chore(deps): bump the dependencies group with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates:

Package	From	To
github.com/sirupsen/logrus	1.9.0	1.9.3
github.com/docker/docker	24.0.5+incompatible	24.0.6+incompatible
github.com/moby/patternmatcher	0.5.0	0.6.0
golang.org/x/sys	0.11.0	0.12.0
golang.org/x/tools	0.12.0	0.13.0

Updates github.com/sirupsen/logrus from 1.9.0 to 1.9.3

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.3

• Fix a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines sirupsen/logrus@f9291a5 (re-apply sirupsen/logrus#1376)
• Fix panic in Writer sirupsen/logrus@d40e25c

Full Changelog: sirupsen/logrus@v1.9.2...v1.9.3

v1.9.2

• Revert sirupsen/logrus#1376, which introduced a regression in v1.9.1

Full Changelog: sirupsen/logrus@v1.9.1...v1.9.2

v1.9.1

What's Changed

• Fix data race in hooks.test package by @​FrancoisWagner in sirupsen/logrus#1362
• Add instructions to use different log levels for local and syslog by @​tommyblue in sirupsen/logrus#1372
• This commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by @​ozfive in sirupsen/logrus#1376
• Use text when shows the logrus output by @​xieyuschen in sirupsen/logrus#1339

New Contributors

• @​FrancoisWagner made their first contribution in sirupsen/logrus#1362
• @​tommyblue made their first contribution in sirupsen/logrus#1372
• @​ozfive made their first contribution in sirupsen/logrus#1376
• @​xieyuschen made their first contribution in sirupsen/logrus#1339

Full Changelog: sirupsen/logrus@v1.9.0...v1.9.1

Commits

• d40e25c fix panic in Writer
• f9291a5 Revert "Revert "Merge pull request #1376 from ozfive/master""
• 352781d Revert "Merge pull request #1376 from ozfive/master"
• b30aa27 Merge pull request #1339 from xieyuschen/patch-1
• 6acd903 Merge pull request #1376 from ozfive/master
• 105e63f Merge pull request #1 from ashmckenzie/ashmckenzie/fix-writer-scanner
• c052ba6 Scan text in 64KB chunks
• e59b167 Merge pull request #1372 from tommyblue/syslog_different_loglevels
• 766cfec This commit fixes a potential denial of service vulnerability in logrus.Write...
• 70234da Add instructions to use different log levels for local and syslog
• Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.5+incompatible to 24.0.6+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.6

24.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.6 milestone
• moby/moby, 24.0.6 milestone

Bug fixes and enhancements

• containerd storage backend: Fix docker ps failing when a container image is no longer present in the content store. moby/moby#46095
• containerd storage backend: Fix docker ps -s -a and docker container prune failing when a container image config is no longer present in the content store. moby/moby#46097
• containerd storage backend: Fix docker inspect failing when a container image config is no longer (or was never) present in the content store. moby/moby#46244
• containerd storage backend: Fix diff and export with the overlayfs snapshotter by using reference-counted rootfs mounts. moby/moby#46266
• containerd storage backend: Fix a misleading error message when the image platforms available locally do not match the desired platform. moby/moby#46300
• containerd storage backend: Fix the FROM scratch Dockerfile instruction with the classic builder. moby/moby#46302
• containerd storage backend: Fix mismatched image rootfs and manifest layers errors with the classic builder. moby/moby#46310
• Warn when pulling Docker Image Format v1, and Docker Image manifest version 2, schema 1 images from all registries. moby/moby#46290
• Fix live-restore of volumes with custom volume options. moby/moby#46366
• Fix incorrectly dropping capabilities bits when running a container as a non-root user (note: this change was already effectively present due to a regression). moby/moby#46221
• Fix network isolation iptables rules preventing IPv6 Neighbor Solicitation packets from being exchanged between containers. moby/moby#46214
• Fix dockerd.exe --register-service not working when the binary is in the current directory on Windows. moby/moby#46215
• Add a hint suggesting the use of a PAT to docker login against Docker Hub. docker/cli#4500
• Improve shell startup time for users of Bash completion for the CLI. docker/cli#4517
• Improve the speed of some commands by skipping GET /_ping when possible. docker/cli#4508
• Fix credential scopes when using a PAT to docker manifest inspect an image on Docker Hub. docker/cli#4512
• Fix docker events not supporting --format=json. docker/cli#4544

Packaging updates

• Upgrade Go to go1.20.7. moby/moby#46140, docker/cli#4476, docker/docker-ce-packaging#932
• Upgrade containerd to v1.7.3 (static binaries only). moby/moby#46103
• Upgrade Compose to v2.21.0. docker/docker-ce-packaging#936

Commits

• 1a79695 Merge pull request #46366 from thaJeztah/24.0_backport_volume-local-restore-m...
• c35376c volume/local: Don't unmount, restore mounted status
• 5d4cc0b integration/liveRestore: Check volume content
• c78abd9 Merge pull request #46330 from thaJeztah/24.0_backport_api_docs_update_urls
• 6282d95 Merge pull request #46331 from thaJeztah/24.0_backport_update_golangci_lint
• 1d983e2 update golangci-lint to v1.54.2
• d2e9a19 CONTRIBUTING.md: update links to golang docs and blog
• 73f6053 api: swagger: update link to Go documentation
• de13951 docs/api: update links to Go documentation
• 7741a89 Merge pull request #46325 from thaJeztah/24.0_backport_hack_less_redirects
• Additional commits viewable in compare view

Updates github.com/moby/patternmatcher from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/moby/patternmatcher's releases.

v0.6.0

This release integrates the "frontend/dockerfile/dockerignore" package from github.com/moby/buildkit at commit 9da03ce42beb47d0d0a34c68ea90cac793b79851

What's Changed

• gha: update golangci-lint to v1.54, actions/setup-go@v4, and go1.20.x moby/patternmatcher#2
• integrate frontend/dockerfile/dockerignore from BuildKit moby/patternmatcher#1

Full Changelog: moby/patternmatcher@v0.5.0...v0.6.0

Commits

• 347bb8d Merge pull request #1 from thaJeztah/integrate_dockerignore
• 36a4227 integrate frontend/dockerfile/dockerignore from buildkit
• 8a1649d Merge pull request #2 from thaJeztah/update_go_versions
• c512fc5 gha: test against go1.20.x
• 2345cde gha: update actions/setup-go@v4
• 555cf69 gha: update golangci-lint to v1.53.x
• 666020c frontend/dockerfile/dockerignore: remove hard-coded filename from error
• dba575f frontend/dockerfile/dockerignore: touch-up godoc and code
• 318a4a5 frontend/dockerfile/dockerignore: cleanup unit test
• 00aab4f chore: refactor dockerfile to use errors pkg
• Additional commits viewable in compare view

Updates golang.org/x/sys from 0.11.0 to 0.12.0

Commits

• 5154691 unix/linux: update to gcc 13.2.0, qemu 8.0.3 for loong64 and and Go 1.21.0 fo...
• e8190d9 windows: don't check non-existent return code in GetStartupInfo
• ad02017 windows: use SyscallN in mkwinsyscall
• 7023367 cpu: remove repetitive word
• eabbd5c cpu: add support for amx detection
• 552c4e8 unix: avoid setting O_NONBLOCK needlessly by checking flags beforehand
• ee57887 unix: add SchedSetAttr and SchedGetAttr for Linux
• 60ecf13 windows: add TimeBeginPeriod and TimeEndPeriod syscalls
• See full diff in compare view

Updates golang.org/x/tools from 0.12.0 to 0.13.0

Release notes

Sourced from golang.org/x/tools's releases.

gopls/v0.13.0

These are release notes are identical to that of [email protected]. Thanks to all who tested the prerelease!

go install golang.org/x/tools/[email protected]

This release fixes several bugs and mitigates a few performance regressions. It also somewhat reduces the latency and CPU cost of most operations, and includes a few small additional features.

Performance improvements

While [email protected] drastically reduced memory usage, several operations got around 50% slower due to additional I/O reading from the filesystem and time spent decoding indexes. This release optimizes those additional operations to (in most cases) achieve parity or better with the equivalent operation in [email protected]. Additionally, this release reduces total CPU while typing or performing common operations.

Faster code actions

This release includes a particularly large performance improvement in the evaluation of code actions (including formatting/goimports on save). In the past, there have been several reasons why this operation was expensive -- VS Code users may recognize the getting code actions from "Go" pop-up. This release fundamentally changes the way code actions are evaluated so that almost all of the work is pre-computed. As a result, formatting and adding or removing imports on save should be much faster.

Analysis performance

A notable exception to CPU performance parity with [email protected] is running static analysis. In this case, the additional cost incurred by [email protected] was not a regression, but rather the cost of analyzing many more packages to enable "deep" static analysis (see "Improved static analysis" in the [email protected] release notes.

In smaller repositories, the cost of this additional analysis is negligible -- analysis does not run until you stop typing, and typically just re-evaluates the changed package. However, it was discovered that in large workspaces that import low-level packages with a very large API surface (such as a cloud provider SDK or proto library), certain quadratic factors involved with the encoding/decoding of analysis results can dominate the cost of analysis, and result in enormous resource consumption: overloading the CPU and exhausting all memory.

This release partially mitigates those quadratic factors, significantly reducing their cost and limiting concurrency so that they do not exhaust all resources. However, fully eliminating these factors will require additional work to fix their quadratic nature. Until that is done, analysis may continue to be costly on certain repos, especially if "staticcheck" is enabled (because staticcheck does more deep analysis than the default set of analyzers).

In the meantime, a notification is added to make you aware when analysis is slow, and provide an update on the progress of indexing "deep" analysis results. Canceling this notification will cancel the ongoing analysis, but it will resume after the next change. If you don't want to see these notifications, you can set the new "analysisProgressReporting" setting to "false". .

New Features

Highlight deprecated symbols

Deprecated symbols and packages are now marked as such. To turn off this feature, disable the "deprecated" analysis.

Stub methods to fix missing method errors

The "stubmethods" refactoring is now available as a quick-fix for errors related to missing methods.

Improvements to function extraction

Function extraction now puts context.Context parameters first in the resulting extracted function. See golang/go#60738 for details.

Improvements to the embeddirective analyzer

The embed directive analyzer now verifies the location of //go:embed directives, and provides a quick-fix to add missing "embed" imports.

... (truncated)

Commits

• b5e55d1 go/analysis/analysistest: give better hint in SuggestedFix assertion
• a807ccf go.mod: update golang.org/x dependencies
• 21090a2 gopls/internal/lsp/cache: use persistent.Set in a couple places
• 38b898b internal/persistent: add Set
• 44f7796 gopls: add and enable the slog analyzer
• 2c6ba93 gopls: tidy for 1.17+
• 5a96569 gopls/internal/lsp/cmd: don't use x/exp/slices
• 77c6ac6 gopls/internal/telemetry: don't schedule the next upload
• 010e045 internal/persistent: use generics
• a1a928d gopls: remove dead code
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions