Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Bump the security group with 9 updates #24

Closed
wants to merge 1 commit into from
Closed

Bump the security group with 9 updates #24

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 3, 2024
edited
Loading

Bumps the security group with 9 updates:

Package From To
github.com/pact-foundation/pact-go 1.8.0 1.10.0
github.com/spf13/cobra 1.8.0 1.8.1
github.com/spf13/viper 1.18.2 1.19.0
helm.sh/helm/v3 3.14.3 3.15.2
k8s.io/api 0.29.3 0.30.0
k8s.io/apimachinery 0.29.3 0.30.0
k8s.io/cli-runtime 0.29.3 0.30.0
k8s.io/client-go 0.29.3 0.30.0
sigs.k8s.io/controller-runtime 0.17.2 0.18.4

Updates github.com/pact-foundation/pact-go from 1.8.0 to 1.10.0

Changelog

Sourced from github.com/pact-foundation/pact-go's changelog.

v1.10.0 (03 July 2024)

  • 6456e82 - chore: update release.sh to select correct version (Matt Fellows, Thu Jun 6 14:24:30 2024 +1000)

v1.9.0 (06 June 2024)

  • 9c80346 - feat: add ability to specify standalone CLI path (#357) (Bobby "The" Best, Thu Jun 6 00:20:46 2024 -0400)
  • 0d81b71 - feat: support publish pacts with branch for v1.x (#374) (Yousaf Nabi, Tue Apr 23 06:40:39 2024 +0100)
  • fcfa5c5 - chore: add a command to run the pact tests locally (Matt Fellows, Mon Oct 2 18:31:03 2023 +1100)
  • 09d6ad5 - feat: upgrade pact-ruby-standalone to 2.0.7 (Matt Fellows, Mon Oct 2 18:28:34 2023 +1100)
Commits
  • c3dc763 chore(release): release v1.10.0
  • 6456e82 chore: update release.sh to select correct version
  • 603f0ac chore(release): release v1.9.0
  • 9c80346 feat: add ability to specify standalone CLI path (#357)
  • 0d81b71 feat: support publish pacts with branch for v1.x (#374)
  • fcfa5c5 chore: add a command to run the pact tests locally
  • 09d6ad5 feat: upgrade pact-ruby-standalone to 2.0.7
  • See full diff in compare view

Updates github.com/spf13/cobra from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.1

✨ Features

🐛 Bug fixes

🔧 Maintenance

🧪 Testing & CI/CD

✏️ Documentation

... (truncated)

Commits

Updates github.com/spf13/viper from 1.18.2 to 1.19.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.19.0

What's Changed

Bug Fixes 🐛

Dependency Updates ⬆️

... (truncated)

Commits
  • b9733f0 build(deps): bump actions/checkout from 4.1.4 to 4.1.6
  • 6ecc5c8 build(deps): bump cachix/install-nix-action from 26 to 27
  • 248c6fd build(deps): bump github/codeql-action from 3.25.4 to 3.25.7
  • abea773 Update references to bketelsen/crypt
  • f17acb4 build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1
  • 8e285a5 build(deps): bump github/codeql-action from 3.25.2 to 3.25.4
  • 4017620 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
  • b67e814 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2
  • 4a182c7 build(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.2
  • 45a0e12 build(deps): bump mheap/github-action-required-labels
  • Additional commits viewable in compare view

Updates helm.sh/helm/v3 from 3.14.3 to 3.15.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.15.2 is a security (patch) release. Users are strongly recommended to update to this release.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.15.2. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.15.3 will contain only bug fixes and be released on July 10, 2024.
  • 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

  • fix: wrong cli description 1a500d5625419a524fdae4b33de351cc4f58ec35 (yyzxw)
  • fix typo in load_plugins.go 70b225c9abc014cfeb73f7c9f506b0e73e912b61 (yxxhero)
  • fix docs of DeployedAll b3640f196a2cf77136ab01295bffe76fa184991d (Daniel Strobusch)
  • Bump github.com/docker/docker 46e2ba0341d43e19493b2f90c86126da8ad8a64e (dependabot[bot])
  • bump oras minor version fb311d331f66f7f9153b5d0c7aa07a77bc9528ca (Austin Abro)
  • feat(load.go): add warning on requirements.lock 23552a7de6f45aacec47bc2bfe70de02b9d7ab70 (Aaron U'Ren)

Helm v3.15.1 is a patch release. The Helm application source is the same as 3.15.0. The 3.15.0 builds stated the wrong version when running helm version. Instead of the release number it had the release candidate version which pointed to the same revision of the source.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs

... (truncated)

Commits
  • 1a500d5 fix: wrong cli description
  • 70b225c fix typo in load_plugins.go
  • b3640f1 fix docs of DeployedAll
  • 46e2ba0 Bump github.com/docker/docker
  • fb311d3 bump oras minor version
  • 23552a7 feat(load.go): add warning on requirements.lock
  • e211f2a Fixing build issue where wrong version is used
  • c4e37b3 Updating to k8s 1.30
  • d7afa3b bump version to v3.15.0
  • 7743467 bump version to
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.29.3 to 0.30.0

Commits
  • fb932d2 Update dependencies to v0.30.0 tag
  • d014286 Merge remote-tracking branch 'origin/master' into release-1.30
  • 581c1b8 Update x/net for CVE-2023-45288
  • 35ca1f4 Merge pull request #123932 from pohly/dra-api-resource-model-rename
  • b048bd8 Merge pull request #123909 from AkihiroSuda/fix-123906
  • f06d24a dra api: NodeResourceModel -> ResourceModel
  • 30e3187 api: NodeStatus: rename RuntimeClasses to RuntimeHandlers
  • 96558b9 Merge pull request #123792 from mimowo/propose-api-comments-fix
  • 089c7ca Merge pull request #123180 from AkihiroSuda/rro
  • b50824d api: KEP-3857: Recursive Read-only (RRO) mounts
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.29.3 to 0.30.0

Commits
  • 37988e5 Merge remote-tracking branch 'origin/master' into release-1.30
  • c857a38 Update x/net for CVE-2023-45288
  • 0407311 followup to allow special characters
  • 25164f7 Merge pull request #123435 from tallclair/apparmor-ga
  • cbfe0a1 Merge pull request #123758 from liggitt/protobump
  • 21d26b6 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
  • 0c29f84 Merge pull request #123385 from HirazawaUi/allow-special-characters
  • 60d24f2 Merge pull request #123708 from p0lyn0mial/upstream-const-watchlist-bookmark-...
  • 513d23a apimachinery/meta/types.go: define InitialEventsAnnotationKey const
  • 67cb3a8 Merge pull request #123413 from seans3/tunneling-spdy-websockets
  • Additional commits viewable in compare view

Updates k8s.io/cli-runtime from 0.29.3 to 0.30.0

Commits
  • d57b959 Update dependencies to v0.30.0 tag
  • ceb92ba Merge remote-tracking branch 'origin/master' into release-1.30
  • 60fc039 Update x/net for CVE-2023-45288
  • c8b7f6a Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
  • eeedba7 Merge pull request #123529 from thockin/go-workspaces
  • ba82cfd Fix up go.mod files after reviews
  • 76839ee Remove old gengo detritus
  • 0e03d76 Re-vendor latest kube-openapi and gengo/v2
  • 5f372cd Generate go.work files
  • c66e3bf Merge pull request #122569 from IvoGoman/wrap-nomatcherror
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.29.3 to 0.30.0

Commits
  • 3aa4577 Update dependencies to v0.30.0 tag
  • 2df4de1 Merge remote-tracking branch 'origin/master' into release-1.30
  • ade2ae2 Update x/net for CVE-2023-45288
  • b4632b7 Merge pull request #123932 from pohly/dra-api-resource-model-rename
  • 4467b1e Merge pull request #123909 from AkihiroSuda/fix-123906
  • 650f392 dra api: NodeResourceModel -> ResourceModel
  • 00e4609 api: NodeStatus: rename RuntimeClasses to RuntimeHandlers
  • 7ebe0ea Merge pull request #123180 from AkihiroSuda/rro
  • 3be09aa api: KEP-3857: Recursive Read-only (RRO) mounts
  • 110b75b Merge pull request #123344 from nilekhc/svm-controller
  • Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.17.2 to 0.18.4

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.18.4

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.18.3...v0.18.4

v0.18.3

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.18.2...v0.18.3

v0.18.2

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.18.1...v0.18.2

v0.18.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.18.0...v0.18.1

v0.18.0

⚠️ Breaking Changes

  • Bump to k8s.io/* v1.30 (#2693 #2754 #2765 #2776 #2786)
  • Remove deprecated v1alpha1.ControllerManagerConfiguration (#2648)
  • admission.Decoder is now an interface (#2736)
  • Source, Event, Predicate, Handler: Add generics support (#2783 #2796)
  • client: Fix SubResourceCreateOptions signature in subresource client (#2766)

✨ New Features

  • cache: Add TransformStripManagedFields transform func (#2791)
  • client: Add client.WithFieldOwner to configure client-wide FieldManager (#2771 #2777)
  • controller: Add NewQueue option (#2767)
  • manager: Export HTTP server runnable implementation (#2473)
  • metrics/server: Add ListenConfig option (#2519)

🐛 Bug Fixes

  • builder/webhook: Return error if For() is used multiple times (#2740)

... (truncated)

Commits
  • 12cc8d5 Merge pull request #2848 from k8s-infra-cherrypick-robot/cherry-pick-2847-to-...
  • c0c229e controllerutil: allow configuring BlockOwnerDeletion when setting OwnerRefere...
  • be2f383 Merge pull request #2840 from sbueringer/pr-bump-k8s
  • 4720d17 Bump k8s.io/* to v0.30.1
  • aa9ed14 Merge pull request #2837 from sbueringer/pr-setup-envtest-ct-rel-0.18
  • 35d7bbd default --use-deprecated-gcs to true
  • ce4e4f5 some more deprecations
  • 56dcc14 setup-envtest: allow downloading envtest binaries from controller-tools
  • 834905b Merge pull request #2817 from k8s-infra-cherrypick-robot/cherry-pick-2813-to-...
  • 6396a49 Reintroduce AddMetricsExtraHandler on manager
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the security group with 9 updates
5ae945a 
Bumps the security group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/pact-foundation/pact-go](https://github.com/pact-foundation/pact-go) | `1.8.0` | `1.10.0` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.0` | `1.8.1` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.18.2` | `1.19.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.14.3` | `3.15.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.29.3` | `0.30.0` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.29.3` | `0.30.0` |
| [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.29.3` | `0.30.0` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.29.3` | `0.30.0` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.17.2` | `0.18.4` |


Updates `github.com/pact-foundation/pact-go` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/pact-foundation/pact-go/releases)
- [Changelog](https://github.com/pact-foundation/pact-go/blob/v1.10.0/CHANGELOG.md)
- [Commits](pact-foundation/pact-go@v1.8.0...v1.10.0)

Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.8.0...v1.8.1)

Updates `github.com/spf13/viper` from 1.18.2 to 1.19.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.18.2...v1.19.0)

Updates `helm.sh/helm/v3` from 3.14.3 to 3.15.2
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.14.3...v3.15.2)

Updates `k8s.io/api` from 0.29.3 to 0.30.0
- [Commits](kubernetes/api@v0.29.3...v0.30.0)

Updates `k8s.io/apimachinery` from 0.29.3 to 0.30.0
- [Commits](kubernetes/apimachinery@v0.29.3...v0.30.0)

Updates `k8s.io/cli-runtime` from 0.29.3 to 0.30.0
- [Commits](kubernetes/cli-runtime@v0.29.3...v0.30.0)

Updates `k8s.io/client-go` from 0.29.3 to 0.30.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.29.3...v0.30.0)

Updates `sigs.k8s.io/controller-runtime` from 0.17.2 to 0.18.4
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.17.2...v0.18.4)

---
updated-dependencies:
- dependency-name: github.com/pact-foundation/pact-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from St0rmz1 as a code owner July 3, 2024 11:35
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Jul 3, 2024

The following labels could not be found: dependabot, go, type::security.

@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Jul 11, 2024

Superseded by #25.

@dependabot dependabot bot closed this Jul 11, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/security-a7798d29e5 branch July 11, 2024 11:16
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@St0rmz1 St0rmz1 Awaiting requested review from St0rmz1 St0rmz1 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants