Skip to content
This repository has been archived by the owner on Nov 28, 2024. It is now read-only.

build(deps): bump the go group across 1 directory with 30 updates #230

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 11, 2024

Bumps the go group with 12 updates in the / directory:

Package From To
github.com/containers/image/v5 5.23.0 5.32.1
github.com/fluxcd/flux2/v2 2.0.0-rc.3 2.3.0
github.com/gabriel-vasile/mimetype 1.4.3 1.4.5
github.com/mandelsoft/vfs 0.0.0-20230713123140-269aa4fb1338 0.4.3
github.com/open-component-model/git-controller 0.9.0 0.12.1
github.com/open-component-model/mpas-project-controller 0.4.0 0.6.1
github.com/open-component-model/ocm-e2e-framework 0.7.0 0.9.1
github.com/open-component-model/replication-controller 0.11.0 0.13.1
github.com/oras-project/oras-credentials-go 0.2.0 0.4.0
github.com/spf13/cobra 1.8.0 1.8.1
sigs.k8s.io/cli-utils 0.35.0 0.37.2
sigs.k8s.io/e2e-framework 0.2.0 0.4.0

Updates github.com/containers/image/v5 from 5.23.0 to 5.32.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.32.1

What's Changed

Full Changelog: containers/image@v5.32.0...v5.32.1

v5.29.5

What's Changed

Full Changelog: containers/image@v5.29.4...v5.29.5

v5.32.0

What's Changed

... (truncated)

Commits
  • 1064a5a Release 5.32.1
  • c7233ee Merge remote-tracking branch 'upstream/main' into HEAD
  • 5af61e0 Bump to 5.32.1-dev
  • 8c7c58c Merge pull request #2487 from mtrmac/chunked-bic2
  • 3d38dae Detect zstd:chunked format in source blobs
  • ac2ca25 Allow dockerImageDestination to reuse zstd:chunked blobs
  • 243b49d Extend private.ReusedBlob to allow zstd:chunked reuses
  • 76af27c Record the specific variant, and TOC annotations, for blobs we compress
  • f9d27e8 Add digest -> specific variant, annotation data to BIC
  • 5dcb348 Fix a comment
  • Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.3.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.1

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai [email protected]

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from [libpathrs][1] and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

  • OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

  • Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.1] - 2024-07-23

Changed

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Fixed

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

[0.3.0] - 2024-07-11

Added

  • A new set of *os.File-based APIs have been added. These are adapted from [libpathrs][] and we strongly suggest using them if possible (as they provide far more protection against attacks than SecureJoin):

    • Open(at)InRoot resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the handle returned is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- [see open(2) for more details][open.2])

    • Reopen takes an O_PATH file handle and safely re-opens it to upgrade it to a regular handle. This can also be used with non-O_PATH handles, but O_PATH is the most obvious application.

    • MkdirAll is an implementation of os.MkdirAll that is safe to use to

... (truncated)

Commits
  • ce7b28a VERSION: release v0.3.1
  • a2c14f8 CHANGELOG: add readlinkat(fd, "") shout-out
  • 4ea279f merge #22 into cyphar/filepath-securejoin:main
  • 16e1bec CHANGELOG: add initial changelog with current history
  • 2404ffb merge #21 into cyphar/filepath-securejoin:main
  • f29b7a4 lookup: handle // and trailing slash components correctly
  • ecd61ca merge #19 into cyphar/filepath-securejoin:main
  • 38b1220 procfs: refactor statx mnt_id logic
  • 45c4415 procfs: use readlink(fd, "") for magic-links
  • edab538 merge #17 into cyphar/filepath-securejoin:main
  • Additional commits viewable in compare view

Updates github.com/fatih/color from 1.15.0 to 1.16.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.16.0

What's Changed

Dependency updates

New Contributors

Full Changelog: fatih/color@v1.15.0...v1.16.0

Commits
  • 0f9779e Merge pull request #213 from fatih/dependabot/go_modules/golang.org/x/sys-0.14.0
  • 0c78604 Bump golang.org/x/sys from 0.13.0 to 0.14.0
  • 96e0f73 Merge pull request #208 from fatih/dependabot/github_actions/actions/checkout-4
  • 4c66e32 Bump actions/checkout from 3 to 4
  • 2fb03d6 Merge pull request #202 from fatih/dependabot/github_actions/actions/setup-go-4
  • 8ba7bbd Bump actions/setup-go from 3 to 4
  • e3f97f3 Merge pull request #209 from fatih/dependabot/go_modules/golang.org/x/sys-0.13.0
  • e146575 Bump golang.org/x/sys from 0.10.0 to 0.13.0
  • d2d7a5e Merge pull request #212 from fatih/dependabot/go_modules/github.com/mattn/go-...
  • f3e45da Merge branch 'main' into dependabot/go_modules/github.com/mattn/go-isatty-0.0.20
  • Additional commits viewable in compare view

Updates github.com/fluxcd/flux2/v2 from 2.0.0-rc.3 to 2.3.0

Release notes

Sourced from github.com/fluxcd/flux2/v2's releases.

v2.3.0

Highlights

Flux v2.3.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.3 GA blog post.

This release marks the General Availability (GA) of Flux Helm features and APIs, including helm-controller, the HelmRelease, HelmChart, and HelmRepository APIs.

The HelmRepository v2 API comes with new features, such as the ability to reference Helm charts from OCIRepository sources, reuse existing HelmChart resources, and verify the integrity of Helm chart artifacts signed with Notary Notation.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.28 >= 1.28.0
v1.29 >= 1.29.0
v1.30 >= 1.30.0

[!NOTE] Note that the Flux project offers support only for the latest three minor versions of Kubernetes. Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as ControlPlane that provide enterprise support for Flux.

API changes

HelmRelease v2

The HelmRelease kind was promoted from v2beta2 to v2 (GA).

The v2 API is backwards compatible with v2beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

  • .spec.chart.spec.valuesFile replaced by .spec.chart.spec.valuesFiles.
  • .spec.postRenderers.kustomize.patchesJson6902 replaced by .spec.postRenderers.kustomize.patches.
  • .spec.postRenderers.kustomize.patchesStrategicMerge replaced by .spec.postRenderers.kustomize.patches.
  • .status.lastAppliedRevision replaced by .status.history.chartVersion.

New fields:

  • .spec.chartRef allows referencing chart artifacts from OCIRepository and HelmChart objects.
  • .spec.chart.spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.

HelmChart v1

... (truncated)

Commits
  • 896e0fa Merge pull request #4785 from fluxcd/dependabot/github_actions/ci-f6abfb4cf0
  • 8d75df8 build(deps): bump the ci group with 3 updates
  • dd7ef7d Merge pull request #4766 from fluxcd/reconcile-hr-with-chartref
  • 5feee5c Add support for creating HR with .spec.ChartRef
  • 0d0285a Enable reconciling HelmReleases with ChartRef
  • 86b3581 Merge pull request #4783 from fluxcd/conformance-tests
  • 32804f6 ci: Consolidate conformance tests
  • 070fa0f Merge pull request #4781 from fluxcd/drop-kubernetes-eol
  • 9ef9464 Update kubectl to 1.30.0 in flux-cli image
  • d8e6199 Set Kubernetes 1.28 as min required version
  • Additional commits viewable in compare view

Updates github.com/fluxcd/go-git-providers from 0.18.1-0.20230706132206-211750e8915d to 0.20.1

Release notes

Sourced from github.com/fluxcd/go-git-providers's releases.

v0.20.1

CHANGELOG

  • PR #271 Update go-github to v61

v0.20.0

CHANGELOG

  • PR #270 Update dependencies to Go 1.22
  • PR #266 build(deps): bump the ci group with 2 updates
  • PR #265 Update Soule BA Affiliation
  • PR #263 Change Max's affiliation to Associmates
  • PR #262 Change Stefan Prodan's affiliation to ControlPlane

v0.19.3

CHANGELOG

  • PR #261 Adapt workflows
  • PR #260 build(deps): bump the ci group with 2 updates
  • PR #259 Updating dependencies and fix go-git CVE
  • PR #257 changing Soule info
  • PR #256 github: fix defer in for loop

v0.19.2

CHANGELOG

  • PR #254 Updating dependencies
  • PR #253 build(deps): bump the ci group with 1 update

v0.19.1

CHANGELOG

  • PR #252 build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0

v0.19.0

CHANGELOG

  • PR #250 Validate user ref when creating user repository
  • PR #249 updating go and dependencies versions
  • PR #248 build(deps): bump the ci group with 1 update
  • PR #247 build(deps): bump the ci group with 2 updates
  • PR #246 build(deps): bump the ci group with 1 update
  • PR #244 build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3
  • PR #243 build(deps): bump the ci group with 1 update
  • PR #242 ci: Group dependabot updates
  • PR #241 build(deps): bump actions/checkout from 3.5.3 to 3.6.0
  • PR #240 build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
  • PR #238 Pin GitLab version in e2e tests
  • PR #237 fix panic when gitea commit object contains nil pointers
Commits

Updates github.com/fluxcd/kustomize-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.3.0
  • ghcr.io/fluxcd/kustomize-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.2

Changelog

v1.2.2 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.2.2
  • ghcr.io/fluxcd/kustomize-controller:v1.2.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.1

Changelog

v1.2.1 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.2.1
  • ghcr.io/fluxcd/kustomize-controller:v1.2.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.3.0

Release date: 2024-05-06

This minor release comes with new features, improvements and bug fixes.

The controller has been updated to Kustomize v5.4, please see the kubernetes-sigs/kustomize changelog for more details.

The Flux Kustomization API gains two optional fields .spec.namePrefix and .spec.nameSuffix that can be used to specify a prefix and suffix to be added to the names of all managed resources.

The controller now supports the --feature-gates=StrictPostBuildSubstitutions=true flag, when enabled the post-build substitutions will fail if a variable without a default value is declared in files but is missing from the input vars.

When using variable substitution with values that are numbers or booleans, it is now possible to covert the values to strings, for more details see the post-build documentation.

In addition, the controller dependencies have been updated to Kubernetes v1.30 and controller-runtime v0.18. Various other dependencies have also been updated to their latest version to patch upstream CVEs.

Lastly, the controller is now built with Go 1.22.

Improvements:

  • Implement name prefix/suffix transformers #1134
  • Add StrictPostBuildSubstitutions feature flag #1130
  • Document how to use numbers and booleans in post build substitutions #1129
  • Remove deprecated aad pod identity from API docs #1152
  • api: Refer condition type constants from fluxcd/pkg/apis #1144
  • Update dependencies to Kustomize v5.4.0 #1128
  • Various dependency updates #1155 #1121 #1139 #1122

Fixes:

  • Fix requeue warning introduced by controller-runtime

... (truncated)

Commits
  • 83fbfee Merge pull request #1157 from fluxcd/release-v1.3.0
  • 458d7e2 Release v1.3.0
  • 4a02b3f Add changelog entry for v1.3.0
  • 882f6a7 Merge pull request #1154 from fluxcd/dependabot/github_actions/ci-b23e0286c6
  • dfcd4ed Merge pull request #1155 from fluxcd/source-controller-1.3.0
  • e81120a build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
  • 780954f Update source-controller API to v1.3.0
  • 99792de Merge pull request #1152 from dipti-pai/remove-deprecated-aad-podidentity-ref
  • fc663de Remove references aad pod identity
  • f0f9b03 Merge pull request #1149 from fluxcd/dependabot/github_actions/ci-cfa2b75493
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.5.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/git from 0.11.0 to 0.19.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/git/gogit from 0.8.1 to 0.19.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/kustomize from 1.3.4 to 1.11.0

Commits
  • 3790516 Merge pull request #767 from fluxcd/up-internal-deps
  • 37ea30c Update internal dependencies
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/ssa from 0.28.2 to 0.39.1

Commits
  • adcfcbe Merge pull request #769 from fluxcd/controller-runtime-v0.18.1
  • 0e74a82 Update runtime pkg docs
  • b329d92 Update dependencies to controller-runtime v0.18.1
  • d0bf8ed Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb
  • 14f05d7 build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group
  • 3790516 Merge pull request #767 from fluxcd/up-internal-deps
  • 37ea30c Update internal dependencies
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.3.0
  • ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

v1.2.5 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.2.5
  • ghcr.io/fluxcd/source-controller:v1.2.5

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.4

Changelog

v1.2.4 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.2.4
  • ghcr.io/fluxcd/source-controller:v1.2.4

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.3

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.3.0

Release date: 2024-05-03

This minor release promotes the Helm APIs to GA, and comes with new features, improvements and bug fixes.

HelmRepository

The HelmRepository API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

For HelmRepository of type oci, the .spec.insecure field allows connecting over HTTP to an insecure non-TLS container registry.

To upgrade from v1beta2, after deploying the new CRD and controller, set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain HelmRepository definitions. Bumping the API version in manifests can be done gradually. It is advised not to delay this procedure as the beta versions will be removed after 6 months.

HelmChart

The HelmChart API have been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2, with the exception of the removal of the deprecated field .spec.valuesFile which was replaced with spec.valuesFiles.

The HelmChart API was extended with support for Notation signature verification of Helm OCI charts.

A new optional field .spec.ignoreMissingValuesFiles has been added, which allows the controller to ignore missing values files rather than failing to reconcile the HelmChart.

OCIRepository

The OCIRepository API was extended with support for Notation signature verification of OCI artifacts.

A new optional field .spec.ref.semverFilter has been added, which allows the controller to filter the tags based on regular expressions before applying the semver range. This allows picking the latest release candidate instead of the latest stable release.

In addition, the controller has been updated to Kubernetes v1.30.0, Helm v3.14.4, and various other dependencies to their latest version to patch upstream CVEs.

... (truncated)

Commits
  • a80a99b Merge pull request #1472 from fluxcd/release-v1.3.0
  • 70901f8 Release v1.3.0
  • 05ab8b1 Add changelog entry for v1.3.0
  • c9bf167 Merge pull request #1298 from fluxcd/phony-build
  • cc3d495 ci: Print controller logs after e2e run
  • 0bd5b95 Rename make target build to manager
  • edccfe9 Merge pull request #1470 from fluxcd/dependabot/github_actions/ci-b23e0286c6
  • 9ce2d61 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
  • 16eeeef Merge pull request #1469 from fluxcd/dependabot/go_modules/go-deps-4411c5bc33
  • 8598b8d build(deps): bump google.golang.org/api
  • Additional commits viewable in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.5

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.5

What's Changed

  • json: imp...

    Description has been truncated

Bumps the go group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/containers/image/v5](https://github.com/containers/image) | `5.23.0` | `5.32.1` |
| [github.com/fluxcd/flux2/v2](https://github.com/fluxcd/flux2) | `2.0.0-rc.3` | `2.3.0` |
| [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) | `1.4.3` | `1.4.5` |
| [github.com/mandelsoft/vfs](https://github.com/mandelsoft/vfs) | `0.0.0-20230713123140-269aa4fb1338` | `0.4.3` |
| [github.com/open-component-model/git-controller](https://github.com/open-component-model/git-controller) | `0.9.0` | `0.12.1` |
| [github.com/open-component-model/mpas-project-controller](https://github.com/open-component-model/mpas-project-controller) | `0.4.0` | `0.6.1` |
| [github.com/open-component-model/ocm-e2e-framework](https://github.com/open-component-model/ocm-e2e-framework) | `0.7.0` | `0.9.1` |
| [github.com/open-component-model/replication-controller](https://github.com/open-component-model/replication-controller) | `0.11.0` | `0.13.1` |
| [github.com/oras-project/oras-credentials-go](https://github.com/oras-project/oras-credentials-go) | `0.2.0` | `0.4.0` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.0` | `1.8.1` |
| [sigs.k8s.io/cli-utils](https://github.com/kubernetes-sigs/cli-utils) | `0.35.0` | `0.37.2` |
| [sigs.k8s.io/e2e-framework](https://github.com/kubernetes-sigs/e2e-framework) | `0.2.0` | `0.4.0` |



Updates `github.com/containers/image/v5` from 5.23.0 to 5.32.1
- [Release notes](https://github.com/containers/image/releases)
- [Commits](containers/image@v5.23.0...v5.32.1)

Updates `github.com/cyphar/filepath-securejoin` from 0.2.4 to 0.3.1
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.2.4...v0.3.1)

Updates `github.com/fatih/color` from 1.15.0 to 1.16.0
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](fatih/color@v1.15.0...v1.16.0)

Updates `github.com/fluxcd/flux2/v2` from 2.0.0-rc.3 to 2.3.0
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)
- [Commits](fluxcd/flux2@v2.0.0-rc.3...v2.3.0)

Updates `github.com/fluxcd/go-git-providers` from 0.18.1-0.20230706132206-211750e8915d to 0.20.1
- [Release notes](https://github.com/fluxcd/go-git-providers/releases)
- [Changelog](https://github.com/fluxcd/go-git-providers/blob/main/.goreleaser.yml)
- [Commits](https://github.com/fluxcd/go-git-providers/commits/v0.20.1)

Updates `github.com/fluxcd/kustomize-controller/api` from 1.1.0 to 1.3.0
- [Release notes](https://github.com/fluxcd/kustomize-controller/releases)
- [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/kustomize-controller@v1.1.0...v1.3.0)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.1.2 to 1.5.0
- [Commits](fluxcd/pkg@apis/meta/v1.1.2...apis/meta/v1.5.0)

Updates `github.com/fluxcd/pkg/git` from 0.11.0 to 0.19.0
- [Commits](fluxcd/pkg@git/v0.11.0...git/v0.19.0)

Updates `github.com/fluxcd/pkg/git/gogit` from 0.8.1 to 0.19.0
- [Commits](fluxcd/pkg@ssh/v0.8.1...git/v0.19.0)

Updates `github.com/fluxcd/pkg/kustomize` from 1.3.4 to 1.11.0
- [Commits](fluxcd/pkg@kustomize/v1.3.4...kustomize/v1.11.0)

Updates `github.com/fluxcd/pkg/ssa` from 0.28.2 to 0.39.1
- [Commits](fluxcd/pkg@ssa/v0.28.2...ssa/v0.39.1)

Updates `github.com/fluxcd/source-controller/api` from 1.1.0 to 1.3.0
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.1.0...v1.3.0)

Updates `github.com/gabriel-vasile/mimetype` from 1.4.3 to 1.4.5
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases)
- [Commits](gabriel-vasile/mimetype@v1.4.3...v1.4.5)

Updates `github.com/go-logr/logr` from 1.3.0 to 1.4.1
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.3.0...v1.4.1)

Updates `github.com/mandelsoft/vfs` from 0.0.0-20230713123140-269aa4fb1338 to 0.4.3
- [Release notes](https://github.com/mandelsoft/vfs/releases)
- [Commits](https://github.com/mandelsoft/vfs/commits/v0.4.3)

Updates `github.com/open-component-model/git-controller` from 0.9.0 to 0.12.1
- [Release notes](https://github.com/open-component-model/git-controller/releases)
- [Changelog](https://github.com/open-component-model/git-controller/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/git-controller@v0.9.0...v0.12.1)

Updates `github.com/open-component-model/mpas-project-controller` from 0.4.0 to 0.6.1
- [Release notes](https://github.com/open-component-model/mpas-project-controller/releases)
- [Changelog](https://github.com/open-component-model/mpas-project-controller/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/mpas-project-controller@v0.4.0...v0.6.1)

Updates `github.com/open-component-model/ocm` from 0.4.1 to 0.8.0
- [Release notes](https://github.com/open-component-model/ocm/releases)
- [Changelog](https://github.com/open-component-model/ocm/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/ocm@v0.4.1...v0.8.0)

Updates `github.com/open-component-model/ocm-controller` from 0.16.1 to 0.19.0
- [Release notes](https://github.com/open-component-model/ocm-controller/releases)
- [Changelog](https://github.com/open-component-model/ocm-controller/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/ocm-controller@v0.16.1...v0.19.0)

Updates `github.com/open-component-model/ocm-e2e-framework` from 0.7.0 to 0.9.1
- [Release notes](https://github.com/open-component-model/ocm-e2e-framework/releases)
- [Changelog](https://github.com/open-component-model/ocm-e2e-framework/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/ocm-e2e-framework@v0.7.0...v0.9.1)

Updates `github.com/open-component-model/replication-controller` from 0.11.0 to 0.13.1
- [Release notes](https://github.com/open-component-model/replication-controller/releases)
- [Changelog](https://github.com/open-component-model/replication-controller/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/replication-controller@v0.11.0...v0.13.1)

Updates `github.com/opencontainers/image-spec` from 1.1.0-rc5 to 1.1.0
- [Release notes](https://github.com/opencontainers/image-spec/releases)
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md)
- [Commits](opencontainers/image-spec@v1.1.0-rc5...v1.1.0)

Updates `github.com/oras-project/oras-credentials-go` from 0.2.0 to 0.4.0
- [Release notes](https://github.com/oras-project/oras-credentials-go/releases)
- [Commits](oras-project/oras-credentials-go@v0.2.0...v0.4.0)

Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.8.0...v1.8.1)

Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.4...v1.9.0)

Updates `golang.org/x/term` from 0.15.0 to 0.23.0
- [Commits](golang/term@v0.15.0...v0.23.0)

Updates `k8s.io/utils` from 0.0.0-20230726121419-3b25d923346b to 0.0.0-20240310230437-4693a0247e57
- [Commits](https://github.com/kubernetes/utils/commits)

Updates `oras.land/oras-go/v2` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/oras-project/oras-go/releases)
- [Commits](oras-project/oras-go@v2.3.0...v2.4.0)

Updates `sigs.k8s.io/cli-utils` from 0.35.0 to 0.37.2
- [Release notes](https://github.com/kubernetes-sigs/cli-utils/releases)
- [Commits](kubernetes-sigs/cli-utils@v0.35.0...v0.37.2)

Updates `sigs.k8s.io/e2e-framework` from 0.2.0 to 0.4.0
- [Release notes](https://github.com/kubernetes-sigs/e2e-framework/releases)
- [Changelog](https://github.com/kubernetes-sigs/e2e-framework/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/e2e-framework@v0.2.0...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/flux2/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/go-git-providers
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/kustomize-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/git
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/git/gogit
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/kustomize
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/ssa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/gabriel-vasile/mimetype
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/mandelsoft/vfs
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/open-component-model/git-controller
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/open-component-model/mpas-project-controller
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/open-component-model/ocm
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/open-component-model/ocm-controller
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/open-component-model/ocm-e2e-framework
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/open-component-model/replication-controller
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/opencontainers/image-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/oras-project/oras-credentials-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: oras.land/oras-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/cli-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/e2e-framework
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 11, 2024
Copy link

Mend Scan Summary: ❌

Repository: open-component-model/MPAS

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 6
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 0
LICENSE RISK HIGH 7
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report
Mend UI

Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 25, 2024

Superseded by #231.

@dependabot dependabot bot closed this Aug 25, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/go-8f8caedcab branch August 25, 2024 10:58
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants