chore(deps): bump the go group with 12 updates #175

dependabot · 2025-01-26T23:37:19Z

Bumps the go group with 12 updates:

Package	From	To
code.gitea.io/sdk/gitea	`0.15.1`	`0.20.0`
github.com/Masterminds/semver/v3	`3.2.1`	`3.3.1`
github.com/containers/image/v5	`5.29.2`	`5.33.1`
github.com/fluxcd/go-git-providers	`0.15.0`	`0.22.0`
github.com/fluxcd/pkg/apis/event	`0.5.2`	`0.15.0`
github.com/fluxcd/pkg/apis/meta	`1.1.2`	`1.9.0`
github.com/fluxcd/pkg/runtime	`0.35.0`	`0.52.0`
github.com/fluxcd/source-controller/api	`1.1.0`	`1.4.1`
github.com/go-git/go-git/v5	`5.11.0`	`5.12.0`
github.com/go-logr/logr	`1.4.1`	`1.4.2`
github.com/stretchr/testify	`1.9.0`	`1.10.0`
golang.org/x/oauth2	`0.16.0`	`0.24.0`

Updates code.gitea.io/sdk/gitea from 0.15.1 to 0.20.0

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.1

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

Fix for allowing some version that were invalid by @mattfarina in Masterminds/semver#253

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

v3.3.0

What's Changed

Fix: bad package in README by @sdelicata in Masterminds/semver#226

Updating the GitHub Actions and versions of Go used by @mattfarina in Masterminds/semver#229

Fix spelling in README by @robinschneider in Masterminds/semver#222

Adding go build cache to fuzz output by @mattfarina in Masterminds/semver#232

Add caching to fuzz testing by @mattfarina in Masterminds/semver#234

updating github actions by @mattfarina in Masterminds/semver#235

feat: nil version equality by @KnutZuidema in Masterminds/semver#213

add >= and <= by @grosser in Masterminds/semver#238

doc: hyphen range constraint without whitespace by @johnnychen94 in Masterminds/semver#216

Removing reference to vert by @mattfarina in Masterminds/semver#245

simplify StrictNewVersion by @grosser in Masterminds/semver#241

Updating the testing version of Go used by @mattfarina in Masterminds/semver#246

bumping min version in go.mod based on what's tested by @mattfarina in Masterminds/semver#248

Updating changelog for 3.3.0 by @mattfarina in Masterminds/semver#249

New Contributors

@sdelicata made their first contribution in Masterminds/semver#226

@robinschneider made their first contribution in Masterminds/semver#222

@KnutZuidema made their first contribution in Masterminds/semver#213

@grosser made their first contribution in Masterminds/semver#238

@johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

3.3.0 (2024-08-27)

Added

#238: Add LessThanEqual and GreaterThanEqual functions (thanks @grosser)

#213: nil version equality checking (thanks @KnutZuidema)

Changed

#241: Simplify StrictNewVersion parsing (thanks @grosser)

Testing support up through Go 1.23

Minimum version set to 1.21 as this is what's tested now

Fuzz testing now supports caching

Commits

1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
252dd61 Fix for allowing some version that were invalid
e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
e80c4ea Updating changelog for 3.3.0
80427ad Merge pull request #248 from mattfarina/bump-min-version
b610837 bumping min version in go.mod based on what's tested
a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
7c178cf Updating the testing version of Go used
29f94c1 Merge pull request #241 from grosser/grosser/validate
2cf1b16 Merge pull request #245 from mattfarina/remove-vert
Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.29.2 to 5.33.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.33.1

[release-5.33] Bump c/storage to v1.56.1, c/image to v5.33.1 by @TomSweeneyRedHat in containers/image#2683

Full Changelog: containers/image@v5.33.0...v5.33.1

v5.33.0

What's Changed

Merge 5.32.1 back into main by @mtrmac in containers/image#2510

Update module github.com/docker/docker to v27.1.2+incompatible by @renovate in containers/image#2516

Update module github.com/docker/cli to v27.1.2+incompatible by @renovate in containers/image#2515

pkg/blobcache: simplify test case by @kolyshkin in containers/image#2521

[CI:DOCS] Update dependency golangci/golangci-lint to v1.60.1 by @renovate in containers/image#2517

Update module github.com/vbauerster/mpb/v8 to v8.8.1 by @renovate in containers/image#2525

Introduce/use JSONFormatToInvalidSignatureError by @kolyshkin in containers/image#2518

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.2 by @renovate in containers/image#2528

fix(deps): update module dario.cat/mergo to v1.0.1 by @renovate in containers/image#2527

Use %w to wrap errors, enable errorlint by @kolyshkin in containers/image#2519

Add keyPaths, keyDatas to prSigstoreSigned by @mtrmac in containers/image#2524

Add support for accepting multiple Rekor public keys by @mtrmac in containers/image#2526

Release 5.32.2 by @mtrmac in containers/image#2531

[CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2 by @renovate in containers/image#2533

Merge release-5.32 into main by @mtrmac in containers/image#2532

Update module github.com/vbauerster/mpb/v8 to v8.8.3 by @renovate in containers/image#2540

[CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3 by @renovate in containers/image#2535

Support proxy environment for docker client by @PMExtra in containers/image#2424

Update module github.com/docker/docker to v27.2.0+incompatible by @renovate in containers/image#2543

Update module github.com/docker/cli to v27.2.0+incompatible by @renovate in containers/image#2542

Update dependency containers/automation_images to v20240821 by @renovate in containers/image#2545

Update golang.org/x/exp digest to 9b4947d by @renovate in containers/image#2549

Add a workaround for null values in the tag list by @mtrmac in containers/image#2544

Update module github.com/mattn/go-sqlite3 to v1.14.23 by @renovate in containers/image#2554

Update module golang.org/x/oauth2 to v0.23.0 by @renovate in containers/image#2555

Update module golang.org/x/term to v0.24.0 by @renovate in containers/image#2556

Update module golang.org/x/crypto to v0.27.0 by @renovate in containers/image#2561

Assorted clean ups, optimizations, and a small bug fix by @mtrmac in containers/image#2552

Update to Go 1.22 by @mtrmac in containers/image#2550

Update module github.com/sigstore/fulcio to v1.6.4 by @renovate in containers/image#2560

Refactor image deletion in OCI by @mtrmac in containers/image#2551

Update module github.com/docker/docker to v27.2.1+incompatible by @renovate in containers/image#2564

Update module github.com/docker/cli to v27.2.1+incompatible by @renovate in containers/image#2563

Update dependency golangci/golangci-lint to v1.61.0 by @renovate in containers/image#2565

storage: use PrepareStagedLayer instead of ApplyDiffWithDiffer by @giuseppe in containers/image#2570

fix(deps): update module github.com/sigstore/sigstore to v1.8.9 by @renovate in containers/image#2571

copy: Don't print "skipped: 0.0b = 0.00%" by @cgwalters in containers/image#2576

fix(deps): update module github.com/docker/docker to v27.3.0+incompatible by @renovate in containers/image#2575

fix(deps): update module github.com/docker/cli to v27.3.0+incompatible by @renovate in containers/image#2574

fix(deps): update module github.com/docker/cli to v27.3.1+incompatible by @renovate in containers/image#2577

fix(deps): update module github.com/docker/docker to v27.3.1+incompatible by @renovate in containers/image#2578

Fix an incorrect expected MIME type when validating manifests by @mtrmac in containers/image#2572

fix(deps): update module github.com/klauspost/compress to v1.17.10 by @renovate in containers/image#2580

... (truncated)

Commits

44ce03e [release-5.33] Bump c/image to v5.33.1
3d4c26e [release-5.33] Bump c/storage to v1.56.1
c3a2029 Bump to c/image v5.33.0
04d69d5 Bump to c/storage v1.56.0
59417ae Merge pull request #2609 from mtrmac/copy-resolve-destination
6ba898f HACK: Only return an image ID from ReportResolvedReference for c/storage
125f862 Return a precise reference to the created image when writing to containers-st...
91d22b2 Introduce private.ImageDestination.CommitWithOptions
831269d Rename an options variable to imgOptions
ba2a4ae Merge pull request #2616 from containers/renovate/golang.org-x-exp-digest
Additional commits viewable in compare view

Updates github.com/fluxcd/go-git-providers from 0.15.0 to 0.22.0

Release notes

Sourced from github.com/fluxcd/go-git-providers's releases.

v0.22.0

CHANGELOG

PR #304 Update crypto dependencies

PR #303 Skip running e2e tests on dependabot PRs

PR #302 Bump github/codeql-action from 3.27.4 to 3.27.6 in the ci group across 1 directory

PR #300 Upgrade go-github and go-gitlab

PR #299 Bump the ci group across 1 directory with 4 updates

PR #291 Bump github/codeql-action from 3.26.5 to 3.26.7 in the ci group across 1 directory

v0.21.0

CHANGELOG

PR #289 Build with Go 1.23

PR #288 Bump github/codeql-action from 3.26.3 to 3.26.5 in the ci group

PR #287 Bump the ci group across 1 directory with 2 updates

PR #286 Update dependencies

PR #280 Bump the ci group across 1 directory with 3 updates

PR #277 build(deps): bump the ci group across 1 directory with 3 updates

PR #275 build(deps): bump the ci group across 1 directory with 2 updates

PR #273 build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0

PR #272 build(deps): bump actions/checkout from 4.1.2 to 4.1.3 in the ci group

v0.20.1

CHANGELOG

PR #271 Update go-github to v61

v0.20.0

CHANGELOG

PR #270 Update dependencies to Go 1.22

PR #266 build(deps): bump the ci group with 2 updates

PR #265 Update Soule BA Affiliation

PR #263 Change Max's affiliation to Associmates

PR #262 Change Stefan Prodan's affiliation to ControlPlane

v0.19.3

CHANGELOG

PR #261 Adapt workflows

PR #260 build(deps): bump the ci group with 2 updates

PR #259 Updating dependencies and fix go-git CVE

PR #257 changing Soule info

PR #256 github: fix defer in for loop

v0.19.2

CHANGELOG

PR #254 Updating dependencies

PR #253 build(deps): bump the ci group with 1 update

v0.19.1

CHANGELOG

PR #252 build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0

... (truncated)

Commits

983e325 Merge pull request #304 from fluxcd/go-crypto-v1.1.3
b09f396 Update crypto dependencies
ecae3bd Merge pull request #302 from fluxcd/dependabot/github_actions/ci-7f6d3396cb
7ce1585 Merge pull request #303 from fluxcd/fix-e2e
6f33a55 Skip running e2e tests on dependabot PRs
01302c5 Bump github/codeql-action in the ci group across 1 directory
c775464 Merge pull request #300 from fluxcd/update-go-github-66
50cb2ce Upgrade go-github and go--gitlab
5b40e54 Merge pull request #299 from fluxcd/dependabot/github_actions/ci-8f05065d8c
972638e Bump the ci group across 1 directory with 4 updates
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.5.2 to 0.15.0

Commits

cc785fa Merge pull request #686 from fluxcd/k8s-1.28
1d7d31b all: Group github.com/fluxcd/cli-utils imports
09ba5d8 runtime: Add pprof.GetHandlers to help setup the metrics server
768085d runtime: Update sigs.k8s.io/controller-runtime to v0.16.3
2e007cb ssa: Update Kubernetes to v1.28.4
e7686cf kustomize: Update Kustomize to v5.2.1
3be575d oci: Update sigs.k8s.io/controller-runtime to v0.16.3
7f72436 helmtestserver: Update Helm to v3.13.2
fe543f5 git: Update golang.org/x/crypto to v0.15.0
129adfd apis: Update Kubernetes to v1.28
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.9.0

Commits

b9b6a10 Merge pull request #842 from fluxcd/k8s-1.32.0
7b6cd90 Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
b9c338a Merge pull request #841 from fluxcd/load-vars
cf1915e Make the variables loading function public
84013d4 Merge pull request #839 from fluxcd/workflow-tf-setup
b91dc11 workflows: Use setup-terraform install latest
5bf9095 Merge pull request #838 from fluxcd/meta-v1.8.0
05a2b81 Update apis/meta version in chartutil and runtime
f58229d Merge pull request #836 from fluxcd/chartutil
8f0cbf5 Add chartutil package and ValuesReference type to APIs
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.35.0 to 0.52.0

Commits

593fdc0 Merge pull request #853 from fluxcd/upgrade-event-api
f201de8 Upgrade apis/event in runtime
a38aa95 Merge pull request #848 from fluxcd/rfc-0008
1747288 [RFC-0008] Custom Event Metadata from Annotations
d54623a Merge pull request #835 from ngearhart/update-ecr-parsing
6c80137 Update ECR parsing regex to include non-public AWS partitions
cb8e4a8 Merge pull request #852 from fluxcd/update-codeowners
c005fbf Update CODEOWNERS
12ec4f3 Merge pull request #849 from fluxcd/dependabot/github_actions/ci-1509149478
d21a6ad build(deps): bump the ci group with 2 updates
Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.4.1

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.4.1

Changelog

v1.4.1 changelog

Container images

docker.io/fluxcd/source-controller:v1.4.1

ghcr.io/fluxcd/source-controller:v1.4.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0

Changelog

v1.4.0 changelog

Container images

docker.io/fluxcd/source-controller:v1.4.0

ghcr.io/fluxcd/source-controller:v1.4.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.3.0

Changelog

v1.3.0 changelog

Container images

docker.io/fluxcd/source-controller:v1.3.0

ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.4.1

Release date: 2024-09-26

This patch release comes with a fix to the GitRepository API to keep it backwards compatible by removing the default value for .spec.provider field when not set in the API. The controller will internally consider an empty value for the provider as the generic provider.

Fix:

GitRepo: Remove provider default value from API #1626

1.4.0

Release date: 2024-09-25

This minor release promotes the Bucket API to GA, and comes with new features, improvements and bug fixes.

Bucket

The Bucket API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

Bucket API now supports proxy through the field .spec.proxySecretRef and custom TLS client certificate and CA through the field .spec.certSecretRef.

Bucket API now also supports specifying a custom STS configuration through the field .spec.sts. This is currently only supported for the providers generic and aws. When specifying a custom STS configuration one must specify which STS provider to use. For the generic bucket provider we support the ldap STS provider, and for the aws bucket provider we support the aws STS provider. For the aws STS provider, one may use the default main STS endpoint, or the regional STS endpoints, or even an interface endpoint.

OCIRepository

OCIRepository API now supports proxy through the field .spec.proxySecretRef.

Warning: Proxy is not supported for cosign keyless verification.

GitRepository

GitRepository API now supports OIDC authentication for Azure DevOps repositories through the field .spec.provider using the value azure. See the docs for details here.

In addition, the Kubernetes dependencies have been updated to v1.31.1, Helm has been updated to v3.16.1 and various other controller dependencies have been updated to their latest version. The controller is now built with Go 1.23.

Fixes:

helm: Use the default transport pool to preserve proxy settings #1490

Fix incorrect use of format strings with the conditions package. #1529

Fix HelmChart local dependency resolution for name-based path #1539

... (truncated)

Commits

50035c6 Merge pull request #1628 from fluxcd/release-v1.4.1
c2b6b39 Release v1.4.1
a2658ba Add changelog entry for v1.4.1
a485ed4 Merge pull request #1627 from fluxcd/backport-1626-to-release/v1.4.x
0e4f558 GitRepo: Remove provider default value from API
e6e2b15 Merge pull request #1620 from fluxcd/release-v1.4.0
e920838 Release v1.4.0
c796f52 Add changelog entry for v1.4.0
03889fe Merge pull request #1618 from fluxcd/dependabot/go_modules/go-deps-a9e873101f
32bc10c build(deps): bump the go-deps group across 1 directory with 3 updates
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.12.0

What's Changed

git: Worktree.AddWithOptions: add skipStatus option when providing a specific path by @moranCohen26 in go-git/go-git#994

git: Signer: fix usage of crypto.Signer interface by @wlynch in go-git/go-git#1029

git: Remote, fetch, adds the prune option. by @juliens in go-git/go-git#366

git: Add crypto.Signer option to CommitOptions. by @wlynch in go-git/go-git#996

git: Worktree checkout tag hash id (#959) by @aymanbagabas in go-git/go-git#966

git: Worktree, Don't panic on empty or root path when checking if it is valid by @tim775 in go-git/go-git#1042

git: Add commit validation for Reset by @pjbgf in go-git/go-git#1048

git: worktree_commit, Fix amend commit to apply changes. Fixes #1024 by @onee-only in go-git/go-git#1045

git: Implement Merge function with initial FastForwardMerge support by @pjbgf in go-git/go-git#1044

plumbing: object, Make first commit visible on logs filtered with filename. Fixes #191 by @onee-only in go-git/go-git#1036

plumbing: no panic in printStats function. Fixes #177 by @nodivbyzero in go-git/go-git#971

plumbing: object, Optimize logging with file. by @onee-only in go-git/go-git#1046

plumbing: object, check legitimacy in (*Tree).Encode by @niukuo in go-git/go-git#967

plumbing: format/gitattributes, close file in ReadAttributesFile by @prskr in go-git/go-git#1018

plumbing: check setAuth error. Fixes #185 by @nodivbyzero in go-git/go-git#969

plumbing: object, fix variable defaultUtf8CommitMessageEncoding name spell error by @Jerry-yz in go-git/go-git#987

utils: merkletrie, calculate filesystem node's hash lazily. by @candid82 in go-git/go-git#825

utils: update comment in node.go's Hash() by @codablock in go-git/go-git#992

_example: fix 404 link and added ssh-agent clone link by @grinish21 in go-git/go-git#1022

_example: checkout-branch example by @dlambda in go-git/go-git#446

_example: example for git clone using ssh-agent by @pjbgf in go-git/go-git#998

New Contributors

@candid82 made their first contribution in go-git/go-git#825

@codablock made their first contribution in go-git/go-git#992

@Jerry-yz made their first contribution in go-git/go-git#987

@wlynch made their first contribution in go-git/go-git#996

@moranCohen26 made their first contribution in go-git/go-git#994

@grinish21 made their first contribution in go-git/go-git#1022

@prskr made their first contribution in go-git/go-git#1018

@dlambda made their first contribution in go-git/go-git#446

@juliens made their first contribution in go-git/go-git#366

@onee-only made their first contribution in go-git/go-git#1036

@tim775 made their first contribution in go-git/go-git#1042

@niukuo made their first contribution in go-git/go-git#967

@avoidalone made their first contribution in go-git/go-git#1047

Full Changelog: go-git/go-git@v5.11.0...v5.12.0

Commits

302ddde Merge pull request #1060 from go-git/dependabot/go_modules/github.com/gliderl...
6bba34d build: bump github.com/gliderlabs/ssh from 0.3.6 to 0.3.7
feaeb36 Merge pull request #937 from matejrisek/feature/rename-short-fields
7959a42 Merge pull request #1052 from go-git/dependabot/go_modules/github.com/skeema/...
4c17ce7 build: bump github.com/skeema/knownhosts from 1.2.1 to 1.2.2
3f77e6f Merge pull request #1048 from pjbgf/fix-reset-validation
6af38e0 Merge pull request #1047 from avoidalone/master
e6c3e58 Merge pull request #1044 from pjbgf/ff-merge
04f7b23 *: fix some comments
f4f1a87 Merge pull request #971 from nodivbyzero/fix-177-diff-print-file-stats
Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

Fix lint: named but unused params by @thockin in go-logr/logr#268

Add a Go report card, fix lint by @thockin in go-logr/logr#271

funcr: Handle nested empty groups properly by @thockin in go-logr/logr#274

Dependencies:

build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in go-logr/logr#254

build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in go-logr/logr#256

build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in go-logr/logr#257

build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in go-logr/logr#259

build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in go-logr/logr#260

build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in go-logr/logr#263

build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in go-logr/logr#262

build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in go-logr/logr#264

build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in go-logr/logr#266

build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in go-logr/logr#267

build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in go-logr/logr#270

build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in go-logr/logr#272

build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in go-logr/logr#275

build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in go-logr/logr#276

build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in go-logr/logr#277

build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in go-logr/logr#278

build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in go-logr/logr#279

build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in go-logr/logr#280

build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in go-logr/logr#281

build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in go-logr/logr#282

build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in go-logr/logr#283

build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in go-logr/logr#284

build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in go-logr/logr#285

build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in go-logr/logr#286

build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in go-logr/logr#288

build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in go-logr/logr#289

build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in go-logr/logr#293

build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in go-logr/logr#292

build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in go-logr/logr#291

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in go-logr/logr#290

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in go-logr/logr#294

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in go-logr/logr#295

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

Commits

1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
4ade8d3 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
88d98bd Merge pull request #289 from go-logr/dependabot/github_actions/golangci/golan...
432cd86 Merge pull request #288 from go-logr/dependabot/github_actions/actions/setup-...
Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

So...

