Skip to content

fix(deps): update all non-major dependencies #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #61

wants to merge 1 commit into from

Conversation

red-hat-konflux[bot]
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Feb 23, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
github.com/ProtonMail/go-crypto indirect patch v1.1.0-beta.0-proton -> v1.1.6
github.com/cloudflare/circl indirect minor v1.3.7 -> v1.6.0
github.com/cyphar/filepath-securejoin indirect minor v0.3.4 -> v0.4.1
github.com/go-git/go-billy/v5 indirect patch v5.6.0 -> v5.6.2
github.com/go-git/go-git/v5 require minor v5.12.0 -> v5.14.0
github.com/go-jose/go-jose/v4 indirect minor v4.0.4 -> v4.1.0
github.com/hashicorp/go-secure-stdlib/parseutil indirect minor v0.1.8 -> v0.2.0
github.com/hashicorp/terraform-exec require minor v0.21.0 -> v0.22.0
github.com/hashicorp/terraform-json indirect minor v0.23.0 -> v0.24.0
github.com/pjbgf/sha1cd indirect patch v0.3.0 -> v0.3.2
github.com/skeema/knownhosts indirect patch v1.3.0 -> v1.3.1
github.com/stretchr/testify require minor v1.9.0 -> v1.10.0
github.com/zclconf/go-cty indirect minor v1.15.0 -> v1.16.2
golang minor 1.21.13 -> 1.24.2
golang.org/x/crypto indirect minor v0.32.0 -> v0.37.0
golang.org/x/net indirect minor v0.34.0 -> v0.39.0
golang.org/x/sys indirect minor v0.29.0 -> v0.32.0
golang.org/x/text indirect minor v0.21.0 -> v0.24.0
golang.org/x/time indirect minor v0.7.0 -> v0.11.0
registry.access.redhat.com/ubi9 stage patch 9.5-1739751568 -> 9.5-1744101466
registry.access.redhat.com/ubi9-minimal final patch 9.5-1739420147 -> 9.5-1742914212
registry.access.redhat.com/ubi9/go-toolset stage minor 1.21.13-2.1729776560 -> 1.22.9-1743582279

Release Notes

ProtonMail/go-crypto (github.com/ProtonMail/go-crypto)

v1.1.6

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.5...v1.1.6

v1.1.5

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.4...v1.1.5

v1.1.4

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.3...v1.1.4

v1.1.3

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.2...v1.1.3

v1.1.2

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.1...v1.1.2

v1.1.1

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.0...v1.1.1

v1.1.0

Compare Source

What's Changed

This release adds full support for the new version of the OpenPGP standard, RFC 9580. In addition, the release introduces an improved non-backwards compatible v2 API. The API in the openpgp package remains fully backwards compatible while the new v2 API is located in a separate v2 package in openpgp.

For the full changes since v1.0.0, see the previous release notes. For the full changelog, see ProtonMail/go-crypto@v1.0.0...v1.1.0.

Changes since v1.1.0-beta.0:

  • Replace expiring curve448 integration test vector by @​lubux
  • Validate input key size in SEIPDv2 decryption by @​lubux

Changelog since v1.1.0-beta.0: ProtonMail/go-crypto@v1.1.0-beta.0...v1.1.0.

v1.1.0-proton

Compare Source

What's Changed

This release is v1.1.0 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

cloudflare/circl (github.com/cloudflare/circl)

v1.6.0: CIRCL v1.6.0

Compare Source

CIRCL v1.6.0

New!
What's Changed
New Contributors

Full Changelog: cloudflare/circl@v1.5.0...v1.6.0

v1.5.0: CIRCL v1.5.0

Compare Source

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed
New Contributors

Full Changelog: cloudflare/circl@v1.4.0...v1.5.0

v1.4.0: CIRCL v1.4.0

Compare Source

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

Full Changelog: cloudflare/circl@v1.3.9...v1.4.0

v1.3.9: CIRCL v1.3.9

Compare Source

CIRCL v1.3.9

Changes:
  • Fix bug on BLS12381 decoding elements.
Commit History

Full Changelog: cloudflare/circl@v1.3.8...v1.3.9

v1.3.8: CIRCL v1.3.8

Compare Source

CIRCL v1.3.8

New

  • BLS Signatures on top of BLS12-381.
  • Adopt faster squaring in pairings.
  • BlindRSA compliant with RFC9474.
  • (Verifiable) Secret Sharing compatible with the Group interface (elliptic curves).

Notice

What's Changed
New Contributors

Full Changelog: cloudflare/circl@v1.3.7...v1.3.8

cyphar/filepath-securejoin (github.com/cyphar/filepath-securejoin)

v0.4.1

Compare Source

This release fixes a regression introduced in one of the hardening
features added to filepath-securejoin 0.4.0.

  • The restrictions added for root paths passed to SecureJoin in 0.4.0 was
    found to be too strict and caused some regressions when folks tried to
    update, so this restriction has been relaxed to only return an error if the
    path contains a .. component. We still recommend users use filepath.Clean
    (and even filepath.EvalSymlinks) on the root path they are using, but at
    least you will no longer be punished for "trivial" unclean paths. (#​46)

Signed-off-by: Aleksa Sarai [email protected]

v0.4.0

Compare Source

This release primarily includes a few minor breaking changes to make the
MkdirAll and SecureJoin interfaces more robust against accidental
misuse.

  • SecureJoin(VFS) will now return an error if the provided root is not a
    filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is
    a safe path to use, passing a path like /symlink/.. as a root would result
    in the SecureJoin'd path being placed in / even though /symlink/..
    might be a different directory, and so we should more strongly discourage
    such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they
    provide are safe (and this is ultimately a question of user error), but
    removing this foot-gun is probably a good idea. Of course, this is
    necessarily a breaking API change (though we expect no real users to be
    affected by it).

    Thanks to Erik Sjölund, who initially
    reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument
    instead of a raw unix.S_*-style mode argument, which may cause compile-time
    type errors depending on how you use filepath-securejoin. For most users,
    there will be no change in behaviour aside from the type change (as the
    bottom 0o777 bits are the same in both formats, and most users are probably
    only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with
    MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you
    will get a runtime error with this update. In addition, the error message you
    will get from passing unix.S_ISUID and unix.S_ISGID will be different as
    they are treated as invalid bits now (note that previously passing said bits
    was also an error).

Thanks to the following contributors for helping make this release
possible:

Signed-off-by: Aleksa Sarai [email protected]

v0.3.6

Compare Source

This release lowers the minimum Go version to Go 1.18 as well as some
library dependencies, in order to make it easier for folks that need to
backport patches using the new filepath-securejoin API onto branches
that are stuck using old Go compilers. For users using Go >= 1.21, this
release contains no functional changes.

  • The minimum Go version requirement for filepath-securejoin is now Go 1.18
    (we use generics internally).

    For reference, [email protected] somewhat-arbitrarily bumped the
    Go version requirement to 1.21.

    While we did make some use of Go 1.21 stdlib features (and in principle Go
    versions <= 1.21 are no longer even supported by upstream anymore), some
    downstreams have complained that the version bump has meant that they have to
    do workarounds when backporting fixes that use the new filepath-securejoin
    API onto old branches. This is not an ideal situation, but since using this
    library is probably better for most downstreams than a hand-rolled
    workaround, we now have compatibility shims that allow us to build on older
    Go versions.

  • Lower minimum version requirement for golang.org/x/sys to v0.18.0 (we
    need the wrappers for fsconfig(2)), which should also make backporting
    patches to older branches easier.

Signed-off-by: Aleksa Sarai [email protected]

v0.3.5

Compare Source

This release primarily includes a fix for an issue involving two
programs racing to MkdirAll the same directory, which caused a
regression with BuildKit.

  • MkdirAll will now no longer return an EEXIST error if two racing
    processes are creating the same directory. We will still verify that the path
    is a directory, but this will avoid spurious errors when multiple threads or
    programs are trying to MkdirAll the same path. opencontainers/runc#4543

Signed-off-by: Aleksa Sarai [email protected]

go-git/go-billy (github.com/go-git/go-billy/v5)

v5.6.2

Compare Source

What's Changed

New Contributors

Full Changelog: go-git/go-billy@v5.6.1...v5.6.2

v5.6.1

Compare Source

What's Changed

Full Changelog: go-git/go-billy@v5.6.0...v5.6.1

go-git/go-git (github.com/go-git/go-git/v5)

v5.14.0

Compare Source

What's Changed

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/[email protected] which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

v5.13.2

Compare Source

What's Changed

Full Changelog: go-git/go-git@v5.13.1...v5.13.2

v5.13.1

Compare Source

What's Changed

Full Changelog: go-git/go-git@v5.13.0...v5.13.1

v5.13.0

Compare Source

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.12.0...v5.13.0

go-jose/go-jose (github.com/go-jose/go-jose/v4)

v4.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: go-jose/go-jose@v4.0.5...v4.1.0

v4.0.5

Compare Source

What's Changed

Fixes GHSA-c6gw-w398-hv78

Various other dependency updates, small fixes, and documentation updates in the full changelog

New Contributors

Full Changelog: go-jose/go-jose@v4.0.4...v4.0.5

hashicorp/terraform-exec (github.com/hashicorp/terraform-exec)

v0.22.0

[Compare Source](https://redirect.github.com/hashicorp/terraform-exec/compare/v0

Configuration

📅 Schedule: Branch creation - "after 5am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

@red-hat-konflux Red Hat Konflux
Copy link
Contributor Author

red-hat-konflux bot commented Feb 23, 2025
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.21 -> 1.24.2
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da -> v0.0.0-20241129210726-2c02b8208cf8

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch branch from a30477b to f634bb7 Compare February 27, 2025 16:57
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch branch 4 times, most recently from bf1563a to 6e9c106 Compare March 17, 2025 14:21
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch branch 3 times, most recently from 4f24e75 to b8e9edf Compare March 25, 2025 19:26
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch branch 4 times, most recently from 923b65e to cca1793 Compare April 2, 2025 13:32
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch branch 4 times, most recently from a9ea0f9 to e3b86f3 Compare April 8, 2025 01:39
@red-hat-konflux
fix(deps): update all non-major dependencies
667d5a8 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch branch from e3b86f3 to 667d5a8 Compare April 8, 2025 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants