chore(deps): bump the go group with 12 updates #179

dependabot · 2025-02-02T23:07:03Z

Bumps the go group with 12 updates:

Package	From	To
code.gitea.io/sdk/gitea	`0.15.1`	`0.20.0`
github.com/Masterminds/semver/v3	`3.2.1`	`3.3.1`
github.com/containers/image/v5	`5.29.2`	`5.34.0`
github.com/fluxcd/go-git-providers	`0.15.0`	`0.22.0`
github.com/fluxcd/pkg/apis/event	`0.5.2`	`0.16.0`
github.com/fluxcd/pkg/apis/meta	`1.1.2`	`1.10.0`
github.com/fluxcd/pkg/runtime	`0.35.0`	`0.53.0`
github.com/fluxcd/source-controller/api	`1.1.0`	`1.4.1`
github.com/go-git/go-git/v5	`5.11.0`	`5.12.0`
github.com/go-logr/logr	`1.4.1`	`1.4.2`
github.com/stretchr/testify	`1.9.0`	`1.10.0`
golang.org/x/oauth2	`0.16.0`	`0.25.0`

Updates code.gitea.io/sdk/gitea from 0.15.1 to 0.20.0

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.1

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

Fix for allowing some version that were invalid by @mattfarina in Masterminds/semver#253

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

v3.3.0

What's Changed

Fix: bad package in README by @sdelicata in Masterminds/semver#226

Updating the GitHub Actions and versions of Go used by @mattfarina in Masterminds/semver#229

Fix spelling in README by @robinschneider in Masterminds/semver#222

Adding go build cache to fuzz output by @mattfarina in Masterminds/semver#232

Add caching to fuzz testing by @mattfarina in Masterminds/semver#234

updating github actions by @mattfarina in Masterminds/semver#235

feat: nil version equality by @KnutZuidema in Masterminds/semver#213

add >= and <= by @grosser in Masterminds/semver#238

doc: hyphen range constraint without whitespace by @johnnychen94 in Masterminds/semver#216

Removing reference to vert by @mattfarina in Masterminds/semver#245

simplify StrictNewVersion by @grosser in Masterminds/semver#241

Updating the testing version of Go used by @mattfarina in Masterminds/semver#246

bumping min version in go.mod based on what's tested by @mattfarina in Masterminds/semver#248

Updating changelog for 3.3.0 by @mattfarina in Masterminds/semver#249

New Contributors

@sdelicata made their first contribution in Masterminds/semver#226

@robinschneider made their first contribution in Masterminds/semver#222

@KnutZuidema made their first contribution in Masterminds/semver#213

@grosser made their first contribution in Masterminds/semver#238

@johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

3.3.0 (2024-08-27)

Added

#238: Add LessThanEqual and GreaterThanEqual functions (thanks @grosser)

#213: nil version equality checking (thanks @KnutZuidema)

Changed

#241: Simplify StrictNewVersion parsing (thanks @grosser)

Testing support up through Go 1.23

Minimum version set to 1.21 as this is what's tested now

Fuzz testing now supports caching

Commits

1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
252dd61 Fix for allowing some version that were invalid
e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
e80c4ea Updating changelog for 3.3.0
80427ad Merge pull request #248 from mattfarina/bump-min-version
b610837 bumping min version in go.mod based on what's tested
a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
7c178cf Updating the testing version of Go used
29f94c1 Merge pull request #241 from grosser/grosser/validate
2cf1b16 Merge pull request #245 from mattfarina/remove-vert
Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.29.2 to 5.34.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.34.0

What's Changed

Bump c/storage to v1.56.0, c/image to v5.33.0 by @TomSweeneyRedHat in containers/image#2625

Update stubs to match signature of actual methods by @SpangleLabs in containers/image#2541

docker: add check for too many parts by @giuseppe in containers/image#2619

fix(deps): update module golang.org/x/crypto to v0.29.0 by @renovate in containers/image#2624

fix(deps): update module golang.org/x/oauth2 to v0.24.0 by @renovate in containers/image#2626

chore(deps): update dependency golangci/golangci-lint to v1.62.0 by @renovate in containers/image#2630

chore(deps): update dependency containers/automation_images to v20241107 by @renovate in containers/image#2631

fix(deps): update module github.com/sigstore/sigstore to v1.8.10 by @renovate in containers/image#2601

fix(deps): update module github.com/sylabs/sif/v2 to v2.20.0 by @renovate in containers/image#2611

docker: drop use of external distribution challenge pkg by @flavianmissi in containers/image#2629

