Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the all group across 1 directory with 15 updates #181

Closed
wants to merge 1 commit into from
Closed

build(deps): bump the all group across 1 directory with 15 updates #181

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 13, 2024
edited
Loading

Bumps the all group with 9 updates in the / directory:

Package From To
cuelang.org/go 0.8.0 0.8.2
github.com/enterprise-contract/enterprise-contract-controller/api 0.1.39 0.1.44
github.com/gkampitakis/go-snaps 0.5.2 0.5.4
github.com/hashicorp/go-getter 1.7.3 1.7.4
github.com/leanovate/gopter 0.2.9 0.2.11
github.com/open-policy-agent/conftest 0.50.0 0.52.0
github.com/sigstore/cosign/v2 2.2.3 2.2.4
github.com/tektoncd/pipeline 0.54.0 0.59.0
k8s.io/apiextensions-apiserver 0.29.3 0.30.0

Updates cuelang.org/go from 0.8.0 to 0.8.2

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.39 to 0.1.44

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.44

What's Changed

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.43...api/v0.1.44

API Release api/v0.1.43

What's Changed

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.42...api/v0.1.43

API Release api/v0.1.42

What's Changed

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.41...api/v0.1.42

API Release api/v0.1.41

What's Changed

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.40...api/v0.1.41

API Release api/v0.1.40

What's Changed

... (truncated)

Commits
  • 2ddfb79 Bump step-security/harden-runner from 2.7.0 to 2.7.1
  • ba736bc Merge pull request #323 from enterprise-contract/dependabot/go_modules/sigs.k...
  • 466019e Merge pull request #324 from enterprise-contract/dependabot/go_modules/github...
  • 340ef50 Merge pull request #326 from enterprise-contract/dependabot/github_actions/co...
  • 15d0685 Bump codecov/codecov-action from 4.3.0 to 4.3.1
  • 10d6067 Bump github.com/onsi/gomega from 1.33.0 to 1.33.1
  • daba785 Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.17.4
  • 31192dc Merge pull request #322 from enterprise-contract/dependabot/github_actions/ac...
  • 5d81d40 Merge pull request #321 from enterprise-contract/dependabot/github_actions/ac...
  • b4ffe2b Merge pull request #320 from enterprise-contract/dependabot/github_actions/gi...
  • Additional commits viewable in compare view

Updates github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.4

Release notes

Sourced from github.com/gkampitakis/go-snaps's releases.

v0.5.4

What's Changed

New Contributors

Full Changelog: gkampitakis/go-snaps@v0.5.3...v0.5.4

v0.5.3

What's Changed

Full Changelog: gkampitakis/go-snaps@v0.5.2...v0.5.3

Commits

Updates github.com/hashicorp/go-getter from 1.7.3 to 1.7.4

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

Commits

Updates github.com/leanovate/gopter from 0.2.9 to 0.2.11

Commits
  • b641a79 Remove invalid type panic for now (addresses #86)
  • 4dccbc2 Remove invalid type panic for now (addresses #86)
  • 2607924 Panic on unsupported type
  • 4f507f6 Update build runner
  • 69954c9 Support array generators (addresses #86)
  • f9f2f29 Merge pull request #85 from zhongdai/fix-dead-links
  • e59552d Fixed the dead links.
  • 90cc76d Merge pull request #82 from kkweon/master
  • 62760ed fix(gen/struct): typo in the comment
  • f350002 Keep track of command sieve (issue #81)
  • Additional commits viewable in compare view

Updates github.com/open-policy-agent/conftest from 0.50.0 to 0.52.0

Release notes

Sourced from github.com/open-policy-agent/conftest's releases.

v0.52.0

Changelog

OPA Changes

  • c8ca3585dfe99647c0ca039b03522bd83e0ca357: build(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.64.0 (#943) (@​dependabot[bot])
  • 9b082a11765d408ffdddbf365bd0fdd990d87461: build(deps): bump github.com/open-policy-agent/opa from 0.64.0 to 0.64.1 (#947) (@​dependabot[bot])

Other Changes

  • 8f13bf6a82dbb7db38e1ca1a3cddba4f608dbee2: build(deps): bump cuelang.org/go from 0.8.0 to 0.8.1 (#937) (@​dependabot[bot])
  • 37b04d6036f6a146cc2c38e29769ad245c4607e6: build(deps): bump github.com/docker/docker from v25.0.3+incompatible to v25.0.5+incompatible (#932) (@​robmonct)
  • 1b3cc13b4d5e8d99a7a124672046605d1c33d0bc: build(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#948) (@​dependabot[bot])
  • 28d92a408f9d39d01dd85e0055f05f36e09bbf7f: build(deps): bump github.com/moby/buildkit from 0.13.1 to 0.13.2 (#944) (@​dependabot[bot])
  • 4ab6feaed04fa44e1de39e9c823728bfdf906867: build(deps): bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#941) (@​dependabot[bot])
  • c6bd5a541a1526f9ade5e02b41dc11725c97c47c: build(deps): bump golang from 1.22.1-alpine to 1.22.2-alpine (#938) (@​dependabot[bot])
  • 298d74aeade4b4462961fa3c7f1d44a90d7a49d8: ci: Allow Dependabot to update github.com/hashicorp/go-getter (#946) (@​jalseth)

v0.51.0

Changelog

Bug Fixes

  • 1989c6c7a2ddbecf15f6b736978a468777694562: fix: Only raise problematic if error when rule has no name set (#935) (@​jalseth)

OPA Changes

  • 6609893ae256424714b43f3a54feb9da97804ffb: build(deps): bump github.com/open-policy-agent/opa from 0.62.1 to 0.63.0 (#933) (@​dependabot[bot])

Other Changes

  • 06e3f8d1e4de112effa58924c61e72d493794ffc: build(deps): bump cuelang.org/go from 0.7.1 to 0.8.0 (#930) (@​dependabot[bot])
  • bece944a615fffdf96d971e7fb05e98600bffe20: build(deps): bump github.com/moby/buildkit from 0.13.0 to 0.13.1 (#931) (@​dependabot[bot])
  • 515feda4311e2ac62b062d1002a9a70a8cd9177d: build(deps): bump golang from 1.22.0-alpine to 1.22.1-alpine (#929) (@​dependabot[bot])
  • 86afe2f34ba2d567ed99c85e363c3b6457e82ef9: ci: Pin bats version to work around broken CI (#936) (@​jalseth)
Commits
  • 9b082a1 build(deps): bump github.com/open-policy-agent/opa from 0.64.0 to 0.64.1 (#947)
  • 1b3cc13 build(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#948)
  • 298d74a ci: Allow Dependabot to update github.com/hashicorp/go-getter (#946)
  • 28d92a4 build(deps): bump github.com/moby/buildkit from 0.13.1 to 0.13.2 (#944)
  • c8ca358 build(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.64.0 (#943)
  • 4ab6fea build(deps): bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#941)
  • 37b04d6 build(deps): bump github.com/docker/docker from v25.0.3+incompatible to v25.0...
  • c6bd5a5 build(deps): bump golang from 1.22.1-alpine to 1.22.2-alpine (#938)
  • 8f13bf6 build(deps): bump cuelang.org/go from 0.8.0 to 0.8.1 (#937)
  • 1989c6c fix: Only raise problematic if error when rule has no name set (#935)
  • Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.62.1 to 0.64.1

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.64.1

This is a bug fix release addressing the following issues:

  • ci: Pin GitHub Actions macos runner version. The architecture of the GitHub Actions Runner macos-latest was changed from amd64 to arm64 and as a result darwin/amd64 binary wasn't released (#6720) authored by @​suzuki-shunsuke
  • plugins/discovery: Update comparison logic used in the discovery plugin for handling overrides. This fixes a panic that resulted from the comparison of uncomparable types (#6723) authored by @​ashutosh-narkar

v0.64.0

NOTES:

  • The minimum version of Go required to build the OPA module is 1.21

This release contains a mix of features, a new builtin function (json.marshal_with_options()), performance improvements, and bugfixes.

Breaking Change

Bootstrap configuration overrides Discovered configuration

Previously if Discovery was enabled, other features like bundle downloading and status reporting could not be configured manually. The reason for this was to prevent OPAs being deployed that could not be controlled through discovery. It's possible that the system serving the discovered config is unaware of all options locally available in OPA. Hence, we relax the configuration check when discovery is enabled so that the bootstrap configuration can contain plugin configurations. In case of conflicts, the bootstrap configuration for plugins wins. These local configuration overrides from the bootstrap configuration are included in the Status API messages so that management systems can get visibility into the local overrides.

In general, the bootstrap configuration overrides the discovered configuration. Previously this was not the case for all configuration fields. For example, if the discovered configuration changes the labels section, only labels that are additional compared to the bootstrap configuration are used, all other changes are ignored. This implies labels in the bootstrap configuration override those in the discovered configuration. But for fields such as default_decision, default_authorization_decision, nd_builtin_cache, the discovered configuration would override the bootstrap configuration. Now the behavior is more consistent for the entire configuration and helps to avoid accidental configuration errors. (#5722) authored by @​ashutosh-narkar

Add rego_version attribute to the bundle manifest

A new global rego_version attribute is added to the bundle manifest, to inform the OPA runtime about what Rego version (v0/v1) to use while parsing/compiling contained Rego files. There is also a new file_rego_versions attribute which allows individual files to override the global Rego version specified by rego_version.

When the version of the contained Rego is advertised by the bundle through this attribute, it is not required to run OPA with the --v1-compatible (or future --v0-compatible) flag in order to correctly parse, compile and evaluate the bundle's modules.

A bundle's rego_version attribute takes precedence over any applied --v1-compatible/--v0-compatible flag. (#6578) authored by @​johanfylling

Runtime, Tooling, SDK

  • compile: Fix panic from CLI + metadata entrypoint overlaps. The panic occurs when opa build was provided an entrypoint from both a CLI flag, and via entrypoint metadata annotation. (#6661) authored by @​philipaconrad
  • cmd/deps: Improve memory footprint and execution time of deps command for policies with high dependency connectivity (#6685) authored by @​johanfylling
  • server: Keep default decision path in-sync with manager's config (#6697) authored by @​ashutosh-narkar
  • server: Remove unnecessary AST-to-JSON conversions (#6665) and (#6669) authored by @​koponen-styra
  • sdk: Allow customizations of the plugin manager via SDK (#6662) authored by @​xico42
  • sdk: Fix issue where active parser options aren't propagated to module reload during bundle activation resulting in errors while activating bundles with v1 syntax (#6689) authored by @​xico42

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.64.1

This is a bug fix release addressing the following issues:

  • ci: Pin GitHub Actions macos runner version. The architecture of the GitHub Actions Runner macos-latest was changed from amd64 to arm64 and as a result darwin/amd64 binary wasn't released (#6720) authored by @​suzuki-shunsuke
  • plugins/discovery: Update comparison logic used in the discovery plugin for handling overrides. This fixes a panic that resulted from the comparison of uncomparable types (#6723) authored by @​ashutosh-narkar

0.64.0

NOTES:

  • The minimum version of Go required to build the OPA module is 1.21

This release contains a mix of features, a new builtin function (json.marshal_with_options()), performance improvements, and bugfixes.

Breaking Change

Bootstrap configuration overrides Discovered configuration

Previously if Discovery was enabled, other features like bundle downloading and status reporting could not be configured manually. The reason for this was to prevent OPAs being deployed that could not be controlled through discovery. It's possible that the system serving the discovered config is unaware of all options locally available in OPA. Hence, we relax the configuration check when discovery is enabled so that the bootstrap configuration can contain plugin configurations. In case of conflicts, the bootstrap configuration for plugins wins. These local configuration overrides from the bootstrap configuration are included in the Status API messages so that management systems can get visibility into the local overrides.

In general, the bootstrap configuration overrides the discovered configuration. Previously this was not the case for all configuration fields. For example, if the discovered configuration changes the labels section, only labels that are additional compared to the bootstrap configuration are used, all other changes are ignored. This implies labels in the bootstrap configuration override those in the discovered configuration. But for fields such as default_decision, default_authorization_decision, nd_builtin_cache, the discovered configuration would override the bootstrap configuration. Now the behavior is more consistent for the entire configuration and helps to avoid accidental configuration errors. (#5722) authored by @​ashutosh-narkar

Add rego_version attribute to the bundle manifest

A new global rego_version attribute is added to the bundle manifest, to inform the OPA runtime about what Rego version (v0/v1) to use while parsing/compiling contained Rego files. There is also a new file_rego_versions attribute which allows individual files to override the global Rego version specified by rego_version.

When the version of the contained Rego is advertised by the bundle through this attribute, it is not required to run OPA with the --v1-compatible (or future --v0-compatible) flag in order to correctly parse, compile and evaluate the bundle's modules.

A bundle's rego_version attribute takes precedence over any applied --v1-compatible/--v0-compatible flag. (#6578) authored by @​johanfylling

Runtime, Tooling, SDK

  • compile: Fix panic from CLI + metadata entrypoint overlaps. The panic occurs when opa build was provided an entrypoint from both a CLI flag, and via entrypoint metadata annotation. (#6661) authored by @​philipaconrad
  • cmd/deps: Improve memory footprint and execution time of deps command for policies with high dependency connectivity (#6685) authored by @​johanfylling
  • server: Keep default decision path in-sync with manager's config (#6697) authored by @​ashutosh-narkar
  • server: Remove unnecessary AST-to-JSON conversions (#6665) and (#6669) authored by @​koponen-styra
  • sdk: Allow customizations of the plugin manager via SDK (#6662) authored by @​xico42

... (truncated)

Commits
  • 298f97d Prepare v0.64.1 release
  • faf6382 ci: pin GitHub Actions macos runner version and build for darwin/amd64
  • e72e6f6 plugins/discovery: Update comparison logic for overrides
  • 75cc90a Prepare v0.64.0 release
  • a400281 server: Keep default decision path in-sync with manager's config
  • f2011b1 Adding Raygun to the policy-testing ecosystem (#6712)
  • b58e87f ast: Importing rego.v1 in v0 support modules when applicable (#6698)
  • 44fa8ad Relax configuration check when Discovery is enabled
  • ef8532f auth: requestToken close response body
  • 8260697 build: Update WASM Rego test generation setup (#6707)
  • Additional commits viewable in compare view

Updates github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.2.4

Bug Fixes

Features

  • Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578)

Documentation

  • add oci bundle spec (#3622)
  • Correct help text of triangulate cmd (#3551)
  • Correct help text of verify-attestation policy argument (#3527)
  • feat: add OVHcloud MPR registry tested with cosign (#3639)

Testing

  • Refactor e2e-tests.yml workflow (#3627)
  • Clean up and clarify e2e scripts (#3628)
  • Don't ignore transparency log in tests if possible (#3528)
  • Make E2E tests hermetic (#3499)
  • add e2e test for pkcs11 token signing (#3495)

Full Changelog: sigstore/cosign@v2.2.3...v2.2.4

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.2.4

Bug Fixes

Features

  • Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578)

Documentation

  • add oci bundle spec (#3622)
  • Correct help text of triangulate cmd (#3551)
  • Correct help text of verify-attestation policy argument (#3527)
  • feat: add OVHcloud MPR registry tested with cosign (#3639)

Testing

  • Refactor e2e-tests.yml workflow (#3627)
  • Clean up and clarify e2e scripts (#3628)
  • Don't ignore transparency log in tests if possible (#3528)
  • Make E2E tests hermetic (#3499)
  • add e2e test for pkcs11 token signing (#3495)
Commits

Updates github.com/sigstore/sigstore from 1.8.2 to 1.8.3

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.3

What's Changed

Full Changelog: sigstore/sigstore@v1.8.2...v1.8.3

Commits
  • 1b41d79 add support for verifying IEEE P1363 encoded ECDSA sigs (#1686)
  • 65a36c4 Update tuf root.json to version 9 from root-signing repo (#1649)
  • 656a152 build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 update
  • 06016c2 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 4440161 build(deps): Bump the all group with 2 updates
  • 97c04d0 build(deps): Bump the all group in /test/e2e with 1 update
  • 25dd9f3 build(deps): Bump the all group with 1 update
  • d78dca2 build(deps): Bump the all group in /pkg/signature/kms/aws with 1 update
  • 405c5c4 build(deps): Bump the all group
  • b7f6993 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 0.54.0 to 0.59.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.59.0 "Scottish Fold Sox" LTS

🎉 Artifact Metadata, Improved StepActions and Improved Stability 🎉

-Docs @ v0.59.0 -Examples @ v0.59.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml
REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

Tekton v0.59 minimum Kubernetes version is 1.27.

Changes

Features

  • ✨ Add a feature flag to disable inline spec (#7844)

Add a feature flag disable-inline-spec to disable embedded spec in Pipeline(PipelineSpec/TaskSpec), Taskrun(TaskSpec), and Pipelinerun. (PipelineSpec) By default, the inline specs will be enabled. Only if the flag is set to "pipeline", "pipelinerun" and "taskrun" or a combination like "pipeline,pipelinerun" would the inline spec be disabled for Pipeline, PipelineRun, or TaskRun.

... (truncated)

Changelog

Sourced from github.com/tektoncd/pipeline's changelog.

Tekton Pipeline Releases

Release Frequency

Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:

  • Versions are numbered according to semantic versioning: vX.Y.Z
  • A new release is produced on a monthly basis
  • Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
    • LTS releases take place in January, April, July and October every year
    • The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
    • Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness

Tekton Pipelines produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.

Release Process

Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be verified through the [public key][chains-public-key] hosted by the Tekton Chains project.

Further documentation available:

  • The Tekton Pipeline [release process][tekton-releases-docs]
  • [Installing Tekton][tekton-installation]
  • Standard for [release notes][release-notes-standards]

Release

v0.59 (LTS)

  • Latest Release: [v0.59.0][v0.59-0] (2024-04-25) ([docs][v0.59-0-docs], [examples][v0.59-0-examples])
  • Initial Release: [v0.59.0][v0.59-0] (2024-04-25)
  • Estimated End of Life: 2025-04-24
  • Patch Releases: [v0.59.0][v0.59-0]

... (truncated)

Commits
  • 34d8c0f chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • e556bc7 fix: resolve pod creation failure on retry when using workspace.\<name>.volume
  • a494d6a fix(taskrun): emit warning for missing secret in ServiceAccount instead of fa...
  • fba68b7 Fix shell for tag-images step
  • b712fc5 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0
  • 91bbee5 fix: do not set default kind when taskRef resolver is present
  • 30e389b fix: ensure default type for params in remote tasks to prevent pipeline failures
  • faccef8 Fix the shell in crane image
  • b419b2c Add a feature flag to disable inline spec
  • 356b30d chore(deps): bump actions/checkout from 4.1.2 to 4.1.3
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.22.0 to 0.24.0

Commits
  • 7bbe320 go.mod: update golang.org/x dependencies
  • c48da13 http2: fix TestServerContinuationFlood flakes
  • 762b58d http2: fix tipos in comment
  • ba87210 http2: close connections when receiving too many headers
  • ebc8168 all: fix some typos
  • 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
  • 448c44f http2: remove clientTester
  • c7877ac http2: convert the remaining clientTester tests to testClientConn
  • d8870b0 http2: use synthetic time in TestIdleConnTimeout
  • d73acff http2: only set up deadline when Server.IdleTimeout is positive
  • Additional commits viewable in compare view

Updates k8s.io/apiextensions-apiserver from 0.29.3 to 0.30.0

Commits
  • 03da840 Update dependencies to v0.30.0 tag
  • cb47ad4 Merge remote-tracking branch 'origin/master' into release-1.30
  • 6ce7f38 Update x/net for CVE-2023-45288
  • a2f312c Merge remote-tracking branch 'origin/master' into release-1.30
  • d3649bc fix test flake caused by not waiting for CRD schema update
  • 9624e52 Merge pull request #123732 from serathius/parallel-featureflags
  • 24438a9 Merge pull request #123758 from liggitt/protobump
  • 916521e Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
  • fe10ad0 Merge pull request #123405 from cici37/vapGA
  • a853d25 Fix SetFeatureGateDuringTest handling of Parallel tests
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.29.3 to 0.30.0

Commits
  • 37988e5 Merge remote-tracking branch 'origin/master' into release-1.30
  • c857a38 Update x/net for CVE-2023-45288
  • 0407311 followup to allow special characters
  • 25164f7 Merge pull request #123435 from tallclair/apparmor-ga
  • cbfe0a1 Merge pull request #123758 from liggitt/protobump
  • 21d26b6 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
  • 0c29f84 Merge pull request

@dependabot
build(deps): bump the all group across 1 directory with 15 updates
92a5c61 
Bumps the all group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| cuelang.org/go | `0.8.0` | `0.8.2` |
| [github.com/enterprise-contract/enterprise-contract-controller/api](https://github.com/enterprise-contract/enterprise-contract-controller) | `0.1.39` | `0.1.44` |
| [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) | `0.5.2` | `0.5.4` |
| [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.7.3` | `1.7.4` |
| [github.com/leanovate/gopter](https://github.com/leanovate/gopter) | `0.2.9` | `0.2.11` |
| [github.com/open-policy-agent/conftest](https://github.com/open-policy-agent/conftest) | `0.50.0` | `0.52.0` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.2.3` | `2.2.4` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `0.54.0` | `0.59.0` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.29.3` | `0.30.0` |



Updates `cuelang.org/go` from 0.8.0 to 0.8.2

Updates `github.com/enterprise-contract/enterprise-contract-controller/api` from 0.1.39 to 0.1.44
- [Release notes](https://github.com/enterprise-contract/enterprise-contract-controller/releases)
- [Commits](enterprise-contract/enterprise-contract-controller@api/v0.1.39...api/v0.1.44)

Updates `github.com/gkampitakis/go-snaps` from 0.5.2 to 0.5.4
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](gkampitakis/go-snaps@v0.5.2...v0.5.4)

Updates `github.com/hashicorp/go-getter` from 1.7.3 to 1.7.4
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](hashicorp/go-getter@v1.7.3...v1.7.4)

Updates `github.com/leanovate/gopter` from 0.2.9 to 0.2.11
- [Release notes](https://github.com/leanovate/gopter/releases)
- [Changelog](https://github.com/leanovate/gopter/blob/master/CHANGELOG.md)
- [Commits](leanovate/gopter@v0.2.9...v0.2.11)

Updates `github.com/open-policy-agent/conftest` from 0.50.0 to 0.52.0
- [Release notes](https://github.com/open-policy-agent/conftest/releases)
- [Changelog](https://github.com/open-policy-agent/conftest/blob/master/.goreleaser.yml)
- [Commits](open-policy-agent/conftest@v0.50.0...v0.52.0)

Updates `github.com/open-policy-agent/opa` from 0.62.1 to 0.64.1
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v0.62.1...v0.64.1)

Updates `github.com/sigstore/cosign/v2` from 2.2.3 to 2.2.4
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.2.3...v2.2.4)

Updates `github.com/sigstore/sigstore` from 1.8.2 to 1.8.3
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.2...v1.8.3)

Updates `github.com/tektoncd/pipeline` from 0.54.0 to 0.59.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v0.54.0...v0.59.0)

Updates `golang.org/x/net` from 0.22.0 to 0.24.0
- [Commits](golang/net@v0.22.0...v0.24.0)

Updates `k8s.io/apiextensions-apiserver` from 0.29.3 to 0.30.0
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.29.3...v0.30.0)

Updates `k8s.io/apimachinery` from 0.29.3 to 0.30.0
- [Commits](kubernetes/apimachinery@v0.29.3...v0.30.0)

Updates `k8s.io/client-go` from 0.29.3 to 0.30.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.29.3...v0.30.0)

Updates `k8s.io/kube-openapi` from 0.0.0-20231010175941-2dd684a91f00 to 0.0.0-20240228011516-70dd3763d340
- [Commits](https://github.com/kubernetes/kube-openapi/commits)

---
updated-dependencies:
- dependency-name: cuelang.org/go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/enterprise-contract/enterprise-contract-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/leanovate/gopter
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/open-policy-agent/conftest
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/kube-openapi
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 13, 2024
@dependabot dependabot bot mentioned this pull request May 13, 2024
Closed
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github May 20, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this May 20, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/all-e71d8519de branch May 20, 2024 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants