Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the global group across 1 directory with 6 updates #227

Merged
merged 3 commits into from
Jan 2, 2025
Merged

Bump the global group across 1 directory with 6 updates #227

merged 3 commits into from
Jan 2, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 31, 2024

Bumps the global group with 3 updates in the / directory: github.com/onsi/ginkgo/v2, k8s.io/api and k8s.io/client-go.

Updates github.com/onsi/ginkgo/v2 from 2.22.0 to 2.22.2

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.22.2

What's Changed

Full Changelog: onsi/ginkgo@v2.22.1...v2.22.2

v2.22.1

2.22.1

Fixes

Fix CSV encoding

  • Update tests [aab3da6]
  • Properly encode CSV rows [c09df39]
  • Add test case for proper csv escaping [96a80fc]
  • Add meta-test [43dad69]

Maintenance

  • ensure *.test files are gitignored so we don't accidentally commit compiled tests again [c88c634]
  • remove golang.org/x/net/context in favour of stdlib context [4df44bf]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.22.2

Maintenance

  • Bump github.com/onsi/gomega from 1.36.1 to 1.36.2 (#1499) [cc553ce]
  • Bump golang.org/x/crypto (#1498) [2170370]
  • Bump golang.org/x/net from 0.32.0 to 0.33.0 (#1496) [a96c44f]

2.22.1

Fixes

Fix CSV encoding

  • Update tests [aab3da6]
  • Properly encode CSV rows [c09df39]
  • Add test case for proper csv escaping [96a80fc]
  • Add meta-test [43dad69]

Maintenance

  • ensure *.test files are gitignored so we don't accidentally commit compiled tests again [c88c634]
  • remove golang.org/x/net/context in favour of stdlib context [4df44bf]
Commits
  • f65e80b v2.22.2
  • cc553ce Bump github.com/onsi/gomega from 1.36.1 to 1.36.2 (#1499)
  • 2170370 Bump golang.org/x/crypto (#1498)
  • a96c44f Bump golang.org/x/net from 0.32.0 to 0.33.0 (#1496)
  • a0190b7 v2.22.1
  • 4df44bf remove golang.org/x/net/context in favour of stdlib context
  • c88c634 ensure *.test files are gitignored so we don't accidentally commit compiled t...
  • aab3da6 Update tests
  • c09df39 Properly encode CSV rows
  • 96a80fc Add test case for proper csv escaping
  • Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.36.1 to 1.36.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.36.2

Maintenance

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.36.2

Maintenance

  • Bump google.golang.org/protobuf from 1.35.1 to 1.36.1 (#810) [9a7609d]
  • Bump golang.org/x/net from 0.30.0 to 0.33.0 (#807) [b6cb028]
  • Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.22.1 (#808) [5756529]
  • Bump nokogiri from 1.16.3 to 1.16.5 in /docs (#757) [dabc12e]
Commits

Updates k8s.io/api from 0.31.3 to 0.32.0

Commits
  • e622342 Update dependencies to v0.32.0 tag
  • b0543a3 Merge remote-tracking branch 'origin/master' into release-1.32
  • f6bae9a Drop use of winreadlinkvolume godebug option
  • ea815d5 Merge remote-tracking branch 'origin/master' into release-1.32
  • c331a79 Revert to go1.22 windows filesystem stdlib behavior
  • f8e5e36 Merge pull request #128407 from ndixita/pod-level-resources
  • 84e0db8 Merge pull request #127857 from Jefftree/cle-v1alpha2
  • cbaf5a0 Merge pull request #128686 from thockin/take_over_pr-125233
  • a503a4f Merge pull request #128687 from tallclair/allocated-status
  • 3f43b5a Merge pull request #128240 from LionelJouin/KEP-4817
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.31.3 to 0.32.0

Commits
  • 59e9003 Merge remote-tracking branch 'origin/master' into release-1.32
  • 639247c Drop use of winreadlinkvolume godebug option
  • 220d7c3 Merge remote-tracking branch 'origin/master' into release-1.32
  • c199d3b Revert to go1.22 windows filesystem stdlib behavior
  • 16af2ff implement unsafe deletion, and wire it
  • 6ff8305 api: run codegen
  • ca9b8b2 api: add a new field to meta/v1 DeleteOptions
  • d941d9f Merge pull request #128503 from benluddy/cbor-codecs-featuregate
  • 3b4250f Wire serving codecs to CBOR feature gate.
  • daaad09 Merge pull request #128501 from benluddy/watch-cbor-seq
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.31.3 to 0.32.0

Commits
  • 0d55461 Update dependencies to v0.32.0 tag
  • 4765ade Merge remote-tracking branch 'origin/master' into release-1.32
  • 692a511 Drop use of winreadlinkvolume godebug option
  • 9df5099 Merge remote-tracking branch 'origin/master' into release-1.32
  • 120beb2 Revert to go1.22 windows filesystem stdlib behavior
  • 55d23e2 Align fake client-go clients with the main interface
  • 646e79b Run codegen
  • c475fe0 Generify fake clientsets
  • 955401c Merge pull request #128407 from ndixita/pod-level-resources
  • eddb107 Merge pull request #127857 from Jefftree/cle-v1alpha2
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20240902221715-702e33fdd3c3 to 0.0.0-20241104100929-3ea5e8cea738

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the global group across 1 directory with 6 updates
4cd2a8e 
Bumps the global group with 3 updates in the / directory: [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo), [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go).


Updates `github.com/onsi/ginkgo/v2` from 2.22.0 to 2.22.2
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.22.0...v2.22.2)

Updates `github.com/onsi/gomega` from 1.36.1 to 1.36.2
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.36.1...v1.36.2)

Updates `k8s.io/api` from 0.31.3 to 0.32.0
- [Commits](kubernetes/api@v0.31.3...v0.32.0)

Updates `k8s.io/apimachinery` from 0.31.3 to 0.32.0
- [Commits](kubernetes/apimachinery@v0.31.3...v0.32.0)

Updates `k8s.io/client-go` from 0.31.3 to 0.32.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.31.3...v0.32.0)

Updates `k8s.io/utils` from 0.0.0-20240902221715-702e33fdd3c3 to 0.0.0-20241104100929-3ea5e8cea738
- [Commits](https://github.com/kubernetes/utils/commits)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: global
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: global
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: global
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: global
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: global
- dependency-name: k8s.io/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: global
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 31, 2024
@dependabot dependabot bot requested a review from cmmarslender December 31, 2024 04:54
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 31, 2024

The following labels could not be found: go, Changed.

@dependabot dependabot bot requested a review from Starttoaster December 31, 2024 04:54
@socket-security Socket Security
Copy link

socket-security bot commented Dec 31, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
golang/github.com/onsi/ginkgo/[email protected] environment, filesystem, network, shell, unsafe 0 2.41 MB
golang/github.com/onsi/[email protected] environment, filesystem, network, shell, unsafe 0 1.27 MB
golang/k8s.io/[email protected] environment, filesystem, network, shell, unsafe 0 557 kB

🚮 Removed packages: golang/github.com/onsi/ginkgo/[email protected], golang/github.com/onsi/[email protected], golang/k8s.io/[email protected], golang/k8s.io/[email protected], golang/k8s.io/[email protected], golang/k8s.io/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Dec 31, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: golang/github.com/imdario/[email protected], golang/k8s.io/[email protected], golang/k8s.io/[email protected], golang/k8s.io/[email protected], golang/github.com/klauspost/[email protected], golang/sigs.k8s.io/[email protected], golang/golang.org/x/[email protected], golang/golang.org/x/[email protected], golang/golang.org/x/[email protected], golang/golang.org/x/[email protected], golang/github.com/prometheus/[email protected], golang/github.com/google/[email protected], golang/github.com/mailru/[email protected], golang/golang.org/x/[email protected], golang/k8s.io/[email protected], golang/github.com/google/[email protected], golang/k8s.io/[email protected], golang/sigs.k8s.io/structured-merge-diff/[email protected], golang/google.golang.org/[email protected], golang/github.com/onsi/[email protected], golang/github.com/onsi/ginkgo/[email protected]

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@Starttoaster
Copy link
Contributor

@SocketSecurity ignore-all
these are all the same dependencies, and the same testdata native code.

@Starttoaster Starttoaster merged commit 6264c69 into main Jan 2, 2025
12 checks passed
@Starttoaster Starttoaster deleted the dependabot/go_modules/global-4ccf021671 branch January 2, 2025 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmmarslender cmmarslender cmmarslender approved these changes

@Starttoaster Starttoaster Awaiting requested review from Starttoaster

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Starttoaster @cmmarslender