Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go-minor group across 3 directories with 20 updates #1405

Merged
merged 1 commit into from
Aug 2, 2024
Merged

Bump the go-minor group across 3 directories with 20 updates #1405

merged 1 commit into from
Aug 2, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 29, 2024

Bumps the go-minor group with 13 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2 1.27.1 1.30.3
github.com/aws/aws-sdk-go-v2/service/dynamodb 1.32.7 1.34.4
github.com/aws/aws-sdk-go-v2/service/s3 1.54.4 1.58.2
github.com/cyphar/filepath-securejoin 0.2.4 0.3.1
github.com/fluxcd/pkg/apis/event 0.6.0 0.9.0
github.com/fluxcd/pkg/apis/meta 1.2.0 1.5.0
github.com/fluxcd/pkg/runtime 0.43.2 0.47.1
github.com/fluxcd/source-controller/api 1.1.1 1.3.0
github.com/hashicorp/terraform-json 0.17.1 0.22.1
github.com/onsi/gomega 1.33.1 1.34.0
google.golang.org/grpc 1.62.1 1.65.0
sigs.k8s.io/cli-utils 0.35.0 0.37.2
github.com/hashicorp/go-version 1.6.0 1.7.0

Bumps the go-minor group with 4 updates in the /api directory: github.com/fluxcd/pkg/apis/meta, github.com/fluxcd/source-controller/api, github.com/onsi/gomega and sigs.k8s.io/yaml.
Bumps the go-minor group with 7 updates in the /tfctl directory:

Package From To
github.com/fluxcd/pkg/apis/meta 1.1.0 1.5.0
github.com/fluxcd/source-controller/api 1.0.0-rc.4 1.3.0
github.com/onsi/gomega 1.33.1 1.34.0
github.com/spf13/afero 1.8.2 1.11.0
github.com/spf13/viper 1.13.0 1.19.0
github.com/hashicorp/go-version 1.6.0 1.7.0
github.com/hashicorp/hc-install 0.4.0 0.7.0

Updates github.com/aws/aws-sdk-go-v2 from 1.27.1 to 1.30.3

Commits

Updates github.com/aws/aws-sdk-go-v2/service/dynamodb from 1.32.7 to 1.34.4

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.4 to 1.58.2

Commits

Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.3.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.1

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai [email protected]

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from [libpathrs][1] and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

  • OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

  • Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.1] - 2024-07-23

Changed

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Fixed

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

[0.3.0] - 2024-07-11

Added

  • A new set of *os.File-based APIs have been added. These are adapted from [libpathrs][] and we strongly suggest using them if possible (as they provide far more protection against attacks than SecureJoin):

    • Open(at)InRoot resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the handle returned is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- [see open(2) for more details][open.2])

    • Reopen takes an O_PATH file handle and safely re-opens it to upgrade it to a regular handle. This can also be used with non-O_PATH handles, but O_PATH is the most obvious application.

    • MkdirAll is an implementation of os.MkdirAll that is safe to use to

... (truncated)

Commits
  • ce7b28a VERSION: release v0.3.1
  • a2c14f8 CHANGELOG: add readlinkat(fd, "") shout-out
  • 4ea279f merge #22 into cyphar/filepath-securejoin:main
  • 16e1bec CHANGELOG: add initial changelog with current history
  • 2404ffb merge #21 into cyphar/filepath-securejoin:main
  • f29b7a4 lookup: handle // and trailing slash components correctly
  • ecd61ca merge #19 into cyphar/filepath-securejoin:main
  • 38b1220 procfs: refactor statx mnt_id logic
  • 45c4415 procfs: use readlink(fd, "") for magic-links
  • edab538 merge #17 into cyphar/filepath-securejoin:main
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.6.0 to 0.9.0

Commits
  • 598e74e git: update dependencies
  • c28ef00 Merge pull request #463 from fluxcd/go-git-bc-tag
  • da9a7b7 go-git: transform revision for last observed tag
  • 0009fda Merge pull request #404 from fluxcd/commit-string-fmt
  • db0daab git: make LastObservedCommit backwards compatible
  • 3fb1b65 git: tidy code around digests
  • b097686 git: align tests and code with commit fmt change
  • 24a228c git: change Commit#String format
  • da2a476 Merge pull request #462 from fluxcd/event-digest-key
  • 7053ad7 apis/event: add MetaDigestKey
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.2.0 to 1.5.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.43.2 to 0.47.1