Merge tag 'v5.33.0' into main by @mtrmac in containers/image#2634

Improve an error message by @mtrmac in containers/image#2595

Propagate CompressedDigest/CompressedSize when reusing data from another layer by @mtrmac in containers/image#2583

chore(deps): update dependency golangci/golangci-lint to v1.62.2 by @renovate in containers/image#2640

fix(deps): update module github.com/proglottis/gpgme to v0.1.4 by @renovate in containers/image#2638

fix(deps): update module github.com/stretchr/testify to v1.10.0 by @renovate in containers/image#2639

Two small lint updates by @mtrmac in containers/image#2642

Use testify's ErrorAs to simplify tests a bit by @mtrmac in containers/image#2641

Fix excessive memory and disk usage when sharing layers by @mtrmac in containers/image#2636

Fix a missing s.lock.Unlock() on an error path by @mtrmac in containers/image#2643

In pulls, compute DiffIDs earlier, and also for v2s2 by @mtrmac in containers/image#2635

Update module golang.org/x/sync to v0.10.0 by @renovate in containers/image#2650

Update golang.org/x/exp digest to 2d47ceb by @renovate in containers/image#2648

Update module golang.org/x/term to v0.27.0 by @renovate in containers/image#2651

Update module golang.org/x/crypto to v0.30.0 by @renovate in containers/image#2652

Update module github.com/docker/docker to v27.4.0+incompatible by @renovate in containers/image#2654

Update module github.com/docker/cli to v27.4.0+incompatible by @renovate in containers/image#2653

Update module golang.org/x/crypto to v0.31.0 by @renovate in containers/image#2655

Update module github.com/sylabs/sif/v2 to v2.20.1 by @renovate in containers/image#2656

Update module github.com/sigstore/sigstore to v1.8.11 by @renovate in containers/image#2657

Update module github.com/secure-systems-lab/go-securesystemslib to v0.9.0 by @renovate in containers/image#2658

Update module github.com/containers/ocicrypt to v1.2.1 by @renovate in containers/image#2659

Update module github.com/docker/docker to v27.4.1+incompatible by @renovate in containers/image#2662

Update module github.com/sylabs/sif/v2 to v2.20.2 by @renovate in containers/image#2660

Update module github.com/docker/cli to v27.4.1+incompatible by @renovate in containers/image#2661

Fix docker daemon on Windows trying to use https instead of http for named pipes by @brbayes-msft in containers/image#2666

Update dependency golangci/golangci-lint to v1.63.2 by @renovate in containers/image#2667

Update dependency golangci/golangci-lint to v1.63.3 by @renovate in containers/image#2668

Update dependency golangci/golangci-lint to v1.63.4 by @renovate in containers/image#2669

OCI layout extensions by @vrothberg in containers/image#2633

Update module golang.org/x/term to v0.28.0 by @renovate in containers/image#2671

Update module golang.org/x/oauth2 to v0.25.0 by @renovate in containers/image#2670

Update module golang.org/x/crypto to v0.32.0 by @renovate in containers/image#2674

Update module github.com/vbauerster/mpb/v8 to v8.9.1 by @renovate in containers/image#2675

Add a comment justifying lack of unit test coverage by @mtrmac in containers/image#2673

Move JSONFormatToInvalidSignatureError to an unconditionally-included file by @mtrmac in containers/image#2632

Update dependency containers/automation_images to v20250107 by @renovate in containers/image#2677

Update module github.com/sigstore/sigstore to v1.8.12 by @renovate in containers/image#2678

... (truncated)

Commits

51a5d96 Bump to c/image v5.34.0
771660e Bump c/storage to v1.57.1
7f0e59d Merge pull request #2696 from Luap99/ENOENT
3f17e2e ignore ENOENT errors when parsing .crt files
c9771a8 ignore ENOENT errors when parsing registries.conf.d files
1294122 ignore ENOENT errors when parsing registries.d files
b5c6aff Merge pull request #2693 from containers/renovate/github.com-docker-docker-27.x
1683fc2 Update module github.com/docker/docker to v27.5.1+incompatible
16f7e1e Merge pull request #2692 from containers/renovate/github.com-docker-cli-27.x
30f0d87 Update module github.com/docker/cli to v27.5.1+incompatible
Additional commits viewable in compare view