Description has been truncated

Bumps the go group with 12 updates: | Package | From | To | | --- | --- | --- | | code.gitea.io/sdk/gitea | `0.15.1` | `0.20.0` | | [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.2.1` | `3.3.1` | | [github.com/containers/image/v5](https://github.com/containers/image) | `5.29.2` | `5.33.1` | | [github.com/fluxcd/go-git-providers](https://github.com/fluxcd/go-git-providers) | `0.15.0` | `0.22.0` | | [github.com/fluxcd/pkg/apis/event](https://github.com/fluxcd/pkg) | `0.5.2` | `0.15.0` | | [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.1.2` | `1.9.0` | | [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.35.0` | `0.52.0` | | [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.1.0` | `1.4.1` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.11.0` | `5.12.0` | | [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.1` | `1.4.2` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.9.0` | `1.10.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.16.0` | `0.24.0` | Updates `code.gitea.io/sdk/gitea` from 0.15.1 to 0.20.0 Updates `github.com/Masterminds/semver/v3` from 3.2.1 to 3.3.1 - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.2.1...v3.3.1) Updates `github.com/containers/image/v5` from 5.29.2 to 5.33.1 - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.29.2...v5.33.1) Updates `github.com/fluxcd/go-git-providers` from 0.15.0 to 0.22.0 - [Release notes](https://github.com/fluxcd/go-git-providers/releases) - [Changelog](https://github.com/fluxcd/go-git-providers/blob/main/.goreleaser.yml) - [Commits](fluxcd/go-git-providers@v0.15.0...v0.22.0) Updates `github.com/fluxcd/pkg/apis/event` from 0.5.2 to 0.15.0 - [Commits](fluxcd/pkg@kustomize/v0.5.2...git/v0.15.0) Updates `github.com/fluxcd/pkg/apis/meta` from 1.1.2 to 1.9.0 - [Commits](fluxcd/pkg@apis/meta/v1.1.2...apis/meta/v1.9.0) Updates `github.com/fluxcd/pkg/runtime` from 0.35.0 to 0.52.0 - [Commits](fluxcd/pkg@oci/v0.35.0...runtime/v0.52.0) Updates `github.com/fluxcd/source-controller/api` from 1.1.0 to 1.4.1 - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](fluxcd/source-controller@v1.1.0...v1.4.1) Updates `github.com/go-git/go-git/v5` from 5.11.0 to 5.12.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.11.0...v5.12.0) Updates `github.com/go-logr/logr` from 1.4.1 to 1.4.2 - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.9.0...v1.10.0) Updates `golang.org/x/oauth2` from 0.16.0 to 0.24.0 - [Commits](golang/oauth2@v0.16.0...v0.24.0) --- updated-dependencies: - dependency-name: code.gitea.io/sdk/gitea dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/Masterminds/semver/v3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/go-git-providers dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/apis/event dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/apis/meta dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-01-26T23:38:32Z

Mend Scan Summary: ❌

Repository: open-component-model/git-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	6
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	1
LICENSE RISK HIGH	8
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

dependabot · 2025-01-27T07:53:02Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot requested a review from a team as a code owner January 26, 2025 23:37

dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Jan 26, 2025

Skarlso closed this Jan 27, 2025

dependabot bot deleted the dependabot/go_modules/go-e3b46eb048 branch January 27, 2025 07:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go group with 12 updates #175

chore(deps): bump the go group with 12 updates #175

dependabot bot commented on behalf of github Jan 26, 2025

github-actions bot commented Jan 26, 2025

dependabot bot commented on behalf of github Jan 27, 2025

chore(deps): bump the go group with 12 updates #175

chore(deps): bump the go group with 12 updates #175

Conversation

dependabot bot commented on behalf of github Jan 26, 2025

v3.3.1

What's Changed

v3.3.0

What's Changed

New Contributors

Changelog

3.3.0 (2024-08-27)

Added

Changed

v5.33.1

v5.33.0

What's Changed

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.3

v0.19.2

v0.19.1

v1.4.1

Changelog

Container images

v1.4.0

Changelog

Container images

v1.3.0

Changelog

Container images

v1.2.5

Changelog

1.4.1

1.4.0

Bucket

OCIRepository

GitRepository

v5.12.0

What's Changed

New Contributors

v1.4.2

What's Changed

Dependencies:

github-actions bot commented Jan 26, 2025

Mend Scan Summary: ❌

Repository: open-component-model/git-controller

dependabot bot commented on behalf of github Jan 27, 2025