Bump the go_modules group across 1 directory with 10 updates#4064
Conversation
Bumps the go_modules group with 5 updates in the /roles/copy_container/files/copy-quay directory: | Package | From | To | | --- | --- | --- | | [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) | `3.0.3` | `3.0.5` | | [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.11.0` | `1.13.0` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.4.3` | `1.8.6` | | [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.2.2` | `1.5.2` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.43.0` | Updates `github.com/go-jose/go-jose/v3` from 3.0.3 to 3.0.5 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v3.0.3...v3.0.5) Updates `github.com/opencontainers/selinux` from 1.11.0 to 1.13.0 - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](opencontainers/selinux@v1.11.0...v1.13.0) Updates `github.com/sigstore/fulcio` from 1.4.3 to 1.8.6 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.3...v1.8.6) Updates `github.com/sigstore/rekor` from 1.2.2 to 1.5.2 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.2.2...v1.5.2) Updates `github.com/sigstore/sigstore` from 1.8.2 to 1.10.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.10.6) Updates `github.com/ulikunitz/xz` from 0.5.11 to 0.5.14 - [Commits](ulikunitz/xz@v0.5.11...v0.5.14) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.24.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.43.0) Updates `golang.org/x/crypto` from 0.31.0 to 0.51.0 - [Commits](golang/crypto@v0.31.0...v0.51.0) Updates `golang.org/x/net` from 0.25.0 to 0.54.0 - [Commits](golang/net@v0.25.0...v0.54.0) Updates `google.golang.org/grpc` from 1.61.1 to 1.81.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.61.1...v1.81.1) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-version: 3.0.5 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/opencontainers/selinux dependency-version: 1.13.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/sigstore/fulcio dependency-version: 1.8.6 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/sigstore/rekor dependency-version: 1.5.2 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.6 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/ulikunitz/xz dependency-version: 0.5.14 dependency-type: indirect dependency-group: go_modules - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.43.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.51.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.54.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.81.1 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @dependabot[bot]. Thanks for your PR. I'm waiting for a openstack-k8s-operators member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Bumps the go_modules group with 5 updates in the /roles/copy_container/files/copy-quay directory:
3.0.33.0.51.11.01.13.01.4.31.8.61.2.21.5.21.24.01.43.0Updates
github.com/go-jose/go-jose/v3from 3.0.3 to 3.0.5Release notes
Sourced from github.com/go-jose/go-jose/v3's releases.
Commits
be2f654ci: update Go versions for GHA workflows (#221)0246416Merge commit from fork5253038Backport fix 167 to v3 (#174)047dc99CI: Update github actions and go version (#173)0f017e9Revert #26 (ignore unsupported JWKs in Sets) (#131)3e2bbefUnmarshal jwk keys with unsupported key type or algorithm into empty … (#26)Updates
github.com/opencontainers/selinuxfrom 1.11.0 to 1.13.0Release notes
Sourced from github.com/opencontainers/selinux's releases.
... (truncated)
Commits
4be9937Merge pull request #237 from cyphar/selinux-safe-procfsc8cfa6fselinux: migrate to pathrs-lite procfs APIf2424d8Merge pull request #236 from kolyshkin/modernize-ci648ce7fci: add go 1.25916cab9ci: bump golangci-lint to v2.5b42e5c8all: format sources with latest gofumpt74393eaMerge pull request #235 from cyphar/fix-keyring-err-check6ec194bkeyring: fix typo in EACCES check879a755Merge pull request #234 from opencontainers/dependabot/github_actions/actions...3c1bd9abuild(deps): bump actions/setup-go from 5 to 6Updates
github.com/sigstore/fulciofrom 1.4.3 to 1.8.6Release notes
Sourced from github.com/sigstore/fulcio's releases.
... (truncated)
Changelog
Sourced from github.com/sigstore/fulcio's changelog.
... (truncated)
Commits
378c654Block cross-host redirects and restrict bearer token to expected host (#2354)7a5d3e3bump builder image to use go1.26.3 (#2353)a05982ebuild(deps): bump go.step.sm/crypto from 0.75.0 to 0.81.0 (#2348)dfa63a8build(deps): bump golang from313faaeto2d6c802(#2344)7b3a344build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#2349)9290f7fbuild(deps): bump the all group with 2 updates (#2350)423d535build(deps): bump nginx from 1.31.0 to 1.31.1 in the all group (#2352)19a3f8ebuild(deps): bump the all group across 1 directory with 6 updates (#2337)6b597cebuild(deps): bump google.golang.org/api from 0.276.0 to 0.279.0 (#2338)0d1dc79build(deps): bump nginx from 1.29.8 to 1.31.0 in the all group (#2342)Updates
github.com/sigstore/rekorfrom 1.2.2 to 1.5.2Release notes
Sourced from github.com/sigstore/rekor's releases.
... (truncated)
Changelog
Sourced from github.com/sigstore/rekor's changelog.
... (truncated)
Commits
3b75cd9build(deps): Bump the all group across 1 directory with 7 updates (#2829)759b98ealpine: Enforce max size limit on decompression (#2831)c7e77eeSupport restricting kinds on insertion (#2814)a10818afix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...c31f3fcbuild(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0f2a9fb0build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0e3ba248build(deps): Bump golang in the all group across 1 directory62e5dddbuild(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0f4f91d5build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)9bc540fbuild(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)Updates
github.com/sigstore/sigstorefrom 1.8.2 to 1.10.6Release notes
Sourced from github.com/sigstore/sigstore's releases.
... (truncated)
Commits
311895efix: remove leftover Go template syntax from success page (#2324)c90de3echore: mention openbao being supported as well (#2313) (#2313)b377f8fchore: Project-wide linting (#2310)295d656build(deps): Bump the all group across 1 directory with 3 updates (#2296)c731032(kms/hashivault): add openbao support (#2303)b56c866fix: eliminate usage of text/template (#2288)1d8faffbuild(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2286)4ac5776build(deps): Bump github.com/letsencrypt/boulder (#2282)36276e8build(deps): Bump golang.org/x/crypto from 0.44.0 to 0.47.0 (#2258)59887c9build(deps): Bump the all group across 1 directory with 2 updates (#2278)Updates
github.com/ulikunitz/xzfrom 0.5.11 to 0.5.14Commits
7184815Preparation of release v0.5.1488ddf1dAddress Security Issue GHSA-jc7w-c686-c4v9c8314b8Add new package xio with WriteCloserStack4f11dceUpdate README.md and SECURITY.md to address security questionsf56ebbfTODO.md: fix a typoUpdates
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttpfrom 1.24.0 to 1.43.0Changelog
Sourced from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog.
... (truncated)
Commits
9276201Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)61b8c94chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)97a086echore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)5e363delimit response body size for OTLP HTTP exporters (#8108)35214b6Use an absolute path when calling bsd kenv (#8113)290024cfix(deps): update module google.golang.org/grpc to v1.80.0 (#8121)e70658efix: support getBody in otelploghttp (#8096)4afe468fix(deps): update googleapis to 9d38bb4 (#8117)b9ca729chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115)69472ecchore(deps): update fossas/fossa-action action to v1.9.0 (#8118)Updates
golang.org/x/cryptofrom 0.31.0 to 0.51.0Commits
b8a14a8go.mod: update golang.org/x dependencies9d9d507x509roots/fallback/bundle: fix bundle test with Go 1.27+fd0b90dacme: include Problem in OrderError.Errorb9e5359pbkdf2: turn into a wrapper for crypto/pbkdf2cc0e4fchkdf: forward Extract to the standard librarya8e9237x509roots/fallback: update bundle03ca0dcgo.mod: update golang.org/x dependencies8400f4assh: respect signer's algorithm preference in pickSignatureAlgorithm81c6cb3ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength982eaa6go.mod: update golang.org/x dependenciesUpdates
golang.org/x/netfrom 0.25.0 to 0.54.0Commits
b138e06go.mod: update golang.org/x dependencies689f70aquic: fix wrong final size being used for RESET_STREAM frame208f306http3: increase handshake timeout49810dahttp2: enable net/http wrapping when go >= 1.275e11a5aquic: fix data race in streamForFrame8c63081http2: use empty Transport rather than DefaultTransport in http2wrapfc7b466http2: add http2wrap test15c2cb1http2: avoid overflowing 32-bit int when http2wrap enabled6465188http2: add wrapped Server72f419ahttp2: add wrapped ClientConnUpdates
google.golang.org/grpcfrom 1.61.1 to 1.81.1Release notes
Sourced from google.golang.org/grpc's releases.
... (truncated)
Commits
caf0772Change version from 1.81.1-dev to 1.81.1 (#9122)6ccbeebCherry-pick #9111 into v1.81.x (#9121)b33c29eCherry-pick #9081 into v1.81.x (#9102)c45fae6Change version to 1.81.1-dev (#9063)cb18228Change version to 1.81.0 (#9062)96748f9Cherry-pick #9105 to 1.81.x (#9106)9183222Cherry pick #9055, #9032 to v1.81.x (#9095)5cba6daRevert "deps: update dependencies for all modules (#9065)" (#9067)af8a936deps: update dependencies for all modules (#9065)cdc60dftransport: optimize heap allocations in ready reader and update syscall conne...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependencyDescription has been truncated