chore(deps): bump the common group with 4 updates

[dependabot]

Bumps the common group with 4 updates: github.com/aws-cloudformation/rain, github.com/hashicorp/hcl/v2, github.com/owenrumney/squealer and github.com/stretchr/testify.

Updates github.com/aws-cloudformation/rain from 1.16.1 to 1.19.0

Release notes

Sourced from github.com/aws-cloudformation/rain's releases.

v1.19.0

What's Changed

• Fix Import should be ImportValue by @​ericzbeard in aws-cloudformation/rain#574
• Allow overriding the expected bucket owner by @​ericzbeard in aws-cloudformation/rain#576
• Add s3 bucket params to stackset command by @​ericzbeard in aws-cloudformation/rain#578
• Fix bugs in Constants and Sub processing by @​ericzbeard in aws-cloudformation/rain#577
• Version bump to v1.19.0 by @​ericzbeard in aws-cloudformation/rain#579

Full Changelog: aws-cloudformation/rain@v1.18.0...v1.19.0

v1.18.0

This release addresses a security issue that would allow an attacker to predict the name of the rain asset bucket and create it before a user issues a rain pkg command, which uploads assets such as Lambda function code to the bucket. This would give the attacker full access to the contents uploaded by Rain, since they own the bucket. This release adds the ExpectedBucketOwner argument to S3 calls, which causes an Access Denied error if the bucket does not belong to the same account. Additionally, this release adds the s3-bucket argument to the rain bootstrap command, which allows users to create an asset bucket with a user-supplied name, which will be stored in SSM Parameter Store with the key rain-bucket for reference by future Rain commands. We recommend that users upgrade to v1.18.0, and verify that the expected rain asset bucket exists within their own account. Users who do not use the pkg or deploy commands are not affected by this issue. Users who supply the optional s3-bucket argument to those commands are not affected if the bucket they specify is in their account.

What's Changed

• When merging templates with Outputs, replace Imports that reference Exported Names by @​ericzbeard in aws-cloudformation/rain#565
• Add expected bucket owner checks to s3 operations by @​ericzbeard in aws-cloudformation/rain#566

Full Changelog: aws-cloudformation/rain@v1.17.0...v1.18.0

v1.17.0

What's Changed

• Make including nested stacks in a change set optional by @​ericzbeard in aws-cloudformation/rain#550
• Add constant values to a CloudFormation template by @​ericzbeard in aws-cloudformation/rain#557
• Convert web app sample to Pkl by @​ericzbeard in aws-cloudformation/rain#556
• Release 1.17.0 by @​ericzbeard in aws-cloudformation/rain#563

Full Changelog: aws-cloudformation/rain@v1.16.1...v1.17.0

Commits

• efb944c Merge pull request #579 from ericzbeard/v-1-19-0
• de297fa Version bump
• 7cbaaab Merge pull request #577 from ericzbeard/fix-572
• d6fcc5d Merge pull request #578 from ericzbeard/fix-528
• 6fd9379 Add s3 bucket params to stackset command
• 3c3912c Merge pull request #576 from ericzbeard/fix-573
• baf9606 Remove debug from test
• 2a3eeec Fix bugs in Constants an Sub processing
• ec89c77 Allow overriding the expected bucket owner
• f7b0612 Merge pull request #574 from ericzbeard/fixmerge
• Additional commits viewable in compare view

Updates github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0

Release notes

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.23.0

What's Changed

• Preserve marks when traversing unknown values by @​jbardin in hashicorp/hcl#699
• Better control of marks through conditional and for expressions by @​jbardin in hashicorp/hcl#710

Full Changelog: hashicorp/hcl@v2.22.0...v2.23.0

Changelog

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.23.0 (November 15, 2024)

Bugs Fixed

• Preserve marks when traversing through unknown values. (#699)
• Retain marks through conditional and for expressions. (#710)

Commits

• 56a9aee Merge pull request #710 from hashicorp/jbardin/marked-conditions
• b48ba6e pass marks through unknown ForExpr values
• bbfec2d pass all marks through conditional expressions
• d20d07f github: Pin action refs to latest trusted by TSCCR (#700)
• 3883feb docs(ext/dynblock): recursive function call typo in detecting variables (#686)
• 2eb163f Merge pull request #701 from hashicorp/d/fix-typo
• 65971e8 docs: use 'by' instead of 'prior to'
• 1dfc778 docs: fix typo
• 78fe993 Merge pull request #699 from hashicorp/jbardin/marked-traversals
• e2f43f4 Preserve marks when traversing unknown values
• See full diff in compare view

Updates github.com/owenrumney/squealer from 1.2.4 to 1.2.5

Release notes

Sourced from github.com/owenrumney/squealer's releases.

