Bump the go-modules group across 1 directory with 31 updates #825

dependabot · 2024-08-23T06:20:02Z

Bumps the go-modules group with 17 updates in the / directory:

Package	From	To
github.com/DataDog/zstd	`1.5.5`	`1.5.6`
github.com/Netflix/go-env	`0.0.0-20220526054621-78278af1949d`	`0.0.1`
github.com/mattn/go-runewidth	`0.0.15`	`0.0.16`
github.com/onsi/gomega	`1.33.1`	`1.34.1`
github.com/paketo-buildpacks/occam	`0.18.7`	`0.18.8`
github.com/spdx/tools-golang	`0.5.4`	`0.5.5`
github.com/sylabs/sif/v2	`2.17.0`	`2.19.0`
golang.org/x/sync	`0.7.0`	`0.8.0`
dario.cat/mergo	`1.0.0`	`1.0.1`
github.com/Microsoft/hcsshim	`0.12.4`	`0.12.6`
github.com/cloudflare/circl	`1.3.9`	`1.4.0`
github.com/cyphar/filepath-securejoin	`0.2.5`	`0.3.1`
github.com/moby/sys/sequential	`0.5.0`	`0.6.0`
github.com/moby/sys/user	`0.1.0`	`0.3.0`
github.com/skeema/knownhosts	`1.2.2`	`1.3.0`
github.com/spf13/cast	`1.6.0`	`1.7.0`
golang.org/x/text	`0.16.0`	`0.17.0`

Updates github.com/DataDog/zstd from 1.5.5 to 1.5.6

Release notes

Sourced from github.com/DataDog/zstd's releases.

zstd 1.5.6

What's Changed

Fix readme typo by @colinlyguo in DataDog/zstd#136

Update upperBound ratio when guessing the required decompression buffer size by @sfluor in DataDog/zstd#141

Update vendored zstd to 1.5.6 by @Viq111 in DataDog/zstd#143

Full Changelog: DataDog/zstd@v1.5.5+patch1...v1.5.6

Commits

b52f603 Merge pull request #143 from DataDog/viq111/1.5.6
cf4778e Update Readme for 1.5.6
ed87d43 Update vendored zstd to 1.5.6
dd7b332 Merge pull request #136 from colinlyguo/fix-readme
beb4dfd Merge pull request #141 from DataDog/sfluor-patch-1
e75a26a Update upperBound ratio when guessing the required decompression buffer size
c9a5141 fix readme
869dae0 Merge pull request #132 from DataDog/viq111/bulk-fix-highlycompressed-payloads
bf7b920 [bulk] Add extra empty payload decompression test
9c0d33f [bulk] Fix naming
Additional commits viewable in compare view

Updates github.com/Netflix/go-env from 0.0.0-20220526054621-78278af1949d to 0.0.1

Release notes

Sourced from github.com/Netflix/go-env's releases.

v0.0.1

initial go mod release

What's Changed

Fix readme example usage by @bvwells in Netflix/go-env#4

Added missing int types by @BartWillems in Netflix/go-env#2

Support multiple env struct tags by @hinshun in Netflix/go-env#6

Support type time.Duration by @kitt1987 in Netflix/go-env#7

Add default values by @jimmykodes in Netflix/go-env#8

Split default value only into two parts by @steveteuber in Netflix/go-env#9

Update build status location by @sghill in Netflix/go-env#11

Add float32 and float64 support by @kplachkov in Netflix/go-env#14

Add support for custom env marshaling and unmarshaling by @mothershipper in Netflix/go-env#12

Fix tiny typo in test by @seawolf in Netflix/go-env#16

Add detail for required field error by @PePoDev in Netflix/go-env#17

Add uint uint8 uint16 uint32 uint64 support by @jorgejr568 in Netflix/go-env#22

Make repo a Go module, switch to GitHub Actions by @patricksanders in Netflix/go-env#25