Commits
  • adcfcbe Merge pull request #769 from fluxcd/controller-runtime-v0.18.1
  • 0e74a82 Update runtime pkg docs
  • b329d92 Update dependencies to controller-runtime v0.18.1
  • d0bf8ed Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb
  • 14f05d7 build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group
  • 3790516 Merge pull request #767 from fluxcd/up-internal-deps
  • 37ea30c Update internal dependencies
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.1 to 1.3.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.3.0
  • ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

v1.2.5 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.2.5
  • ghcr.io/fluxcd/source-controller:v1.2.5

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.4

Changelog

v1.2.4 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.2.4
  • ghcr.io/fluxcd/source-controller:v1.2.4

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.3

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.3.0

Release date: 2024-05-03

This minor release promotes the Helm APIs to GA, and comes with new features, improvements and bug fixes.

HelmRepository

The HelmRepository API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

For HelmRepository of type oci, the .spec.insecure field allows connecting over HTTP to an insecure non-TLS container registry.

To upgrade from v1beta2, after deploying the new CRD and controller, set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain HelmRepository definitions. Bumping the API version in manifests can be done gradually. It is advised not to delay this procedure as the beta versions will be removed after 6 months.

HelmChart

The HelmChart API have been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2, with the exception of the removal of the deprecated field .spec.valuesFile which was replaced with spec.valuesFiles.

The HelmChart API was extended with support for Notation signature verification of Helm OCI charts.

A new optional field .spec.ignoreMissingValuesFiles has been added, which allows the controller to ignore missing values files rather than failing to reconcile the HelmChart.

OCIRepository

The OCIRepository API was extended with support for Notation signature verification of OCI artifacts.

A new optional field .spec.ref.semverFilter has been added, which allows the controller to filter the tags based on regular expressions before applying the semver range. This allows picking the latest release candidate instead of the latest stable release.

In addition, the controller has been updated to Kubernetes v1.30.0, Helm v3.14.4, and various other dependencies to their latest version to patch upstream CVEs.

... (truncated)

Commits
  • a80a99b Merge pull request #1472 from fluxcd/release-v1.3.0
  • 70901f8 Release v1.3.0
  • 05ab8b1 Add changelog entry for v1.3.0
  • c9bf167 Merge pull request #1298 from fluxcd/phony-build
  • cc3d495 ci: Print controller logs after e2e run
  • 0bd5b95 Rename make target build to manager
  • edccfe9 Merge pull request #1470 from fluxcd/dependabot/github_actions/ci-b23e0286c6
  • 9ce2d61 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
  • 16eeeef Merge pull request #1469 from fluxcd/dependabot/go_modules/go-deps-4411c5bc33
  • 8598b8d build(deps): bump google.golang.org/api
  • Additional commits viewable in compare view

Updates github.com/hashicorp/terraform-json from 0.17.1 to 0.22.1

Release notes

Sourced from github.com/hashicorp/terraform-json's releases.

v0.22.1

BUG FIXES:

Full Changelog: hashicorp/terraform-json@v0.22.0...v0.22.1

v0.22.0

ENHANCEMENTS:

INTERNAL:

New Contributors

Full Changelog: hashicorp/terraform-json@v0.21.0...v0.22.0

v0.21.0

ENHANCEMENTS

Full Changelog: hashicorp/terraform-json@v0.20.0...v0.21.0

v0.20.0

ENHANCEMENTS:

Full Changelog: hashicorp/terraform-json@v0.19.0...v0.20.0

v0.19.0

ENHANCEMENTS:

INTERNAL:

... (truncated)

Commits
  • 7e28e2d tfjson: Update Complete to a pointer value for older Terraform versions (#131)
  • 5e08e15 Bump hashicorp/setup-copywrite (#130)
  • 4a9d1e7 github: Set up Dependabot to manage HashiCorp-owned Actions versions (#128)
  • 11f603e Result of tsccr-helper -log-level=info gha update -latest . (#127)
  • 6e83e7b Result of tsccr-helper -log-level=info gha update -latest . (#124)
  • 3b8a921 tfjson: Add DeferredChanges and Complete to Plan JSON (#123)
  • 8cba21a Bump github.com/zclconf/go-cty from 1.14.3 to 1.14.4 (#122)
  • d5065f2 Bump github.com/zclconf/go-cty from 1.14.2 to 1.14.3 (#121)
  • 1498774 Bump github.com/zclconf/go-cty from 1.14.1 to 1.14.2 (#120)
  • f2686e9 Initial support for provider-defined functions from providers schema -json (#...
  • Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.33.1 to 1.34.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.0

1.34.0

Features

  • Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

  • fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
  • issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

  • bump ginkgo [8af2ece]
  • Fix typo in docs [123a071]
  • Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
  • Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
  • Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
  • Bump github-pages from 230 to 231 in /docs (#748) [892c303]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.0

Features

  • Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

  • fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
  • issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

  • bump ginkgo [8af2ece]
  • Fix typo in docs [123a071]
  • Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
  • Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
  • Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
  • Bump github-pages from 230 to 231 in /docs (#748) [892c303]
Commits
  • 32e5498 v1.34.0
  • cb3fa6a run go mod tidy and wonder why go get doesnt just run it for me in the first ...
  • 8af2ece bump ginkgo
  • 878940c fix incorrect handling of nil slices in HaveExactElements (fixes #771)
  • f5bec80 clean up bipartitegraph tests
  • ebadb67 issue_765 - fixed bug in Hopcroft-Karp algorithm
  • 123a071 Fix typo in docs
  • c549e0d Add RoundTripper method to ghttp.Server
  • 0e69083 Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756)
  • 2675796 Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755)
  • Additional commits viewable in compare view

Updates github.com/zclconf/go-cty from 1.14.1 to 1.14.4

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.14.4 (March 20, 2024)

  • msgpack: Now uses string encoding instead of float encoding for a whole number that is too large to fit in any of MessagePack's integer types.
  • function/stdlib: Type conversion functions (constructed with MakeToFunc) can now convert null values of unknown type into null values of the target type, rather than returning an unknown value in that case.
  • json: Will now correctly reject attempts to encode cty.DynamicVal, whereas before it would just produce an invalid JSON document without any error. (This is invalid because JSON encoding cannot support unknown values at all; cty.DynamicVal is a special case of unknown value where even the type isn't known.)

1.14.3 (February 29, 2024)

  • msgpack: Fixed edge-case bug that could cause loss of floating point precision when round-tripping due to incorrectly using a MessagePack integer to represent a large non-integral number. #176
  • cty: Fixed some false-negative numeric equality test results by comparing numbers as integers when possible. #176

1.14.2 (January 23, 2024)

  • convert: Converting from an unknown map value to an object type now correctly handles the situation where the map element type disagrees with an optional attribute of the target type, since when a map value is unknown we don't yet know which keys it has and thus cannot predict what subset of the elements will get converted as attributes in the resulting object. (#175)
Commits
  • 74286a8 v1.14.4 release
  • 4a34c33 json: Refuse to encode cty.DynamicVal
  • 4b76b75 stdlib: Conversion functions can accept unknown-typed nulls
  • f41ae52 msgpack: Never marshal integers as MessagePack float
  • 0e3c880 functions: lookup third argument is not optional
  • a0c3e7b Prepare for possible future 1.14.4 release
  • 304e4a8 v1.14.3 release
  • 50ce6d3 Update CHANGELOG.md
  • 1e9442d don't use compact floats in msgpack
  • a0315a5 Use integer comparison for equality
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.62.1 to 1.65.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.65.0

Dependencies

  • Change support policy to cover only the latest TWO releases of Go, matching the policy for Go itself. See #7249 for more information. (#7250)
  • Update x/net/http2 to address CVE-2023-45288 (#7282)

Behavior Changes

  • credentials/tls: clients and servers will now reject connections that don't support ALPN when environment variable GRPC_ENFORCE_ALPN_ENABLED is set to "true" (case insensitive). (#7184)
    • NOTE: this behavior will become the default in a future release.
  • metadata: remove String method from MD to make printing more consistent (#7373)

New Features

  • grpc: add WithMaxCallAttempts to configure gRPC's retry behavior per-channel. (#7229)

Bug Fixes

  • ringhash: properly apply endpoint weights instead of ignoring them (#7156)
  • xds: fix a bug that could cause xds-enabled servers to stop accepting new connections after handshaking errors (#7128)

Release 1.64.1

Dependencies

  • Update x/net/http2 to address CVE-2023-45288 (#7352)
  • metadata: remove String method from MD to make printing consistent (#7374)

Release 1.64.0

API Changes

  • stats: Deprecate InPayload.Data and OutPayload.Data; they were experimental and will be deleted in the next release (#7121)

Behavior Changes

  • codec: Remove handling of environment variable GRPC_GO_ADVERTISE_COMPRESSORS to suppress setting supported compressors in grpc-accept-encoding header. Compressors will always be advertised, as they have been by default for some time (#7203)

New Features

  • resolver/dns: Add SetMinResolutionInterval to set the minimum interval at which DNS re-resolutions may occur (#6962)
  • peer/peer: Implement the fmt.Stringer interface for pretty printing Peer, and
  • metadata/metadata: Implement the fmt.Stringer interface for pretty printing MD (#7137)

Performance Improvements

... (truncated)

Commits
  • 2da9769 Change version to 1.65.0 (#7306)
  • ede96b7 metadata: remove String method (#7373)
  • 64be203 grpc: Readd pick first name (#7336) (#7341)
  • 25e33a6 examples: Add CSM Observability example (#7302) (#7318)
  • 04a5f46 xds/internal/xdsclient: Emit unknown for CSM Labels if not present in CDS (#7...
  • cff5c3e stats/opentelemetry: Add e2e testing for CSM Observability (#7279) (#7316)
  • 9b970fd dns: fix constant 30s backoff for re-resolution (#7262) (#7311)
  • 6d23620 documentation: on server, use FromIncomingContext for retrieving context and...
  • 7e5898e xds: unify xDS client creation APIs meant for testing (#7268)
  • 5d7bd7a interop/xds: Interop client and server changes for CSM Observability (#7280)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.33.0 to 1.34.1

Updates sigs.k8s.io/cli-utils from 0.35.0 to 0.37.2

Release notes

Sourced from sigs.k8s.io/cli-utils's releases.

v0.37.2

Changelog

  • 2525731 Reduce minimum Go requirement to v1.22.0

v0.37.1

Changelog

  • 9ebe810 Update github actions

v0.37.0

Changelog

  • fe123cb Add status watch label & field selector filters
  • 7768584 Add WithStatusWatcherFilters to DestroyerBuilder
  • c2d5dec Update dependencies

v0.36.0

Changelog

  • cbc090d Add conversion func for status-policy
  • 8964a66 Update dependencies
  • ac3bd31 Update linter and fix warnings
  • 6bdf5b5 Update to Kubernetes v1.28.4 And update go version to 1.20
  • 542546c Use HTTPClientFor instead of defaultHTTPClient
  • e708f5a disable linter for NewExponentialBackoffManager
  • b2051cf update dependencies to k8s.io v0.27.2
Commits

Updates github.com/hashicorp/go-version from 1.6.0 to 1.7.0

Release notes

Sourced from github.com/hashicorp/go-version's releases.

v1.7.0

ENHANCEMENTS:

  • Remove reflect dependency (#91)
  • Implement the database/sql.Scanner and database/sql/driver.Value interfaces for Version (#133)

INTERNAL:

  • [COMPLIANCE] Add Copyright and License Headers (#115)
  • [COMPLIANCE] Update MPL-2.0 LICENSE (#105)
  • Bump actions/cache from 3.0.11 to 3.2.5 (#116)
  • Bump actions/checkout from 3.2.0 to 3.3.0 (#111)
  • Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#112)
  • GHA Migration (#103)
  • github: Pin external GitHub Actions to hashes (#107)
  • SEC-090: Automated trusted workflow pinning (2023-04-05) (#124)
  • update readme (#104)
Changelog

Sourced from github.com/hashicorp/go-version's changelog.

1.7.0 (May 24, 2024)

ENHANCEMENTS:

  • Remove reflect dependency (#91)
  • Implement the database/sql.Scanner and database/sql/driver.Value interfaces for Version (#133)

INTERNAL:

  • [COMPLIANCE] Add Copyright and License Headers (#115)
  • [COMPLIANCE] Update MPL-2.0 LICENSE (#105)
  • Bump actions/cache from 3.0.11 to 3.2.5 (#116)
  • Bump actions/checkout from 3.2.0 to 3.3.0 (#111)
  • Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#112)
  • GHA Migration (#103)
  • github: Pin external GitHub Actions to hashes (#107)
  • SEC-090: Automated trusted workflow pinning (2023-04-05) (#124)
  • update readme (#104)
Commits
  • fcaa532 Update CHANGELOG.md
  • b85381a Update CHANGELOG.md
  • d55f214 Implement the Scan and driver.Value SQL interfaces (#133)
  • e04a866 remove reflection dependency (#91)
  • 94bab9e [COMPLIANCE] Add Copyright and License Headers (#115)
  • 73ddc63 github: Change Dependabot to only manage HashiCorp-owned Actions
  • bf1144e SEC-090: Automated trusted workflow pinning (2023-04-05) (#124)
  • 644291d Bump actions/cache from 3.0.11 to 3.2.5 (#116)
  • 8f6487b Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#112)
  • 7f856b8 Bump actions/checkout from 3.2.0 to 3.3.0 (#111)
  • Additional commits viewable in

@dependabot
Bump the go-minor group across 3 directories with 20 updates
147bbf7 
Bumps the go-minor group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.27.1` | `1.30.3` |
| [github.com/aws/aws-sdk-go-v2/service/dynamodb](https://github.com/aws/aws-sdk-go-v2) | `1.32.7` | `1.34.4` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.54.4` | `1.58.2` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.4` | `0.3.1` |
| [github.com/fluxcd/pkg/apis/event](https://github.com/fluxcd/pkg) | `0.6.0` | `0.9.0` |
| [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.2.0` | `1.5.0` |
| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.43.2` | `0.47.1` |
| [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.1.1` | `1.3.0` |
| [github.com/hashicorp/terraform-json](https://github.com/hashicorp/terraform-json) | `0.17.1` | `0.22.1` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.33.1` | `1.34.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.62.1` | `1.65.0` |
| [sigs.k8s.io/cli-utils](https://github.com/kubernetes-sigs/cli-utils) | `0.35.0` | `0.37.2` |
| [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.6.0` | `1.7.0` |

Bumps the go-minor group with 4 updates in the /api directory: [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg), [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller), [github.com/onsi/gomega](https://github.com/onsi/gomega) and [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml).
Bumps the go-minor group with 7 updates in the /tfctl directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.1.0` | `1.5.0` |
| [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.0.0-rc.4` | `1.3.0` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.33.1` | `1.34.0` |
| [github.com/spf13/afero](https://github.com/spf13/afero) | `1.8.2` | `1.11.0` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.13.0` | `1.19.0` |
| [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.6.0` | `1.7.0` |
| [github.com/hashicorp/hc-install](https://github.com/hashicorp/hc-install) | `0.4.0` | `0.7.0` |



Updates `github.com/aws/aws-sdk-go-v2` from 1.27.1 to 1.30.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.27.1...v1.30.3)

Updates `github.com/aws/aws-sdk-go-v2/service/dynamodb` from 1.32.7 to 1.34.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/iam/v1.32.7...service/iot/v1.34.4)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.54.4 to 1.58.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.54.4...service/s3/v1.58.2)

Updates `github.com/cyphar/filepath-securejoin` from 0.2.4 to 0.3.1
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.2.4...v0.3.1)

Updates `github.com/fluxcd/pkg/apis/event` from 0.6.0 to 0.9.0
- [Commits](fluxcd/pkg@tar/v0.6.0...git/v0.9.0)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.2.0 to 1.5.0
- [Commits](fluxcd/pkg@apis/meta/v1.2.0...apis/meta/v1.5.0)

Updates `github.com/fluxcd/pkg/runtime` from 0.43.2 to 0.47.1
- [Commits](fluxcd/pkg@runtime/v0.43.2...runtime/v0.47.1)

Updates `github.com/fluxcd/source-controller/api` from 1.1.1 to 1.3.0
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.1.1...v1.3.0)

Updates `github.com/hashicorp/terraform-json` from 0.17.1 to 0.22.1
- [Release notes](https://github.com/hashicorp/terraform-json/releases)
- [Commits](hashicorp/terraform-json@v0.17.1...v0.22.1)

Updates `github.com/onsi/gomega` from 1.33.1 to 1.34.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.33.1...v1.34.0)

Updates `github.com/zclconf/go-cty` from 1.14.1 to 1.14.4
- [Release notes](https://github.com/zclconf/go-cty/releases)
- [Changelog](https://github.com/zclconf/go-cty/blob/main/CHANGELOG.md)
- [Commits](zclconf/go-cty@v1.14.1...v1.14.4)

Updates `google.golang.org/grpc` from 1.62.1 to 1.65.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.62.1...v1.65.0)

Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1

Updates `sigs.k8s.io/cli-utils` from 0.35.0 to 0.37.2
- [Release notes](https://github.com/kubernetes-sigs/cli-utils/releases)
- [Commits](kubernetes-sigs/cli-utils@v0.35.0...v0.37.2)

Updates `github.com/hashicorp/go-version` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](hashicorp/go-version@v1.6.0...v1.7.0)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.1.0 to 1.5.0
- [Commits](fluxcd/pkg@apis/meta/v1.2.0...apis/meta/v1.5.0)

Updates `github.com/fluxcd/source-controller/api` from 1.0.0-rc.4 to 1.3.0
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.1.1...v1.3.0)

Updates `github.com/onsi/gomega` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.33.1...v1.34.0)

Updates `golang.org/x/net` from 0.23.0 to 0.25.0
- [Commits](golang/net@v0.23.0...v0.25.0)

Updates `sigs.k8s.io/yaml` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/kubernetes-sigs/yaml/releases)
- [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md)
- [Commits](kubernetes-sigs/yaml@v1.3.0...v1.4.0)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.1.0 to 1.5.0
- [Commits](fluxcd/pkg@apis/meta/v1.2.0...apis/meta/v1.5.0)

Updates `github.com/fluxcd/source-controller/api` from 1.0.0-rc.4 to 1.3.0
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.1.1...v1.3.0)

Updates `github.com/onsi/gomega` from 1.33.1 to 1.34.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.33.1...v1.34.0)

Updates `github.com/spf13/afero` from 1.8.2 to 1.11.0
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](spf13/afero@v1.8.2...v1.11.0)

Updates `github.com/spf13/viper` from 1.13.0 to 1.19.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.13.0...v1.19.0)

Updates `golang.org/x/net` from 0.24.0 to 0.25.0
- [Commits](golang/net@v0.23.0...v0.25.0)

Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1

Updates `github.com/hashicorp/go-version` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](hashicorp/go-version@v1.6.0...v1.7.0)

Updates `github.com/hashicorp/hc-install` from 0.4.0 to 0.7.0
- [Release notes](https://github.com/hashicorp/hc-install/releases)
- [Commits](hashicorp/hc-install@v0.4.0...v0.7.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/aws/aws-sdk-go-v2/service/dynamodb
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/pkg/apis/event
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/hashicorp/terraform-json
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/zclconf/go-cty
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: sigs.k8s.io/cli-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/hashicorp/go-version
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: golang.org/x/net
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: sigs.k8s.io/yaml
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/spf13/afero
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: golang.org/x/net
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/hashicorp/go-version
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/hashicorp/hc-install
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added area/ci Continuous Integration pipeline dependencies Dependency management for library and code labels Jul 29, 2024
@akselleirv akselleirv merged commit bd8e8a1 into main Aug 2, 2024
15 checks passed
@akselleirv akselleirv deleted the dependabot/go_modules/go-minor-f0ff2e3e3a branch August 2, 2024 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akselleirv akselleirv akselleirv approved these changes

Assignees
No one assigned
Labels
area/ci Continuous Integration pipeline dependencies Dependency management for library and code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@akselleirv