build(deps): bump the all group across 1 directory with 21 updates #198

dependabot · 2024-06-17T15:43:52Z

Bumps the all group with 15 updates in the / directory:

Package	From	To
cuelang.org/go	`0.8.0`	`0.9.1`
github.com/enterprise-contract/enterprise-contract-controller/api	`0.1.39`	`0.1.47`
github.com/gkampitakis/go-snaps	`0.5.2`	`0.5.4`
github.com/go-logr/logr	`1.4.1`	`1.4.2`
github.com/google/go-containerregistry	`0.19.1`	`0.19.2`
github.com/hashicorp/go-getter	`1.7.3`	`1.7.4`
github.com/leanovate/gopter	`0.2.9`	`0.2.11`
github.com/open-policy-agent/conftest	`0.50.0`	`0.53.0`
github.com/package-url/packageurl-go	`0.1.2`	`0.1.3`
github.com/sigstore/cosign/v2	`2.2.3`	`2.2.4`
github.com/spf13/cobra	`1.8.0`	`1.8.1`
github.com/spf13/viper	`1.18.2`	`1.19.0`
github.com/tektoncd/pipeline	`0.54.0`	`0.60.2`
k8s.io/apiextensions-apiserver	`0.29.3`	`0.30.2`
k8s.io/klog/v2	`2.120.1`	`2.130.0`

Updates cuelang.org/go from 0.8.0 to 0.9.1

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.39 to 0.1.47

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.47

What's Changed

Bump sigs.k8s.io/controller-runtime from 0.17.4 to 0.17.5 in /api by @dependabot in enterprise-contract/enterprise-contract-controller#329

Bump sigs.k8s.io/controller-runtime from 0.17.4 to 0.17.5 by @dependabot in enterprise-contract/enterprise-contract-controller#328

Bump codecov/codecov-action from 4.3.1 to 4.4.1 by @dependabot in enterprise-contract/enterprise-contract-controller#339

Bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in enterprise-contract/enterprise-contract-controller#340

Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in enterprise-contract/enterprise-contract-controller#341

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.46...api/v0.1.47

API Release api/v0.1.46

What's Changed

Bump github/codeql-action from 3.25.3 to 3.25.5 by @dependabot in enterprise-contract/enterprise-contract-controller#330

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.45...api/v0.1.46

API Release api/v0.1.45

What's Changed

Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.17.4 in /api by @dependabot in enterprise-contract/enterprise-contract-controller#327

Bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in enterprise-contract/enterprise-contract-controller#331

Bump softprops/action-gh-release from 2.0.4 to 2.0.5 by @dependabot in enterprise-contract/enterprise-contract-controller#333

Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in enterprise-contract/enterprise-contract-controller#332

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.44...api/v0.1.45

API Release api/v0.1.44

What's Changed

Bump codecov/codecov-action from 4.3.0 to 4.3.1 by @dependabot in enterprise-contract/enterprise-contract-controller#326

Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 by @dependabot in enterprise-contract/enterprise-contract-controller#324

Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.17.4 by @dependabot in enterprise-contract/enterprise-contract-controller#323

Bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in enterprise-contract/enterprise-contract-controller#325

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.43...api/v0.1.44

API Release api/v0.1.43

What's Changed

Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in enterprise-contract/enterprise-contract-controller#319

Bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in enterprise-contract/enterprise-contract-controller#320

Bump actions/download-artifact from 4.1.5 to 4.1.7 by @dependabot in enterprise-contract/enterprise-contract-controller#321

Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in enterprise-contract/enterprise-contract-controller#322

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.42...api/v0.1.43

API Release api/v0.1.42

What's Changed

... (truncated)

Commits

8b8d7be Merge pull request #341 from enterprise-contract/dependabot/github_actions/ac...
d1db73a Merge pull request #340 from enterprise-contract/dependabot/github_actions/gi...
d3db660 Merge pull request #339 from enterprise-contract/dependabot/github_actions/co...
7fe254a Bump actions/checkout from 4.1.5 to 4.1.6
1d8f08a Bump github/codeql-action from 3.25.5 to 3.25.6
36061d8 Bump codecov/codecov-action from 4.3.1 to 4.4.1
5c0827c Merge pull request #328 from enterprise-contract/dependabot/go_modules/sigs.k...
710d23f Run go mod tidy
95e86b1 Bump sigs.k8s.io/controller-runtime from 0.17.4 to 0.17.5 in /api
6f09ed5 Bump github/codeql-action from 3.25.3 to 3.25.5
Additional commits viewable in compare view

Updates github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.4

Release notes

Sourced from github.com/gkampitakis/go-snaps's releases.

v0.5.4

What's Changed

fix: slice bounds out of range [:5] by @zregvart in gkampitakis/go-snaps#98

New Contributors

@zregvart made their first contribution in gkampitakis/go-snaps#98

Full Changelog: gkampitakis/go-snaps@v0.5.3...v0.5.4

v0.5.3

What's Changed

fix: race condition when updating snapshots in parallel by @gkampitakis in gkampitakis/go-snaps#97

Full Changelog: gkampitakis/go-snaps@v0.5.2...v0.5.3

Commits

f98a2f9 fix: slice bounds out of range [:5] (#98)
e31ee30 fix: race condition when updating snapshots in parallel (#97)
See full diff in compare view

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

Fix lint: named but unused params by @thockin in go-logr/logr#268

Add a Go report card, fix lint by @thockin in go-logr/logr#271

funcr: Handle nested empty groups properly by @thockin in go-logr/logr#274

Dependencies:

build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in go-logr/logr#254

build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in go-logr/logr#256

build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in go-logr/logr#257

build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in go-logr/logr#259

build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in go-logr/logr#260

build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in go-logr/logr#263

build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in go-logr/logr#262

build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in go-logr/logr#264

build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in go-logr/logr#266

build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in go-logr/logr#267

build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in go-logr/logr#270

build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in go-logr/logr#272

build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in go-logr/logr#275

build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in go-logr/logr#276

build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in go-logr/logr#277

build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in go-logr/logr#278

build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in go-logr/logr#279

build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in go-logr/logr#280

build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in go-logr/logr#281

build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in go-logr/logr#282

build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in go-logr/logr#283

build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in go-logr/logr#284

build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in go-logr/logr#285

build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in go-logr/logr#286

build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in go-logr/logr#288

build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in go-logr/logr#289

build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in go-logr/logr#293

build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in go-logr/logr#292

build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in go-logr/logr#291

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in go-logr/logr#290

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in go-logr/logr#294

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in go-logr/logr#295

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

Commits

1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
4ade8d3 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
88d98bd Merge pull request #289 from go-logr/dependabot/github_actions/golangci/golan...
432cd86 Merge pull request #288 from go-logr/dependabot/github_actions/actions/setup-...
Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.19.1 to 0.19.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.19.2

What's Changed

Add JSON marshalling funcs for Digest. by @wlynch in google/go-containerregistry#1915

registry: Implement Range requests for blobs by @jonjohnsonjr in google/go-containerregistry#1917

Support podman auth file REGISTRY_AUTH_FILE. by @zhaoyonghe in google/go-containerregistry#1914

feat: crane mutate platform by @joshwlewis in google/go-containerregistry#1919

Add Context support to auth methods by @jonjohnsonjr in google/go-containerregistry#1949

Fix windows race condition when writing image with duplicate layers by @dgannon991 in google/go-containerregistry#1921

Add -O shorthand for --omit-digest-tags to crane. by @smoser in google/go-containerregistry#1958

New Contributors

@wlynch made their first contribution in google/go-containerregistry#1915

@zhaoyonghe made their first contribution in google/go-containerregistry#1914

@joshwlewis made their first contribution in google/go-containerregistry#1919

@dgannon991 made their first contribution in google/go-containerregistry#1921

@smoser made their first contribution in google/go-containerregistry#1958

Full Changelog: google/go-containerregistry@v0.19.1...v0.19.2

Commits

1b4e407 Add -O shorthand for --omit-digest-tags to crane. (#1958)
3764db2 Fix windows race condition when writing image with duplicate layers (#1921)
39d1148 Add Context support to auth methods (#1949)
ff385a9 feat: mutate platform (#1919)
98dd3e9 Support podman auth file REGISTRY_AUTH_FILE. (#1914)
051d642 registry: Implement Range requests for blobs (#1917)
0309184 Add JSON marshalling funcs for Digest. (#1915)
See full diff in compare view

Updates github.com/hashicorp/go-getter from 1.7.3 to 1.7.4

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

Escape user-provided strings in git commands hashicorp/go-getter#483

Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

Commits

268c11c escape user provide string to git (#483)
975961f Merge pull request #433 from adrian-bl/netrc-fix
5ccb39a Make addAuthFromNetrc ignore ENOTDIR errors
See full diff in compare view

Updates github.com/leanovate/gopter from 0.2.9 to 0.2.11

Commits

b641a79 Remove invalid type panic for now (addresses #86)
4dccbc2 Remove invalid type panic for now (addresses #86)
2607924 Panic on unsupported type
4f507f6 Update build runner
69954c9 Support array generators (addresses #86)
f9f2f29 Merge pull request #85 from zhongdai/fix-dead-links
e59552d Fixed the dead links.
90cc76d Merge pull request #82 from kkweon/master
62760ed fix(gen/struct): typo in the comment
f350002 Keep track of command sieve (issue #81)
Additional commits viewable in compare view

Updates github.com/open-policy-agent/conftest from 0.50.0 to 0.53.0

Release notes

Sourced from github.com/open-policy-agent/conftest's releases.

v0.53.0

Changelog

OPA Changes

96470c21f2ea92baa66aa8c50b07b008af222bc3: build(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0 (#953) (@dependabot[bot])

Other Changes

c33a50c853001998e47c3057ceb755ccb7f8d6c3: build(deps): bump alpine from 3.19.1 to 3.20.0 (#951) (@dependabot[bot])

31700e1d9edd66e177043d3886b19c5d428c3e11: build(deps): bump cuelang.org/go from 0.8.1 to 0.9.0 (#956) (@dependabot[bot])

525f071514279dd545a82fd4e3a085d84d869274: build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#950) (@dependabot[bot])

eeef9e250063002d81b0402fbf885468c590bc7f: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#954) (@dependabot[bot])

30b373416df2cafc147c4f3bd3c601f66c53128f: build(deps): bump golang from 1.22.2-alpine to 1.22.3-alpine (#949) (@dependabot[bot])

493cfd55b0a2745d918d3564f7a8b64c0ba776e8: tests: extend hcl cases: tag verification (#955) (@boranx)

v0.52.0

Changelog

OPA Changes

c8ca3585dfe99647c0ca039b03522bd83e0ca357: build(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.64.0 (#943) (@dependabot[bot])

9b082a11765d408ffdddbf365bd0fdd990d87461: build(deps): bump github.com/open-policy-agent/opa from 0.64.0 to 0.64.1 (#947) (@dependabot[bot])

Other Changes

8f13bf6a82dbb7db38e1ca1a3cddba4f608dbee2: build(deps): bump cuelang.org/go from 0.8.0 to 0.8.1 (#937) (@dependabot[bot])

37b04d6036f6a146cc2c38e29769ad245c4607e6: build(deps): bump github.com/docker/docker from v25.0.3+incompatible to v25.0.5+incompatible (#932) (@robmonct)

1b3cc13b4d5e8d99a7a124672046605d1c33d0bc: build(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#948) (@dependabot[bot])

28d92a408f9d39d01dd85e0055f05f36e09bbf7f: build(deps): bump github.com/moby/buildkit from 0.13.1 to 0.13.2 (#944) (@dependabot[bot])

4ab6feaed04fa44e1de39e9c823728bfdf906867: build(deps): bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#941) (@dependabot[bot])

c6bd5a541a1526f9ade5e02b41dc11725c97c47c: build(deps): bump golang from 1.22.1-alpine to 1.22.2-alpine (#938) (@dependabot[bot])

298d74aeade4b4462961fa3c7f1d44a90d7a49d8: ci: Allow Dependabot to update github.com/hashicorp/go-getter (#946) (@jalseth)

v0.51.0

Changelog

Bug Fixes

1989c6c7a2ddbecf15f6b736978a468777694562: fix: Only raise problematic if error when rule has no name set (#935) (@jalseth)

OPA Changes

6609893ae256424714b43f3a54feb9da97804ffb: build(deps): bump github.com/open-policy-agent/opa from 0.62.1 to 0.63.0 (#933) (@dependabot[bot])

Other Changes

06e3f8d1e4de112effa58924c61e72d493794ffc: build(deps): bump cuelang.org/go from 0.7.1 to 0.8.0 (#930) (@dependabot[bot])

bece944a615fffdf96d971e7fb05e98600bffe20: build(deps): bump github.com/moby/buildkit from 0.13.0 to 0.13.1 (#931) (@dependabot[bot])

515feda4311e2ac62b062d1002a9a70a8cd9177d: build(deps): bump golang from 1.22.0-alpine to 1.22.1-alpine (#929) (@dependabot[bot])

86afe2f34ba2d567ed99c85e363c3b6457e82ef9: ci: Pin bats version to work around broken CI (#936) (@jalseth)

Commits

493cfd5 tests: extend hcl cases: tag verification (#955)
31700e1 build(deps): bump cuelang.org/go from 0.8.1 to 0.9.0 (#956)
eeef9e2 build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#954)
96470c2 build(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0 (#953)
c33a50c build(deps): bump alpine from 3.19.1 to 3.20.0 (#951)
525f071 build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#950)
30b3734 build(deps): bump golang from 1.22.2-alpine to 1.22.3-alpine (#949)
9b082a1 build(deps): bump github.com/open-policy-agent/opa from 0.64.0 to 0.64.1 (#947)
1b3cc13 build(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#948)
298d74a ci: Allow Dependabot to update github.com/hashicorp/go-getter (#946)
Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.62.1 to 0.65.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.65.0

This release contains a mix of features and bugfixes.

Runtime, Tooling, SDK

ast: Include annotations in rule AST, to help external tooling analyzing the AST (#6771) authored by @ashutosh-narkar

aws: Always read HTTP response body, to re-use persistent connections for non-200 responses (#6734) authored by @johanneslarsson

plugins/discovery: Update comparison logic for overrides (#6723) authored by @ashutosh-narkar

plugins/logs: Include http request context in decision logs (#6693) authored by @ashutosh-narkar reported by @stiidk

plugins/rest: Disable the Authorization header for ECR redirects (6728) authored by @gdlg reported by @vazquezf2000

runtime: Fix OpenTelemetry graceful shutdown (#6651) authored by @nicolaschotard and @David-Wobrock reported by @nicolaschotard

Topdown and Rego

topdown: Asserting the every domain is a collection type before evaluation (#6762) authored by @johanfylling reported by @anderseknert

Miscellaneous

docs: Add arrays to composite values section (#6727) authored by @anderseknert reported by @SpecLad

docs: Add remainder operator to grammar (#6767) authored by @anderseknert

docs: Fix dynamic metadata object in docs (#6709) authored by @antonioberben

docs: Use best practice package name in test examples (#6731) authored by @asleire

docs: Update query API doc with details about overriding the def decision path (#6745) authored by @ashutosh-narkar

ci: pin GitHub Actions macos runner version and build for darwin/amd64 (#6720) reported and authored by @suzuki-shunsuke

Dependency updates; notably:

build(go): bump golang from 1.22.2 to 1.22.3

build(deps): bump github.com/containerd/containerd from 1.7.15 to 1.7.17

build(deps): bump github.com/prometheus/client_golang

build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0

build(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0

Breaking changes

A new IsSetStmt statement has been added to the intermediate representation (IR). This is a breaking change for custom IR evaluators, which must interpret this statement in IR plans generated by this OPA version and later. No actions are required for Wasm users, as long as Wasm modules are built by this OPA version or later.

v0.64.1

This is a bug fix release addressing the following issues:

ci: Pin GitHub Actions macos runner version. The architecture of the GitHub Actions Runner macos-latest was changed from amd64 to arm64 and as a result darwin/amd64 binary wasn't released (#6720) authored by @suzuki-shunsuke

plugins/discovery: Update comparison logic used in the discovery plugin for handling overrides. This fixes a panic that resulted from the comparison of uncomparable types (#6723) authored by @ashutosh-narkar

v0.64.0

NOTES:

The minimum version of Go required to build the OPA module is 1.21

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.65.0

This release contains a mix of features and bugfixes.

Runtime, Tooling, SDK

ast: Include annotations in rule AST, to help external tooling analyzing the AST (#6771) authored by @ashutosh-narkar

aws: Always read HTTP response body, to re-use persistent connections for non-200 responses (#6734) authored by @johanneslarsson

plugins/discovery: Update comparison logic for overrides (#6723) authored by @ashutosh-narkar

plugins/logs: Include http request context in decision logs (#6693) authored by @ashutosh-narkar reported by @stiidk

plugins/rest: Disable the Authorization header for ECR redirects (6728) authored by @gdlg reported by @vazquezf2000

runtime: Fix OpenTelemetry graceful shutdown (#6651) authored by @nicolaschotard and @David-Wobrock reported by @nicolaschotard

Topdown and Rego

topdown: Asserting the every domain is a collection type before evaluation (#6762) authored by @johanfylling reported by @anderseknert

Miscellaneous

docs: Add arrays to composite values section (#6727) authored by @anderseknert reported by @SpecLad

docs: Add remainder operator to grammar (#6767) authored by @anderseknert

docs: Fix dynamic metadata object in docs (#6709) authored by @antonioberben

docs: Use best practice package name in test examples (#6731) authored by @asleire

docs: Update query API doc with details about overriding the def decision path (#6745) authored by @ashutosh-narkar

ci: pin GitHub Actions macos runner version and build for darwin/amd64 (#6720) reported and authored by @suzuki-shunsuke

Dependency updates; notably:

build(go): bump golang from 1.22.2 to 1.22.3

build(deps): bump github.com/containerd/containerd from 1.7.15 to 1.7.17

build(deps): bump github.com/prometheus/client_golang

build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0

build(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0

Breaking changes

A new IsSetStmt statement has been added to the intermediate representation (IR). This is a breaking change for custom IR evaluators, which must interpret this statement in IR plans generated by this OPA version and later. No actions are required for Wasm users, as long as Wasm modules are built by this OPA version or later.

0.64.1

This is a bug fix release addressing the following issues:

ci: Pin GitHub Actions macos runner version. The architecture of the GitHub Actions Runner macos-latest was changed from amd64 to arm64 and as a result darwin/amd64 binary wasn't released (#6720) authored by @suzuki-shunsuke

plugins/discovery: Update comparison logic used in the discovery plugin for handling overrides. This fixes a panic that resulted from the comparison of uncomparable types (#6723) authored by @ashutosh-narkar

0.64.0

NOTES:

The minimum version of Go required to build the OPA module is 1.21

... (truncated)

Commits

f054975 Updating changelog for v0.65.0 (#6774)
5a49efd Release v0.65.0 (#6772)
4e5c36d Include annotations in rule AST (#6771)
02c565a Add remainder operator to grammar (#6767)
cb9d347 Adding documentation for new IsSetStmt IR statement (#6764)
62834a2 Asserting every domain is an collection type before evaluation (#6763)
27da341 build(deps): bump aquasecurity/trivy-action from 0.20.0 to 0.21.0
3a198e0 ---
a8ac7b3 plugins/logs: Include http request context in decision logs
a751084 build(deps): bump github.com/containerd/containerd from 1.7.16 to 1.7.17
Additional commits viewable in compare view

Updates github.com/package-url/packageurl-go from 0.1.2 to 0.1.3

Release notes

Sourced from github.com/package-url/packageurl-go's releases.

v0.1.3

What's Changed

go.mod: Bump required Go version to 1.18 by @magnusbaeck in package-url/packageurl-go#66

Fix Github Actions by @shibumi in package-url/packageurl-go#69

Adds ./ and ../ as valid subpath prefix by @ridhoq in package-url/packageurl-go#68

New Contributors

@magnusbaeck made their first contribution in package-url/packageurl-go#66

@ridhoq made their first contribution in package-url/packageurl-go#68

Full Changelog: package-url/packageurl-go@v0.1.2...v0.1.3

Commits

7cb81af Merge pull request #68 from ridhoq/dot-slash-valid-subpath-prefix
6f82665 enable valid prefix
322020f add ../ as a valid prefix test
62a8a4b add ./ as a valid test case
a8ae119 Merge pull request #69 from shibumi/fix-ci
11504a3 Fix Github Actions
fe183c1 Merge pull request #66 from magnusbaeck/go-mod-version
e033e37 go.mod: Bump required Go version to 1.18
See full diff in compare view

Updates github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.2.4

Bug Fixes

Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661)

ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526)

fix semgrep issues for dgryski.semgrep-go ruleset (#3541)

Honor creation timestamp for signatures again (#3549)

Features

Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578)

Documentation

add oci bundle spec (#3622)

Correct help text of triangulate cmd (#3551)

Correct help text of verify-attestation policy argument (#3527)

feat: add OVHcloud MPR registry tested with cosign (#3639)

Testing

Refactor e2e-tests.yml workflow (#3627)

Clean up and clarify e2e scripts (#3628)

Don't ignore transparency log in tests if possible (#3528)

Make E2E tests hermetic (#3499)

add e2e test for pkcs11 token signing (#3495)

Full Changelog: sigstore/cosign@v2.2.3...v2.2.4

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.2.4

Bug Fixes

Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661)

ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526)

fix semgrep issues for dgryski.semgrep-go ruleset (#3541)

Honor creation timestamp for signatures again (#3549)

Features

Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explic...
Description has been truncated

Bumps the all group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | cuelang.org/go | `0.8.0` | `0.9.1` | | [github.com/enterprise-contract/enterprise-contract-controller/api](https://github.com/enterprise-contract/enterprise-contract-controller) | `0.1.39` | `0.1.47` | | [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) | `0.5.2` | `0.5.4` | | [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.1` | `1.4.2` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.19.1` | `0.19.2` | | [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.7.3` | `1.7.4` | | [github.com/leanovate/gopter](https://github.com/leanovate/gopter) | `0.2.9` | `0.2.11` | | [github.com/open-policy-agent/conftest](https://github.com/open-policy-agent/conftest) | `0.50.0` | `0.53.0` | | [github.com/package-url/packageurl-go](https://github.com/package-url/packageurl-go) | `0.1.2` | `0.1.3` | | [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.2.3` | `2.2.4` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.0` | `1.8.1` | | [github.com/spf13/viper](https://github.com/spf13/viper) | `1.18.2` | `1.19.0` | | [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `0.54.0` | `0.60.2` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.29.3` | `0.30.2` | | [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.120.1` | `2.130.0` | Updates `cuelang.org/go` from 0.8.0 to 0.9.1 Updates `github.com/enterprise-contract/enterprise-contract-controller/api` from 0.1.39 to 0.1.47 - [Release notes](https://github.com/enterprise-contract/enterprise-contract-controller/releases) - [Commits](enterprise-contract/enterprise-contract-controller@api/v0.1.39...api/v0.1.47) Updates `github.com/gkampitakis/go-snaps` from 0.5.2 to 0.5.4 - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](gkampitakis/go-snaps@v0.5.2...v0.5.4) Updates `github.com/go-logr/logr` from 1.4.1 to 1.4.2 - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) Updates `github.com/google/go-containerregistry` from 0.19.1 to 0.19.2 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.19.1...v0.19.2) Updates `github.com/hashicorp/go-getter` from 1.7.3 to 1.7.4 - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](hashicorp/go-getter@v1.7.3...v1.7.4) Updates `github.com/leanovate/gopter` from 0.2.9 to 0.2.11 - [Release notes](https://github.com/leanovate/gopter/releases) - [Changelog](https://github.com/leanovate/gopter/blob/master/CHANGELOG.md) - [Commits](leanovate/gopter@v0.2.9...v0.2.11) Updates `github.com/open-policy-agent/conftest` from 0.50.0 to 0.53.0 - [Release notes](https://github.com/open-policy-agent/conftest/releases) - [Changelog](https://github.com/open-policy-agent/conftest/blob/master/.goreleaser.yml) - [Commits](open-policy-agent/conftest@v0.50.0...v0.53.0) Updates `github.com/open-policy-agent/opa` from 0.62.1 to 0.65.0 - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.62.1...v0.65.0) Updates `github.com/package-url/packageurl-go` from 0.1.2 to 0.1.3 - [Release notes](https://github.com/package-url/packageurl-go/releases) - [Commits](package-url/packageurl-go@v0.1.2...v0.1.3) Updates `github.com/sigstore/cosign/v2` from 2.2.3 to 2.2.4 - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.2.3...v2.2.4) Updates `github.com/sigstore/sigstore` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.2...v1.8.3) Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.8.0...v1.8.1) Updates `github.com/spf13/viper` from 1.18.2 to 1.19.0 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.18.2...v1.19.0) Updates `github.com/tektoncd/pipeline` from 0.54.0 to 0.60.2 - [Release notes](https://github.com/tektoncd/pipeline/releases) - [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md) - [Commits](tektoncd/pipeline@v0.54.0...v0.60.2) Updates `golang.org/x/net` from 0.22.0 to 0.25.0 - [Commits](golang/net@v0.22.0...v0.25.0) Updates `k8s.io/apiextensions-apiserver` from 0.29.3 to 0.30.2 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.29.3...v0.30.2) Updates `k8s.io/apimachinery` from 0.29.3 to 0.30.2 - [Commits](kubernetes/apimachinery@v0.29.3...v0.30.2) Updates `k8s.io/client-go` from 0.29.3 to 0.30.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.29.3...v0.30.2) Updates `k8s.io/klog/v2` from 2.120.1 to 2.130.0 - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](kubernetes/klog@v2.120.1...v2.130.0) Updates `k8s.io/kube-openapi` from 0.0.0-20231010175941-2dd684a91f00 to 0.0.0-20240228011516-70dd3763d340 - [Commits](https://github.com/kubernetes/kube-openapi/commits) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/enterprise-contract/enterprise-contract-controller/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/leanovate/gopter dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/open-policy-agent/conftest dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/package-url/packageurl-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/cosign/v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/tektoncd/pipeline dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/kube-openapi dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-06-24T15:37:32Z

Superseded by #203.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 17, 2024

dependabot bot mentioned this pull request Jun 17, 2024

Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 #97

Closed

dependabot bot closed this Jun 24, 2024

dependabot bot deleted the dependabot/go_modules/all-af6520cb50 branch June 24, 2024 15:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the all group across 1 directory with 21 updates #198

build(deps): bump the all group across 1 directory with 21 updates #198

dependabot bot commented on behalf of github Jun 17, 2024 •

edited

Loading

dependabot bot commented on behalf of github Jun 24, 2024

build(deps): bump the all group across 1 directory with 21 updates #198

build(deps): bump the all group across 1 directory with 21 updates #198

Conversation

dependabot bot commented on behalf of github Jun 17, 2024 • edited Loading

API Release api/v0.1.47

What's Changed

API Release api/v0.1.46

What's Changed

API Release api/v0.1.45

What's Changed

API Release api/v0.1.44

What's Changed

API Release api/v0.1.43

What's Changed

API Release api/v0.1.42

What's Changed

v0.5.4

What's Changed

New Contributors

v0.5.3

What's Changed

v1.4.2

What's Changed

Dependencies:

v0.19.2

What's Changed

New Contributors

v1.7.4

What's Changed

v0.53.0

Changelog

OPA Changes

Other Changes

v0.52.0

Changelog

OPA Changes

Other Changes

v0.51.0

Changelog

Bug Fixes

OPA Changes

Other Changes

v0.65.0

Runtime, Tooling, SDK

Topdown and Rego

Miscellaneous

Breaking changes

v0.64.1

v0.64.0

0.65.0

Runtime, Tooling, SDK

Topdown and Rego

Miscellaneous

Breaking changes

0.64.1

0.64.0

v0.1.3

What's Changed

New Contributors

v2.2.4

Bug Fixes

Features

Documentation

Testing

v2.2.4

Bug Fixes

Features

dependabot bot commented on behalf of github Jun 24, 2024

dependabot bot commented on behalf of github Jun 17, 2024 •

edited

Loading