New Contributors

@bvwells made their first contribution in Netflix/go-env#4

@BartWillems made their first contribution in Netflix/go-env#2

@hinshun made their first contribution in Netflix/go-env#6

@kitt1987 made their first contribution in Netflix/go-env#7

@jimmykodes made their first contribution in Netflix/go-env#8

@steveteuber made their first contribution in Netflix/go-env#9

@sghill made their first contribution in Netflix/go-env#11

@kplachkov made their first contribution in Netflix/go-env#14

@mothershipper made their first contribution in Netflix/go-env#12

@seawolf made their first contribution in Netflix/go-env#16

@PePoDev made their first contribution in Netflix/go-env#17

@jorgejr568 made their first contribution in Netflix/go-env#22

@patricksanders made their first contribution in Netflix/go-env#25

Full Changelog: https://github.com/Netflix/go-env/commits/v0.0.1

Commits

See full diff in compare view

Updates github.com/mattn/go-runewidth from 0.0.15 to 0.0.16

Commits

6ceadc6 Support Unicode 15.1.0
See full diff in compare view

Updates github.com/onsi/gomega from 1.33.1 to 1.34.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.1

1.34.1

Maintenance

Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

v1.34.0

1.34.0

Features

Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]

issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

bump ginkgo [8af2ece]

Fix typo in docs [123a071]

Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]

Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]

Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]

Bump github-pages from 230 to 231 in /docs (#748) [892c303]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.1

Maintenance

Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

1.34.0

Features

Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]

issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

bump ginkgo [8af2ece]

Fix typo in docs [123a071]

Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]

Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]

Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]

Bump github-pages from 230 to 231 in /docs (#748) [892c303]

Commits

fa057b8 v1.34.1
5e71dcd Use slices from exp/slices to keep golang 1.20 compat
32e5498 v1.34.0
cb3fa6a run go mod tidy and wonder why go get doesnt just run it for me in the first ...
8af2ece bump ginkgo
878940c fix incorrect handling of nil slices in HaveExactElements (fixes #771)
f5bec80 clean up bipartitegraph tests
ebadb67 issue_765 - fixed bug in Hopcroft-Karp algorithm
123a071 Fix typo in docs
c549e0d Add RoundTripper method to ghttp.Server
Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/occam from 0.18.7 to 0.18.8

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.8

What's Changed

Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 by @dependabot in paketo-buildpacks/occam#309

Updates go mod toolchain version to 1.22.5 by @paketo-bot in paketo-buildpacks/occam#313

Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @dependabot in paketo-buildpacks/occam#315

Updates github-config by @paketo-bot in paketo-buildpacks/occam#316

Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @dependabot in paketo-buildpacks/occam#317

Updates go mod version to 1.22.5 by @paketo-bot in paketo-buildpacks/occam#318

Bump github.com/onsi/gomega from 1.33.1 to 1.34.0 by @dependabot in paketo-buildpacks/occam#321

Bump github.com/onsi/gomega from 1.34.0 to 1.34.1 by @dependabot in paketo-buildpacks/occam#322

Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @dependabot in paketo-buildpacks/occam#323

Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1 by @dependabot in paketo-buildpacks/occam#324

Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2 by @dependabot in paketo-buildpacks/occam#326

Updates go mod version to 1.22.6 by @paketo-bot in paketo-buildpacks/occam#325

Updates go mod version to 1.23.0 by @paketo-bot in paketo-buildpacks/occam#328

Bump docker to version 26.1.5 to fix CVE-2024-41110 by @jericop in paketo-buildpacks/occam#331

New Contributors

@jericop made their first contribution in paketo-buildpacks/occam#331

Full Changelog: paketo-buildpacks/occam@v0.18.7...v0.18.8

Commits

1193f3c Bump docker to version 26.1.5 to fix CVE-2024-41110
5cd4ede Updates go mod version to 1.23.0
2e5b930 Updates go mod version to 1.22.6
815b014 Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2
74a79fb Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1
90134a5 Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2
653a6fb Bump github.com/onsi/gomega from 1.34.0 to 1.34.1
ed0e429 Bump github.com/onsi/gomega from 1.33.1 to 1.34.0
f467245 Updates go mod version to 1.22.5
c97acf2 Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1
Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.2

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.14.2

What's Changed

Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 by @dependabot in paketo-buildpacks/packit#573

Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 by @dependabot in paketo-buildpacks/packit#574

Updates github-config by @paketo-bot in paketo-buildpacks/packit#576

Fix override of existing values in prepend & append by @nicolasbender in paketo-buildpacks/packit#581

Updates github-config by @paketo-bot in paketo-buildpacks/packit#585

Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 by @dependabot in paketo-buildpacks/packit#588

Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 by @dependabot in paketo-buildpacks/packit#589

New Contributors

@nicolasbender made their first contribution in paketo-buildpacks/packit#581

Full Changelog: paketo-buildpacks/packit@v2.14.0...v2.14.2

v2.14.1

⚠️ This release contains unwanted changes due to release automation issues. Please use https://github.com/paketo-buildpacks/packit/releases/tag/v2.14.2 instead!

What's Changed

Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 by @dependabot in paketo-buildpacks/packit#573

Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 by @dependabot in paketo-buildpacks/packit#574

Updates github-config by @paketo-bot in paketo-buildpacks/packit#576

Fix override of existing values in prepend & append by @nicolasbender in paketo-buildpacks/packit#581

Updates github-config by @paketo-bot in paketo-buildpacks/packit#585

Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 by @dependabot in paketo-buildpacks/packit#588

Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 by @dependabot in paketo-buildpacks/packit#589

New Contributors

@nicolasbender made their first contribution in paketo-buildpacks/packit#581

Full Changelog: paketo-buildpacks/packit@v2.14.0...v2.14.1

Commits

3bc586e do not run draft release workflow on branches named v2-<something>
d558b87 Bump github.com/onsi/gomega from 1.33.1 to 1.34.1
9f2a7b3 Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5
b117031 Updating github-config
b6530bc Include error handling
7222905 Fix override of existing values in prepend & append
e366827 Updating github-config
a8ac405 Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4
4ff7347 Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0
See full diff in compare view

Updates github.com/spdx/tools-golang from 0.5.4 to 0.5.5

Release notes

Sourced from github.com/spdx/tools-golang's releases.

v0.5.5

What's Changed

fix: properly normalize Windows paths, add windows test runner by @kzantow in spdx/tools-golang#242

fix: panic if JSON relationship array contains null by @kzantow in spdx/tools-golang#239

chore: provide a clearer error when using an invalid Originator by @LaurentGoderre in spdx/tools-golang#246

New Contributors

@LaurentGoderre made their first contribution in spdx/tools-golang#246

Full Changelog: spdx/tools-golang@v0.5.4...v0.5.5

Commits

9db247b fix: provide a clearer error when using an invalid originator (#246)
57d4b8e fix: panic if JSON relationship array contains null (#239)
606f188 chore: update makefile to include bootstrap and go mod tidy (#243)
282609e fix: properly normalize Windows paths (#242)
See full diff in compare view

Updates github.com/sylabs/sif/v2 from 2.17.0 to 2.19.0

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.19.0

This release drops support for Go 1.21.

What's Changed

build(deps): bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @dependabot in sylabs/sif#378

build(deps): bump github.com/sebdah/goldie/v2 from 2.5.3 to 2.5.5 by @dependabot in sylabs/sif#379

build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @dependabot in sylabs/sif#380

chore: bump module to Go 1.22 by @tri-adam in sylabs/sif#382

build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 by @dependabot in sylabs/sif#381

Full Changelog: sylabs/sif@v2.18.0...v2.19.0

v2.18.0

What's Changed

docs: update links to Go docs by @tri-adam in sylabs/sif#375

refactor: improve compaction logic by @tri-adam in sylabs/sif#373

build(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @dependabot in sylabs/sif#376

feat: add DeleteObjects by @tri-adam in sylabs/sif#374

Full Changelog: sylabs/sif@v2.17.1...v2.18.0

v2.17.1

What's Changed

refactor: use DSSE wrappers from sigstore by @tri-adam in sylabs/sif#366

ci: add testing against Go 1.23 RC by @tri-adam in sylabs/sif#368

Full Changelog: sylabs/sif@v2.17.0...v2.17.1

Commits

518b3a3 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 (#381)
afa5a4e Merge pull request #382 from tri-adam/go-1.23
9a07943 chore: bump module to Go 1.22
dae7b25 build(deps): bump github.com/google/go-containerregistry (#380)
99e2ac5 build(deps): bump github.com/sebdah/goldie/v2 from 2.5.3 to 2.5.5 (#379)
7204492 build(deps): bump github.com/google/go-containerregistry (#378)
a2a8352 Merge pull request #374 from tri-adam/delete-objects
68683b4 feat: add DeleteObjects
94b0b65 build(deps): bump github.com/google/go-containerregistry (#376)
48f265f Merge pull request #373 from tri-adam/compaction
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.24.0 to 0.25.0

Commits

9fadb0b go.mod: update golang.org/x dependencies
a6a393f all: bump go.mod version and drop compatibility shims
1c74500 ssh/test: make struct comment match struct name
d4e7c9c ssh: fail client auth immediately on receiving disconnect message
See full diff in compare view

Updates golang.org/x/net from 0.26.0 to 0.27.0

Commits

e2310ae go.mod: update golang.org/x dependencies
77708f7 quic: skip tests which depend on unimplemented UDP functions on Plan 9
9617c63 http2: avoid Transport hang with Connection: close and AllowHTTP
See full diff in compare view

Updates golang.org/x/sync from 0.7.0 to 0.8.0

Commits

411f99e LICENSE: update per Google Legal
See full diff in compare view

Updates golang.org/x/sys from 0.21.0 to 0.22.0

Commits

faed7ec unix: add PthreadChdir and PthreadFchdir on darwin
c892bb7 unix: fix MmapPtr test failing on OpenBSD
a0ef40a unix: fix MremapPtr test failing on NetBSD
daa2394 unix: add unsafe mmap, munmap, mremap
7670087 windows: add GetAce Windows API
348425a windows/svc: do not pass theService to windows.RegisterServiceCtrlHandlerEx
See full diff in compare view

Updates dario.cat/mergo from 1.0.0 to 1.0.1

Release notes

Sourced from dario.cat/mergo's releases.

v1.0.1

What's Changed

fixes issue #187 by @vsemichev in darccio/mergo#253

fix: WithoutDereference should respect non-nil struct pointers by @joshkaplinsky in darccio/mergo#251

New Contributors

@vsemichev made their first contribution in darccio/mergo#253

@joshkaplinsky made their first contribution in darccio/mergo#251

Full Changelog: darccio/mergo@v1.0.0...v1.0.1

Commits

59ea6a9 Merge pull request #251 from joshkaplinsky/joshkaplinsky/without-dereference-...
96f24af Merge pull request #253 from vsemichev/master
2f1a615 fixes issue #187. adds test to verify the fix.
4da170b fixes issue #187. attempt #3
a13a117 fixes issue #187. attempt #2
6b830ff fixes issue #187
f33862a WithoutDereference should respect structs
cde9f0e Merge pull request #246 from darccio/darccio/v1-frozen
f1e2fe5 chore: frozen v1
7f7b4af Update FUNDING.yml
Additional commits viewable in compare view

Updates github.com/Microsoft/hcsshim from 0.12.4 to 0.12.6

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.6

What's Changed

[release/0.12] Backport commits from hcsshim/main to update module versions by @kiashok in microsoft/hcsshim#2237

Full Changelog: microsoft/hcsshim@v0.12.5...v0.12.6

v0.12.5

What's Changed

[release/0.12] Adding state attribute to the HNSEndpoint struct to support hyperv co… by @ritikaguptams in microsoft/hcsshim#2183

[release/0.12] vendor: github.com/containerd/containerd v17.18 by @thaJeztah in microsoft/hcsshim#2186

[release/0.12] Backport networking commits for L1VH feature by @princepereira in microsoft/hcsshim#2205

Full Changelog: microsoft/hcsshim@v0.12.4...v0.12.5

Commits

f922f2a Omnibus dependency updates (#2051)
7d25ce2 Update module versions
85a5a57 drop usage of deprecated package/methods
d4b1cc0 Bump opa/containerd to latest versions
6a5ebd3 Upgrade deps to resolve CVEs (#2225)
4f46058 Omnibus dependency update (#2166)
e970943 Modifying network flag EnableIov.
4f77a09 Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...
3b5bd8a [release/0.12] vendor: github.com/containerd/containerd v17.18
40cdbc8 Adding state attribute to the HNSEndpoint struct to support hyperv containers...
See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.9 to 1.4.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

eddilithium3: fix typos by @bwesterb in cloudflare/circl#503

Add ML-KEM (FIPS 203). by @bwesterb in cloudflare/circl#470

Add ML-KEM decapsulation key check. by @bwesterb in cloudflare/circl#507

Preparing for release v1.4.0 by @armfazh in cloudflare/circl#508

Full Changelog: cloudflare/circl@v1.3.9...v1.4.0

Commits

c311e46 Preparing for release v1.4.0
62385a8 Add ML-KEM decapsulation key check.
2b4626d Add ML-KEM (FIPS 203).
d26845f eddilithium3: fix typos
See full diff in compare view

Updates github.com/cyphar/filepath-securejoin from 0.2.5 to 0.3.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.1

By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai [email protected]

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from [libpathrs][1] and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.1] - 2024-07-23

Changed

By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Fixed

Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

[0.3.0] - 2024-07-11

Added

A new set of *os.File-based APIs have been added. These are adapted from [libpathrs][] and we strongly suggest using them if possible (as they provide far more protection against attacks than SecureJoin):

Open(at)InRoot resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the handle returned is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- [see open(2) for more details][open.2])

Reopen takes an O_PATH file handle and safely re-opens it to upgrade it to a regular handle. This can also be used with non-O_PATH handles, but O_PATH is the most obvious application.

MkdirAll is an implementation of os.MkdirAll that is safe to use to

... (truncated)

Commits

ce7b28a VERSION: release v0.3.1
a2c14f8 CHANGELOG: add readlinkat(fd, "") shout-out
4ea279f merge #22 into cyphar/filepath-securejoin:main
16e1bec CHANGELOG: add initial changelog with current history
2404ffb merge #21 into cyphar/filepath-securejoin:main
f29b7a4 lookup: handle // and trailing slash components correctly
ecd61ca merge #19 into cyphar/filepath-securejoin:main
38b1220 procfs: refactor statx mnt_id logic
45c4415 procfs: use readlink(fd, "") for magic-links
edab538 merge #17 into cyphar/filepath-securejoin:main
Additional commits viewable in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.5

What's Changed

json: improve performance by using a pool of scanners in gabriel-vasile/mimetype#535

tar: remove strconv dependency for tar checksum octal numbers in gabriel-vasile/mimetype#536

zip: use []byte instead of string to prevent allocs in gabriel-vasile/mimetype#537

remove tarbomb from testdata folder in gabriel-vasile/mimetype#540

Updating RTF Magic number to match https://www.iana.org/assignments/media-types/application/rtf by @zdiff in gabriel-vasile/mimetype#544

alias text/rtf to application/rtf in gabriel-vasile/mimetype#547

reduce project size by moving mimetype.gif to testdata in gabriel-vasile/mimetype#548

Bump golang.org/x/net from 0.25.0 to 0.27.0 in the gomod group across 1 directory by @dependabot in gabriel-vasile/mimetype#552

remove exe from testdata in gabriel-vasile/mimetype#561

New Contributors

@zdiff made their first contribution in gabriel-vasile/mimetype#544

Full Changelog: gabriel-vasile/mimetype@v1.4.4...v1.4.5

Commits

b36b70f remove exe from testdata (#561)
e802551 Bump the github-actions group across 1 directory with 3 updates (#560)
f003e99 Bump golang.org/x/net in the gomod group across 1 directory (#552)
e0c5c59 reduce project size by moving mimetype.gif to testdata (#548)
f296c1b alias rtf to application/rtf (#547)
8329892 Updating RTF Magic number to match <https://www.iana.org/assignments/media-ty...
3267116 remove tarbomb from testdata folder (#540)
cdceff9 zip: use []byte instead of string to prevent allocs (#537)
77e3848 tar: remove strconv dependency for tar checksum octal numbers (#536)
09ff708 json: improve performance by using a pool of scanners (#535)
See full diff in compare view

Updates github.com/google/go-containerregistry from 0.19.2 to 0.20.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.2