Updates github.com/fluxcd/go-git-providers from 0.15.0 to 0.22.0

Release notes

Sourced from github.com/fluxcd/go-git-providers's releases.

v0.22.0

CHANGELOG

PR #304 Update crypto dependencies

PR #303 Skip running e2e tests on dependabot PRs

PR #302 Bump github/codeql-action from 3.27.4 to 3.27.6 in the ci group across 1 directory

PR #300 Upgrade go-github and go-gitlab

PR #299 Bump the ci group across 1 directory with 4 updates

PR #291 Bump github/codeql-action from 3.26.5 to 3.26.7 in the ci group across 1 directory

v0.21.0

CHANGELOG

PR #289 Build with Go 1.23

PR #288 Bump github/codeql-action from 3.26.3 to 3.26.5 in the ci group

PR #287 Bump the ci group across 1 directory with 2 updates

PR #286 Update dependencies

PR #280 Bump the ci group across 1 directory with 3 updates

PR #277 build(deps): bump the ci group across 1 directory with 3 updates

PR #275 build(deps): bump the ci group across 1 directory with 2 updates

PR #273 build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0

PR #272 build(deps): bump actions/checkout from 4.1.2 to 4.1.3 in the ci group

v0.20.1

CHANGELOG

PR #271 Update go-github to v61

v0.20.0

CHANGELOG

PR #270 Update dependencies to Go 1.22

PR #266 build(deps): bump the ci group with 2 updates

PR #265 Update Soule BA Affiliation

PR #263 Change Max's affiliation to Associmates

PR #262 Change Stefan Prodan's affiliation to ControlPlane

v0.19.3

CHANGELOG

PR #261 Adapt workflows

PR #260 build(deps): bump the ci group with 2 updates

PR #259 Updating dependencies and fix go-git CVE

PR #257 changing Soule info

PR #256 github: fix defer in for loop

v0.19.2

CHANGELOG

PR #254 Updating dependencies

PR #253 build(deps): bump the ci group with 1 update

v0.19.1

CHANGELOG

PR #252 build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0

... (truncated)

Commits

983e325 Merge pull request #304 from fluxcd/go-crypto-v1.1.3
b09f396 Update crypto dependencies
ecae3bd Merge pull request #302 from fluxcd/dependabot/github_actions/ci-7f6d3396cb
7ce1585 Merge pull request #303 from fluxcd/fix-e2e
6f33a55 Skip running e2e tests on dependabot PRs
01302c5 Bump github/codeql-action in the ci group across 1 directory
c775464 Merge pull request #300 from fluxcd/update-go-github-66
50cb2ce Upgrade go-github and go--gitlab
5b40e54 Merge pull request #299 from fluxcd/dependabot/github_actions/ci-8f05065d8c
972638e Bump the ci group across 1 directory with 4 updates
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.5.2 to 0.16.0

Commits

91eda6e Merge pull request #694 from fluxcd/git-deps-up
2a64584 Use gomega in sourceignore
46577cd Update golang.org dependencies
e6b6af7 Merge pull request #685 from knutgoetz/chore/gogit/delete-gogiterror-function
cbc2172 Delete obsolete goGitError function
02723c3 Merge pull request #693 from fluxcd/go-git-v5.10.1
3715de1 Update go-git to v5.10.1
ce91255 Merge pull request #692 from fluxcd/ssa-nits
8fc4505 ssa: prevent unnecessary DeepCopy
cc07605 Merge pull request #691 from fluxcd/jsondiff-include-obj
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.10.0

Commits

2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
a6353b2 Add healthcheck expressions to kustomize types
af0f283 Merge pull request #859 from fluxcd/cel-meta
1178930 Add InvalidCELExpressionReason to apis/meta
f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
70e88cb Update dependencies
f59d360 Merge pull request #850 from kane8n/support-sparse-checkout
a033d2f support sparse checkout
528bc56 Merge pull request #856 from fluxcd/get-revision
a189152 Add GetRevision() to Event API
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.35.0 to 0.53.0

Commits

c964ce7 Merge pull request #858 from fluxcd/custom-healthchecks-impl
62d235c Add CEL library with custom healthchecks to runtime
243510f Merge pull request #863 from fluxcd/dependabot/github_actions/ci-83dfb6cda2
3cffbeb build(deps): bump the ci group across 1 directory with 3 updates
2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
a6353b2 Add healthcheck expressions to kustomize types
af0f283 Merge pull request #859 from fluxcd/cel-meta
1178930 Add InvalidCELExpressionReason to apis/meta
f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
70e88cb Update dependencies
Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.4.1

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.4.1

Changelog

v1.4.1 changelog

Container images

docker.io/fluxcd/source-controller:v1.4.1

ghcr.io/fluxcd/source-controller:v1.4.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0

Changelog

v1.4.0 changelog

Container images

docker.io/fluxcd/source-controller:v1.4.0

ghcr.io/fluxcd/source-controller:v1.4.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.3.0

Changelog

v1.3.0 changelog

Container images

docker.io/fluxcd/source-controller:v1.3.0

ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.4.1

Release date: 2024-09-26

This patch release comes with a fix to the GitRepository API to keep it backwards compatible by removing the default value for .spec.provider field when not set in the API. The controller will internally consider an empty value for the provider as the generic provider.

Fix:

GitRepo: Remove provider default value from API #1626

1.4.0

Release date: 2024-09-25

This minor release promotes the Bucket API to GA, and comes with new features, improvements and bug fixes.

Bucket

The Bucket API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

Bucket API now supports proxy through the field .spec.proxySecretRef and custom TLS client certificate and CA through the field .spec.certSecretRef.

Bucket API now also supports specifying a custom STS configuration through the field .spec.sts. This is currently only supported for the providers generic and aws. When specifying a custom STS configuration one must specify which STS provider to use. For the generic bucket provider we support the ldap STS provider, and for the aws bucket provider we support the aws STS provider. For the aws STS provider, one may use the default main STS endpoint, or the regional STS endpoints, or even an interface endpoint.

OCIRepository

OCIRepository API now supports proxy through the field .spec.proxySecretRef.

Warning: Proxy is not supported for cosign keyless verification.

GitRepository

GitRepository API now supports OIDC authentication for Azure DevOps repositories through the field .spec.provider using the value azure. See the docs for details here.

In addition, the Kubernetes dependencies have been updated to v1.31.1, Helm has been updated to v3.16.1 and various other controller dependencies have been updated to their latest version. The controller is now built with Go 1.23.

Fixes:

helm: Use the default transport pool to preserve proxy settings #1490

Fix incorrect use of format strings with the conditions package. #1529

Fix HelmChart local dependency resolution for name-based path #1539

... (truncated)

Commits

50035c6 Merge pull request #1628 from fluxcd/release-v1.4.1
c2b6b39 Release v1.4.1
a2658ba Add changelog entry for v1.4.1
a485ed4 Merge pull request #1627 from fluxcd/backport-1626-to-release/v1.4.x
0e4f558 GitRepo: Remove provider default value from API
e6e2b15 Merge pull request #1620 from fluxcd/release-v1.4.0
e920838 Release v1.4.0
c796f52 Add changelog entry for v1.4.0
03889fe Merge pull request #1618 from fluxcd/dependabot/go_modules/go-deps-a9e873101f
32bc10c build(deps): bump the go-deps group across 1 directory with 3 updates
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.12.0

What's Changed

git: Worktree.AddWithOptions: add skipStatus option when providing a specific path by @moranCohen26 in go-git/go-git#994

git: Signer: fix usage of crypto.Signer interface by @wlynch in go-git/go-git#1029

git: Remote, fetch, adds the prune option. by @juliens in go-git/go-git#366

git: Add crypto.Signer option to CommitOptions. by @wlynch in go-git/go-git#996

git: Worktree checkout tag hash id (#959) by @aymanbagabas in go-git/go-git#966

git: Worktree, Don't panic on empty or root path when checking if it is valid by @tim775 in go-git/go-git#1042

git: Add commit validation for Reset by @pjbgf in go-git/go-git#1048

git: worktree_commit, Fix amend commit to apply changes. Fixes #1024 by @onee-only in go-git/go-git#1045

git: Implement Merge function with initial FastForwardMerge support by @pjbgf in go-git/go-git#1044

plumbing: object, Make first commit visible on logs filtered with filename. Fixes #191 by @onee-only in go-git/go-git#1036

plumbing: no panic in printStats function. Fixes #177 by @nodivbyzero in go-git/go-git#971

plumbing: object, Optimize logging with file. by @onee-only in go-git/go-git#1046

plumbing: object, check legitimacy in (*Tree).Encode by @niukuo in go-git/go-git#967

plumbing: format/gitattributes, close file in ReadAttributesFile by @prskr in go-git/go-git#1018

plumbing: check setAuth error. Fixes #185 by @nodivbyzero in go-git/go-git#969

plumbing: object, fix variable defaultUtf8CommitMessageEncoding name spell error by @Jerry-yz in go-git/go-git#987

utils: merkletrie, calculate filesystem node's hash lazily. by @candid82 in go-git/go-git#825

utils: update comment in node.go's Hash() by @codablock in go-git/go-git#992

_example: fix 404 link and added ssh-agent clone link by @grinish21 in go-git/go-git#1022

_example: checkout-branch example by @dlambda in go-git/go-git#446

_example: example for git clone using ssh-agent by @pjbgf in go-git/go-git#998

New Contributors

@candid82 made their first contribution in go-git/go-git#825

@codablock made their first contribution in go-git/go-git#992

@Jerry-yz made their first contribution in go-git/go-git#987

@wlynch made their first contribution in go-git/go-git#996

@moranCohen26 made their first contribution in go-git/go-git#994

@grinish21 made their first contribution in go-git/go-git#1022

@prskr made their first contribution in go-git/go-git#1018

@dlambda made their first contribution in go-git/go-git#446

@juliens made their first contribution in go-git/go-git#366

@onee-only made their first contribution in go-git/go-git#1036

@tim775 made their first contribution in go-git/go-git#1042

@niukuo made their first contribution in go-git/go-git#967

@avoidalone made their first contribution in go-git/go-git#1047

Full Changelog: go-git/go-git@v5.11.0...v5.12.0

Commits

302ddde Merge pull request #1060 from go-git/dependabot/go_modules/github.com/gliderl...
6bba34d build: bump github.com/gliderlabs/ssh from 0.3.6 to 0.3.7
feaeb36 Merge pull request #937 from matejrisek/feature/rename-short-fields
7959a42 Merge pull request #1052 from go-git/dependabot/go_modules/github.com/skeema/...
4c17ce7 build: bump github.com/skeema/knownhosts from 1.2.1 to 1.2.2
3f77e6f Merge pull request #1048 from pjbgf/fix-reset-validation
6af38e0 Merge pull request #1047 from avoidalone/master
e6c3e58 Merge pull request #1044 from pjbgf/ff-merge
04f7b23 *: fix some comments
f4f1a87 Merge pull request #971 from nodivbyzero/fix-177-diff-print-file-stats
Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

Fix lint: named but unused params by @thockin in go-logr/logr#268

Add a Go report card, fix lint by @thockin in go-logr/logr#271

funcr: Handle nested empty groups properly by @thockin in go-logr/logr#274

Dependencies:

build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in go-logr/logr#254

build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in go-logr/logr#256

build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in go-logr/logr#257

build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in go-logr/logr#259

build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in go-logr/logr#260

build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in go-logr/logr#263

build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in go-logr/logr#262

build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in go-logr/logr#264

build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in go-logr/logr#266

build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in go-logr/logr#267

build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in go-logr/logr#270

build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in go-logr/logr#272

build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in go-logr/logr#275

build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in go-logr/logr#276

build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in go-logr/logr#277

build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in go-logr/logr#278

build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in go-logr/logr#279

build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in go-logr/logr#280

build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in go-logr/logr#281

build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in go-logr/logr#282

build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in go-logr/logr#283

build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in go-logr/logr#284

build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in go-logr/logr#285

build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in go-logr/logr#286

build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in go-logr/logr#288

build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in go-logr/logr#289

build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in go-logr/logr#293

build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in go-logr/logr#292

build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in go-logr/logr#291

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in go-logr/logr#290

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in go-logr/logr#294

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in go-logr/logr#295

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

Commits

1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4

Bumps the go group with 12 updates: | Package | From | To | | --- | --- | --- | | code.gitea.io/sdk/gitea | `0.15.1` | `0.20.0` | | [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.2.1` | `3.3.1` | | [github.com/containers/image/v5](https://github.com/containers/image) | `5.29.2` | `5.34.0` | | [github.com/fluxcd/go-git-providers](https://github.com/fluxcd/go-git-providers) | `0.15.0` | `0.22.0` | | [github.com/fluxcd/pkg/apis/event](https://github.com/fluxcd/pkg) | `0.5.2` | `0.16.0` | | [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.1.2` | `1.10.0` | | [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.35.0` | `0.53.0` | | [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.1.0` | `1.4.1` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.11.0` | `5.12.0` | | [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.1` | `1.4.2` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.9.0` | `1.10.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.16.0` | `0.25.0` | Updates `code.gitea.io/sdk/gitea` from 0.15.1 to 0.20.0 Updates `github.com/Masterminds/semver/v3` from 3.2.1 to 3.3.1 - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.2.1...v3.3.1) Updates `github.com/containers/image/v5` from 5.29.2 to 5.34.0 - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.29.2...v5.34.0) Updates `github.com/fluxcd/go-git-providers` from 0.15.0 to 0.22.0 - [Release notes](https://github.com/fluxcd/go-git-providers/releases) - [Changelog](https://github.com/fluxcd/go-git-providers/blob/main/.goreleaser.yml) - [Commits](fluxcd/go-git-providers@v0.15.0...v0.22.0) Updates `github.com/fluxcd/pkg/apis/event` from 0.5.2 to 0.16.0 - [Commits](fluxcd/pkg@kustomize/v0.5.2...git/v0.16.0) Updates `github.com/fluxcd/pkg/apis/meta` from 1.1.2 to 1.10.0 - [Commits](fluxcd/pkg@apis/meta/v1.1.2...apis/meta/v1.10.0) Updates `github.com/fluxcd/pkg/runtime` from 0.35.0 to 0.53.0 - [Commits](fluxcd/pkg@oci/v0.35.0...runtime/v0.53.0) Updates `github.com/fluxcd/source-controller/api` from 1.1.0 to 1.4.1 - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](fluxcd/source-controller@v1.1.0...v1.4.1) Updates `github.com/go-git/go-git/v5` from 5.11.0 to 5.12.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.11.0...v5.12.0) Updates `github.com/go-logr/logr` from 1.4.1 to 1.4.2 - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.9.0...v1.10.0) Updates `golang.org/x/oauth2` from 0.16.0 to 0.25.0 - [Commits](golang/oauth2@v0.16.0...v0.25.0) --- updated-dependencies: - dependency-name: code.gitea.io/sdk/gitea dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/Masterminds/semver/v3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/go-git-providers dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/apis/event dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/apis/meta dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-02-02T23:08:24Z

Mend Scan Summary: ❌

Repository: open-component-model/git-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	6
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	2
LICENSE RISK HIGH	8
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

dependabot · 2025-02-06T16:06:01Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot requested a review from a team as a code owner February 2, 2025 23:07

dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Feb 2, 2025

hilmarf closed this Feb 6, 2025

dependabot bot deleted the dependabot/go_modules/go-ee5ed48c74 branch February 6, 2025 16:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the go group with 12 updates #179

chore(deps): bump the go group with 12 updates #179

Uh oh!

dependabot bot commented on behalf of github Feb 2, 2025

Uh oh!

github-actions bot commented Feb 2, 2025

Uh oh!

dependabot bot commented on behalf of github Feb 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): bump the go group with 12 updates #179

chore(deps): bump the go group with 12 updates #179

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 2, 2025

v3.3.1

What's Changed

v3.3.0

What's Changed

New Contributors

Changelog

3.3.0 (2024-08-27)

Added

Changed

v5.34.0

What's Changed

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.3

v0.19.2

v0.19.1

v1.4.1

Changelog

Container images

v1.4.0

Changelog

Container images

v1.3.0

Changelog

Container images

v1.2.5

Changelog

1.4.1

1.4.0

Bucket

OCIRepository

GitRepository

v5.12.0

What's Changed

New Contributors

v1.4.2

What's Changed

Dependencies:

Uh oh!

github-actions bot commented Feb 2, 2025

Mend Scan Summary: ❌

Repository: open-component-model/git-controller

Uh oh!

dependabot bot commented on behalf of github Feb 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants