build(deps): bump the go-dependencies group with 5 updates

[dependabot]

Bumps the go-dependencies group with 5 updates:

Package	From	To
github.com/buildpacks/lifecycle	0.17.2	0.18.1
github.com/spf13/cobra	1.7.0	1.8.0
golang.org/x/mod	0.13.0	0.14.0
golang.org/x/sync	0.4.0	0.5.0
golang.org/x/text	0.13.0	0.14.0

Updates github.com/buildpacks/lifecycle from 0.17.2 to 0.18.1

Release notes

Sourced from github.com/buildpacks/lifecycle's releases.

lifecycle v0.18.1

Welcome to v0.18.1, a release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker (compatible) daemon or an OCI registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.18.1.

Bugfixes

• Fixes post-release workflow by capturing the image digest for the linux-s390x image (buildpacks/lifecycle#1235 by @​natalieparellano)

lifecycle v0.18.0

Welcome to v0.18.0, a release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker (compatible) daemon or an OCI registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.18.0.

Features

• Removes unsupported Buildpack APIs: 0.2, 0.3, 0.4, 0.5, and 0.6 (buildpacks/lifecycle#1148 by @​natalieparellano)
• Removes compatibility layer for unsupported Buildpack APIs (buildpacks/lifecycle#1188 by @​natalieparellano)
• Removes unsupported Platform APIs: 0.3, 0.4, 0.5, and 0.6 (buildpacks/lifecycle#1191 by @​natalieparellano)
• Requires the CNB_PLATFORM_API environment variable to be set (buildpacks/lifecycle#1145 by @​natalieparellano)
• Adds support for s390x architecture (buildpacks/lifecycle#1142 by @​dilipgb)
• Uses keyless signing to cosign sign buildpacksio/lifecycle images in GitHub actions (buildpacks/lifecycle#1201 by @​natalieparellano)
• Reports image name when restorer fails to pull (buildpacks/lifecycle#1174 by @​AidanDelaney)
• Warns when a positional argument might have been a flag (buildpacks/lifecycle#1147 by @​joe-kimmel-vmw)
• Adds explanatory debug logs to the restorer (buildpacks/lifecycle#1144 by @​joe-kimmel-vmw)
• lifecycle now only emits timing to the debug logs (buildpacks/lifecycle#1230 by @​jabrown85)
• Updates go to version 1.20.10

... (truncated)

Commits

• 72c4ed8 Update grype config with non-impactful CVE
• 8065d05 Fix post-release workflow
• 653a46f Print Timer logs in debug mode only (#1230)
• 9eec0f4 Fix check release workflow by giving write permissions to the token (#1229)
• 2bf3ae7 Do not obscure error message (#1227)
• 367b451 Bump appleboy/ssh-action from 0.1.10 to 1.0.0 (#1214)
• 66472bc Bump actions/checkout from 3 to 4 (#1212)
• a00c383 Bump actions/upload-artifact from 2 to 3 (#1213)
• 885847a Bump deps (#1221)
• ab2fe4f Fix usage of URL based registries (#1222)
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.0

✨ Features

• Support usage as plugin for tools like kubectl by @​nirs in spf13/cobra#2018 - this means that programs that utilize a "plugin-like" structure have much better support and usage (like for completions, command paths, etc.)
• Move documentation sources to site/content by @​umarcor in spf13/cobra#1428
• Add 'one required flag' group by @​marevers in spf13/cobra#1952 - this includes a new MarkFlagsOneRequired API for flags which can be used to mark a flag group as required and cause command failure if at least one is not used when invoked.
• Customizable error message prefix by @​5ouma in spf13/cobra#2023 - This adds the SetErrPrefix and ErrPrefix APIs on the Command struct to allow for setting a custom prefix for errors
• feat: add getters for flag completions by @​avirtopeanu-ionos in spf13/cobra#1943
• Feature: allow running persistent run hooks of all parents by @​vkhoroz in spf13/cobra#2044
• Improve API to get flag completion function by @​marckhouzam in spf13/cobra#2063

🐛 Bug fixes

• Fix typo in fish completions by @​twpayne in spf13/cobra#1945
• Fix grammar: 'allows to' by @​supertassu in spf13/cobra#1978
• powershell: escape variable with curly brackets by @​Luap99 in spf13/cobra#1960
• Don't complete --help flag when flag parsing disabled by @​marckhouzam in spf13/cobra#2061
• Replace all non-alphanumerics in active help env var program prefix by @​scop in spf13/cobra#1940

🔧 Maintenance

• build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @​dependabot in spf13/cobra#1971
• build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @​dependabot in spf13/cobra#1976
• build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @​dependabot in spf13/cobra#2021
• build(deps): bump actions/setup-go from 3 to 4 by @​dependabot in spf13/cobra#1934
• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 by @​dependabot in spf13/cobra#2047
• build(deps): bump actions/checkout from 3 to 4 by @​dependabot in spf13/cobra#2028
• command: temporarily disable G602 due to securego/gosec#1005 by @​umarcor in spf13/cobra#2022

🧪 Testing & CI/CD

• test: make fish_completions_test more robust by @​branchvincent in spf13/cobra#1980
• golangci: enable 'unused' and disable deprecated replaced by it by @​umarcor in spf13/cobra#1983
• cleanup: minor corrections to unit tests by @​JunNishimura in spf13/cobra#2003
• ci: test golang 1.21 by @​nunoadrego in spf13/cobra#2024
• Fix linter errors by @​marckhouzam in spf13/cobra#2052
• Add tests for flag completion registration by @​marckhouzam in spf13/cobra#2053

✏️ Documentation

• doc: fix typo, Deperecated -> Deprecated by @​callthingsoff in spf13/cobra#2000
• Add notes to doc about the execution condition of *PreRun and *PostRun functions by @​haoming29 in spf13/cobra#2041

---

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍

Full Changelog: spf13/cobra@v1.7.0...v1.8.0

Commits

• a0a6ae0 Improve API to get flag completion function (#2063)
• 890302a Support usage as plugin for tools like kubectl (#2018)
• 48cea5c build(deps): bump actions/checkout from 3 to 4 (#2028)
• 22953d8 Replace all non-alphanumerics in active help env var program prefix (#1940)
• 00b68a1 Add tests for flag completion registration (#2053)
• b711e87 Don't complete --help flag when flag parsing disabled (#2061)
• 8b1eba4 Fix linter errors (#2052)
• 4cafa37 Allow running persistent run hooks of all parents (#2044)
• 5c962a2 build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 (#2047)
• efe8fa3 build(deps): bump actions/setup-go from 3 to 4 (#1934)
• Additional commits viewable in compare view

Updates golang.org/x/mod from 0.13.0 to 0.14.0

Commits

• 6e58e47 modfile: improve directory path detection and error text consistency
• See full diff in compare view

Updates golang.org/x/sync from 0.4.0 to 0.5.0

Commits

• 10739b0 all: update go directive to 1.18
• See full diff in compare view

Updates golang.org/x/text from 0.13.0 to 0.14.0

Commits

• 6c97a16 all: update go directive to 1.18
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.