination API.</li>
</ul>
</li>
<li><code>service/qconnect</code>: Updates service API</li>
</ul>
<h3>SDK Features</h3>
<ul>
<li><code>service/cloudfrontkeyvaluestore</code>: Deprecate
cloudfrontkeyvaluestore
<ul>
<li>This change removes the cloudfrontkeyvaluestore service, since it
does not support sigv4a.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="63e7f600c2"><code>63e7f60</code></a>
Release v1.50.0 (2024-01-19) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5147">#5147</a>)</li>
<li><a
href="f55d9b1149"><code>f55d9b1</code></a>
Remove cloudfrontkeyvaluestore (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5146">#5146</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.49.24...v1.50.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.49.22 to 1.49.23.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.49.23 (2024-01-17)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/dynamodb</code>: Updates service API, documentation,
waiters, paginators, and examples
<ul>
<li>Updating note for enabling streams for UpdateTable.</li>
</ul>
</li>
<li><code>service/keyspaces</code>: Updates service API and
documentation</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d264d16096"><code>d264d16</code></a>
Release v1.49.23 (2024-01-17) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5144">#5144</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.49.22...v1.49.23">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.95.2 to 0.96.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="63caa488c1"><code>63caa48</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1866">#1866</a>
from cenkalti/notes</li>
<li><a
href="42426a3f2b"><code>42426a3</code></a>
Try to follow order in the docs</li>
<li><a
href="4bbd9e29e1"><code>4bbd9e2</code></a>
add missing fields in Note struct</li>
<li><a
href="57c03d9cba"><code>57c03d9</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1863">#1863</a>
from TheCodear/feat/update-project-variables</li>
<li><a
href="28f5cd4ed8"><code>28f5cd4</code></a>
Fix test after reodering</li>
<li><a
href="c3f82c2c7a"><code>c3f82c2</code></a>
format source code</li>
<li><a
href="80a3897b5a"><code>80a3897</code></a>
update project variables client with description field</li>
<li><a
href="4e7fdb74c0"><code>4e7fdb7</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1864">#1864</a>
from xuxiaowei-com-cn/project_level_variables/descri...</li>
<li><a
href="8e7e14bedd"><code>8e7e14b</code></a>
Update ordering</li>
<li><a
href="1256139f16"><code>1256139</code></a>
✨ Project-level CI/CD variables API: add description</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.95.2...v0.96.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)
from 1.49.21 to 1.49.22.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go/releases">github.com/aws/aws-sdk-go's
releases</a>.</em></p>
<blockquote>
<h1>Release v1.49.22 (2024-01-16)</h1>
<h3>Service Client Updates</h3>
<ul>
<li><code>service/iot</code>: Updates service API
<ul>
<li>Revert release of LogTargetTypes</li>
</ul>
</li>
<li><code>service/iotfleetwise</code>: Updates service API and
documentation</li>
<li><code>service/macie2</code>: Updates service API and
documentation</li>
<li><code>service/payment-cryptography</code>: Updates service API and
documentation</li>
<li><code>service/personalize</code>: Updates service documentation</li>
<li><code>service/personalize-runtime</code>: Updates service
documentation</li>
<li><code>service/rekognition</code>: Updates service API and
documentation
<ul>
<li>This release adds ContentType and TaxonomyLevel attributes to
DetectModerationLabels and GetMediaAnalysisJob API responses.</li>
</ul>
</li>
<li><code>service/securityhub</code>: Updates service documentation</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d9a3e6a5dd"><code>d9a3e6a</code></a>
Release v1.49.22 (2024-01-16) (<a
href="https://redirect.github.com/aws/aws-sdk-go/issues/5143">#5143</a>)</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go/compare/v1.49.21...v1.49.22">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.35.0 to
0.36.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-cloud/releases">gocloud.dev's
releases</a>.</em></p>
<blockquote>
<h2>v0.36.0</h2>
<p><strong>blob</strong></p>
<ul>
<li><strong>all</strong>: Allow disabling of <code>ContentType</code>
auto-detection during writes.</li>
</ul>
<p><strong>pubsub</strong></p>
<ul>
<li><strong>azuresb</strong>: Added a new auth method to support Service
principal/kubelet identity/Workload identity auth methods.</li>
</ul>
<p><strong>docstore</strong></p>
<ul>
<li><strong>all</strong>: Add in/not-in operators for Query.</li>
<li><strong>gcpfirestore</strong>: Added a missing resource header when
running query.</li>
</ul>
<p><strong>mysql</strong></p>
<ul>
<li>Pass TLS config directly to MySQL's config</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="01064b751a"><code>01064b7</code></a>
all: prerelease</li>
<li><a
href="92114ef433"><code>92114ef</code></a>
mysql: pass TLS config directly to MySQL's config (<a
href="https://redirect.github.com/google/go-cloud/issues/3348">#3348</a>)</li>
<li><a
href="97fe9d0425"><code>97fe9d0</code></a>
docstore/all: Add in/not-in operators for Query</li>
<li><a
href="4fe95eea2d"><code>4fe95ee</code></a>
blob/all: Allow disabling of ContentType auto-detection during writes
(<a
href="https://redirect.github.com/google/go-cloud/issues/3371">#3371</a>)</li>
<li><a
href="1dbbbb3e64"><code>1dbbbb3</code></a>
pubsub/azuresb: minor comments and fixes (<a
href="https://redirect.github.com/google/go-cloud/issues/3370">#3370</a>)</li>
<li><a
href="2090984208"><code>2090984</code></a>
all: update golang.org/x/crypto (<a
href="https://redirect.github.com/google/go-cloud/issues/3369">#3369</a>)</li>
<li><a
href="ddc7b99101"><code>ddc7b99</code></a>
pubsub/azuresb: new auth method to support Service principal/kubelet
identit...</li>
<li><a
href="c770de8217"><code>c770de8</code></a>
docstore/gcpfirestore: Add missing resource header when running
query</li>
<li><a
href="e86400ea40"><code>e86400e</code></a>
pubsub/awssnssqs: Remove hack for broken AWS error codes now that
they've fix...</li>
<li><a
href="8c8f558aff"><code>8c8f558</code></a>
all: postrelease (<a
href="https://redirect.github.com/google/go-cloud/issues/3351">#3351</a>)</li>
<li>See full diff in <a
href="https://github.com/google/go-cloud/compare/v0.35.0...v0.36.0">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| gocloud.dev | [>= 0.25.a, < 0.26] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.5.0 to
0.6.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="59c1ca1e46"><code>59c1ca1</code></a>
errgroup: add reference to sync.WaitGroup</li>
<li>See full diff in <a
href="https://github.com/golang/sync/compare/v0.5.0...v0.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps code.gitea.io/sdk/gitea from 0.17.0 to 0.17.1.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from
2.35.1 to 2.35.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.35.2</h2>
<h2>Changelog</h2>
<h3>Security updates</h3>
<ul>
<li>440588e9d22bbb413014921baea0b81be3048769: sec(deps): bump
github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/759">#759</a>)
(<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>beb0f7314e098689ee29cd957134107ad535f85e: fix: properly handle files
owned by fs (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/760">#760</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>e15b21b0fba2f098ac7292a89126079ecf3e58fc: build: add packagers shell
to flake.nix (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>19f03e44c39065d55675c04c794c1668801e1f06: build: fix flake (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>a117582d8c23e97635bf55502f9a7eef8c3e35ba: build: use nix flake (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/761">#761</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Other work</h3>
<ul>
<li>37b28fd4a368a94e4e285bdabbd3c1641f28cff4: ci: release for ppc64le
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>2b60d2191cef2110a15f62095eb7a909c78f7970: docs: update cmd docs (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>c6f2eb7008f081ef5e1e448083dfbaeacd604c77: docs: validate jsonschema
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/nfpm/compare/v2.35.1...v2.35.2">https://github.com/goreleaser/nfpm/compare/v2.35.1...v2.35.2</a></p>
<h2>Helping out</h2>
<p>This release is only possible thanks to <strong>all</strong> the
support of <strong>awesome people</strong>!</p>
<p>Want to be one of them?