What's Changed

deps: bump docker dep by @imjasonh in google/go-containerregistry#1991

Full Changelog: google/go-containerregistry@v0.20.1...v0.20.2

v0.20.1

What's Changed

Create rem... Description has been truncated

Bumps the go-modules group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/DataDog/zstd](https://github.com/DataDog/zstd) | `1.5.5` | `1.5.6` | | [github.com/Netflix/go-env](https://github.com/Netflix/go-env) | `0.0.0-20220526054621-78278af1949d` | `0.0.1` | | [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.15` | `0.0.16` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.33.1` | `1.34.1` | | [github.com/paketo-buildpacks/occam](https://github.com/paketo-buildpacks/occam) | `0.18.7` | `0.18.8` | | [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) | `0.5.4` | `0.5.5` | | [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) | `2.17.0` | `2.19.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.7.0` | `0.8.0` | | [dario.cat/mergo](https://github.com/imdario/mergo) | `1.0.0` | `1.0.1` | | [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) | `0.12.4` | `0.12.6` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.3.9` | `1.4.0` | | [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.5` | `0.3.1` | | [github.com/moby/sys/sequential](https://github.com/moby/sys) | `0.5.0` | `0.6.0` | | [github.com/moby/sys/user](https://github.com/moby/sys) | `0.1.0` | `0.3.0` | | [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.2.2` | `1.3.0` | | [github.com/spf13/cast](https://github.com/spf13/cast) | `1.6.0` | `1.7.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.16.0` | `0.17.0` | Updates `github.com/DataDog/zstd` from 1.5.5 to 1.5.6 - [Release notes](https://github.com/DataDog/zstd/releases) - [Commits](DataDog/zstd@v1.5.5...v1.5.6) Updates `github.com/Netflix/go-env` from 0.0.0-20220526054621-78278af1949d to 0.0.1 - [Release notes](https://github.com/Netflix/go-env/releases) - [Commits](https://github.com/Netflix/go-env/commits/v0.0.1) Updates `github.com/mattn/go-runewidth` from 0.0.15 to 0.0.16 - [Commits](mattn/go-runewidth@v0.0.15...v0.0.16) Updates `github.com/onsi/gomega` from 1.33.1 to 1.34.1 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.33.1...v1.34.1) Updates `github.com/paketo-buildpacks/occam` from 0.18.7 to 0.18.8 - [Release notes](https://github.com/paketo-buildpacks/occam/releases) - [Commits](paketo-buildpacks/occam@v0.18.7...v0.18.8) Updates `github.com/paketo-buildpacks/packit/v2` from 2.14.0 to 2.14.2 - [Release notes](https://github.com/paketo-buildpacks/packit/releases) - [Commits](paketo-buildpacks/packit@v2.14.0...v2.14.2) Updates `github.com/spdx/tools-golang` from 0.5.4 to 0.5.5 - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](spdx/tools-golang@v0.5.4...v0.5.5) Updates `github.com/sylabs/sif/v2` from 2.17.0 to 2.19.0 - [Release notes](https://github.com/sylabs/sif/releases) - [Changelog](https://github.com/sylabs/sif/blob/main/.goreleaser.yml) - [Commits](sylabs/sif@v2.17.0...v2.19.0) Updates `golang.org/x/crypto` from 0.24.0 to 0.25.0 - [Commits](golang/crypto@v0.24.0...v0.25.0) Updates `golang.org/x/net` from 0.26.0 to 0.27.0 - [Commits](golang/net@v0.26.0...v0.27.0) Updates `golang.org/x/sync` from 0.7.0 to 0.8.0 - [Commits](golang/sync@v0.7.0...v0.8.0) Updates `golang.org/x/sys` from 0.21.0 to 0.22.0 - [Commits](golang/sys@v0.21.0...v0.22.0) Updates `dario.cat/mergo` from 1.0.0 to 1.0.1 - [Release notes](https://github.com/imdario/mergo/releases) - [Commits](darccio/mergo@v1.0.0...v1.0.1) Updates `github.com/Microsoft/hcsshim` from 0.12.4 to 0.12.6 - [Release notes](https://github.com/Microsoft/hcsshim/releases) - [Commits](microsoft/hcsshim@v0.12.4...v0.12.6) Updates `github.com/cloudflare/circl` from 1.3.9 to 1.4.0 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.3.9...v1.4.0) Updates `github.com/cyphar/filepath-securejoin` from 0.2.5 to 0.3.1 - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](cyphar/filepath-securejoin@v0.2.5...v0.3.1) Updates `github.com/gabriel-vasile/mimetype` from 1.4.4 to 1.4.5 - [Release notes](https://github.com/gabriel-vasile/mimetype/releases) - [Commits](gabriel-vasile/mimetype@v1.4.4...v1.4.5) Updates `github.com/google/go-containerregistry` from 0.19.2 to 0.20.2 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.19.2...v0.20.2) Updates `github.com/moby/sys/sequential` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/moby/sys/releases) - [Commits](moby/sys@signal/v0.5.0...signal/v0.6.0) Updates `github.com/moby/sys/user` from 0.1.0 to 0.3.0 - [Release notes](https://github.com/moby/sys/releases) - [Commits](moby/sys@user/v0.1.0...user/v0.3.0) Updates `github.com/skeema/knownhosts` from 1.2.2 to 1.3.0 - [Commits](skeema/knownhosts@v1.2.2...v1.3.0) Updates `github.com/spf13/cast` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/spf13/cast/releases) - [Commits](spf13/cast@v1.6.0...v1.7.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.52.0 to 0.53.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.52.0...zpages/v0.53.0) Updates `go.opentelemetry.io/otel` from 1.27.0 to 1.28.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.27.0...v1.28.0) Updates `go.opentelemetry.io/otel/metric` from 1.27.0 to 1.28.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.27.0...v1.28.0) Updates `go.opentelemetry.io/otel/trace` from 1.27.0 to 1.28.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.27.0...v1.28.0) Updates `golang.org/x/exp` from 0.0.0-20231006140011-7918f672742d to 0.0.0-20240719175910-8a7402abbf56 - [Commits](https://github.com/golang/exp/commits) Updates `golang.org/x/mod` from 0.18.0 to 0.19.0 - [Commits](golang/mod@v0.18.0...v0.19.0) Updates `golang.org/x/text` from 0.16.0 to 0.17.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.16.0...v0.17.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20240318140521-94a12d6c2237 to 0.0.0-20240701130421-f6361c86f094 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/grpc` from 1.64.1 to 1.65.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.1...v1.65.0) --- updated-dependencies: - dependency-name: github.com/DataDog/zstd dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/Netflix/go-env dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/mattn/go-runewidth dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/paketo-buildpacks/occam dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/paketo-buildpacks/packit/v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/spdx/tools-golang dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/sylabs/sif/v2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/crypto dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sync dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: dario.cat/mergo dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/Microsoft/hcsshim dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/cloudflare/circl dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/gabriel-vasile/mimetype dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/google/go-containerregistry dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/moby/sys/sequential dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/moby/sys/user dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/skeema/knownhosts dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/spf13/cast dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.opentelemetry.io/otel dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.opentelemetry.io/otel/metric dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.opentelemetry.io/otel/trace dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/exp dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/mod dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: google.golang.org/grpc dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-08-26T06:50:50Z

Superseded by #826.

dependabot bot requested a review from a team as a code owner August 23, 2024 06:20

dependabot bot added the failure:update-dependencies An issue filed automatically when updating buildpack.toml dependencies fails in a workflow label Aug 23, 2024

paketo-bot added the semver:patch A change requiring a patch version bump label Aug 23, 2024

dependabot bot closed this Aug 26, 2024

dependabot bot deleted the dependabot/go_modules/go-modules-d56c3a3d70 branch August 26, 2024 06:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group across 1 directory with 31 updates #825

Bump the go-modules group across 1 directory with 31 updates #825

dependabot bot commented on behalf of github Aug 23, 2024 •

edited

Loading

dependabot bot commented on behalf of github Aug 26, 2024

Bump the go-modules group across 1 directory with 31 updates #825

Bump the go-modules group across 1 directory with 31 updates #825

Conversation

dependabot bot commented on behalf of github Aug 23, 2024 • edited Loading

zstd 1.5.6

What's Changed

v0.0.1

What's Changed

New Contributors

v1.34.1

1.34.1

Maintenance

v1.34.0

1.34.0

Features

Fixes

Maintenance

1.34.1

Maintenance

1.34.0

Features

Fixes

Maintenance

v0.18.8

What's Changed

New Contributors

v2.14.2

What's Changed

New Contributors

v2.14.1

What's Changed

New Contributors

v0.5.5

What's Changed

New Contributors

v2.19.0

What's Changed

v2.18.0

What's Changed

v2.17.1

What's Changed

v1.0.1

What's Changed

New Contributors

v0.12.6

What's Changed

v0.12.5

What's Changed

CIRCL v1.4.0

Changes

Commit History

v0.3.1

v0.3.0

[0.3.1] - 2024-07-23

Changed

Fixed

[0.3.0] - 2024-07-11

Added

v1.4.5

What's Changed

New Contributors

v0.20.2

What's Changed

v0.20.1

What's Changed

dependabot bot commented on behalf of github Aug 26, 2024

dependabot bot commented on behalf of github Aug 23, 2024 •

edited

Loading