v1.2.5

What's Changed

• chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 by @​dependabot in owenrumney/squealer#122
• chore(deps): bump alpine from 3.20.2 to 3.20.3 by @​dependabot in owenrumney/squealer#121
• chore: use os.MkdirTemp instead of ioutil.TempDir by @​atombrella in owenrumney/squealer#123

New Contributors

• @​atombrella made their first contribution in owenrumney/squealer#123

Full Changelog: owenrumney/squealer@v1.2.4...v1.2.5

Commits

• 07378a3 chore: use os.MkdirTemp instead of ioutil.TempDir (#123)
• d542ff9 chore(deps): bump alpine from 3.20.2 to 3.20.3 (#121)
• 8e508d2 chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#122)
• See full diff in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

• Add PanicAssertionFunc by @​fahimbagar in stretchr/testify#1337
• assert: deprecate CompareType by @​dolmen in stretchr/testify#1566
• assert: make YAML dependency pluggable via build tags by @​dolmen in stretchr/testify#1579
• assert: new assertion NotElementsMatch by @​hendrywiranto in stretchr/testify#1600
• mock: in order mock calls by @​ReyOrtiz in stretchr/testify#1637
• Add assertion for NotErrorAs by @​palsivertsen in stretchr/testify#1129
• Record Return Arguments of a Call by @​jayd3e in stretchr/testify#1636
• assert.EqualExportedValues: accepts everything by @​redachl in stretchr/testify#1586

Fixes

• assert: make tHelper a type alias by @​dolmen in stretchr/testify#1562
• Do not get argument again unnecessarily in Arguments.Error() by @​TomWright in stretchr/testify#820
• Fix time.Time compare by @​myxo in stretchr/testify#1582
• assert.Regexp: handle []byte array properly by @​kevinburkesegment in stretchr/testify#1587
• assert: collect.FailNow() should not panic by @​marshall-lee in stretchr/testify#1481
• mock: simplify implementation of FunctionalOptions by @​dolmen in stretchr/testify#1571
• mock: caller information for unexpected method call by @​spirin in stretchr/testify#1644
• suite: fix test failures by @​stevenh in stretchr/testify#1421
• Fix issue #1662 (comparing infs should fail) by @​ybrustin in stretchr/testify#1663
• NotSame should fail if args are not pointers #1661 by @​sikehish in stretchr/testify#1664
• Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI by @​sikehish in stretchr/testify#1667
• fix: compare functional option names for indirect calls by @​arjun-1 in stretchr/testify#1626

Documantation, Build & CI

• .gitignore: ignore "go test -c" binaries by @​dolmen in stretchr/testify#1565
• mock: improve doc by @​dolmen in stretchr/testify#1570
• mock: fix FunctionalOptions docs by @​snirye in stretchr/testify#1433
• README: link out to the excellent testifylint by @​brackendawson in stretchr/testify#1568
• assert: fix typo in comment by @​JohnEndson in stretchr/testify#1580
• Correct the EventuallyWithT and EventuallyWithTf example by @​JonCrowther in stretchr/testify#1588
• CI: bump softprops/action-gh-release from 1 to 2 by @​dependabot in stretchr/testify#1575
• mock: document more alternatives to deprecated AnythingOfTypeArgument by @​dolmen in stretchr/testify#1569
• assert: Correctly document EqualValues behavior by @​brackendawson in stretchr/testify#1593
• fix: grammar in godoc by @​miparnisari in stretchr/testify#1607
• .github/workflows: Run tests for Go 1.22 by @​HaraldNordgren in stretchr/testify#1629
• Document suite's lack of support for t.Parallel by @​brackendawson in stretchr/testify#1645
• assert: fix typos in comments by @​alexandear in stretchr/testify#1650
• mock: fix doc comment for NotBefore by @​alexandear in stretchr/testify#1651
• Generate better comments for require package by @​Neokil in stretchr/testify#1610
• README: replace Testify V2 notice with @​dolmen's V2 manifesto by @​hendrywiranto in stretchr/testify#1518

New Contributors

• @​fahimbagar made their first contribution in stretchr/testify#1337
• @​TomWright made their first contribution in stretchr/testify#820
• @​snirye made their first contribution in stretchr/testify#1433
• @​myxo made their first contribution in stretchr/testify#1582
• @​JohnEndson made their first contribution in stretchr/testify#1580

... (truncated)

Commits

• 89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
• 07bac60 Merge pull request #1667 from sikehish/flaky
• 716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
• 118fb83 NotSame should fail if args are not pointers #1661 (#1664)
• 7d99b2b attempt 2
• 05f87c0 more similar
• ea7129e better fmt
• a1b9c9e Merge pull request #1663 from ybrustin/master
• 8302de9 Merge branch 'master' into master
• 89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions