Bump the go group with 14 updates #805

dependabot · 2024-06-09T09:03:22Z

Bumps the go group with 14 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2	`1.27.0`	`1.27.2`
github.com/aws/aws-sdk-go-v2/config	`1.27.16`	`1.27.18`
github.com/aws/aws-sdk-go-v2/credentials	`1.17.16`	`1.17.18`
github.com/aws/aws-sdk-go-v2/feature/s3/manager	`1.16.21`	`1.16.24`
github.com/aws/aws-sdk-go-v2/service/ecr	`1.28.3`	`1.28.5`
github.com/aws/aws-sdk-go-v2/service/s3	`1.54.3`	`1.55.1`
github.com/containerd/containerd	`1.7.17`	`1.7.18`
github.com/docker/cli	`26.1.3+incompatible`	`26.1.4+incompatible`
github.com/docker/docker	`26.1.3+incompatible`	`26.1.4+incompatible`
golang.org/x/mod	`0.17.0`	`0.18.0`
golang.org/x/net	`0.25.0`	`0.26.0`
golang.org/x/oauth2	`0.20.0`	`0.21.0`
golang.org/x/text	`0.15.0`	`0.16.0`
sigs.k8s.io/controller-runtime	`0.18.3`	`0.18.4`

Updates github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.2

Commits

d872461 Release 2024-06-07
dd82156 Regenerated Clients
85ebac0 Update endpoints model
490e6cb Update API model
4892b05 Merge pull request #2668 from aws/feature-clock-skew
8bdbe6a Merge branch 'main' into feature-clock-skew
c4f8ba3 run goimports
2474a05 update snapshot tests
9fa716b regen clients
6d365fb address feedback from pr, mostly moving things around
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.18

Commits

d872461 Release 2024-06-07
dd82156 Regenerated Clients
85ebac0 Update endpoints model
490e6cb Update API model
4892b05 Merge pull request #2668 from aws/feature-clock-skew
8bdbe6a Merge branch 'main' into feature-clock-skew
c4f8ba3 run goimports
2474a05 update snapshot tests
9fa716b regen clients
6d365fb address feedback from pr, mostly moving things around
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.16 to 1.17.18

Commits

d872461 Release 2024-06-07
dd82156 Regenerated Clients
85ebac0 Update endpoints model
490e6cb Update API model
4892b05 Merge pull request #2668 from aws/feature-clock-skew
8bdbe6a Merge branch 'main' into feature-clock-skew
c4f8ba3 run goimports
2474a05 update snapshot tests
9fa716b regen clients
6d365fb address feedback from pr, mostly moving things around
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.21 to 1.16.24

Commits

9d38978 Release 2022-10-25
5213913 Regenerated Clients
04792a3 Update endpoints model
cd44360 Update API model
08f1f0b Release 2022-10-24
0e1e20e Regenerated Clients
281c268 Update SDK's smithy-go dependency to v1.13.4
db7c0a3 Update endpoints model
1eae80d Update API model
17628c4 EC2 IMDS client logging fixes (#1891)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.28.3 to 1.28.5

Commits

89a5b69 Release 2023-02-22
c863429 Regenerated Clients
aa8a947 Update API model
e845552 Merge pull request #2037 from aws/fix-struct-errorcode
cbeebab cl
5c057fd fix: prevent nil pointer deref on struct ErrorCode method
0f8b6e7 Release 2023-02-21
e5cb2ee Regenerated Clients
6120ee6 Update endpoints model
42acd6a Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.3 to 1.55.1

Commits

d872461 Release 2024-06-07
dd82156 Regenerated Clients
85ebac0 Update endpoints model
490e6cb Update API model
4892b05 Merge pull request #2668 from aws/feature-clock-skew
8bdbe6a Merge branch 'main' into feature-clock-skew
c4f8ba3 run goimports
2474a05 update snapshot tests
9fa716b regen clients
6d365fb address feedback from pr, mostly moving things around
Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.17 to 1.7.18

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.18

Welcome to the v1.7.18 release of containerd!

The eighteenth patch release for containerd 1.7 contains various updates along with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink time of check to time of use race condition during directory removal.

Highlights

Update Go version to 1.21.11 (#10298)

Remove uses of platforms.Platform alias (#10277)

Migrate log imports to github.com/containerd/log (#10269)

Migrate errdefs package to github.com/containerd/errdefs (#10266)

Fix usage of "unknown" platform (#10261)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

Derek McGowan

Sebastiaan van Stijn

Akhil Mohan

Austin Vazquez

Phil Estes

Changes

Prepare release notes for v1.7.18 (#10301)

9426aab62 Prepare release notes for v1.7.18

Update Go version to 1.21.11 (#10298)

cdd3ea913 Update Go version to 1.21.11

Remove uses of platforms.Platform alias (#10277)

1e3c662d6 [release/1.7] remove uses of platforms.Platform alias

Migrate log imports to github.com/containerd/log (#10269)

0af6825b1 migrate logs imports to github.com/containerd/log module

Migrate errdefs package to github.com/containerd/errdefs (#10266)

308341a44 replace uses of github.com/containerd/containerd/errdefs

47ff8cfce migrate errdefs package to github.com/containerd/errdefs module

Fix usage of "unknown" platform (#10261)

f4d11912a core/image: fix usage of "unknown" platform

Explicitly set release latest to true (#10265)

5b0480009 Explicitly set release latest to true

d669b100d build(deps): bump softprops/action-gh-release from 1 to 2

Changes from containerd/errdefs

... (truncated)

Commits

ae71819 Merge pull request #10301 from dmcgowan/prepare-v1.7.18
9426aab Prepare release notes for v1.7.18
1d324db Merge pull request #10298 from dmcgowan/1.7-update-go
cdd3ea9 Update Go version to 1.21.11
0a137f0 Merge pull request #10277 from thaJeztah/1.7_backport_remove_use_of_platform_...
1e3c662 [release/1.7] remove uses of platforms.Platform alias
300a6de Merge pull request #10269 from thaJeztah/1.7_migrate_containerd_log
0af6825 migrate logs imports to github.com/containerd/log module
be820ac Merge pull request #10266 from thaJeztah/1.7_migrate_to_errdefs_module
566c535 Merge pull request #10261 from k8s-infra-cherrypick-robot/cherry-pick-10257-t...
Additional commits viewable in compare view

Updates github.com/docker/cli from 26.1.3+incompatible to 26.1.4+incompatible

Commits

5650f9b Merge pull request #5116 from thaJeztah/26.1_update_engine
e8bc27d vendor: github.com/docker/docker de5c9cf0b96e (v26.1.4-dev)
2acb9c2 vendor: github.com/containerd/containerd v1.7.18
230d4d0 vendor: github.com/containerd/containerd v1.7.17
6d47c06 vendor: tags.cncf.io/container-device-interface v0.7.2
a6d757c vendor: github.com/Microsoft/hcsshim v0.11.5
c463d96 vendor: github.com/opencontainers/image-spec v1.1.0
a61a0c3 Merge pull request #5118 from thaJeztah/26.1_backport_bump_go1.21.11
0576b3d update to go1.21.11
60b13f1 Dockerfile: update ALPINE_VERSION to 3.20
Additional commits viewable in compare view

Updates github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.1.4

26.1.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 26.1.4 milestone

moby/moby, 26.1.4 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Security

This release updates the Go runtime to 1.21.11 which contains security fixes for:

CVE-2024-24789

CVE-2024-24790

A symlink time of check to time of use race condition during directory removal reported by Addison Crump (@addisoncrump).

Bug fixes and enhancements

Fixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. moby/moby#47870

Prevent the daemon log from being spammed with superfluous response.WriteHeader call ... messages.. moby/moby#47843

Don't show empty hints when plugins return an empty hook message. docker/cli#5083

Added ContextType: "moby" to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. docker/cli#5095

Fix a compatibility issue with Visual Studio Container Tools. docker/cli#5095

Packaging updates

Update containerd (static binaries only) to v1.7.17. moby/moby#47841

CVE-2024-24789, CVE-2024-24790: Update Go runtime to 1.21.11. moby/moby#47904

Update Compose to v2.27.1. docker/docker-ce-packages#1022

Update Buildx to v0.14.1. docker/docker-ce-packages#1021

Commits

de5c9cf Merge pull request #47912 from thaJeztah/26.1_backport_vendor_containerd_1.7.18
c62dcf8 Merge pull request #47911 from thaJeztah/26.1_backport_bump_containerd_binary...
17315a2 vendor: github.com/containerd/containerd v1.7.18
cbd9418 update containerd binary to v1.7.18
fb9f72a Merge pull request #47904 from thaJeztah/26.1_backport_bump_go1.21.11
3115daa update to go1.21.11
2861734 Merge pull request #47892 from thaJeztah/26.1_backport_api_docs_network_confi...
9c95aea Merge pull request #47893 from thaJeztah/26.1_backport_bump_docker_py
3e09e19 Merge pull request #47894 from thaJeztah/26.1_backport_vendor_containerd_v1.7.17
65b679a Merge pull request #47889 from thaJeztah/26.1_backport_platforms_err_handling
Additional commits viewable in compare view

Updates golang.org/x/mod from 0.17.0 to 0.18.0

Commits

c0bdc7b modfile: add API for godebug lines
6686f41 module: add COM0 and LPT0 to badWindowsNames
See full diff in compare view

