Skip to content

fix(deps): update all dependencies #8983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 23, 2024
Merged

fix(deps): update all dependencies #8983

merged 1 commit into from
Jul 23, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 15, 2024
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
code.cloudfoundry.org/credhub-cli require digest 9c80ae1 -> d278c22 age adoption passing confidence
code.cloudfoundry.org/garden require digest 3e0daa3 -> dfce198 age adoption passing confidence
code.cloudfoundry.org/localip require digest a1a2d50 -> 05cb35d age adoption passing confidence
github.com/aws/aws-sdk-go require minor v1.54.19 -> v1.55.0 age adoption passing confidence
github.com/caarlos0/env/v10 require major v10.0.0 -> v11.1.0 age adoption passing confidence
github.com/containerd/containerd require patch v1.7.19 -> v1.7.20 age adoption passing confidence
github.com/containernetworking/cni require patch v1.2.2 -> v1.2.3 age adoption passing confidence
github.com/cyberark/conjur-api-go require patch v0.12.0 -> v0.12.3 age adoption passing confidence
github.com/go-jose/go-jose/v3 require major v3.0.3 -> v4.0.3 age adoption passing confidence
github.com/goccy/go-yaml require minor v1.11.3 -> v1.12.0 age adoption passing confidence
github.com/vbauerster/mpb/v8 require patch v8.7.3 -> v8.7.4 age adoption passing confidence
github.com/vito/go-sse require minor v1.0.0 -> v1.1.1 age adoption passing confidence
k8s.io/api require patch v0.30.2 -> v0.30.3 age adoption passing confidence
k8s.io/apimachinery require patch v0.30.2 -> v0.30.3 age adoption passing confidence
k8s.io/client-go require patch v0.30.2 -> v0.30.3 age adoption passing confidence

Release Notes

aws/aws-sdk-go (github.com/aws/aws-sdk-go)

v1.55.0

Compare Source

===

Service Client Updates
  • service/datazone: Updates service API, documentation, and paginators
  • service/ivs: Updates service API and documentation
  • service/redshift-serverless: Updates service API and documentation
SDK Features
  • service/mobile: Remove Mobile
    • This change removes the Mobile service, which has been deprecated.
SDK Bugs
  • Apply sensitive struct tag to lists/maps with sensitive members.
    • This change propagates existing sensitive protection to lists/maps.

v1.54.20

Compare Source

===

Service Client Updates
  • service/acm-pca: Updates service waiters
  • service/connect: Updates service API, documentation, and paginators
  • service/ec2: Updates service API and documentation
    • Amazon VPC IP Address Manager (IPAM) now supports Bring-Your-Own-IP (BYOIP) for IP addresses registered with any Internet Registry. This feature uses DNS TXT records to validate ownership of a public IP address range.
  • service/firehose: Updates service API and documentation
    • This release 1) Add configurable buffering hints for Snowflake as destination. 2) Add ReadFromTimestamp for MSK As Source. Firehose will start reading data from MSK Cluster using offset associated with this timestamp. 3) Gated public beta release to add Apache Iceberg tables as destination.
  • service/ivschat: Updates service API, documentation, and waiters
  • service/medialive: Updates service API and documentation
    • AWS Elemental MediaLive now supports the SRT protocol via the new SRT Caller input type.
  • service/rds: Updates service API, documentation, waiters, paginators, and examples
    • Updates Amazon RDS documentation to specify an eventual consistency model for DescribePendingMaintenanceActions.
  • service/sagemaker: Updates service API
    • SageMaker Training supports R5, T3 and R5D instances family. And SageMaker Processing supports G5 and R5D instances family.
  • service/secretsmanager: Updates service documentation
    • Doc only update for Secrets Manager
  • service/taxsettings: Updates service API
  • service/timestream-query: Updates service API and documentation
  • service/workspaces-thin-client: Updates service API and documentation
caarlos0/env (github.com/caarlos0/env/v10)

v11.1.0

Compare Source

Changelog

Bug fixes
Other work

Released with GoReleaser Pro!

v11.0.1

Compare Source

Changelog

Bug fixes
Documentation updates

Released with GoReleaser Pro!

v11.0.0

Compare Source

Changelog

Breaking changes
  • Updated module's Go version to 1.18
New Features
Bug fixes
Documentation updates
Other work

Released with GoReleaser Pro!

containerd/containerd (github.com/containerd/containerd)

v1.7.20: containerd 1.7.20

Compare Source

Welcome to the v1.7.20 release of containerd!

The twentieth patch release for containerd 1.7 contains various fixes
and updates.

Highlights
  • Support for dropping inheritable capabilities (#​10469)
Container Runtime Interface (CRI)
  • Make PodSandboxStatus friendlier to shim crashes (#​10461)
  • Handle empty DNSConfig differently than unspecified (#​10462)
  • Fix for [cri] ttrpc: closed during ListPodSandboxStats (#​10423)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Derek McGowan
  • Akihiro Suda
  • Phil Estes
  • Akhil Mohan
  • Bryant Biggs
  • Danny Canter
  • Davanum Srinivas
  • Mike Brown
  • Samuel Karp
  • Tim Hockin
Changes
16 commits

  • Prepare release notes for v1.7.20 (#​10481)
    • 7f2d4cd97 Prepare release notes for v1.7.20
  • deps: Update otelgrpc (#​10413)
  • Make PodSandboxStatus friendlier to shim crashes (#​10461)
    • df86bdd5d CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes
  • Handle empty DNSConfig differently than unspecified (#​10462)
    • 209ee4f10 CRI: An empty DNSConfig != unspecified
  • Support for dropping inheritable capabilities (#​10469)
    • ce65228af Support for dropping inheritable capabilities
  • Fix for [cri] ttrpc: closed during ListPodSandboxStats (#​10423)
    • 610498df7 Fix for [cri] ttrpc: closed during ListPodSandboxStats
  • update to go1.21.12 / go1.22.5 (#​10426)
  • errdefs: denote deprecation as a godoc comment (#​10424)
    • c7d5e430a errdefs: denote deprecation as a godoc comment

Dependency Changes
  • github.com/go-logr/logr v1.2.4 -> v1.3.0
  • github.com/google/go-cmp v0.5.9 -> v0.6.0
  • github.com/google/uuid v1.3.1 -> v1.4.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0 -> v0.46.1
  • go.opentelemetry.io/otel v1.19.0 -> v1.21.0
  • go.opentelemetry.io/otel/metric v1.19.0 -> v1.21.0
  • go.opentelemetry.io/otel/sdk v1.19.0 -> v1.21.0
  • go.opentelemetry.io/otel/trace v1.19.0 -> v1.21.0
  • google.golang.org/genproto e6e6cda -> 989df2b
  • google.golang.org/genproto/googleapis/api 007df8e -> 83a465c
  • google.golang.org/genproto/googleapis/rpc d307bd8 -> 995d672

Previous release can be found at v1.7.19

containernetworking/cni (github.com/containernetworking/cni)

v1.2.3: libcni v1.2.3

Compare Source

This is a minor release to correct a divergence between the specification and libcni. In this case, the specification was updated, as it concerns a new feature, GC, that is not yet deployed.

What's Changed

cyberark/conjur-api-go (github.com/cyberark/conjur-api-go)

v0.12.3

Compare Source

[0.12.3] - 2024-07-15

Changed
  • Rename validate query parameter to dryRun (CNJR-4593)
go-jose/go-jose (github.com/go-jose/go-jose/v3)

v4.0.3

Compare Source

Changed

  • Allow unmarshalling JSONWebKeySets with unsupported key types (#​130)
  • Document that OpaqueKeyEncrypter can't be implemented (for now) (#​129)
  • Dependency updates

v4.0.2: Version 4.0.2

Compare Source

What's Changed

New Contributors

Full Changelog: go-jose/go-jose@v4.0.1...v4.0.2

v4.0.1

Compare Source

Fixed

  • An attacker could send a JWE containing compressed data that used large
    amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
    Those functions now return an error if the decompressed data would exceed
    250kB or 10x the compressed size (whichever is larger). Thanks to
    Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@​zer0yu and @​chenjj)
    for reporting.

v4.0.0

Compare Source

This release makes some breaking changes in order to more thoroughly
address the vulnerabilities discussed in Three New Attacks Against JSON Web
Tokens, "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
token".

Changed

  • Limit JWT encryption types (exclude password or public key types) (#​78)
  • Enforce minimum length for HMAC keys (#​85)
  • jwt: match any audience in a list, rather than requiring all audiences (#​81)
  • jwt: accept only Compact Serialization (#​75)
  • jws: Add expected algorithms for signatures (#​74)
  • Require specifying expected algorithms for ParseEncrypted,
    ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
    jwt.ParseSignedAndEncrypted (#​69, #​74)
    • Usually there is a small, known set of appropriate algorithms for a program
      to use and it's a mistake to allow unexpected algorithms. For instance the
      "billion hash attack" relies in part on programs accepting the PBES2
      encryption algorithm and doing the necessary work even if they weren't
      specifically configured to allow PBES2.
  • Revert "Strip padding off base64 strings" (#​82)
  • The specs require base64url encoding without padding.
  • Minimum supported Go version is now 1.21

Added

  • ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
    • These allow parsing a specific serialization, as opposed to ParseSigned and
      ParseEncrypted, which try to automatically detect which serialization was
      provided. It's common to require a specific serialization for a specific
      protocol - for instance JWT requires Compact serialization.
goccy/go-yaml (github.com/goccy/go-yaml)

v1.12.0: 1.12.0

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.11.3...v1.11.4

vbauerster/mpb (github.com/vbauerster/mpb/v8)

v8.7.4

Compare Source

Full Changelog: vbauerster/mpb@v8.7.3...v8.7.4

vito/go-sse (github.com/vito/go-sse)

v1.1.1

Compare Source

v1.1.0

Compare Source

kubernetes/api (k8s.io/api)

v0.30.3

Compare Source

kubernetes/apimachinery (k8s.io/apimachinery)

v0.30.3

Compare Source

kubernetes/client-go (k8s.io/client-go)

v0.30.3

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner July 15, 2024 20:59
@renovate renovate bot added dependencies misc release/undocumented This didn't warrant being documented or put in release notes. labels Jul 15, 2024
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from 3f794a7 to 285a861 Compare July 18, 2024 06:28
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jul 18, 2024
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 8 additional dependencies were updated

Details:

Package Change
cloud.google.com/go/compute v1.23.0 -> v1.23.3
cloud.google.com/go/trace v1.10.1 -> v1.10.4
github.com/googleapis/gax-go/v2 v2.11.0 -> v2.12.0
google.golang.org/api v0.129.0 -> v0.149.0
google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 -> v0.0.0-20231211222908-989df2bf70f3
github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da -> v0.0.0-20240722153945-304e4f0156b8
github.com/google/s2a-go v0.1.4 -> v0.1.7
github.com/googleapis/enterprise-certificate-proxy v0.2.5 -> v0.3.2

@renovate renovate bot force-pushed the renovate/all branch 8 times, most recently from 77be9e8 to 932653c Compare July 22, 2024 16:32
@taylorsilva taylorsilva merged commit 5c728bc into master Jul 23, 2024
11 checks passed
@taylorsilva taylorsilva deleted the renovate/all branch July 23, 2024 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies misc release/undocumented This didn't warrant being documented or put in release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@taylorsilva