Bump the go-modules group with 25 updates #555

dependabot · 2023-10-12T20:10:40Z

Bumps the go-modules group with 25 updates:

Package	From	To
github.com/CycloneDX/cyclonedx-go	`0.7.1`	`0.7.2`
github.com/cenkalti/backoff/v4	`4.2.0`	`4.2.1`
github.com/containerd/containerd	`1.7.0`	`1.7.7`
github.com/docker/distribution	`2.8.2+incompatible`	`2.8.3+incompatible`
github.com/docker/docker-credential-helpers	`0.7.0`	`0.8.0`
github.com/gabriel-vasile/mimetype	`1.4.2`	`1.4.3`
github.com/go-git/go-billy/v5	`5.4.1`	`5.5.0`
github.com/go-git/go-git/v5	`5.6.1`	`5.9.0`
github.com/google/go-cmp	`0.5.9`	`0.6.0`
github.com/google/go-containerregistry	`0.15.1`	`0.16.1`
github.com/google/uuid	`1.3.0`	`1.3.1`
github.com/jinzhu/copier	`0.3.5`	`0.4.0`
github.com/klauspost/compress	`1.16.5`	`1.17.0`
github.com/mattn/go-runewidth	`0.0.14`	`0.0.15`
github.com/moby/patternmatcher	`0.5.0`	`0.6.0`
github.com/opencontainers/runc	`1.1.5`	`1.1.9`
github.com/pierrec/lz4/v4	`4.1.17`	`4.1.18`
github.com/skeema/knownhosts	`1.2.0`	`1.2.1`
github.com/spdx/tools-golang	`0.5.0`	`0.5.3`
github.com/spf13/afero	`1.9.5`	`1.10.0`
github.com/spf13/cast	`1.5.0`	`1.5.1`
github.com/sylabs/sif/v2	`2.11.3`	`2.15.0`
github.com/testcontainers/testcontainers-go	`0.21.0`	`0.25.0`
github.com/vbatts/tar-split	`0.11.3`	`0.11.5`
google.golang.org/grpc	`1.57.0`	`1.58.3`

Updates github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.7.2

This is a bugfix release that ships with minimal support for the CycloneDX v1.5 specification.

Full support is being worked on and planned to be released soon. The progress may be tracked in #90.

The reason for publishing partial support like this is to allow the consumption of v1.5 BOMs, which fails with cyclonedx-go <= v0.7.1.

Warning
The default SpecVersion has been updated to SpecVersion1_5. If your application generates BOMs, and you're not ready (or willing) to distribute BOMs following the v1.5 specification yet, consider using EncodeVersion to generate output for an older version of the spec.

Changelog

Features

7128a921f3e83a43feef75bc8ab95642c236ef82: feat: raise baseline go version to 1.18 (@nscuro)

Fixes

ff719b64835af6e75dcfd6e7ff90d070f271ae07: fix: unmarshal bom on v1.5 return invalid specification version (@chen-keinan)

Building and Packaging

966c223154527621395473cc045a7672609c879f: build(deps): bump CycloneDX/gh-gomod-generate-sbom from 1.1.0 to 2.0.0 (@dependabot[bot])

1e83e8598d07b6303522cb63458be2577223f8d3: build(deps): bump actions/checkout from 3.5.0 to 3.5.1 (@dependabot[bot])

78f6593ed81da036aec671c19ea937b3a80586bf: build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (@dependabot[bot])

868f6db7d03da581dbe9b6d283acd6c477529c0a: build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (@dependabot[bot])

5885827e4246b82e08d37f6f0b95c6c0a4ef821b: build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (@dependabot[bot])

d772b5438430be7879f3a4e7064c1ccbdbf153a1: build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (@dependabot[bot])

578e8621c93869b9e0368eebb619cd96c7e9e2bb: build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (@dependabot[bot])

f83e6a7c9d196eff9f99ecf8291cd4adeabce31a: build(deps): bump gitpod/workspace-go from 2be827f to 910daeb (@dependabot[bot])

cd7b23a68ff1c7467e211c9c69f9fb67c2244043: build(deps): bump gitpod/workspace-go from 910daeb to d7a41f5 (@dependabot[bot])

668553d1667110b8b34c7a4a954c3ac4707816ba: build(deps): bump gitpod/workspace-go from d7a41f5 to f37c673 (@dependabot[bot])

d9a5f8cf07fa834c02969fba2128bdb14c0865ff: build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (@dependabot[bot])

66f96dfacf866f8d2ca686659e964fc535c72f92: build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (@dependabot[bot])

8b51c39974573c22ba0a14ba1d5a0cd5b50c68fa: build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (@dependabot[bot])

e44f7de374a51cd1228117d43ccedfdcbe50cd73: build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (@dependabot[bot])

6360fe1474853e461a6af83fc6214882b4647f09: build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (@dependabot[bot])

Others

a06990657b338db19fec11a677ea915eea2b5c74: feat(spec1-5): add initial support for spec v1.5 (@nscuro)

67a7567143eb3373099f100bbe17143239cf5d4e: feat(spec1-5): add licensing, license properties, and license bom-ref (@nscuro)

d2f3bb95bf740da7a6d36c6a1c324356afed5356: feat(spec1-5): add lifecycle support (@nscuro)

eb041b55b2eb8685a37be6f7a9c265fb6528377b: feat(spec1-5): add new component types (@nscuro)

c45ba618028d9f0cb593784e6483f4392a78ff3b: feat(spec1-5): add new external reference types (@nscuro)

d84947d74d7df97f851211bf7b72786e3583b9e3: feat(spec1-5): add support for annotations (@nscuro)

0ba04965ce8c5df710eb2a1cae1e7546ffb6321b: feat(spec1-5): bump schema to 1.5 for round-trip tests (@nscuro)

4e20914ebfc2aa80fbe0fa32650567554ebaaf49: misc(dx): add project icon for intellij and goland (@nscuro)

Commits

83031d6 Merge pull request #117 from CycloneDX/dependabot/github_actions/golangci/gol...
8b51c39 build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0
0ed4535 Merge pull request #114 from CycloneDX/dependabot/github_actions/goreleaser/g...
6360fe1 build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0
5c1db8e Merge pull request #113 from CycloneDX/dependabot/github_actions/actions/setu...
d772b54 build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
3d592d2 Merge pull request #112 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
668553d build(deps): bump gitpod/workspace-go from d7a41f5 to f37c673
fdeec7e Merge pull request #111 from CycloneDX/idea-project-icon
4e20914 misc(dx): add project icon for intellij and goland
Additional commits viewable in compare view

Updates github.com/cenkalti/backoff/v4 from 4.2.0 to 4.2.1

Commits

a04a6fe set minimum permissions for go.yaml
a214dad spelling: interval
af9bd1c spelling: found
See full diff in compare view

Updates github.com/containerd/containerd from 1.7.0 to 1.7.7

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.7

Welcome to the v1.7.7 release of containerd!

The seventh patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

Require plugins to succeed after registering readiness (#9165)

Handle unexpected shim kill events (#9132)

Build binaries with Go 1.21.1 (#9167)

cri: Stop recommending disable_cgroup (#9168)

remotes/docker: Fix MountedFrom prefixed with target repository (#9193)

remotes: always try to establish tls connection when tls configured (#9188)

NRI: Add support for rlimits (#48)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

Derek McGowan

Samuel Karp

Krisztian Litkey

Wei Fu

Phil Estes

Sebastiaan van Stijn

Iceber Gu

Mike Brown

Akihiro Suda

Paweł Gronowski

Steve Griffith

Aditya Ramani

Austin Vazquez

Danny Canter

James Sturtevant

Kern Walster

ZP-AlwaysWin

Changes

[release/1.7] Prepare release notes for v1.7.7 (#9194)

a34fa5681 Prepare release notes for v1.7.7

[release/1.7] Allow for images with artifacts to pull (#9149)

6ca0aebf0 Allow for images with artifacts to pull

[release 1.7] remotes/docker: Fix MountedFrom prefixed with target repository (#9193)

7df492a95 remotes/docker: Fix MountedFrom prefixed with target repository

... (truncated)

Commits

8c08766 Merge pull request #9194 from dcantah/release-notes-1.7.7
a34fa56 Prepare release notes for v1.7.7
8664fca Merge pull request #9149 from jsturtevant/cherry-pick-9142-on-1-7
6ca0aeb Allow for images with artifacts to pull
72e0200 Merge pull request #9193 from vvoland/remotes-docker-mounted-fix-1.7
814f6c2 Merge pull request #9134 from Kern--/release/1.7
781d395 Merge pull request #9188 from dmcgowan/backport-1.7-localhost-http-fallback
7df492a remotes/docker: Fix MountedFrom prefixed with target repository
7779ce6 remotes: always try to establish tls connection when tls configured
b3db314 Bump x/net to 0.13
Additional commits viewable in compare view

Updates github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.3

What's Changed

Pass BUILDTAGS argument to go build by @marcusirgens in distribution/distribution#3926

Enable Go build tags by @thaJeztah in distribution/distribution#4009

reference: replace deprecated function SplitHostname by @thaJeztah in distribution/distribution#4032

Dont parse errors as JSON unless Content-Type is set to JSON by @thaJeztah in distribution/distribution#4054

update to go 1.20.8 by @thaJeztah in distribution/distribution#4056

Set Content-Type header in registry client ReadFrom by @thaJeztah in distribution/distribution#4053

deprecate reference package, migrate to github.com/distribution/reference by @thaJeztah in distribution/distribution#4063

digestset: deprecate package in favor of go-digest/digestset by @thaJeztah in distribution/distribution#4064

Do not close HTTP request body in HTTP handler by @milosgajdos in distribution/distribution#4068

Add v2.8.3 release notes by @milosgajdos in distribution/distribution#4088

New Contributors

@marcusirgens made their first contribution in distribution/distribution#3926

Full Changelog: distribution/distribution@v2.8.2...v2.8.3

Commits

4772604 Merge pull request #4088 from distribution/2.8.3-release-notes
a4fa699 Add v2.8.3 release notes
1eb2c30 Merge pull request #4068 from milosgajdos/2_8-dont-close-request-body
5e6b1b5 Do not close HTTP request body in HTTP handler
2b76378 Merge pull request #4064 from thaJeztah/2.8_backport_nodigestset
29b00e8 digestset: deprecate package in favor of go-digest/digestset
d1ab243 [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0
11eb419 Merge pull request #4063 from thaJeztah/2.8_backport_switch_reference
3dda067 deprecate reference package, migrate to github.com/distribution/reference
da05539 Merge pull request #4053 from thaJeztah/2.8_backport_set-content-type-client-...
Additional commits viewable in compare view

Updates github.com/docker/docker-credential-helpers from 0.7.0 to 0.8.0

Release notes

Sourced from github.com/docker/docker-credential-helpers's releases.

v0.8.0

What's Changed

wincred: windows/arm64 support by @crazy-max in docker/docker-credential-helpers#279

osxkeychain: Delete(): return typed errors by @thaJeztah in docker/docker-credential-helpers#278

osxkeychain: match min macos version for xx by @crazy-max in docker/docker-credential-helpers#283

pass: fix interpolation of $PASSWORD_STORE_DIR, and use os.UserHomeDir() by @thaJeztah in docker/docker-credential-helpers#287

cli: assorted improvements, and add --version, -v, and --help, -h flags by @thaJeztah in docker/docker-credential-helpers#284

vendor: github.com/danieljoos/wincred v1.2.0 by @thaJeztah in docker/docker-credential-helpers#271

vendor: golang.org/x/sys v0.7.0 by @crazy-max in docker/docker-credential-helpers#265

chore: update go to 1.20.6 by @crazy-max @thaJeztah in docker/docker-credential-helpers#297 docker/docker-credential-helpers#293 docker/docker-credential-helpers#281 docker/docker-credential-helpers#263

chore: use go build constraint by @crazy-max in docker/docker-credential-helpers#289

credentials: fix minor nits in tests for credentials by @thaJeztah in docker/docker-credential-helpers#291

credentials: improve errors and error-handling by @thaJeztah in docker/docker-credential-helpers#292

chore: remove uses of golang.org/x/sys/execabs by @thaJeztah in docker/docker-credential-helpers#270

chore: format code with gofumpt by @thaJeztah in docker/docker-credential-helpers#273

chore: rewrite tests to use sub-tests, improve error-handling in tests, and use t.Cleanup() by @thaJeztah in docker/docker-credential-helpers#275

chore: use designated domains in tests (RFC2606) (step 1) by @thaJeztah in docker/docker-credential-helpers#294

chore: fix vendor validation by @crazy-max in docker/docker-credential-helpers#253

chore: update xx to 1.2.1 by @crazy-max in docker/docker-credential-helpers#264

chore: use same target for sandboxed and native tests by @crazy-max in docker/docker-credential-helpers#285

ci: bump runners to ubuntu-22.04 by @crazy-max in docker/docker-credential-helpers#276

chore: add CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md by @thaJeztah in docker/docker-credential-helpers#272

chore: fix build status badge being broken by @okrc in docker/docker-credential-helpers#252

docs: install emulators when building with docker by @crazy-max in docker/docker-credential-helpers#286

New Contributors

@okrc made their first contribution in docker/docker-credential-helpers#252

Full Changelog: docker/docker-credential-helpers@v0.7.0...v0.8.0

Commits

8396edb Merge pull request #297 from thaJeztah/update_go_1.20.6
a3d1ffc update go to go1.20.6
c03d56c deb: update to golang bullseye
7f48455 Merge pull request #294 from thaJeztah/use_designated_domains_step1
a90e3fa secretservice: use designated domains in tests (RFC2606)
ffb3232 pass: use designated domains in tests (RFC2606)
1050848 client: use designated domains in tests (RFC2606)
7d66ae0 osxkeychain: use designated domains in tests (RFC2606)
13475b4 credentials: use designated domains in tests (RFC2606)
91af1de registryurl: use designated domains in tests (RFC2606)
Additional commits viewable in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.3

What's Changed

Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read() by @splashing-atom in gabriel-vasile/mimetype#355

Bump golang.org/x/net from 0.8.0 to 0.17.0 by @dependabot in gabriel-vasile/mimetype#441

enable reusing records in csv/tsv detection by @gabriel-vasile in gabriel-vasile/mimetype#443

New Contributors

@splashing-atom made their first contribution in gabriel-vasile/mimetype#355

Full Changelog: gabriel-vasile/mimetype@v1.4.2...v1.4.3

Commits

e64d6bd enable reusing records in csv/tsv detection (#443)
b4da7ba Bump the gomod group with 1 update (#441)
918baec Bump the github-actions group with 4 updates (#442)
9df6903 Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read...
85b2cdc Merge pull request #414 from gabriel-vasile/dependabot/github_actions/github-...
24e5745 Merge pull request #412 from gabriel-vasile/dependabot/go_modules/gomod-939bd...
6bd9427 Bump the github-actions group with 5 updates
4f0da4f Bump the gomod group with 1 update
1a4b844 Group all dependabot PRs together (#409)
f5a14c2 Remove old travis build status link from readme (#407)
Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.5.0

What's Changed

*: Bump dependencies and go.mod to Go 1.18. Add codeQL workflow. by @pjbgf in go-git/go-billy#30

osfs: Add new BoundOS type by @pjbgf in go-git/go-billy#31

Re-introduce osfs.Default by @pjbgf in go-git/go-billy#33

Revert back to upstream github.com/cyphar/filepath-securejoin by @pjbgf in go-git/go-billy#34

Full Changelog: go-git/go-billy@v5.4.1...v5.5.0

Commits

5c1dfec Merge pull request #34 from pjbgf/bump-scj
3994cd7 osfs: Add WithDeduplicatePath
e223a66 Bump github.com/cyphar/filepath-securejoin
ca80085 Merge pull request #33 from pjbgf/default
74a6e60 Re-introduce osfs.Default
1d4d3d3 Merge pull request #31 from pjbgf/new-osfs
3c59de8 osfs: Add new BoundOS type
dafe8bc build: Bump Go to 1.19
326c59f Merge pull request #30 from pjbgf/updates
c88853b *: Add CodeQL workflow
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.6.1 to 5.9.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.9.0

What's Changed

git: worktree: add Amend option to CommitOptions by @john-cai in go-git/go-git#438

git: worktree, reset ignored files that are part of the worktree: Fixes #819 by @daolis in go-git/go-git#821

plumbing: Do not swallow http message coming from VCS providers by @matejrisek in go-git/go-git#835

plumbing: transport, handle IPv6 while parsing endpoint. Fixes #740 by @ninedraft in go-git/go-git#820

*: update goproxy dependency to fix CVE-2023-37788 vulnerability by @svghadi in go-git/go-git#832

*: bump dependencies and Go to 1.19 by @pjbgf in go-git/go-git#837

New Contributors

@svghadi made their first contribution in go-git/go-git#832

@daolis made their first contribution in go-git/go-git#821

Full Changelog: go-git/go-git@v5.8.1...v5.9.0

v5.8.1

What's Changed

*: Bump dependencies by @pjbgf in go-git/go-git#815

Full Changelog: go-git/go-git@v5.8.0...v5.8.1

v5.8.0

What's Changed

git: Fix fetching after shallow clone. Fixes #305 by @AriehSchneier in go-git/go-git#778

git: enable fetch with unqualified references by @AriehSchneier in go-git/go-git#762

git: don't add to want if exists, shallow and depth 1 by @AriehSchneier in go-git/go-git#763

git: Clone HEAD should not force master. Fixes #363 by @AriehSchneier in go-git/go-git#758

git: fix the issue with submodules having the SCP style URL fail due to the wrong URL parsing by @matejrisek in go-git/go-git#756

git: add a clone option to allow for shallow cloning of submodules by @matejrisek in go-git/go-git#765

worktree: minor speedup for doAddDirectory by @ThinkChaos in go-git/go-git#702

_examples: Remove wrong comment by @pascal-hofmann in go-git/go-git#357

*: Handle paths starting with tilde by @ricci2511 in go-git/go-git#808

*: Handle paths starting with ~Username by @AriehSchneier in go-git/go-git#809

storage: filesystem/dotgit, add support for tmp_objdir prefix by @L11R in go-git/go-git#812

plumbing: gitignore, replace user dir in path by @Jleagle in go-git/go-git#772

plumbing: gitignore, fix incorrect parsing. Fixes #500 by @AriehSchneier in go-git/go-git#781

plumbing: http, Fix empty repos on Git v2.41+ by @pjbgf in go-git/go-git#802

plumbing: packp, A request is not empty if it contains shallows. Fixes #328 by @AriehSchneier in go-git/go-git#792

plumbing: blame, Complete rewrite. Fixes #603 by @AriehSchneier in go-git/go-git#789

plumbing: gitignore, Allow gitconfig to contain a gitignore relative to any user home. Fixes #578 by @AriehSchneier in go-git/go-git#785

New Contributors

@Jleagle made their first contribution in go-git/go-git#772

@pascal-hofmann made their first contribution in go-git/go-git#357

@ricci2511 made their first contribution in go-git/go-git#808

@L11R made their first contribution in go-git/go-git#812

Full Changelog: go-git/go-git@v5.7.0...v5.7.1

... (truncated)

Commits

e24e0f7 *: Bump go-billy to v5.5.0
ff0bd08 Merge pull request #837 from pjbgf/bump
cbbeb49 *: Bump to Go 1.19
cf3a75c *: Bump dependencies
51e9c9f Merge pull request #835 from matejrisek/feature/do-not-swallow-vcs-host-errors
5ad72db plumbing: Do not swallow http message coming from VCS providers.
0377d06 Merge pull request #821 from daolis/bug/resetfix
753b0d5 git: worktree, reset ignored files that are part of the worktree: Fixes #819
cd3a21c Merge pull request #832 from svghadi/CVE-2023-37788
f71a449 *: Bump goproxy dep. Fixes #826
Additional commits viewable in compare view

Updates github.com/google/go-cmp from 0.5.9 to 0.6.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.6.0

New API:

(#340) Add cmpopts.EquateComparable

Documentation changes:

(#337) Use of hotlinking of Go identifiers

Build changes:

(#325) Remove purego fallbacks

Testing changes:

(#322) Run tests for Go 1.20 version

(#332) Pin GitHub action versions

(#327) set workflow permission to read-only

Commits

c3ad843 Add cmpopts.EquateComparable (#340)
e250a55 Use of hotlinking of Go identifiers (#337)
8a3e8dd set workflow permission to read-only (#327)
8cea5de Pin GitHub action versions (#332)
3bb304a Run tests for Go 1.20 version (#322)
571a56b Remove purego fallbacks (#325)
See full diff in compare view

Updates github.com/google/go-containerregistry from 0.15.1 to 0.16.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.16.1

Release is broken due to goreleaser error, 0.16.1 has the fix

What's Changed

bump deps using ./hack/bump-deps.sh by @imjasonh in google/go-containerregistry#1702

Allow crane to export schema 1 images by @jonjohnsonjr in google/go-containerregistry#1704

fixed a goroutine leak by @ktarplee in google/go-containerregistry#1705

retry HTTP 522 errors by default by @imjasonh in google/go-containerregistry#1707

Limit size of manifest by @AdamKorcz in google/go-containerregistry#1711

Add crane auth token by @jonjohnsonjr in google/go-containerregistry#1709

Bump codecov/codecov-action from 3.1.3 to 3.1.4 by @dependabot in google/go-containerregistry#1710

Pass scopes through crane auth token by @jonjohnsonjr in google/go-containerregistry#1713

fix: add bounds checking to addendum layer mutations to prevent panic by @aaron-prindle in google/go-containerregistry#1715

Surface better error messages in crane index by @jonjohnsonjr in google/go-containerregistry#1722

crane: add missing name option in crane index commands by @HubertZhang in google/go-containerregistry#1723

crane: Respect cmd.OutOrStdout by @kyleconroy in google/go-containerregistry#1728

Make ErrSchema1 checkable via errors.Is() by @Laitr0n in google/go-containerregistry#1721

Don't load into daemon if the image already exists by @jonjohnsonjr in google/go-containerregistry#1724

add --blobs-to-disk to 'crane registry serve' by @imjasonh in google/go-containerregistry#1731

Correct crane registry help text by @jonjohnsonjr in google/go-containerregistry#1732

Allow concurrent blob Sets, use RWMutex by @mattmoor in google/go-containerregistry#1733

Use RWLock, limit scope of locking, write digest first by @mattmoor in google/go-containerregistry#1734

Let the filesystem handle atomicity by @mattmoor in google/go-containerregistry#1735

Don't try cross-origin mounting against dockerhub by @jonjohnsonjr in google/go-containerregistry#1743

Drop localhost to support crane registry serve in a container by @mattmoor in google/go-containerregistry#1746

Return OCI Index content-type for referrers response by @jdolitsky in google/go-containerregistry#1762

New Contributors

@AdamKorcz made their first contribution in google/go-containerregistry#1711

@HubertZhang made their first contribution in google/go-containerregistry#1723

@kyleconroy made their first contribution in google/go-containerregistry#1728

@Laitr0n made their first contribution in google/go-containerregistry#1721

Full Changelog: google/go-containerregistry@v0.15.2...v0.16.1

Container Images

https://gcr.io/go-containerregistry/crane:v0.16.1 https://gcr.io/go-containerregistry/gcrane:v0.16.1

For example:
docker pull gcr.io/go-containerregistry/crane:v0.16.1
docker pull gcr.io/go-containerregistry/gcrane:v0.16.1
v0.16.0

Release is broken due to goreleaser error, 0.16.1 has the fix

... (truncated)

Commits

a54d642 fix: pin to goreleaser v1.18 to unblock release (#1763)
ea19b57 Return OCI Index content-type for referrers response (#1762)
b850480 Drop localhost to support crane registry serve in a container (#1746)
fe268b7 Don't try cross-origin mounting against dockerhub (#1743)
2472cbb Let the filesystem handle atomicity (#1735)
db818dc Use RWLock, limit scope of locking, write digest first (#1734)
44a6e2e Allow concurrent blob Sets, use RWMutex (#1733)
9010ce1 Correct crane registry help text (#1732)
03ad2ac add --blobs-to-disk to 'crane registry serve' (#1731)
4e4b03a Don't load into daemon if the image already exists (#1724)
Additional commits viewable in compare view

Updates github.com/google/uuid from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/google/uuid's releases.

v1.3.1

1.3.1 (2023-08-18)

Bug Fixes

Use .EqualFold() to parse urn prefixed UUIDs (#118) (574e687)

Changelog

Sourced from github.com/google/uuid's changelog.

1.3.1 (2023-08-18)

Bug Fixes

Use .EqualFold() to parse urn prefixed UUIDs (#118) (574e687)

Changelog

Commits

b3cae7c chore(master): release 1.3.1 (#127)
7b8f57c fix(ci): switch to release-please app (#126)

Bumps the go-modules group with 25 updates: | Package | From | To | | --- | --- | --- | | [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.7.1` | `0.7.2` | | [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff) | `4.2.0` | `4.2.1` | | [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.0` | `1.7.7` | | [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.2+incompatible` | `2.8.3+incompatible` | | [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.7.0` | `0.8.0` | | [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) | `1.4.2` | `1.4.3` | | [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.4.1` | `5.5.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.6.1` | `5.9.0` | | [github.com/google/go-cmp](https://github.com/google/go-cmp) | `0.5.9` | `0.6.0` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.15.1` | `0.16.1` | | [github.com/google/uuid](https://github.com/google/uuid) | `1.3.0` | `1.3.1` | | [github.com/jinzhu/copier](https://github.com/jinzhu/copier) | `0.3.5` | `0.4.0` | | [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.16.5` | `1.17.0` | | [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.14` | `0.0.15` | | [github.com/moby/patternmatcher](https://github.com/moby/patternmatcher) | `0.5.0` | `0.6.0` | | [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.1.5` | `1.1.9` | | [github.com/pierrec/lz4/v4](https://github.com/pierrec/lz4) | `4.1.17` | `4.1.18` | | [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.2.0` | `1.2.1` | | [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) | `0.5.0` | `0.5.3` | | [github.com/spf13/afero](https://github.com/spf13/afero) | `1.9.5` | `1.10.0` | | [github.com/spf13/cast](https://github.com/spf13/cast) | `1.5.0` | `1.5.1` | | [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) | `2.11.3` | `2.15.0` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.21.0` | `0.25.0` | | [github.com/vbatts/tar-split](https://github.com/vbatts/tar-split) | `0.11.3` | `0.11.5` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.57.0` | `1.58.3` | Updates `github.com/CycloneDX/cyclonedx-go` from 0.7.1 to 0.7.2 - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml) - [Commits](CycloneDX/cyclonedx-go@v0.7.1...v0.7.2) Updates `github.com/cenkalti/backoff/v4` from 4.2.0 to 4.2.1 - [Commits](cenkalti/backoff@v4.2.0...v4.2.1) Updates `github.com/containerd/containerd` from 1.7.0 to 1.7.7 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.0...v1.7.7) Updates `github.com/docker/distribution` from 2.8.2+incompatible to 2.8.3+incompatible - [Release notes](https://github.com/docker/distribution/releases) - [Commits](distribution/distribution@v2.8.2...v2.8.3) Updates `github.com/docker/docker-credential-helpers` from 0.7.0 to 0.8.0 - [Release notes](https://github.com/docker/docker-credential-helpers/releases) - [Commits](docker/docker-credential-helpers@v0.7.0...v0.8.0) Updates `github.com/gabriel-vasile/mimetype` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/gabriel-vasile/mimetype/releases) - [Commits](gabriel-vasile/mimetype@v1.4.2...v1.4.3) Updates `github.com/go-git/go-billy/v5` from 5.4.1 to 5.5.0 - [Release notes](https://github.com/go-git/go-billy/releases) - [Commits](go-git/go-billy@v5.4.1...v5.5.0) Updates `github.com/go-git/go-git/v5` from 5.6.1 to 5.9.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.6.1...v5.9.0) Updates `github.com/google/go-cmp` from 0.5.9 to 0.6.0 - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](google/go-cmp@v0.5.9...v0.6.0) Updates `github.com/google/go-containerregistry` from 0.15.1 to 0.16.1 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.15.1...v0.16.1) Updates `github.com/google/uuid` from 1.3.0 to 1.3.1 - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](google/uuid@v1.3.0...v1.3.1) Updates `github.com/jinzhu/copier` from 0.3.5 to 0.4.0 - [Commits](jinzhu/copier@v0.3.5...v0.4.0) Updates `github.com/klauspost/compress` from 1.16.5 to 1.17.0 - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.16.5...v1.17.0) Updates `github.com/mattn/go-runewidth` from 0.0.14 to 0.0.15 - [Commits](mattn/go-runewidth@v0.0.14...v0.0.15) Updates `github.com/moby/patternmatcher` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/moby/patternmatcher/releases) - [Commits](moby/patternmatcher@v0.5.0...v0.6.0) Updates `github.com/opencontainers/runc` from 1.1.5 to 1.1.9 - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/v1.1.9/CHANGELOG.md) - [Commits](opencontainers/runc@v1.1.5...v1.1.9) Updates `github.com/pierrec/lz4/v4` from 4.1.17 to 4.1.18 - [Commits](pierrec/lz4@v4.1.17...v4.1.18) Updates `github.com/skeema/knownhosts` from 1.2.0 to 1.2.1 - [Commits](skeema/knownhosts@v1.2.0...v1.2.1) Updates `github.com/spdx/tools-golang` from 0.5.0 to 0.5.3 - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](spdx/tools-golang@v0.5.0...v0.5.3) Updates `github.com/spf13/afero` from 1.9.5 to 1.10.0 - [Release notes](https://github.com/spf13/afero/releases) - [Commits](spf13/afero@v1.9.5...v1.10.0) Updates `github.com/spf13/cast` from 1.5.0 to 1.5.1 - [Release notes](https://github.com/spf13/cast/releases) - [Commits](spf13/cast@v1.5.0...v1.5.1) Updates `github.com/sylabs/sif/v2` from 2.11.3 to 2.15.0 - [Release notes](https://github.com/sylabs/sif/releases) - [Changelog](https://github.com/sylabs/sif/blob/main/.goreleaser.yml) - [Commits](sylabs/sif@v2.11.3...v2.15.0) Updates `github.com/testcontainers/testcontainers-go` from 0.21.0 to 0.25.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.21.0...v0.25.0) Updates `github.com/vbatts/tar-split` from 0.11.3 to 0.11.5 - [Release notes](https://github.com/vbatts/tar-split/releases) - [Commits](vbatts/tar-split@v0.11.3...v0.11.5) Updates `google.golang.org/grpc` from 1.57.0 to 1.58.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.57.0...v1.58.3) --- updated-dependencies: - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/cenkalti/backoff/v4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/containerd/containerd dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/docker/distribution dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/docker/docker-credential-helpers dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/gabriel-vasile/mimetype dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/go-git/go-billy/v5 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/go-git/go-git/v5 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/google/go-cmp dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/google/go-containerregistry dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/google/uuid dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/jinzhu/copier dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/klauspost/compress dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/mattn/go-runewidth dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/moby/patternmatcher dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/opencontainers/runc dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/pierrec/lz4/v4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/skeema/knownhosts dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/spdx/tools-golang dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/spf13/afero dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/spf13/cast dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/sylabs/sif/v2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/testcontainers/testcontainers-go dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/vbatts/tar-split dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: google.golang.org/grpc dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2023-10-16T20:36:28Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot requested a review from a team as a code owner October 12, 2023 20:10

dependabot bot requested review from ryanmoran and TisVictress October 12, 2023 20:10

dependabot bot added the failure:update-dependencies An issue filed automatically when updating buildpack.toml dependencies fails in a workflow label Oct 12, 2023

dependabot bot mentioned this pull request Oct 12, 2023

Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 #552

Closed

paketo-bot added the semver:patch A change requiring a patch version bump label Oct 12, 2023

dependabot bot closed this Oct 16, 2023

dependabot bot deleted the dependabot/go_modules/go-modules-d51e0b6d56 branch October 16, 2023 20:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group with 25 updates #555

Bump the go-modules group with 25 updates #555

dependabot bot commented on behalf of github Oct 12, 2023 •

edited

Loading

dependabot bot commented on behalf of github Oct 16, 2023

Bump the go-modules group with 25 updates #555

Bump the go-modules group with 25 updates #555

Conversation

dependabot bot commented on behalf of github Oct 12, 2023 • edited Loading

v0.7.2

Changelog

Features

Fixes

Building and Packaging

Others

containerd 1.7.7

Notable Updates

Contributors

Changes

v2.8.3

What's Changed

New Contributors

v0.8.0

What's Changed

New Contributors

v1.4.3

What's Changed

New Contributors

v5.5.0

What's Changed

v5.9.0

What's Changed

New Contributors

v5.8.1

What's Changed

v5.8.0

What's Changed

New Contributors

v0.6.0

v0.16.1

What's Changed

New Contributors

Container Images

v0.16.0

v1.3.1

1.3.1 (2023-08-18)

Bug Fixes

1.3.1 (2023-08-18)

Bug Fixes

Changelog

dependabot bot commented on behalf of github Oct 16, 2023

dependabot bot commented on behalf of github Oct 12, 2023 •

edited

Loading