Updates golang.org/x/net from 0.25.0 to 0.26.0

Commits

66e838c go.mod: update golang.org/x dependencies
6249541 http2: avoid race in server handler SetReadDeadine/SetWriteDeadline
603e3e6 quic: disable X25519Kyber768Draft00 in tests
67e8d0c http2: report an error if goroutines outlive serverTester tests
5608279 http2: avoid corruption in priority write scheduler
0d515a5 http2: factor out frame read/write test functions
9f5b79b http2: drop unused retry function
03c24c2 http2: use synthetic time in server tests
022530c http2: add a more full-featured test net.Conn
410d19e http2: avoid racy access to clientStream.requestedGzip
Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.20.0 to 0.21.0

Commits

5fd4241 google: update compute token refresh
See full diff in compare view

Updates golang.org/x/text from 0.15.0 to 0.16.0

Commits

9c2f3a2 cmd/gotext: fix segfault in extract & rewrite commands
59e1219 message: optimize lookupAndFormat function for better performance
a20a3e2 x/text: update x/tools for go/ssa range-over-func fix
See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.18.4

What's Changed

[release-0.18] ✨ controllerutil: configure BlockOwnerDeletion when setting OwnerReference by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2848

Full Changelog: kubernetes-sigs/controller-runtime@v0.18.3...v0.18.4

Commits

12cc8d5 Merge pull request #2848 from k8s-infra-cherrypick-robot/cherry-pick-2847-to-...
c0c229e controllerutil: allow configuring BlockOwnerDeletion when setting OwnerRefere...
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 14 updates: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.27.0` | `1.27.2` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.16` | `1.27.18` | | [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.16` | `1.17.18` | | [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.16.21` | `1.16.24` | | [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.28.3` | `1.28.5` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.54.3` | `1.55.1` | | [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.17` | `1.7.18` | | [github.com/docker/cli](https://github.com/docker/cli) | `26.1.3+incompatible` | `26.1.4+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `26.1.3+incompatible` | `26.1.4+incompatible` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.17.0` | `0.18.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.25.0` | `0.26.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.20.0` | `0.21.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.15.0` | `0.16.0` | | [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.18.3` | `0.18.4` | Updates `github.com/aws/aws-sdk-go-v2` from 1.27.0 to 1.27.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.27.0...v1.27.2) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.16 to 1.27.18 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.27.16...config/v1.27.18) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.16 to 1.17.18 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.17.16...credentials/v1.17.18) Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.16.21 to 1.16.24 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ram/v1.16.21...service/ram/v1.16.24) Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.28.3 to 1.28.5 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/mgn/v1.28.3...service/fsx/v1.28.5) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.54.3 to 1.55.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.54.3...service/s3/v1.55.1) Updates `github.com/containerd/containerd` from 1.7.17 to 1.7.18 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.17...v1.7.18) Updates `github.com/docker/cli` from 26.1.3+incompatible to 26.1.4+incompatible - [Commits](docker/cli@v26.1.3...v26.1.4) Updates `github.com/docker/docker` from 26.1.3+incompatible to 26.1.4+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v26.1.3...v26.1.4) Updates `golang.org/x/mod` from 0.17.0 to 0.18.0 - [Commits](golang/mod@v0.17.0...v0.18.0) Updates `golang.org/x/net` from 0.25.0 to 0.26.0 - [Commits](golang/net@v0.25.0...v0.26.0) Updates `golang.org/x/oauth2` from 0.20.0 to 0.21.0 - [Commits](golang/oauth2@v0.20.0...v0.21.0) Updates `golang.org/x/text` from 0.15.0 to 0.16.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.15.0...v0.16.0) Updates `sigs.k8s.io/controller-runtime` from 0.18.3 to 0.18.4 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.18.3...v0.18.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/docker/cli dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2024-06-09T09:04:59Z

Mend Scan Summary: ❌

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	3
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	4
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

ocmbot · 2024-06-09T09:07:13Z

Integration Tests for d1ab90d run with result: Success ✅!

dependabot bot added dependencies labels Jun 9, 2024

github-actions bot added the size/m Medium label Jun 9, 2024

hilmarf approved these changes Jun 10, 2024

View reviewed changes

hilmarf added this to the 2024-Q2 milestone Jun 10, 2024

hilmarf merged commit 9b01bca into main Jun 10, 2024
15 checks passed

hilmarf deleted the dependabot/go_modules/go-cb346e3c6d branch June 10, 2024 06:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go group with 14 updates #805

Bump the go group with 14 updates #805

dependabot bot commented on behalf of github Jun 9, 2024

github-actions bot commented Jun 9, 2024

ocmbot bot commented Jun 9, 2024

Bump the go group with 14 updates #805

Bump the go group with 14 updates #805

Conversation

dependabot bot commented on behalf of github Jun 9, 2024

containerd 1.7.18

Highlights

Contributors

Changes

Changes from containerd/errdefs

v26.1.4

26.1.4

Security

Bug fixes and enhancements

Packaging updates

v0.18.4

What's Changed

github-actions bot commented Jun 9, 2024

Mend Scan Summary: ❌

Repository: open-component-model/ocm

ocmbot bot commented Jun 9, 2024