Bump the go-modules group across 1 directory with 20 updates #389

dependabot · 2024-06-06T16:27:23Z

Bumps the go-modules group with 13 updates in the / directory:

Package	From	To
github.com/BurntSushi/toml	`1.3.2`	`1.4.0`
github.com/onsi/gomega	`1.27.10`	`1.33.1`
github.com/paketo-buildpacks/packit/v2	`2.11.0`	`2.14.0`
github.com/ForestEckhardt/freezer	`0.0.12`	`0.1.0`
github.com/Microsoft/go-winio	`0.6.1`	`0.6.2`
github.com/cenkalti/backoff/v4	`4.2.1`	`4.3.0`
github.com/distribution/reference	`0.5.0`	`0.6.0`
github.com/docker/go-connections	`0.4.0`	`0.5.0`
github.com/golang/protobuf	`1.5.3`	`1.5.4`
github.com/klauspost/compress	`1.16.4`	`1.17.8`
github.com/moby/patternmatcher	`0.5.0`	`0.6.0`
github.com/opencontainers/runc	`1.1.9`	`1.1.12`
google.golang.org/grpc	`1.54.0`	`1.64.0`

Updates github.com/BurntSushi/toml from 1.3.2 to 1.4.0

Release notes

Sourced from github.com/BurntSushi/toml's releases.

v1.4.0

This version requires Go 1.18

Add toml.Marshal() (#405)

Require 2-digit hour (#320)

Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError for position information (#398)

Fix inline tables with dotted keys inside inline arrays (e.g. k=[{a.b=1}]) (#400)

Commits

1e2c053 Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()
f8f7e48 Update toml-test
9a80667 Add -json flag to tomlv
3203540 fuzz: move fuzz_targets from oss-fuzz (#406)
77ce858 Add Marshal Function (#405)
0e879cb Fix panic when trying to set subkey for a value that's not a table
c299e75 Update toml-test
4223137 Fix inline tables with dotted keys inside inline arrays (#400)
45e7e49 Update toml-test
c320c2d Fix utf8.RuneError test
Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.27.10 to 1.33.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.33.1

1.33.1

Fixes

fix confusing eventually docs [3a66379]

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

v1.33.0

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]

Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]

Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

v1.32.0

1.32.0

Maintenance

Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.

chore: test with Go 1.22 (#733) [32ef35e]

Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

docs: fix typo and broken anchor link to gstruct [f460154]

docs: fix HaveEach matcher signature [a2862e4]

v1.31.1

1.31.1

Fixes

Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]

Update test in case keeping msg is desired [ad1a367]

Maintenance

Show how to import the format sub package [24e958d]

tidy up go.sum [26661b8]

bump dependencies [bde8f7a]

v1.31.0

1.31.0

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.33.1

Fixes

fix confusing eventually docs [3a66379]

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]

Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]

Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

1.32.0

Maintenance

Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.

chore: test with Go 1.22 (#733) [32ef35e]

Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

docs: fix typo and broken anchor link to gstruct [f460154]

docs: fix HaveEach matcher signature [a2862e4]

1.31.1

Fixes

Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]

Update test in case keeping msg is desired [ad1a367]

Maintenance

Show how to import the format sub package [24e958d]

tidy up go.sum [26661b8]

bump dependencies [bde8f7a]

1.31.0

Features

Async assertions include context cancellation cause if present [121c37f]

Maintenance

Bump minimum go version [dee1e3c]

... (truncated)

Commits

8a658bb v1.33.1
e9bc35a Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2
3a66379 fix confusing eventually docs
f2e65fc v1.33.0
02e8706 docs: Receive(POINTER, MATCHER)
ec1f186 feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests
9999deb Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)
cb5ff21 Bump github-pages from 229 to 230 in /docs (#735)
bac6596 Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)
4379951 v1.32.0
Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.11.0 to 2.14.0

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.14.0

What's Changed

Fixes mirror bug when originalHost is excluded by @TisVictress in paketo-buildpacks/packit#569

Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 by @dependabot in paketo-buildpacks/packit#571

Support reading service bindings from VCAP_SERVICES env var by @pbusko in paketo-buildpacks/packit#566

New Contributors

@pbusko made their first contribution in paketo-buildpacks/packit#566 🥳

Full Changelog: paketo-buildpacks/packit@v2.13.0...v2.14.0

v2.13.0

What's Changed

Bump github.com/onsi/gomega from 1.28.1 to 1.29.0 by @dependabot in paketo-buildpacks/packit#531

Bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in paketo-buildpacks/packit#533

Updates github-config by @paketo-bot in paketo-buildpacks/packit#532

Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 by @dependabot in paketo-buildpacks/packit#536

Updates github-config by @paketo-bot in paketo-buildpacks/packit#534

Bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in paketo-buildpacks/packit#541

Bump github.com/onsi/gomega from 1.30.0 to 1.31.0 by @dependabot in paketo-buildpacks/packit#544

Bump github.com/onsi/gomega from 1.31.0 to 1.31.1 by @dependabot in paketo-buildpacks/packit#547

Bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in paketo-buildpacks/packit#548

Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in paketo-buildpacks/packit#556

Bump github.com/onsi/gomega from 1.31.1 to 1.32.0 by @dependabot in paketo-buildpacks/packit#560

Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12 by @dependabot in paketo-buildpacks/packit#562

Bump github.com/onsi/gomega from 1.32.0 to 1.33.0 by @dependabot in paketo-buildpacks/packit#568

Allows users to set a dependency mirror by @TisVictress in paketo-buildpacks/packit#563

New Contributors

@TisVictress made their first contribution in paketo-buildpacks/packit#563

Full Changelog: paketo-buildpacks/packit@v2.12.0...v2.13.0

v2.12.0

What's Changed

Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 by @dependabot in paketo-buildpacks/packit#493

Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in paketo-buildpacks/packit#494

Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in paketo-buildpacks/packit#498

Bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 by @dependabot in paketo-buildpacks/packit#499

Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 by @dependabot in paketo-buildpacks/packit#502

Bump github.com/BurntSushi/toml from 1.3.0 to 1.3.1 by @dependabot in paketo-buildpacks/packit#504

Bump github.com/BurntSushi/toml from 1.3.1 to 1.3.2 by @dependabot in paketo-buildpacks/packit#506

Bump github.com/onsi/gomega from 1.27.8 to 1.27.9 by @dependabot in paketo-buildpacks/packit#511

Bump github.com/onsi/gomega from 1.27.9 to 1.27.10 by @dependabot in paketo-buildpacks/packit#512

Bump github.com/google/uuid from 1.3.0 to 1.3.1 by @dependabot in paketo-buildpacks/packit#517

Bump github.com/onsi/gomega from 1.27.10 to 1.28.0 by @dependabot in paketo-buildpacks/packit#524

Updates github-config by @paketo-bot in paketo-buildpacks/packit#525

Bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 by @dependabot in paketo-buildpacks/packit#528

Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 by @dependabot in paketo-buildpacks/packit#530

Enable Alternative Checksum format of algorithm_hash by @ChuckQuinnIV in paketo-buildpacks/packit#526

... (truncated)

Commits

13393ec Support reading service bindings from VCAP_SERVICES env var (#566)
35d8f76 Bump github.com/onsi/gomega from 1.33.0 to 1.33.1
ce376b7 Fixes mirror bug when originalHost is excluded (#569)
4c9f338 Allows users to set a dependency mirror (#563)
4e9c21d Bump github.com/onsi/gomega from 1.32.0 to 1.33.0
dd77ec5 Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12
95b8056 Bump github.com/onsi/gomega from 1.31.1 to 1.32.0
777a503 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
c1b785b Bump github.com/google/uuid from 1.5.0 to 1.6.0
b31dc83 Bump github.com/onsi/gomega from 1.31.0 to 1.31.1
Additional commits viewable in compare view

Updates github.com/ForestEckhardt/freezer from 0.0.12 to 0.1.0

Release notes

Sourced from github.com/ForestEckhardt/freezer's releases.

v0.1.0

What's Changed

Updates fetchers to create buildpackages by @ForestEckhardt in ForestEckhardt/freezer#11

Full Changelog: ForestEckhardt/freezer@v0.0.12...v0.1.0

Commits

a57bf55 Updates fetchers to create buildpackages
See full diff in compare view

Updates github.com/Microsoft/go-winio from 0.6.1 to 0.6.2

Release notes

Sourced from github.com/Microsoft/go-winio's releases.

v0.6.2

What's Changed

[etw] Add String() functions, JSON field option by @helsaawy in microsoft/go-winio#285

enable dependency updates by @helsaawy in microsoft/go-winio#287

Isolate tools dependencies in tools package by @helsaawy in microsoft/go-winio#293

Update tests; run fuzzing by @helsaawy in microsoft/go-winio#294

Add support for flushing and disconnecting named pipes by @dgolub in microsoft/go-winio#292

Add ResolvePath tests by @helsaawy in microsoft/go-winio#276

[lint] Fix errors from #276 by @helsaawy in microsoft/go-winio#296

Switch from sycall to windows by @helsaawy in microsoft/go-winio#295

[lint] Remove deprecated tar.TypeRegA by @helsaawy in microsoft/go-winio#300

sd.go: fix calculation of security descriptor length in SddlToSecurit… by @dblohm7 in microsoft/go-winio#299

fix: already typo by @testwill in microsoft/go-winio#303

pipe.go: add DialPipeAccessImpLevel by @dblohm7 in microsoft/go-winio#302

Bug: Close hvsock handle on listen error; fix tests by @helsaawy in microsoft/go-winio#310

fileinfo: internally fix FileBasicInfo memory alignment by @dagood in microsoft/go-winio#312

Update go1.21 and CI by @helsaawy in microsoft/go-winio#315

New Contributors

@dgolub made their first contribution in microsoft/go-winio#292

@dblohm7 made their first contribution in microsoft/go-winio#299

@testwill made their first contribution in microsoft/go-winio#303

@dagood made their first contribution in microsoft/go-winio#312

Full Changelog: microsoft/go-winio@v0.6.1...v0.6.2

Commits

3c9576c Update go1.21 and CI (#315)
008bc6e fileinfo: internally fix FileBasicInfo memory alignment (#312)
bc421d9 Bug: Close hvsock handle on listen error; fix tests (#310)
553a715 Merge pull request #302 from dblohm7/implevel2
1963303 pipe.go: add DialPipeAccessImpLevel
e6aebd6 fix: already typo (#303)
eb5b095 sd.go: fix calculation of security descriptor length in SddlToSecurityDescrip...
87c84cf [lint] Remove deprecated tar.TypeRegA (#300)
9f0d5dc Switch from sycall to windows (#295)
fec52bd [lint] Fix errors from #276 (#296)
Additional commits viewable in compare view

Updates github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0

Commits

720b789 remove travis badge from readme
a83af7f feat(backoff): Add functional options for ExponentialBackOff Closes #136
See full diff in compare view

Updates github.com/distribution/reference from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/distribution/reference's releases.

v0.6.0

What's Changed

remove deprecated SplitHostname by @thaJeztah in distribution/reference#5

refactor splitDockerDomain to include more documentation by @thaJeztah in distribution/reference#7

fix typo in readme by @xrstf in distribution/reference#10

Exclude domain from name length check by @ozairasim in distribution/reference#9

New Contributors

@xrstf made their first contribution in distribution/reference#10

@ozairasim made their first contribution in distribution/reference#9

Full Changelog: distribution/reference@v0.5.0...v0.6.0

Commits

ff14faf Merge pull request #9 from ozairasim/exclude-domain-from-name-length-validation
2a66312 Merge pull request #10 from xrstf/patch-1
094e717 fix typo in readme
aaca75e Exclude domain from name length check
8507c7f Merge pull request #7 from thaJeztah/cleanup_splitDockerDomain
89ee7ec refactor splitDockerDomain to include more documentation
a3fb784 Merge pull request #5 from thaJeztah/rm_deprecated
4894124 remove deprecated SplitHostname
See full diff in compare view

Updates github.com/docker/go-connections from 0.4.0 to 0.5.0

Commits

fa09c95 Merge pull request #108 from thaJeztah/carry_6
7a67a58 Swap CloseRead and CloseWrite
481d3d2 Merge pull request #107 from thaJeztah/drop_legacy_go
9548f9f tlsconfig: remove deprecated io/ioutil
c564c21 drop support for go1.17 and older
7cbebcf gha: update actions
2cf423f tlsconfig: move allTLSVersions var
dca283b tlsconfig: drop support for go1.12 and older
21876c5 tlsconfig: drop support for go1.6 and older
4d174db tlsconfig: drop support for go1.4 and older
Additional commits viewable in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.3

What's Changed

Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read() by @splashing-atom in gabriel-vasile/mimetype#355

Bump golang.org/x/net from 0.8.0 to 0.17.0 by @dependabot in gabriel-vasile/mimetype#441

enable reusing records in csv/tsv detection by @gabriel-vasile in gabriel-vasile/mimetype#443

New Contributors

@splashing-atom made their first contribution in gabriel-vasile/mimetype#355

Full Changelog: gabriel-vasile/mimetype@v1.4.2...v1.4.3

Commits

e64d6bd enable reusing records in csv/tsv detection (#443)
b4da7ba Bump the gomod group with 1 update (#441)
918baec Bump the github-actions group with 4 updates (#442)
9df6903 Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read...
85b2cdc Merge pull request #414 from gabriel-vasile/dependabot/github_actions/github-...
24e5745 Merge pull request #412 from gabriel-vasile/dependabot/go_modules/gomod-939bd...
6bd9427 Bump the github-actions group with 5 updates
4f0da4f Bump the gomod group with 1 update
1a4b844 Group all dependabot PRs together (#409)
f5a14c2 Remove old travis build status link from readme (#407)
Additional commits viewable in compare view

Updates github.com/golang/protobuf from 1.5.3 to 1.5.4

Release notes

Sourced from github.com/golang/protobuf's releases.

v1.5.4

Notable changes

update descriptor.proto to latest version

Commits

75de7c0 Merge pull request #1597 from golang/updatedesc
b7697bb all: update descriptor.proto to latest version
See full diff in compare view

Updates github.com/google/uuid from 1.3.1 to 1.6.0

Release notes

Sourced from github.com/google/uuid's releases.

v1.6.0

1.6.0 (2024-01-16)

Features

add Max UUID constant (#149) (c58770e)

Bug Fixes

fix typo in version 7 uuid documentation (#153) (016b199)

Monotonicity in UUIDv7 (#150) (a2b2b32)

v1.5.0

1.5.0 (2023-12-12)

Features

Validate UUID without creating new UUID (#141) (9ee7366)

v1.4.0

1.4.0 (2023-10-26)

Features

UUIDs slice type with Strings() convenience method (#133) (cd5fbbd)

Fixes

Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)

Changelog

Sourced from github.com/google/uuid's changelog.

1.6.0 (2024-01-16)

Features

add Max UUID constant (#149) (c58770e)

Bug Fixes

fix typo in version 7 uuid documentation (#153) (016b199)

Monotonicity in UUIDv7 (#150) (a2b2b32)

1.5.0 (2023-12-12)

Features

Validate UUID without creating new UUID (#141) (9ee7366)

1.4.0 (2023-10-26)

Features

UUIDs slice type with Strings() convenience method (#133) (cd5fbbd)

Fixes

Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)

Commits

0f11ee6 chore(master): release 1.6.0 (#151)
16939da chore(tests): add strict monotonicity test case for uuid v7. (#154)
016b199 fix: fix typo in version 7 uuid documentation (#153)
1d8b6ea ci: set token permissions to github workflows (#143)
a2b2b32 fix: Monotonicity in UUIDv7 (#150)
c58770e feat: add Max UUID constant (#149)
4d47f8e chore(master): release 1.5.0 (#145)
9ee7366 feat: Validate UUID without creating new UUID (#141)
b35aa6a add uuid version 6 and 7 (#139)
8de8764 chore(master): release 1.4.0 (#134)
Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.16.4 to 1.17.8

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.8

What's Changed

zstd: Reject blocks where reserved values are not 0 by @klauspost in klauspost/compress#885

zstd: Add RLE detection+encoding by @klauspost in klauspost/compress#938

New Contributors

@ankon made their first contribution in klauspost/compress#932

@kindhuge made their first contribution in klauspost/compress#946

Full Changelog: klauspost/compress@v1.17.7...v1.17.8

v1.17.7

What's Changed

s2: Add AsyncFlush method: Complete the block without flushing by @Jille in klauspost/compress#927

s2: Fix literal+repeat exceeds dst crash by @klauspost in klauspost/compress#930

Full Changelog: klauspost/compress@v1.17.6...v1.17.7

v1.17.6

What's Changed

zstd: Fix incorrect repeat coding in best mode by @klauspost in klauspost/compress#923

s2: Fix DecodeConcurrent deadlock on errors by @klauspost in klauspost/compress#925

build: Remove garble compiler by @klauspost in klauspost/compress#924

Full Changelog: klauspost/compress@v1.17.5...v1.17.6

v1.17.5

What's Changed

flate: Fix reset with dictionary on custom window encodes by @klauspost in klauspost/compress#912

zstd: Limit better/best default window to 8MB by @klauspost in klauspost/compress#913

zstd: Shorter and faster asm for decSymbol.newState by @greatroar in klauspost/compress#896

zstd: Add Frame header encoding and stripping by @klauspost in klauspost/compress#908

zstd: Tweak noasm FSE decoder by @greatroar in klauspost/compress#910

s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom use by @Jille in klauspost/compress#916

s2: Fix incorrect length encoded by writer.AddSkippableBlock by @Jille in klauspost/compress#917

s2: Fix up AddSkippableBlock more by @klauspost in klauspost/compress#919

s2: Document and test how to peek the stream for skippable blocks by @Jille in klauspost/compress#918

internal/race,s2: add some race instrumentation by @egonelbre in klauspost/compress#903

build(deps): bump the github-actions group with 4 updates by @dependabot in klauspost/compress#900

CI: Hash pin sensitive actions and configure Dependabot to automatically update them by @diogoteles08 in klauspost/compress#899

Update generator and executable go.mod by @klauspost in klauspost/compress#904

Update README.md by @pelenium in klauspost/compress#905

build(deps): bump the github-actions group with 1 update by @dependabot in klauspost/compress#906

New Contributors

@pelenium made their first contribution in klauspost/compress#905

... (truncated)

Commits

c0ff47e Update README.md
657dc16 chore: remove repetitive words (#946)
3f77d8c build(deps): bump the github-actions group with 1 update (#944)
de4073a zstd: Add RLE detection+encoding (#938)
165be36 zstd: Reject blocks where reserved values are not 0 (#885)
4f3f95b ci: Add testing replacement (#935)
3976394 build(deps): bump the github-actions group with 1 update (#934)
4d78e54 Remove sed for internal/fuzz/helpers.go (#933)
46c00ca doc: Remove an excess word in a documentation comment (#932)
1e2b275 tests: Rename fuzz helpers back. (#931)
Additional commits viewable in compare view

Updates github.com/moby/patternmatcher from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/moby/patternmatcher's releases.

v0.6.0

This release integrates the "frontend/dockerfile/dockerignore" package from github.com/moby/buildkit at commit 9da03ce42beb47d0d0a34c68ea90cac793b79851

What's Changed

gha: update golangci-lint to v1.54, actions/setup-go@v4, and go1.20.x moby/patternmatcher#2

integrate frontend/dockerfile/dockerignore from BuildKit moby/patternmatcher#1

Full Changelog: moby/patternmatcher@v0.5.0...v0.6.0

Commits

347bb8d Merge pull request #1 from thaJeztah/integrate_dockerignore
36a4227 integrate frontend/dockerfile/dockerignore from buildkit
8a1649d Merge pull request #2 from thaJeztah/update_go_versions
c512fc5 gha: test against go1.20.x
2345cde gha: update actions/setup-go@v4
555cf69 gha: update golangci-lint to v1.53.x
666020c frontend/dockerfile/dockerignore: remove hard-coded filename from error
dba575f frontend/dockerfile/dockerignore: touch-up godoc and code
318a4a5 frontend/dockerfile/dockerignore: cleanup unit test
00aab4f chore: refactor dockerfile to use errors pkg
Additional commits viewable in compare view

Updates github.com/opencontainers/runc from 1.1.9 to 1.1.12

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1.12 -- "Now you're thinking with Portals™!"

This is the twelfth patch release in the 1.1.z release branch of runc. It fixes a high-severity container breakout vulnerability involving leaked file descriptors, and users are strongly encouraged to update as soon as possible.

Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process).

In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again.

Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

libseccomp

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Aleksa Sarai [email protected]

hang.jiang [email protected]

lfbzhm [email protected]

Signed-off-by: Aleksa Sarai [email protected]

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.12] - 2024-01-31

Now you're thinking with Portals™!

Security

Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process). In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again. Based on our research, while no other container runtime had a similar leak...
Description has been truncated

Bumps the go-modules group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.3.2` | `1.4.0` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.27.10` | `1.33.1` | | [github.com/paketo-buildpacks/packit/v2](https://github.com/paketo-buildpacks/packit) | `2.11.0` | `2.14.0` | | [github.com/ForestEckhardt/freezer](https://github.com/ForestEckhardt/freezer) | `0.0.12` | `0.1.0` | | [github.com/Microsoft/go-winio](https://github.com/Microsoft/go-winio) | `0.6.1` | `0.6.2` | | [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff) | `4.2.1` | `4.3.0` | | [github.com/distribution/reference](https://github.com/distribution/reference) | `0.5.0` | `0.6.0` | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.4.0` | `0.5.0` | | [github.com/golang/protobuf](https://github.com/golang/protobuf) | `1.5.3` | `1.5.4` | | [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.16.4` | `1.17.8` | | [github.com/moby/patternmatcher](https://github.com/moby/patternmatcher) | `0.5.0` | `0.6.0` | | [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.1.9` | `1.1.12` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.54.0` | `1.64.0` | Updates `github.com/BurntSushi/toml` from 1.3.2 to 1.4.0 - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](BurntSushi/toml@v1.3.2...v1.4.0) Updates `github.com/onsi/gomega` from 1.27.10 to 1.33.1 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.27.10...v1.33.1) Updates `github.com/paketo-buildpacks/packit/v2` from 2.11.0 to 2.14.0 - [Release notes](https://github.com/paketo-buildpacks/packit/releases) - [Commits](paketo-buildpacks/packit@v2.11.0...v2.14.0) Updates `github.com/ForestEckhardt/freezer` from 0.0.12 to 0.1.0 - [Release notes](https://github.com/ForestEckhardt/freezer/releases) - [Commits](ForestEckhardt/freezer@v0.0.12...v0.1.0) Updates `github.com/Microsoft/go-winio` from 0.6.1 to 0.6.2 - [Release notes](https://github.com/Microsoft/go-winio/releases) - [Commits](microsoft/go-winio@v0.6.1...v0.6.2) Updates `github.com/cenkalti/backoff/v4` from 4.2.1 to 4.3.0 - [Commits](cenkalti/backoff@v4.2.1...v4.3.0) Updates `github.com/distribution/reference` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/distribution/reference/releases) - [Commits](distribution/reference@v0.5.0...v0.6.0) Updates `github.com/docker/go-connections` from 0.4.0 to 0.5.0 - [Commits](docker/go-connections@v0.4.0...v0.5.0) Updates `github.com/gabriel-vasile/mimetype` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/gabriel-vasile/mimetype/releases) - [Commits](gabriel-vasile/mimetype@v1.4.2...v1.4.3) Updates `github.com/golang/protobuf` from 1.5.3 to 1.5.4 - [Release notes](https://github.com/golang/protobuf/releases) - [Commits](golang/protobuf@v1.5.3...v1.5.4) Updates `github.com/google/uuid` from 1.3.1 to 1.6.0 - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](google/uuid@v1.3.1...v1.6.0) Updates `github.com/klauspost/compress` from 1.16.4 to 1.17.8 - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.16.4...v1.17.8) Updates `github.com/moby/patternmatcher` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/moby/patternmatcher/releases) - [Commits](moby/patternmatcher@v0.5.0...v0.6.0) Updates `github.com/opencontainers/runc` from 1.1.9 to 1.1.12 - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md) - [Commits](opencontainers/runc@v1.1.9...v1.1.12) Updates `github.com/ulikunitz/xz` from 0.5.11 to 0.5.12 - [Commits](ulikunitz/xz@v0.5.11...v0.5.12) Updates `golang.org/x/net` from 0.17.0 to 0.24.0 - [Commits](golang/net@v0.17.0...v0.24.0) Updates `golang.org/x/sys` from 0.15.0 to 0.19.0 - [Commits](golang/sys@v0.15.0...v0.19.0) Updates `golang.org/x/text` from 0.13.0 to 0.14.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.13.0...v0.14.0) Updates `google.golang.org/grpc` from 1.54.0 to 1.64.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.54.0...v1.64.0) Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0 --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/paketo-buildpacks/packit/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/ForestEckhardt/freezer dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/Microsoft/go-winio dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/cenkalti/backoff/v4 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/distribution/reference dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/docker/go-connections dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/gabriel-vasile/mimetype dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/golang/protobuf dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/google/uuid dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/klauspost/compress dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/moby/patternmatcher dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/opencontainers/runc dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/ulikunitz/xz dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/grpc dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/protobuf dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-06-10T09:57:26Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot requested a review from a team as a code owner June 6, 2024 16:27

dependabot bot added the failure:update-dependencies An issue filed automatically when updating buildpack.toml dependencies fails in a workflow label Jun 6, 2024

paketo-bot added the semver:patch A change requiring a patch version bump label Jun 6, 2024

dependabot bot force-pushed the dependabot/go_modules/go-modules-2bc9ca9bb5 branch from 352f3a9 to d815e98 Compare June 10, 2024 05:09

dependabot bot closed this Jun 10, 2024

dependabot bot deleted the dependabot/go_modules/go-modules-2bc9ca9bb5 branch June 10, 2024 09:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group across 1 directory with 20 updates #389

Bump the go-modules group across 1 directory with 20 updates #389

dependabot bot commented on behalf of github Jun 6, 2024 •

edited

Loading

dependabot bot commented on behalf of github Jun 10, 2024

Bump the go-modules group across 1 directory with 20 updates #389

Bump the go-modules group across 1 directory with 20 updates #389

Conversation

dependabot bot commented on behalf of github Jun 6, 2024 • edited Loading

v1.4.0

v1.33.1

1.33.1

Fixes

Maintenance

v1.33.0

1.33.0

Features

Maintenance

v1.32.0

1.32.0

Maintenance

v1.31.1

1.31.1

Fixes

Maintenance

v1.31.0

1.31.0

1.33.1

Fixes

Maintenance

1.33.0

Features

Maintenance

1.32.0

Maintenance

1.31.1

Fixes

Maintenance

1.31.0

Features

Maintenance

v2.14.0

What's Changed

New Contributors

v2.13.0

What's Changed

New Contributors

v2.12.0

What's Changed

v0.1.0

What's Changed

v0.6.2

What's Changed

New Contributors

v0.6.0

What's Changed

New Contributors

v1.4.3

What's Changed

New Contributors

v1.5.4

v1.6.0

1.6.0 (2024-01-16)

Features

Bug Fixes

v1.5.0

1.5.0 (2023-12-12)

Features

v1.4.0

1.4.0 (2023-10-26)

Features

Fixes

1.6.0 (2024-01-16)

Features

Bug Fixes

1.5.0 (2023-12-12)

Features

1.4.0 (2023-10-26)

Features

Fixes

v1.17.8

What's Changed

New Contributors

v1.17.7

What's Changed

dependabot bot commented on behalf of github Jun 6, 2024 •

edited

Loading