Bump the go-modules group across 1 directory with 24 updates #130

dependabot · 2024-10-01T01:11:48Z

Bumps the go-modules group with 19 updates in the / directory:

Package	From	To
github.com/Netflix/go-env	`0.0.1`	`0.1.0`
github.com/docker/cli	`27.1.2+incompatible`	`27.3.1+incompatible`
github.com/klauspost/compress	`1.17.9`	`1.17.10`
github.com/onsi/gomega	`1.34.1`	`1.34.2`
github.com/paketo-buildpacks/occam	`0.18.7`	`0.18.8`
github.com/paketo-buildpacks/packit/v2	`2.14.2`	`2.15.0`
github.com/sylabs/sif/v2	`2.18.0`	`2.19.1`
golang.org/x/crypto	`0.26.0`	`0.27.0`
golang.org/x/net	`0.28.0`	`0.29.0`
github.com/Masterminds/semver/v3	`3.2.1`	`3.3.0`
github.com/Masterminds/sprig/v3	`3.2.3`	`3.3.0`
github.com/Microsoft/hcsshim	`0.12.5`	`0.12.7`
github.com/cloudflare/circl	`1.3.9`	`1.4.0`
github.com/containerd/errdefs	`0.1.0`	`0.2.0`
github.com/cpuguy83/dockercfg	`0.3.1`	`0.3.2`
github.com/cyphar/filepath-securejoin	`0.3.1`	`0.3.3`
github.com/vbatts/tar-split	`0.11.5`	`0.11.6`
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	`0.53.0`	`0.55.0`
golang.org/x/mod	`0.20.0`	`0.21.0`

Updates github.com/Netflix/go-env from 0.0.1 to 0.1.0

Release notes

Sourced from github.com/Netflix/go-env's releases.

v0.1.0

What's Changed

Slice support by @jimmykodes in Netflix/go-env#13

Full Changelog: Netflix/go-env@v0.0.2...v0.1.0

v0.0.2

What's Changed

Remove Go minor revision specification by @francesconi in Netflix/go-env#26

New Contributors

@francesconi made their first contribution in Netflix/go-env#26

Full Changelog: Netflix/go-env@v0.0.1...v0.0.2

Commits

131cef9 Slice support (#13)
e66d55a Remove go minor revision specification (#26)
See full diff in compare view

Updates github.com/docker/cli from 27.1.2+incompatible to 27.3.1+incompatible

Commits

ce12230 Merge pull request #5462 from thaJeztah/27.x_backport_bump_compose
263ba95 Merge pull request #5461 from laurazard/27.x-backport-update-VERSION
be9b9f3 Update VERSION file to v27.3.1-dev
a4149b0 Dockerfile: update compose to v2.29.7
4aac415 Merge pull request #5458 from thaJeztah/27.x_bump_engine3
8546958 vendor: github.com/docker/docker v27.3.0
f052003 Merge pull request #5457 from laurazard/backport-dropped-defer
460f1be telemetry: fix early meterprovider shutdown
e85edf8 Merge pull request #5452 from laurazard/27.3.0-match-moby-version
ca62759 vendor: github.com/docker/docker v27.3.0-rc2
Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.17.9 to 1.17.10

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.10

What's Changed

gzhttp: Add TransportAlwaysDecompress option. by @klauspost in klauspost/compress#978

s2: Add EncodeBuffer buffer recycling callback by @klauspost in klauspost/compress#982

zstd: Improve memory usage on small streaming encodes by @klauspost in klauspost/compress#1007

gzhttp: Add supported decompress request body by @mirecl in klauspost/compress#1002

flate: read data written with partial flush by @vajexal in klauspost/compress#996

ci: Upgrade Go & other by @klauspost in klauspost/compress#1008

docs: Small typofix in comment by @Jille in klauspost/compress#976

build(deps): bump the github-actions group with 2 updates by @dependabot in klauspost/compress#979

docs: Fix URL typo when installing builddict by @Wikidepia in klauspost/compress#980

build(deps): bump the github-actions group with 2 updates by @dependabot in klauspost/compress#985

Fix typos by @deining in klauspost/compress#986

build(deps): bump github/codeql-action from 3.25.15 to 3.26.6 in the github-actions group by @dependabot in klauspost/compress#997

New Contributors

@Wikidepia made their first contribution in klauspost/compress#980

@deining made their first contribution in klauspost/compress#986

@vajexal made their first contribution in klauspost/compress#996

@mirecl made their first contribution in klauspost/compress#1002

Full Changelog: klauspost/compress@v1.17.9...v1.17.10

Commits

2a46d6b Update README.md
4dafca9 ci: Upgrade Go & other (#1008)
26519f8 zstd: Improve memory usage on small streaming encodes (#1007)
51aa0ec [gzhttp] Add supported decompress request body (#1002)
13c1244 build(deps): bump github/codeql-action in the github-actions group (#997)
62905e4 read data written with partial flush (#996)
3868468 Fix typos (#986)
8b81499 build(deps): bump the github-actions group with 2 updates (#985)
d76f801 s2: Add EncodeBuffer buffer recycling callback (#982)
cfab8bd docs: Fix URL typo when installing builddict (#980)
Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.34.1 to 1.34.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.2

1.34.2

Require Go 1.22+

Maintenance

bump ginkgo as well [c59c6dc]

bump to go 1.22 - remove x/exp dependency [8158b99]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.2

Require Go 1.22+

Maintenance

bump ginkgo as well [c59c6dc]

bump to go 1.22 - remove x/exp dependency [8158b99]

Commits

7cabed6 v1.34.2
c59c6dc bump ginkgo as well
8158b99 bump to go 1.22 - remove x/exp dependency
See full diff in compare view

Updates github.com/paketo-buildpacks/occam from 0.18.7 to 0.18.8

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.8

What's Changed

Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 by @dependabot in paketo-buildpacks/occam#309

Updates go mod toolchain version to 1.22.5 by @paketo-bot in paketo-buildpacks/occam#313

Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @dependabot in paketo-buildpacks/occam#315

Updates github-config by @paketo-bot in paketo-buildpacks/occam#316

Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @dependabot in paketo-buildpacks/occam#317

Updates go mod version to 1.22.5 by @paketo-bot in paketo-buildpacks/occam#318

Bump github.com/onsi/gomega from 1.33.1 to 1.34.0 by @dependabot in paketo-buildpacks/occam#321

Bump github.com/onsi/gomega from 1.34.0 to 1.34.1 by @dependabot in paketo-buildpacks/occam#322

Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @dependabot in paketo-buildpacks/occam#323

Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1 by @dependabot in paketo-buildpacks/occam#324

Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2 by @dependabot in paketo-buildpacks/occam#326

Updates go mod version to 1.22.6 by @paketo-bot in paketo-buildpacks/occam#325

Updates go mod version to 1.23.0 by @paketo-bot in paketo-buildpacks/occam#328

Bump docker to version 26.1.5 to fix CVE-2024-41110 by @jericop in paketo-buildpacks/occam#331

New Contributors

@jericop made their first contribution in paketo-buildpacks/occam#331

Full Changelog: paketo-buildpacks/occam@v0.18.7...v0.18.8

Commits

1193f3c Bump docker to version 26.1.5 to fix CVE-2024-41110
5cd4ede Updates go mod version to 1.23.0
2e5b930 Updates go mod version to 1.22.6
815b014 Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2
74a79fb Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1
90134a5 Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2
653a6fb Bump github.com/onsi/gomega from 1.34.0 to 1.34.1
ed0e429 Bump github.com/onsi/gomega from 1.33.1 to 1.34.0
f467245 Updates go mod version to 1.22.5
c97acf2 Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1
Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.14.2 to 2.15.0

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.15.0

What's Changed

Updates github-config by @paketo-bot in paketo-buildpacks/packit#597

SyftCLIScanner: support SBOM generation with syft CLI by @arjun024 in paketo-buildpacks/packit#602

Full Changelog: paketo-buildpacks/packit@v2.14.2...v2.15.0

Commits

1ab5b00 SyftCLIScanner: support SBOM generation with syft CLI
884a7b7 Update to fix linter
c3a3e6a Updating github-config
See full diff in compare view

Updates github.com/sylabs/sif/v2 from 2.18.0 to 2.19.1

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.19.1

What's Changed

chore: bump golangci-lint to v1.60 by @tri-adam in sylabs/sif#383

fix: correct the range check for descriptor IDs by @tri-adam in sylabs/sif#384

Full Changelog: sylabs/sif@v2.19.0...v2.19.1

v2.19.0

This release drops support for Go 1.21.

What's Changed

build(deps): bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @dependabot in sylabs/sif#378

build(deps): bump github.com/sebdah/goldie/v2 from 2.5.3 to 2.5.5 by @dependabot in sylabs/sif#379

build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @dependabot in sylabs/sif#380

chore: bump module to Go 1.22 by @tri-adam in sylabs/sif#382

build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 by @dependabot in sylabs/sif#381

Full Changelog: sylabs/sif@v2.18.0...v2.19.0

Commits

1ed3ce5 Merge pull request #384 from tri-adam/overflow-fix
6f00aba fix: check descriptor capacity during SIF creation
c1fcc37 fix: correct the range check for descriptor IDs
fd8a090 Merge pull request #383 from tri-adam/golangci-lint-v1.60
d2a9ddc fix: address lint with golangci-lint v1.60
f4453b3 ci: remove deprecated exportloopref linter
dd77d01 chore: bump golangci-lint to v1.60
518b3a3 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 (#381)
afa5a4e Merge pull request #382 from tri-adam/go-1.23
9a07943 chore: bump module to Go 1.22
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.26.0 to 0.27.0

Commits

c9da6b9 all: fix printf(var) mistakes detected by latest printf checker
b35ab4f go.mod: update golang.org/x dependencies
bcb0f91 internal/poly1305: Port sum_amd64.s to Avo
7eace71 chacha20poly1305: Avo port of chacha20poly1305_amd64.s
620dfbc salsa20/salsa: Port salsa20_amd64.s to Avo
82942cf blake2b: port blake2b_amd64.s to Avo
0484c26 blake2b: port blake2bAVX2_amd64.s to Avo
38ed1bc blake2s: port blake2s_amd64.s to Avo
38a0b5d argon2: Avo port of blamka_amd64.s
bf5f14f x509roots/fallback: update bundle
Additional commits viewable in compare view

Updates golang.org/x/net from 0.28.0 to 0.29.0

Commits

35b4aba go.mod: update golang.org/x dependencies
9bf379f websocket: fix printf(var) mistake detected by latest printf checker
See full diff in compare view

Updates golang.org/x/sys from 0.24.0 to 0.25.0

Commits

a43b625 windows: add SIO_UDP_NETRESET constant
ed67b15 windows: add console codepage api
9cb830b unix: add missing import to syscall_hurd.go
71132f5 unix: add POLLRDHUP to FreeBSD
3283fc3 cpu: add support for detecting RISC-V extensions
29e55b2 unix: use os.Executable rather than os.Args[0] in tests
a8c5219 unix: rename XDPUmemReg field back to Size
59665e5 unix: add Connectx for darwin
a0c72ef unix: add f_flag member flags on z/OS
c64c51d unix: update riscv64 hwprobe to Linux kernel 6.10
Additional commits viewable in compare view

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

Fix: bad package in README by @sdelicata in Masterminds/semver#226

Updating the GitHub Actions and versions of Go used by @mattfarina in Masterminds/semver#229

Fix spelling in README by @robinschneider in Masterminds/semver#222

Adding go build cache to fuzz output by @mattfarina in Masterminds/semver#232

Add caching to fuzz testing by @mattfarina in Masterminds/semver#234

updating github actions by @mattfarina in Masterminds/semver#235

feat: nil version equality by @KnutZuidema in Masterminds/semver#213

add >= and <= by @grosser in Masterminds/semver#238

doc: hyphen range constraint without whitespace by @johnnychen94 in Masterminds/semver#216

Removing reference to vert by @mattfarina in Masterminds/semver#245

simplify StrictNewVersion by @grosser in Masterminds/semver#241

Updating the testing version of Go used by @mattfarina in Masterminds/semver#246

bumping min version in go.mod based on what's tested by @mattfarina in Masterminds/semver#248

Updating changelog for 3.3.0 by @mattfarina in Masterminds/semver#249

New Contributors

@sdelicata made their first contribution in Masterminds/semver#226

@robinschneider made their first contribution in Masterminds/semver#222

@KnutZuidema made their first contribution in Masterminds/semver#213

@grosser made their first contribution in Masterminds/semver#238

@johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

#238: Add LessThanEqual and GreaterThanEqual functions (thanks @grosser)

#213: nil version equality checking (thanks @KnutZuidema)

Changed

#241: Simplify StrictNewVersion parsing (thanks @grosser)

Testing support up through Go 1.23

Minimum version set to 1.21 as this is what's tested now

Fuzz testing now supports caching

Commits

e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
e80c4ea Updating changelog for 3.3.0
80427ad Merge pull request #248 from mattfarina/bump-min-version
b610837 bumping min version in go.mod based on what's tested
a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
7c178cf Updating the testing version of Go used
29f94c1 Merge pull request #241 from grosser/grosser/validate
2cf1b16 Merge pull request #245 from mattfarina/remove-vert
b55476a Removing reference to vert
d07450b simplify StrictNewVersion
Additional commits viewable in compare view

Updates github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0

Release notes

Sourced from github.com/Masterminds/sprig/v3's releases.

v3.3.0

What's Changed

Updating the Go versions used in testing by @mattfarina in Masterminds/sprig#405

Change intial to initial. by @chrishalbert in Masterminds/sprig#391

Updating dependencies by @mattfarina in Masterminds/sprig#404

correct value by @jheyduk in Masterminds/sprig#376

Updating location of mergo by @mattfarina in Masterminds/sprig#406

feature: added sha512sum function by @itzik-elayev in Masterminds/sprig#400

docs: Add missing link to url functions by @carlpett in Masterminds/sprig#375

Update doc.go by @chey in Masterminds/sprig#369

Update mathf.md by @zzhu41 in Masterminds/sprig#290

Removing duplicate documentation by @mattfarina in Masterminds/sprig#407

Updating the changelog for the 3.3.0 release by @mattfarina in Masterminds/sprig#408

New Contributors

@chrishalbert made their first contribution in Masterminds/sprig#391

@jheyduk made their first contribution in Masterminds/sprig#376

@itzik-elayev made their first contribution in Masterminds/sprig#400

@carlpett made their first contribution in Masterminds/sprig#375

@chey made their first contribution in Masterminds/sprig#369

@zzhu41 made their first contribution in Masterminds/sprig#290

Full Changelog: Masterminds/sprig@v3.2.3...v3.3.0

Changelog

Sourced from github.com/Masterminds/sprig/v3's changelog.

Release 3.3.0 (2024-08-29)

Added

#400: added sha512sum function (thanks @itzik-elayev)

Changed

#407: Removed duplicate documentation (functions were documentated in 2 places)

#290: Corrected copy/paster oops in math documentation (thanks @zzhu41)

#369: Corrected template reference in docs (thanks @chey)

#375: Added link to URL documenation (thanks @carlpett)

#406: Updated the mergo dependency which had a breaking change (which was accounted for)

#376: Fixed documentation error (thanks @jheyduk)

#404: Updated dependency tree

#391: Fixed misspelling (thanks @chrishalbert)

#405: Updated Go versions used in testing

Commits

e708470 Merge pull request #408 from mattfarina/update-changelog-3.3
8fc4354 Updating the changelog for the 3.3.0 release
cb81a32 Merge pull request #407 from mattfarina/remove-dup-math-functions
2637693 Removing duplicate documentation
06b9a87 Merge pull request #290 from zzhu41/patch-1
e663ec6 Merge pull request #369 from chey/patch-1
bb2f73f Merge pull request #375 from carlpett/patch-1
f07659e Merge pull request #400 from itzik-elayev/master
98b35c1 Add closing bracket
7a88928 Merge pull request #406 from mattfarina/update-mergo
Additional commits viewable in compare view

Updates github.com/Microsoft/hcsshim from 0.12.5 to 0.12.7

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.7

What's Changed

[release/0.12] Update pkg versions in go.mod by @kiashok in microsoft/hcsshim#2275

[release/0.12] Update runc version to 1.1.14 by @kiashok in microsoft/hcsshim#2271

Full Changelog: microsoft/hcsshim@v0.12.6...v0.12.7

v0.12.6

What's Changed

[release/0.12] Backport commits from hcsshim/main to update module versions by @kiashok in microsoft/hcsshim#2237

Full Changelog: microsoft/hcsshim@v0.12.5...v0.12.6

Commits

86b5333 Bump golangci/golangci-lint-action from 4 to 6
5ae96f3 Update runc to v1.1.14
8f3fccd Update pkg versions
f922f2a Omnibus dependency updates (#2051)
7d25ce2 Update module versions
85a5a57 drop usage of deprecated package/methods
d4b1cc0 Bump opa/containerd to latest versions
6a5ebd3 Upgrade deps to resolve CVEs (#2225)
4f46058 Omnibus dependency update (#2166)
See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.9 to 1.4.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

eddilithium3: fix typos by @bwesterb in cloudflare/circl#503

Add ML-KEM (FIPS 203). by @bwesterb in cloudflare/circl#470

Add ML-KEM decapsulation key check. by @bwesterb in cloudflare/circl#507

Preparing for release v1.4.0 by @armfazh in cloudflare/circl#508

Full Changelog: cloudflare/circl@v1.3.9...v1.4.0

Commits

c311e46 Preparing for release v1.4.0
62385a8 Add ML-KEM decapsulation key check.
2b4626d Add ML-KEM (FIPS 203).
d26845f eddilithium3: fix typos
See full diff in compare view

Updates github.com/containerd/errdefs from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/containerd/errdefs's releases.

v0.2.0

What's Changed

Add more grpc types by @dmcgowan in containerd/errdefs#3

Split gRPC and HTTP error utility into seperate packages by @austinvazquez in containerd/errdefs#5

Fix Cancelled interface typo by @dmcgowan in containerd/errdefs#6

Add stack support by @dmcgowan in containerd/errdefs#8

Add a resolve error function to return first error by @dmcgowan in containerd/errdefs#9

Add support for custom error messages by @dmcgowan in containerd/errdefs#10

Add support for grpc error details and multiple errors by @dmcgowan in containerd/errdefs#7

Complete interface definitions for errors by @dmcgowan in containerd/errdefs#18

New Contributors

@austinvazquez made their first contribution in containerd/errdefs#5

Full Changelog: containerd/errdefs@v0.1.0...v0.2.0

Commits

02b65bc Merge pull request #18 from dmcgowan/add-missing-interfaces
41d12e1 Complete interface definitions for errors
70440b8 Merge pull request #7 from dmcgowan/grpc-error-details
b9dce4d Add support for grpc error details
ffb0349 Update Resolve function to support Is interface
124d0dc Merge pull request #10 from dmcgowan/custom-error-messages
dc9b20e Add support for custom error messages
6c7f402 Merge pull request #9 from dmcgowan/resolve-error
9f87502 Add a resolve error function to return first error
6fb6cf0 Merge pull request #8 from dmcgowan/add-stack-support
Additional commits viewable in compare view

Updates github.com/cpuguy83/dockercfg from 0.3.1 to 0.3.2

Release notes

Sourced from github.com/cpuguy83/dockercfg's releases.

v0.3.2

What's Changed

chore: improve errors by @stevenh in cpuguy83/dockercfg#3

New Contributors

@stevenh made their first contribution in cpuguy83/dockercfg#3

Full Changelog: cpuguy83/dockercfg@v0.3.1...v0.3.2

Commits

a07c3d1 Merge pull request #3 from stevenh/chore/improve-errors
91bd66a chore: improve errors
See full diff in compare view

Updates github.com/cyphar/filepath-securejoin from 0.3.1 to 0.3.3

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.3

This release primarily includes fixes for spurious errors we hit when checking that directories created by MkdirAll "look right". Upon further consideration, these checks were fundamentally buggy and didn't offer any practical protection anyway.

The mode and owner verification logic in MkdirAll has been removed. This was originally intended to protect against some theoretical attacks but upon further consideration these protections don't actually buy us anything and they were causing spurious errors with more complicated filesystem setups.

The "is the created directory empty" logic in MkdirAll has also been removed. This was not causing us issues yet, but some pseudofilesystems (such as cgroup) create non-empty directories and so this logic would've been wrong for such cases.

Thanks to all of the contributors who made this release possible:

Aleksa Sarai [email protected]

Kir Kolyshkin [email protected]

Signed-off-by: Aleksa Sarai [email protected]

v0.3.2

This release includes a few fixes for MkdirAll when dealing with S_ISUID and S_ISGID, to solve a regression runc hit when switching to MkdirAll.

Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)

Signed-off-by: Aleksa Sarai [email protected]

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.3] - 2024-09-30

Fixed

The mode and owner verification logic in MkdirAll has been removed. This was originally intended to protect against some theoretical attacks but upon further consideration these protections don't actually buy us anything and they were causing spurious errors with more complicated filesystem setups.

The "is the created directory empty" logic in MkdirAll has also been removed. This was not causing us issues yet, but some pseudofilesystems (such as cgroup) create non-empty directories and so this logic would've been wrong for such cases.

[0.3.2] - 2024-09-13

Changed

Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

Fixed

If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)

Commits

93cff46 VERSION: release v0.3.3
2b3d97d merge #26 into cyphar/filepath-securejoin:main
09afcf2 OpenInRoot: add CVE link to godoc
5b5a7a4 Add cross-links to godoc
daead99 Remove osVFS methods documentation
208ded3 tests: don't panic if the fd is closed

Description has been truncated

Bumps the go-modules group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/Netflix/go-env](https://github.com/Netflix/go-env) | `0.0.1` | `0.1.0` | | [github.com/docker/cli](https://github.com/docker/cli) | `27.1.2+incompatible` | `27.3.1+incompatible` | | [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.17.9` | `1.17.10` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.34.1` | `1.34.2` | | [github.com/paketo-buildpacks/occam](https://github.com/paketo-buildpacks/occam) | `0.18.7` | `0.18.8` | | [github.com/paketo-buildpacks/packit/v2](https://github.com/paketo-buildpacks/packit) | `2.14.2` | `2.15.0` | | [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) | `2.18.0` | `2.19.1` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.26.0` | `0.27.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.28.0` | `0.29.0` | | [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.2.1` | `3.3.0` | | [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) | `3.2.3` | `3.3.0` | | [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) | `0.12.5` | `0.12.7` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.3.9` | `1.4.0` | | [github.com/containerd/errdefs](https://github.com/containerd/errdefs) | `0.1.0` | `0.2.0` | | [github.com/cpuguy83/dockercfg](https://github.com/cpuguy83/dockercfg) | `0.3.1` | `0.3.2` | | [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.3.1` | `0.3.3` | | [github.com/vbatts/tar-split](https://github.com/vbatts/tar-split) | `0.11.5` | `0.11.6` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.53.0` | `0.55.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.20.0` | `0.21.0` | Updates `github.com/Netflix/go-env` from 0.0.1 to 0.1.0 - [Release notes](https://github.com/Netflix/go-env/releases) - [Commits](Netflix/go-env@v0.0.1...v0.1.0) Updates `github.com/docker/cli` from 27.1.2+incompatible to 27.3.1+incompatible - [Commits](docker/cli@v27.1.2...v27.3.1) Updates `github.com/klauspost/compress` from 1.17.9 to 1.17.10 - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.17.9...v1.17.10) Updates `github.com/onsi/gomega` from 1.34.1 to 1.34.2 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.34.1...v1.34.2) Updates `github.com/paketo-buildpacks/occam` from 0.18.7 to 0.18.8 - [Release notes](https://github.com/paketo-buildpacks/occam/releases) - [Commits](paketo-buildpacks/occam@v0.18.7...v0.18.8) Updates `github.com/paketo-buildpacks/packit/v2` from 2.14.2 to 2.15.0 - [Release notes](https://github.com/paketo-buildpacks/packit/releases) - [Commits](paketo-buildpacks/packit@v2.14.2...v2.15.0) Updates `github.com/sylabs/sif/v2` from 2.18.0 to 2.19.1 - [Release notes](https://github.com/sylabs/sif/releases) - [Changelog](https://github.com/sylabs/sif/blob/main/.goreleaser.yml) - [Commits](sylabs/sif@v2.18.0...v2.19.1) Updates `golang.org/x/crypto` from 0.26.0 to 0.27.0 - [Commits](golang/crypto@v0.26.0...v0.27.0) Updates `golang.org/x/net` from 0.28.0 to 0.29.0 - [Commits](golang/net@v0.28.0...v0.29.0) Updates `golang.org/x/sys` from 0.24.0 to 0.25.0 - [Commits](golang/sys@v0.24.0...v0.25.0) Updates `github.com/Masterminds/semver/v3` from 3.2.1 to 3.3.0 - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.2.1...v3.3.0) Updates `github.com/Masterminds/sprig/v3` from 3.2.3 to 3.3.0 - [Release notes](https://github.com/Masterminds/sprig/releases) - [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md) - [Commits](Masterminds/sprig@v3.2.3...v3.3.0) Updates `github.com/Microsoft/hcsshim` from 0.12.5 to 0.12.7 - [Release notes](https://github.com/Microsoft/hcsshim/releases) - [Commits](microsoft/hcsshim@v0.12.5...v0.12.7) Updates `github.com/cloudflare/circl` from 1.3.9 to 1.4.0 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.3.9...v1.4.0) Updates `github.com/containerd/errdefs` from 0.1.0 to 0.2.0 - [Release notes](https://github.com/containerd/errdefs/releases) - [Commits](containerd/errdefs@v0.1.0...v0.2.0) Updates `github.com/cpuguy83/dockercfg` from 0.3.1 to 0.3.2 - [Release notes](https://github.com/cpuguy83/dockercfg/releases) - [Commits](cpuguy83/dockercfg@v0.3.1...v0.3.2) Updates `github.com/cyphar/filepath-securejoin` from 0.3.1 to 0.3.3 - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](cyphar/filepath-securejoin@v0.3.1...v0.3.3) Updates `github.com/vbatts/tar-split` from 0.11.5 to 0.11.6 - [Release notes](https://github.com/vbatts/tar-split/releases) - [Commits](vbatts/tar-split@v0.11.5...v0.11.6) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.53.0 to 0.55.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.53.0...zpages/v0.55.0) Updates `go.opentelemetry.io/otel` from 1.28.0 to 1.30.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.28.0...v1.30.0) Updates `go.opentelemetry.io/otel/metric` from 1.28.0 to 1.30.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.28.0...v1.30.0) Updates `go.opentelemetry.io/otel/trace` from 1.28.0 to 1.30.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.28.0...v1.30.0) Updates `golang.org/x/mod` from 0.20.0 to 0.21.0 - [Commits](golang/mod@v0.20.0...v0.21.0) Updates `golang.org/x/text` from 0.17.0 to 0.18.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: github.com/Netflix/go-env dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/docker/cli dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/klauspost/compress dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/paketo-buildpacks/occam dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/paketo-buildpacks/packit/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/sylabs/sif/v2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/crypto dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/Masterminds/semver/v3 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/Masterminds/sprig/v3 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/Microsoft/hcsshim dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/cloudflare/circl dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/containerd/errdefs dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/cpuguy83/dockercfg dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/vbatts/tar-split dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.opentelemetry.io/otel dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.opentelemetry.io/otel/metric dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.opentelemetry.io/otel/trace dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/mod dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-10-07T02:03:50Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 1, 2024

dependabot bot mentioned this pull request Oct 1, 2024

Bump the go-modules group across 1 directory with 24 updates #129

Closed

dependabot bot force-pushed the dependabot/go_modules/go-modules-3bc3195873 branch from fbc81ed to d4d5c35 Compare October 4, 2024 01:48

dependabot bot closed this Oct 7, 2024

dependabot bot deleted the dependabot/go_modules/go-modules-3bc3195873 branch October 7, 2024 02:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group across 1 directory with 24 updates #130

Bump the go-modules group across 1 directory with 24 updates #130

dependabot bot commented on behalf of github Oct 1, 2024 •

edited

Loading

dependabot bot commented on behalf of github Oct 7, 2024

Bump the go-modules group across 1 directory with 24 updates #130

Bump the go-modules group across 1 directory with 24 updates #130

Conversation

dependabot bot commented on behalf of github Oct 1, 2024 • edited Loading

v0.1.0

What's Changed

v0.0.2

What's Changed

New Contributors

v1.17.10

What's Changed

New Contributors

v1.34.2

1.34.2

Maintenance

1.34.2

Maintenance

v0.18.8

What's Changed

New Contributors

v2.15.0

What's Changed

v2.19.1

What's Changed

v2.19.0

What's Changed

v3.3.0

What's Changed

New Contributors

3.3.0 (2024-08-27)

Added

Changed

v3.3.0

What's Changed

New Contributors

Release 3.3.0 (2024-08-29)

Added

Changed

v0.12.7

What's Changed

v0.12.6

What's Changed

CIRCL v1.4.0

Changes

Commit History

v0.2.0

What's Changed

New Contributors

v0.3.2

What's Changed

New Contributors

v0.3.3

v0.3.2

[0.3.3] - 2024-09-30

Fixed

[0.3.2] - 2024-09-13

Changed

Fixed

dependabot bot commented on behalf of github Oct 7, 2024

dependabot bot commented on behalf of github Oct 1, 2024 •

edited

Loading