You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a
href="https://goreleaser.com/contributing">contribute with code</a>.</p>
<h2>Where to go next?</h2>
<ul>
<li>nFPM is a satellite project from GoReleaser. <a
href="https://goreleaser.com">Check it out</a>!</li>
<li>Find examples and commented usage of all options in our <a
href="https://nfpm.goreleaser.com/">website</a>.</li>
<li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and
<a href="https://twitter.com/goreleaser">Twitter</a>!</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="19f03e44c3"><code>19f03e4</code></a>
build: fix flake</li>
<li><a
href="beb0f7314e"><code>beb0f73</code></a>
fix: properly handle files owned by fs (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/760">#760</a>)</li>
<li><a
href="37b28fd4a3"><code>37b28fd</code></a>
ci: release for ppc64le</li>
<li><a
href="fcd64f5959"><code>fcd64f5</code></a>
chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/762">#762</a>)</li>
<li><a
href="e15b21b0fb"><code>e15b21b</code></a>
build: add packagers shell to flake.nix</li>
<li><a
href="b744dfbd5b"><code>b744dfb</code></a>
chore: add .editorconfig</li>
<li><a
href="c6f2eb7008"><code>c6f2eb7</code></a>
docs: validate jsonschema</li>
<li><a
href="a117582d8c"><code>a117582</code></a>
build: use nix flake (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/761">#761</a>)</li>
<li><a
href="440588e9d2"><code>440588e</code></a>
sec(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/759">#759</a>)</li>
<li><a
href="2b60d2191c"><code>2b60d21</code></a>
docs: update cmd docs</li>
<li>See full diff in <a
href="https://github.com/goreleaser/nfpm/compare/v2.35.1...v2.35.2">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| github.com/goreleaser/nfpm/v2 | [>= 2.24.a, < 2.25] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/google/uuid](https://github.com/google/uuid) from
1.4.0 to 1.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/uuid/releases">github.com/google/uuid's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.0</h2>
<h2><a
href="https://github.com/google/uuid/compare/v1.4.0...v1.5.0">1.5.0</a>
(2023-12-12)</h2>
<h3>Features</h3>
<ul>
<li>Validate UUID without creating new UUID (<a
href="https://redirect.github.com/google/uuid/issues/141">#141</a>) (<a
href="9ee7366e66">9ee7366</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/google/uuid/blob/master/CHANGELOG.md">github.com/google/uuid's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/google/uuid/compare/v1.4.0...v1.5.0">1.5.0</a>
(2023-12-12)</h2>
<h3>Features</h3>
<ul>
<li>Validate UUID without creating new UUID (<a
href="https://redirect.github.com/google/uuid/issues/141">#141</a>) (<a
href="9ee7366e66">9ee7366</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d47f8eb06"><code>4d47f8e</code></a>
chore(master): release 1.5.0 (<a
href="https://redirect.github.com/google/uuid/issues/145">#145</a>)</li>
<li><a
href="9ee7366e66"><code>9ee7366</code></a>
feat: Validate UUID without creating new UUID (<a
href="https://redirect.github.com/google/uuid/issues/141">#141</a>)</li>
<li><a
href="b35aa6a595"><code>b35aa6a</code></a>
add uuid version 6 and 7 (<a
href="https://redirect.github.com/google/uuid/issues/139">#139</a>)</li>
<li>See full diff in <a
href="https://github.com/google/uuid/compare/v1.4.0...v1.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.16.0
to 0.16.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2acb2e697b"><code>2acb2e6</code></a>
gopls/internal/test/marker: minor clean up of marker test doc</li>
<li><a
href="28b92af286"><code>28b92af</code></a>
internal/typeparams: eliminate remainining compatibility shims</li>
<li><a
href="ee35f8ea92"><code>ee35f8e</code></a>
gopls/internal/lsp/source: hovering over broken packages is not an
error</li>
<li><a
href="67611a11a1"><code>67611a1</code></a>
internal/typeparams: eliminate type aliases</li>
<li><a
href="23c86e8ed6"><code>23c86e8</code></a>
internal/typeparams: delete const Enabled=true and simplify</li>
<li><a
href="e46688f413"><code>e46688f</code></a>
gopls/internal/analysis/fillstruct: don't panic with invalid fields</li>
<li><a
href="8bd7553f7c"><code>8bd7553</code></a>
gopls/internal/util/goversion: warn about EOL for Go 1.18</li>
<li><a
href="bc9cd159c5"><code>bc9cd15</code></a>
gopls/internal/settings: remove MemoryMode option</li>
<li><a
href="bbc30f1f81"><code>bbc30f1</code></a>
gopls/protocol: Allow AnnotatedTextEdits</li>
<li><a
href="f40889dc8b"><code>f40889d</code></a>
gopls/internal/analysis/stubmethods: fix OOB panic in fromValueSpec</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.16.0...v0.16.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.95.1 to 0.95.2.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e69c57e317"><code>e69c57e</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1854">#1854</a>
from HebertCL/chore/fix_settings_update_typo</li>
<li><a
href="873225b89b"><code>873225b</code></a>
Small typo fix</li>
<li>See full diff in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.95.1...v0.95.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.34.0 to
0.35.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-cloud/releases">gocloud.dev's
releases</a>.</em></p>
<blockquote>
<h2>v0.35.0</h2>
<p><strong>BREAKING CHANGES</strong></p>
<p>This release updates the dependency on AWS/S3, which included some
breaking changes; see <a
href="https://redirect.github.com/google/go-cloud/pull/3342">google/go-cloud#3342</a>
for details.</p>
<p><strong>blob</strong></p>
<ul>
<li><em>gcsblob</em>: Fix unauthenticated requests.</li>
</ul>
<p><strong>runtimevar</strong></p>
<ul>
<li><em>constantvar</em>: Add support for reading the constant variable
value from the environment.</li>
</ul>
<p><strong>docstore</strong></p>
<ul>
<li><em>gcpfilestore</em>: Add support for non-default databases.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="27e0bca95d"><code>27e0bca</code></a>
all: prep for release (<a
href="https://redirect.github.com/google/go-cloud/issues/3350">#3350</a>)</li>
<li><a
href="53ccd8db26"><code>53ccd8d</code></a>
all: update deps, including a breaking S3 change (<a
href="https://redirect.github.com/google/go-cloud/issues/3342">#3342</a>)</li>
<li><a
href="fa413a39cd"><code>fa413a3</code></a>
docstore/gcpfilestore: add support for non-default databases. (<a
href="https://redirect.github.com/google/go-cloud/issues/3345">#3345</a>)</li>
<li><a
href="c04000b964"><code>c04000b</code></a>
secrets/hashivault: Update go-jose per dependabot (<a
href="https://redirect.github.com/google/go-cloud/issues/3346">#3346</a>)</li>
<li><a
href="6d5d289081"><code>6d5d289</code></a>
pubsub/natspubsub: upgrade a dependency (<a
href="https://redirect.github.com/google/go-cloud/issues/3336">#3336</a>)</li>
<li><a
href="375e097193"><code>375e097</code></a>
pubsub/natspubsub: Update dependency (<a
href="https://redirect.github.com/google/go-cloud/issues/3331">#3331</a>)</li>
<li><a
href="35ac324ff7"><code>35ac324</code></a>
all: update dependencies (<a
href="https://redirect.github.com/google/go-cloud/issues/3329">#3329</a>)</li>
<li><a
href="4a18be0f4a"><code>4a18be0</code></a>
secrets/awskms: update the example for the AWS ARN use case (<a
href="https://redirect.github.com/google/go-cloud/issues/3320">#3320</a>)</li>
<li><a
href="486d484a8f"><code>486d484</code></a>
kafkapubsub: rename dependency Shopify/sarama to IBM/sarama (<a
href="https://redirect.github.com/google/go-cloud/issues/3319">#3319</a>)</li>
<li><a
href="db7e808e31"><code>db7e808</code></a>
runtimevar/constantvar: Add support for reading the constantvar from an
envir...</li>
<li>Additional commits viewable in <a
href="https://github.com/google/go-cloud/compare/v0.34.0...v0.35.0">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| gocloud.dev | [>= 0.25.a, < 0.26] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.94.0 to 0.95.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9463f2eb23"><code>9463f2e</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1853">#1853</a>
from xanzy/fix/labels</li>
<li><a
href="e8b85a2984"><code>e8b85a2</code></a>
Fix renaming <code>Labels</code> to <code>LabelOptions</code></li>
<li><a
href="c26aaf25a1"><code>c26aaf2</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1851">#1851</a>
from giuliohome/master</li>
<li><a
href="62bfc4a3f6"><code>62bfc4a</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1849">#1849</a>
from inputvalidation/force-stop-environment</li>
<li><a
href="f3442204d3"><code>f344220</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1848">#1848</a>
from mycrEEpy/service-user</li>
<li><a
href="151995e6e9"><code>151995e</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1847">#1847</a>
from liuhaogui/v0.94.1</li>
<li><a
href="d97e90570a"><code>d97e905</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1846">#1846</a>
from eranor/feat/add-group-milestone-delete-method</li>
<li><a
href="d3e39bd6bc"><code>d3e39bd</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1845">#1845</a>
from puskunalis/puskunalis/add-unidiff</li>
<li><a
href="0cb04be365"><code>0cb04be</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1831">#1831</a>
from ysmilda/main</li>
<li><a
href="a49cd36f2b"><code>a49cd36</code></a>
Make it backwards compatible for now</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.94.0...v0.95.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps code.gitea.io/sdk/gitea from 0.16.0 to 0.17.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.15.0
to 0.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a9ef4cfeac"><code>a9ef4cf</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="d9b9452656"><code>d9b9452</code></a>
gopls/internal/lsp/cache: move quick-fix bundling logic to the cache
pkg</li>
<li><a
href="1733061d5f"><code>1733061</code></a>
go/analysis/passes/testinggoroutine: report by enclosing regions</li>
<li><a
href="b19be0fa71"><code>b19be0f</code></a>
gopls/internal/cmd/help_test.go: document</li>
<li><a
href="daa4aa59ed"><code>daa4aa5</code></a>
gopls/internal/lsp/source: stubmethods: fix out-of-bounds index</li>
<li><a
href="a586d0db84"><code>a586d0d</code></a>
go/types/internal/play: show more types.Scope detail</li>
<li><a
href="53ad329bd9"><code>53ad329</code></a>
gopls/internal/lsp/source: move edit logic into the protocol
package</li>
<li><a
href="3c677e3f7d"><code>3c677e3</code></a>
gopls/internal/lsp/cache: move SuggestedFixFromCommand into cache</li>
<li><a
href="ab6af7d4bb"><code>ab6af7d</code></a>
gopls/internal/lsp/source: extract InDir to a new pathutil package</li>
<li><a
href="e7d61d9d57"><code>e7d61d9</code></a>
gopls/internal/lsp/cache: simplify named error values</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.15.0...v0.16.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.14.0 to 0.15.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e9ec9323d"><code>6e9ec93</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.14.0...v0.15.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.16.12 to 0.17.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c4ffb0537d"><code>c4ffb05</code></a>
fix checking timeouts when calculating permissions</li>
<li><a
href="7e8c825d82"><code>7e8c825</code></a>
Address Discord having shitty API design</li>
<li><a
href="c9a23642bd"><code>c9a2364</code></a>
Add new expressions and events permissions (<a
href="https://redirect.github.com/disgoorg/disgo/issues/292">#292</a>)</li>
<li><a
href="f19739c45e"><code>f19739c</code></a>
update dependencies</li>
<li><a
href="0c2c0328fa"><code>0c2c032</code></a>
migrate to slog & go 1.21 (<a
href="https://redirect.github.com/disgoorg/disgo/issues/294">#294</a>)</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.16.12...v0.17.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.0
to 0.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/ko/releases">github.com/google/ko's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't AppendDescriptor until we've written config by <a
href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/1175">ko-build/ko#1175</a></li>
<li>Add more locking around on-disk image cache by <a
href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/1176">ko-build/ko#1176</a></li>
<li>Fix "AM" Time Typo by <a
href="https://github.com/StephenGrider"><code>@StephenGrider</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/1179">ko-build/ko#1179</a></li>
<li>docs: add MacPorts install info by <a
href="https://github.com/herbygillot"><code>@herbygillot</code></a> in
<a
href="https://redirect.github.com/ko-build/ko/pull/1180">ko-build/ko#1180</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/StephenGrider"><code>@StephenGrider</code></a>
made their first contribution in <a
href="https://redirect.github.com/ko-build/ko/pull/1179">ko-build/ko#1179</a></li>
<li><a
href="https://github.com/herbygillot"><code>@herbygillot</code></a>
made their first contribution in <a
href="https://redirect.github.com/ko-build/ko/pull/1180">ko-build/ko#1180</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ko-build/ko/compare/v0.15.0...v0.15.1">https://github.com/ko-build/ko/compare/v0.15.0...v0.15.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2e9e58b187"><code>2e9e58b</code></a>
Bump k8s.io/apimachinery from 0.28.3 to 0.28.4</li>
<li><a
href="84d3803370"><code>84d3803</code></a>
Merge pull request <a
href="https://redirect.github.com/google/ko/issues/1177">#1177</a> from
ko-build/dependabot/go_modules/github.com/sigst...</li>
<li><a
href="512ca9c0fb"><code>512ca9c</code></a>
Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1</li>
<li><a
href="4aceae1ddf"><code>4aceae1</code></a>
update test</li>
<li><a
href="a271b54fe5"><code>a271b54</code></a>
Bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1</li>
<li><a
href="cfc13deeb6"><code>cfc13de</code></a>
Bump golang.org/x/tools from 0.14.0 to 0.15.0</li>
<li><a
href="59038b983f"><code>59038b9</code></a>
Merge pull request <a
href="https://redirect.github.com/google/ko/issues/1180">#1180</a> from
herbygillot/patch-1</li>
<li><a
href="63cd511412"><code>63cd511</code></a>
docs: add MacPorts install info</li>
<li><a
href="f1f5fb3afb"><code>f1f5fb3</code></a>
Update community.md (<a
href="https://redirect.github.com/google/ko/issues/1179">#1179</a>)</li>
<li><a
href="c92ea35f27"><code>c92ea35</code></a>
Merge pull request <a
href="https://redirect.github.com/google/ko/issues/1178">#1178</a> from
ko-build/dependabot/github_actions/sigstore/cos...</li>
<li>Additional commits viewable in <a
href="https://github.com/google/ko/compare/v0.15.0...v0.15.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.93.2 to 0.94.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="793bc3cdf5"><code>793bc3c</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1829">#1829</a>
from mauamy/feat/add-member-roles</li>
<li><a
href="99ab72b8c2"><code>99ab72b</code></a>
Make the code match the rest of the package</li>
<li><a
href="ec84ef5626"><code>ec84ef5</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1788">#1788</a>
from mycrEEpy/update-go</li>
<li><a
href="664c0acc48"><code>664c0ac</code></a>
Simplify the Ptr func</li>
<li><a
href="2bf8cd2ee2"><code>2bf8cd2</code></a>
update deprecation docs</li>
<li><a
href="ce857a2572"><code>ce857a2</code></a>
update readme examples</li>
<li><a
href="a2fd184003"><code>a2fd184</code></a>
update minimum go version to 1.19; add Ptr function to use generics for
alloc...</li>
<li><a
href="5a3d963c32"><code>5a3d963</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1827">#1827</a>
from pwlandoll/feat/815-keyset-pagination</li>
<li><a
href="5bd3fc74a9"><code>5bd3fc7</code></a>
Small tweaks, nothing exiting :)</li>
<li><a
href="d906aaa47a"><code>d906aaa</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1834">#1834</a>
from ppeble/pipelines-add-name-field</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.93.2...v0.94.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.16.11 to 0.16.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's
releases</a>.</em></p>
<blockquote>
<h2>v0.16.12</h2>
<h2>What's Changed</h2>
<ul>
<li>Update subscription objects to match the docs by <a
href="https://github.com/mlnrDev"><code>@mlnrDev</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/322">disgoorg/disgo#322</a></li>
<li>Fix problem with oauth2 endpoints by <a
href="https://github.com/topi314"><code>@topi314</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/323">disgoorg/disgo#323</a></li>
<li>Fix incorrect expiration in oauth sessions by <a
href="https://github.com/topi314"><code>@topi314</code></a> in <a
href="c50b92ff0a</a></li>
<li>Fix missnamed creator json tag in emoji by <a
href="https://github.com/topi314"><code>@topi314</code></a> in <a
href="0162c707df</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/disgoorg/disgo/compare/v0.16.11...v0.16.12">https://github.com/disgoorg/disgo/compare/v0.16.11...v0.16.12</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0162c707df"><code>0162c70</code></a>
fix missnamed creator json tag in emoji</li>
<li><a
href="631c26135b"><code>631c261</code></a>
fix problem with oauth2 endpoints (<a
href="https://redirect.github.com/disgoorg/disgo/issues/323">#323</a>)</li>
<li><a
href="c50b92ff0a"><code>c50b92f</code></a>
fix incorrect expiration in oauth sessions</li>
<li><a
href="5a9ed6695b"><code>5a9ed66</code></a>
Update subscription objects to match the docs (<a
href="https://redirect.github.com/disgoorg/disgo/issues/322">#322</a>)</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.16.11...v0.16.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.13.0 to 0.14.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e067960af8"><code>e067960</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="4c91c17b32"><code>4c91c17</code></a>
google: adds header to security considerations section</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.13.0...v0.14.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]
Carlos Alexandro Becker