Bump the go-modules group across 1 directory with 21 updates #394

dependabot · 2024-06-11T13:22:27Z

Bumps the go-modules group with 11 updates in the / directory:

Package	From	To
github.com/BurntSushi/toml	`1.3.2`	`1.4.0`
github.com/onsi/gomega	`1.27.10`	`1.33.1`
github.com/paketo-buildpacks/packit/v2	`2.11.0`	`2.14.0`
github.com/ForestEckhardt/freezer	`0.0.12`	`0.1.0`
github.com/Microsoft/hcsshim	`0.11.5`	`0.12.4`
github.com/cenkalti/backoff/v4	`4.2.1`	`4.3.0`
github.com/distribution/reference	`0.5.0`	`0.6.0`
github.com/docker/go-connections	`0.4.0`	`0.5.0`
github.com/moby/patternmatcher	`0.5.0`	`0.6.0`
golang.org/x/text	`0.14.0`	`0.16.0`
google.golang.org/protobuf	`1.33.0`	`1.34.2`

Updates github.com/BurntSushi/toml from 1.3.2 to 1.4.0

Release notes

Sourced from github.com/BurntSushi/toml's releases.

v1.4.0

This version requires Go 1.18

Add toml.Marshal() (#405)

Require 2-digit hour (#320)

Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError for position information (#398)

Fix inline tables with dotted keys inside inline arrays (e.g. k=[{a.b=1}]) (#400)

Commits

1e2c053 Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()
f8f7e48 Update toml-test
9a80667 Add -json flag to tomlv
3203540 fuzz: move fuzz_targets from oss-fuzz (#406)
77ce858 Add Marshal Function (#405)
0e879cb Fix panic when trying to set subkey for a value that's not a table
c299e75 Update toml-test
4223137 Fix inline tables with dotted keys inside inline arrays (#400)
45e7e49 Update toml-test
c320c2d Fix utf8.RuneError test
Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.27.10 to 1.33.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.33.1

1.33.1

Fixes

fix confusing eventually docs [3a66379]

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

v1.33.0

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]

Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]

Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

v1.32.0

1.32.0

Maintenance

Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.

chore: test with Go 1.22 (#733) [32ef35e]

Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

docs: fix typo and broken anchor link to gstruct [f460154]

docs: fix HaveEach matcher signature [a2862e4]

v1.31.1

1.31.1

Fixes

Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]

Update test in case keeping msg is desired [ad1a367]

Maintenance

Show how to import the format sub package [24e958d]

tidy up go.sum [26661b8]

bump dependencies [bde8f7a]

v1.31.0

1.31.0

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.33.1

Fixes

fix confusing eventually docs [3a66379]

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]

Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]

Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

1.32.0

Maintenance

Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.

chore: test with Go 1.22 (#733) [32ef35e]

Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

docs: fix typo and broken anchor link to gstruct [f460154]

docs: fix HaveEach matcher signature [a2862e4]

1.31.1

Fixes

Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]

Update test in case keeping msg is desired [ad1a367]

Maintenance

Show how to import the format sub package [24e958d]

tidy up go.sum [26661b8]

bump dependencies [bde8f7a]

1.31.0

Features

Async assertions include context cancellation cause if present [121c37f]

Maintenance

Bump minimum go version [dee1e3c]

... (truncated)

Commits

8a658bb v1.33.1
e9bc35a Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2
3a66379 fix confusing eventually docs
f2e65fc v1.33.0
02e8706 docs: Receive(POINTER, MATCHER)
ec1f186 feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests
9999deb Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)
cb5ff21 Bump github-pages from 229 to 230 in /docs (#735)
bac6596 Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)
4379951 v1.32.0
Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.11.0 to 2.14.0

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.14.0

What's Changed

Fixes mirror bug when originalHost is excluded by @TisVictress in paketo-buildpacks/packit#569

Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 by @dependabot in paketo-buildpacks/packit#571

Support reading service bindings from VCAP_SERVICES env var by @pbusko in paketo-buildpacks/packit#566

New Contributors

@pbusko made their first contribution in paketo-buildpacks/packit#566 🥳

Full Changelog: paketo-buildpacks/packit@v2.13.0...v2.14.0

v2.13.0

What's Changed

Bump github.com/onsi/gomega from 1.28.1 to 1.29.0 by @dependabot in paketo-buildpacks/packit#531

Bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in paketo-buildpacks/packit#533

Updates github-config by @paketo-bot in paketo-buildpacks/packit#532

Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 by @dependabot in paketo-buildpacks/packit#536

Updates github-config by @paketo-bot in paketo-buildpacks/packit#534

Bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in paketo-buildpacks/packit#541

Bump github.com/onsi/gomega from 1.30.0 to 1.31.0 by @dependabot in paketo-buildpacks/packit#544

Bump github.com/onsi/gomega from 1.31.0 to 1.31.1 by @dependabot in paketo-buildpacks/packit#547

Bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in paketo-buildpacks/packit#548

Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in paketo-buildpacks/packit#556

Bump github.com/onsi/gomega from 1.31.1 to 1.32.0 by @dependabot in paketo-buildpacks/packit#560

Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12 by @dependabot in paketo-buildpacks/packit#562

Bump github.com/onsi/gomega from 1.32.0 to 1.33.0 by @dependabot in paketo-buildpacks/packit#568

Allows users to set a dependency mirror by @TisVictress in paketo-buildpacks/packit#563

New Contributors

@TisVictress made their first contribution in paketo-buildpacks/packit#563

Full Changelog: paketo-buildpacks/packit@v2.12.0...v2.13.0

v2.12.0

What's Changed

Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 by @dependabot in paketo-buildpacks/packit#493

Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in paketo-buildpacks/packit#494

Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in paketo-buildpacks/packit#498

Bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 by @dependabot in paketo-buildpacks/packit#499

Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 by @dependabot in paketo-buildpacks/packit#502

Bump github.com/BurntSushi/toml from 1.3.0 to 1.3.1 by @dependabot in paketo-buildpacks/packit#504

Bump github.com/BurntSushi/toml from 1.3.1 to 1.3.2 by @dependabot in paketo-buildpacks/packit#506

Bump github.com/onsi/gomega from 1.27.8 to 1.27.9 by @dependabot in paketo-buildpacks/packit#511

Bump github.com/onsi/gomega from 1.27.9 to 1.27.10 by @dependabot in paketo-buildpacks/packit#512

Bump github.com/google/uuid from 1.3.0 to 1.3.1 by @dependabot in paketo-buildpacks/packit#517

Bump github.com/onsi/gomega from 1.27.10 to 1.28.0 by @dependabot in paketo-buildpacks/packit#524

Updates github-config by @paketo-bot in paketo-buildpacks/packit#525

Bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 by @dependabot in paketo-buildpacks/packit#528

Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 by @dependabot in paketo-buildpacks/packit#530

Enable Alternative Checksum format of algorithm_hash by @ChuckQuinnIV in paketo-buildpacks/packit#526

... (truncated)

Commits

13393ec Support reading service bindings from VCAP_SERVICES env var (#566)
35d8f76 Bump github.com/onsi/gomega from 1.33.0 to 1.33.1
ce376b7 Fixes mirror bug when originalHost is excluded (#569)
4c9f338 Allows users to set a dependency mirror (#563)
4e9c21d Bump github.com/onsi/gomega from 1.32.0 to 1.33.0
dd77ec5 Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12
95b8056 Bump github.com/onsi/gomega from 1.31.1 to 1.32.0
777a503 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
c1b785b Bump github.com/google/uuid from 1.5.0 to 1.6.0
b31dc83 Bump github.com/onsi/gomega from 1.31.0 to 1.31.1
Additional commits viewable in compare view

Updates github.com/ForestEckhardt/freezer from 0.0.12 to 0.1.0

Release notes

Sourced from github.com/ForestEckhardt/freezer's releases.

v0.1.0

What's Changed

Updates fetchers to create buildpackages by @ForestEckhardt in ForestEckhardt/freezer#11

Full Changelog: ForestEckhardt/freezer@v0.0.12...v0.1.0

Commits

a57bf55 Updates fetchers to create buildpackages
See full diff in compare view

Updates github.com/Microsoft/hcsshim from 0.11.5 to 0.12.4

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.4

What's Changed

[release/0.12] Backport networking commits by @kiashok in microsoft/hcsshim#2157

Full Changelog: microsoft/hcsshim@v0.12.3...v0.12.4

v0.12.3

What's Changed

[release/0.12] Update go-winio to v0.6.2 by @kiashok in microsoft/hcsshim#2114

Full Changelog: microsoft/hcsshim@v0.12.2...v0.12.3

v0.12.2

No release notes provided.

v0.12.1

What's Changed

Add spans and drop large size high volume trace logs by @kiashok in microsoft/hcsshim#2068

Updating permissions and github release action versions (#2078) by @hgarvison in microsoft/hcsshim#2079

fix: move permissions to the correct job (#2080) by @anmaxvl in microsoft/hcsshim#2081

Full Changelog: microsoft/hcsshim@v0.12.0...v0.12.1

v0.12.0

What's Changed

adding option of using buffered image reader for faster dmverity hashing by @SethHollandsworth in microsoft/hcsshim#2013

Fix process handle leak when launching a job container by @kevpar in microsoft/hcsshim#2020

Revert "gcs: Support routing container stdio to sidecar" by @kevpar in microsoft/hcsshim#2023

internal/exec: Fix stdio pipe problems by @kevpar in microsoft/hcsshim#2021

Allow mounting multiple dev nodes per assigned device by @katiewasnothere in microsoft/hcsshim#2003

tests: update docker images by @anmaxvl in microsoft/hcsshim#2012

Don't create container scratch per base layer by @ambarve in microsoft/hcsshim#2002

Removing internal tests from hcsshim's cri-containerd tests by @yyatmsft in microsoft/hcsshim#1998

Fix CodeQL pipeline failure by @helsaawy in microsoft/hcsshim#2032

Update Cmd IO handling by @helsaawy in microsoft/hcsshim#1937

[deps] Omni-bus dependency update by @helsaawy in microsoft/hcsshim#2039

Upgrade to go1.21 by @kiashok in microsoft/hcsshim#2033

New Contributors

@yyatmsft made their first contribution in microsoft/hcsshim#1998

Full Changelog: microsoft/hcsshim@v0.12.0-rc.3...v0.12.0

v0.12.0-rc.3

What's Changed

SNP Direct DM-Verity Boot by @darracott in microsoft/hcsshim#1952

tests: update test images used for cri-containerd tests by @anmaxvl in microsoft/hcsshim#1991

... (truncated)

Commits

c6a8327 Adding support for loadbalancer policy update in hns. (#2085)
44e4ec0 Changes for checking the global version for modify policy version support. (#...
62f86c0 OutBoundNATPolicy Schema changes (#2106)
c950974 Update go-winio to v0.6.2 & fix lint errors
ad1ccf5 fix: move permissions to the correct job (#2080) (#2081)
6588c1c Updating permissions and github release action versions (#2078) (#2079)
202f90a Add spans and drop large size high volume trace logs
fe8c673 update newBinaryCmd URL path handling (#2041)
85086d7 Upgrade to go1.21 + fix lint errors
8039310 [deps] Omni-bus dependency update (#2039)
Additional commits viewable in compare view

Updates github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0

Commits

720b789 remove travis badge from readme
a83af7f feat(backoff): Add functional options for ExponentialBackOff Closes #136
See full diff in compare view

Updates github.com/distribution/reference from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/distribution/reference's releases.

v0.6.0

What's Changed

remove deprecated SplitHostname by @thaJeztah in distribution/reference#5

refactor splitDockerDomain to include more documentation by @thaJeztah in distribution/reference#7

fix typo in readme by @xrstf in distribution/reference#10

Exclude domain from name length check by @ozairasim in distribution/reference#9

New Contributors

@xrstf made their first contribution in distribution/reference#10

@ozairasim made their first contribution in distribution/reference#9

Full Changelog: distribution/reference@v0.5.0...v0.6.0

Commits

ff14faf Merge pull request #9 from ozairasim/exclude-domain-from-name-length-validation
2a66312 Merge pull request #10 from xrstf/patch-1
094e717 fix typo in readme
aaca75e Exclude domain from name length check
8507c7f Merge pull request #7 from thaJeztah/cleanup_splitDockerDomain
89ee7ec refactor splitDockerDomain to include more documentation
a3fb784 Merge pull request #5 from thaJeztah/rm_deprecated
4894124 remove deprecated SplitHostname
See full diff in compare view

Updates github.com/docker/go-connections from 0.4.0 to 0.5.0

Commits

fa09c95 Merge pull request #108 from thaJeztah/carry_6
7a67a58 Swap CloseRead and CloseWrite
481d3d2 Merge pull request #107 from thaJeztah/drop_legacy_go
9548f9f tlsconfig: remove deprecated io/ioutil
c564c21 drop support for go1.17 and older
7cbebcf gha: update actions
2cf423f tlsconfig: move allTLSVersions var
dca283b tlsconfig: drop support for go1.12 and older
21876c5 tlsconfig: drop support for go1.6 and older
4d174db tlsconfig: drop support for go1.4 and older
Additional commits viewable in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.3

What's Changed

Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read() by @splashing-atom in gabriel-vasile/mimetype#355

Bump golang.org/x/net from 0.8.0 to 0.17.0 by @dependabot in gabriel-vasile/mimetype#441

enable reusing records in csv/tsv detection by @gabriel-vasile in gabriel-vasile/mimetype#443

New Contributors

@splashing-atom made their first contribution in gabriel-vasile/mimetype#355

Full Changelog: gabriel-vasile/mimetype@v1.4.2...v1.4.3

Commits

e64d6bd enable reusing records in csv/tsv detection (#443)
b4da7ba Bump the gomod group with 1 update (#441)
918baec Bump the github-actions group with 4 updates (#442)
9df6903 Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read...
85b2cdc Merge pull request #414 from gabriel-vasile/dependabot/github_actions/github-...
24e5745 Merge pull request #412 from gabriel-vasile/dependabot/go_modules/gomod-939bd...
6bd9427 Bump the github-actions group with 5 updates
4f0da4f Bump the gomod group with 1 update
1a4b844 Group all dependabot PRs together (#409)
f5a14c2 Remove old travis build status link from readme (#407)
Additional commits viewable in compare view

Updates github.com/google/uuid from 1.3.1 to 1.6.0

Release notes

Sourced from github.com/google/uuid's releases.

v1.6.0

1.6.0 (2024-01-16)

Features

add Max UUID constant (#149) (c58770e)

Bug Fixes

fix typo in version 7 uuid documentation (#153) (016b199)

Monotonicity in UUIDv7 (#150) (a2b2b32)

v1.5.0

1.5.0 (2023-12-12)

Features

Validate UUID without creating new UUID (#141) (9ee7366)

v1.4.0

1.4.0 (2023-10-26)

Features

UUIDs slice type with Strings() convenience method (#133) (cd5fbbd)

Fixes

Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)

Changelog

Sourced from github.com/google/uuid's changelog.

1.6.0 (2024-01-16)

Features

add Max UUID constant (#149) (c58770e)

Bug Fixes

fix typo in version 7 uuid documentation (#153) (016b199)

Monotonicity in UUIDv7 (#150) (a2b2b32)

1.5.0 (2023-12-12)

Features

Validate UUID without creating new UUID (#141) (9ee7366)

1.4.0 (2023-10-26)

Features

UUIDs slice type with Strings() convenience method (#133) (cd5fbbd)

Fixes

Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)

Commits

0f11ee6 chore(master): release 1.6.0 (#151)
16939da chore(tests): add strict monotonicity test case for uuid v7. (#154)
016b199 fix: fix typo in version 7 uuid documentation (#153)
1d8b6ea ci: set token permissions to github workflows (#143)
a2b2b32 fix: Monotonicity in UUIDv7 (#150)
c58770e feat: add Max UUID constant (#149)
4d47f8e chore(master): release 1.5.0 (#145)
9ee7366 feat: Validate UUID without creating new UUID (#141)
b35aa6a add uuid version 6 and 7 (#139)
8de8764 chore(master): release 1.4.0 (#134)
Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.16.4 to 1.16.5

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.16.5

What's Changed

zstd: readByte needs to use io.ReadFull by @jnoxon in klauspost/compress#802

gzip: Fix WriterTo after initial read by @klauspost in klauspost/compress#804

New Contributors

@jnoxon made their first contribution in klauspost/compress#802

Full Changelog: klauspost/compress@v1.16.4...v1.16.5

Commits

ed6feff gzip: Fix WriterTo after initial read (#804)
62dad81 readerWrapper: readByte needs to use io.ReadFull (#802)
b0f7a94 Update README.md
See full diff in compare view

Updates github.com/moby/patternmatcher from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/moby/patternmatcher's releases.

v0.6.0

This release integrates the "frontend/dockerfile/dockerignore" package from github.com/moby/buildkit at commit 9da03ce42beb47d0d0a34c68ea90cac793b79851

What's Changed

gha: update golangci-lint to v1.54, actions/setup-go@v4, and go1.20.x moby/patternmatcher#2

integrate frontend/dockerfile/dockerignore from BuildKit moby/patternmatcher#1

Full Changelog: moby/patternmatcher@v0.5.0...v0.6.0

Commits

347bb8d Merge pull request #1 from thaJeztah/integrate_dockerignore
36a4227 integrate frontend/dockerfile/dockerignore from buildkit
8a1649d Merge pull request #2 from thaJeztah/update_go_versions
c512fc5 gha: test against go1.20.x
2345cde gha: update actions/setup-go@v4
555cf69 gha: update golangci-lint to v1.53.x
666020c frontend/dockerfile/dockerignore: remove hard-coded filename from error
dba575f frontend/dockerfile/dockerignore: touch-up godoc and code
318a4a5 frontend/dockerfile/dockerignore: cleanup unit test
00aab4f chore: refactor dockerfile to use errors pkg
Additional commits viewable in compare view

Updates github.com/opencontainers/runc from 1.1.9 to 1.1.12

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1.12 -- "Now you're thinking with Portals™!"

This is the twelfth patch release in the 1.1.z release branch of runc. It fixes a high-severity container breakout vulnerability involving leaked file descriptors, and users are strongly encouraged to update as soon as possible.

Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process).

In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again.

Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

libseccomp

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Aleksa Sarai [email protected]

hang.jiang [email protected]

lfbzhm [email protected]

Signed-off-by: Aleksa Sarai [email protected]

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.12] - 2024-01-31

Now you're thinking with Portals™!

Security

Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process). In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again. Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

[1.1.11] - 2024-01-01

Happy New Year!

Fixed

Fix several issues with userns path handling. (#4122, #4124, #4134, #4144)

Changed

Support memory.peak and memory.swap.peak in cgroups v2. Add swapOnlyUsage in MemoryStats. This field reports swap-only usage. For cgroupv1, Usage and Failcnt are set by subtracting memory usage from memory+swap usage. For cgroupv2, Usage, Limit, and MaxUsage are set. (#4000, #4010, #4131)

build(deps): bump github.com/cyphar/filepath-securejoin. (#4140)

[1.1.10] - 2023-10-31

Śruba, przykręcona we śnie, nie zmieni sytuacji, jaka panuje na jawie.

Added

Support for hugetlb.<pagesize>.rsvd limiting and accounting. Fixes the issue of postres failing when hugepage limits are set. (#3859, #4077)

Fixed

Fixed permissions of a newly created directories to not depend on the value of umask in tmpcopyup feature implementation. (#3991, #4060)

libcontainer: cgroup v1 GetStats now ignores missing kmem.limit_in_bytes (fixes the compatibility with Linux kernel 6.1+). (#4028)

... (truncated)

Commits

51d5e94 VERSION: release 1.1.12
2a4ed3e merge 1.1-GHSA-xr7r-f8xq-vfvv into release-1.1
e9665f4 init: don't special-case logrus fds
683ad2f libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
b6633f4 cgroup: plug leaks of /sys/fs/cgroup handle
284ba30 init: close internal fds before execve
fbe3eed setns init: do explicit lookup of execve argument early
0994249 init: verify after chdir that cwd is inside the container
506552a Fix File to Close
099ff69 merge #4177 into opencontainers/runc:release-1.1
Additional commits viewable in compare view

Updates github.com/ulikunitz/xz from 0.5.11 to 0.5.12

Commits

4f11dce Update README.md and SECURITY.md to address security questions
f56ebbf TODO.md: fix a typo
See full diff in compare view

Updates golang.org/x/exp from 0.0.0-20230510235704-dd950f8aeaea to 0.0.0-20231006140011-7918f672742d

Commits

See full diff in compare view

Updates golang.org/x/net from 0.23.0 to 0.24.0

Commits

7bbe320 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates golang.org/x/sys from 0.18.0 to 0.19.0

Commits

cabba82 windows: use uint32 for serial comm flags for consistency
1a50d97 windows: add serial comm functions
95f07ec x/sys/windows: add func windows.DisconnectNamedPipe(handle Handle) (err error)
4be02d3 unix: expose mmap calls on z/OS
See full diff in compare view

Updates golang.org/x/text from 0.14.0 to 0.16.0

Commits

9c2f3a2 cmd/gotext: fix segfault in extract & rewrite commands
5... Description has been truncated

Bumps the go-modules group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.3.2` | `1.4.0` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.27.10` | `1.33.1` | | [github.com/paketo-buildpacks/packit/v2](https://github.com/paketo-buildpacks/packit) | `2.11.0` | `2.14.0` | | [github.com/ForestEckhardt/freezer](https://github.com/ForestEckhardt/freezer) | `0.0.12` | `0.1.0` | | [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) | `0.11.5` | `0.12.4` | | [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff) | `4.2.1` | `4.3.0` | | [github.com/distribution/reference](https://github.com/distribution/reference) | `0.5.0` | `0.6.0` | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.4.0` | `0.5.0` | | [github.com/moby/patternmatcher](https://github.com/moby/patternmatcher) | `0.5.0` | `0.6.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.14.0` | `0.16.0` | | google.golang.org/protobuf | `1.33.0` | `1.34.2` | Updates `github.com/BurntSushi/toml` from 1.3.2 to 1.4.0 - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](BurntSushi/toml@v1.3.2...v1.4.0) Updates `github.com/onsi/gomega` from 1.27.10 to 1.33.1 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.27.10...v1.33.1) Updates `github.com/paketo-buildpacks/packit/v2` from 2.11.0 to 2.14.0 - [Release notes](https://github.com/paketo-buildpacks/packit/releases) - [Commits](paketo-buildpacks/packit@v2.11.0...v2.14.0) Updates `github.com/ForestEckhardt/freezer` from 0.0.12 to 0.1.0 - [Release notes](https://github.com/ForestEckhardt/freezer/releases) - [Commits](ForestEckhardt/freezer@v0.0.12...v0.1.0) Updates `github.com/Microsoft/hcsshim` from 0.11.5 to 0.12.4 - [Release notes](https://github.com/Microsoft/hcsshim/releases) - [Commits](microsoft/hcsshim@v0.11.5...v0.12.4) Updates `github.com/cenkalti/backoff/v4` from 4.2.1 to 4.3.0 - [Commits](cenkalti/backoff@v4.2.1...v4.3.0) Updates `github.com/distribution/reference` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/distribution/reference/releases) - [Commits](distribution/reference@v0.5.0...v0.6.0) Updates `github.com/docker/go-connections` from 0.4.0 to 0.5.0 - [Commits](docker/go-connections@v0.4.0...v0.5.0) Updates `github.com/gabriel-vasile/mimetype` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/gabriel-vasile/mimetype/releases) - [Commits](gabriel-vasile/mimetype@v1.4.2...v1.4.3) Updates `github.com/google/uuid` from 1.3.1 to 1.6.0 - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](google/uuid@v1.3.1...v1.6.0) Updates `github.com/klauspost/compress` from 1.16.4 to 1.16.5 - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.16.4...v1.16.5) Updates `github.com/moby/patternmatcher` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/moby/patternmatcher/releases) - [Commits](moby/patternmatcher@v0.5.0...v0.6.0) Updates `github.com/opencontainers/runc` from 1.1.9 to 1.1.12 - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md) - [Commits](opencontainers/runc@v1.1.9...v1.1.12) Updates `github.com/ulikunitz/xz` from 0.5.11 to 0.5.12 - [Commits](ulikunitz/xz@v0.5.11...v0.5.12) Updates `golang.org/x/exp` from 0.0.0-20230510235704-dd950f8aeaea to 0.0.0-20231006140011-7918f672742d - [Commits](https://github.com/golang/exp/commits) Updates `golang.org/x/net` from 0.23.0 to 0.24.0 - [Commits](golang/net@v0.23.0...v0.24.0) Updates `golang.org/x/sys` from 0.18.0 to 0.19.0 - [Commits](golang/sys@v0.18.0...v0.19.0) Updates `golang.org/x/text` from 0.14.0 to 0.16.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.14.0...v0.16.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20231002182017-d307bd883b97 to 0.0.0-20240123012728-ef4313101c80 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/grpc` from 1.59.0 to 1.62.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.59.0...v1.62.0) Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.2 --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/paketo-buildpacks/packit/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/ForestEckhardt/freezer dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/Microsoft/hcsshim dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/cenkalti/backoff/v4 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/distribution/reference dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/docker/go-connections dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/gabriel-vasile/mimetype dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/google/uuid dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/klauspost/compress dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/moby/patternmatcher dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/opencontainers/runc dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/ulikunitz/xz dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/exp dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: google.golang.org/grpc dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/protobuf dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner June 11, 2024 13:22

dependabot bot added the failure:update-dependencies An issue filed automatically when updating buildpack.toml dependencies fails in a workflow label Jun 11, 2024

dependabot bot mentioned this pull request Jun 11, 2024

bump the go-modules group across 1 directory with 21 updates #393

Closed

paketo-bot added the semver:patch A change requiring a patch version bump label Jun 11, 2024

dependabot bot force-pushed the dependabot/go_modules/go-modules-5808434441 branch from f17c7cb to 97f4d2e Compare June 19, 2024 13:11

dependabot bot force-pushed the dependabot/go_modules/go-modules-5808434441 branch from 97f4d2e to 57ade9a Compare June 21, 2024 13:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group across 1 directory with 21 updates #394

Bump the go-modules group across 1 directory with 21 updates #394

dependabot bot commented on behalf of github Jun 11, 2024 •

edited

Loading

Bump the go-modules group across 1 directory with 21 updates #394

Are you sure you want to change the base?

Bump the go-modules group across 1 directory with 21 updates #394

Conversation

dependabot bot commented on behalf of github Jun 11, 2024 • edited Loading

v1.4.0

v1.33.1

1.33.1

Fixes

Maintenance

v1.33.0

1.33.0

Features

Maintenance

v1.32.0

1.32.0

Maintenance

v1.31.1

1.31.1

Fixes

Maintenance

v1.31.0

1.31.0

1.33.1

Fixes

Maintenance

1.33.0

Features

Maintenance

1.32.0

Maintenance

1.31.1

Fixes

Maintenance

1.31.0

Features

Maintenance

v2.14.0

What's Changed

New Contributors

v2.13.0

What's Changed

New Contributors

v2.12.0

What's Changed

v0.1.0

What's Changed

v0.12.4

What's Changed

v0.12.3

What's Changed

v0.12.2

v0.12.1

What's Changed

v0.12.0

What's Changed

New Contributors

v0.12.0-rc.3

What's Changed

v0.6.0

What's Changed

New Contributors

v1.4.3

What's Changed

New Contributors

v1.6.0

1.6.0 (2024-01-16)

Features

Bug Fixes

v1.5.0

1.5.0 (2023-12-12)

Features

v1.4.0

1.4.0 (2023-10-26)

Features

Fixes

1.6.0 (2024-01-16)

Features

Bug Fixes

1.5.0 (2023-12-12)

dependabot bot commented on behalf of github Jun 11, 2024 •

edited

Loading