Bump the patches group with 7 updates #788

dependabot · 2023-12-01T12:12:04Z

Bumps the patches group with 7 updates:

Package	From	To
github.com/go-git/go-git/v5	`5.10.0`	`5.10.1`
github.com/labstack/echo/v4	`4.11.2`	`4.11.3`
github.com/moby/buildkit	`0.12.3`	`0.12.4`
github.com/regclient/regclient	`0.5.3`	`0.5.5`
github.com/traefik/traefik/v2	`2.10.5`	`2.10.6`
k8s.io/api	`0.28.3`	`0.28.4`
k8s.io/client-go	`0.28.3`	`0.28.4`

Updates github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.10.1

What's Changed

Worktree, ignore ModeSocket files by @steiler in go-git/go-git#930

git: add tracer package by @aymanbagabas in go-git/go-git#916

remote: Flip clause for fast-forward only check by @adityasaky in go-git/go-git#875

plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes #900 by @anandf in go-git/go-git#901

plumbing: uppload-server-info, implement upload-server-info by @aymanbagabas in go-git/go-git#896

plumbing: optimise memory consumption for filesystem storage by @pjbgf in go-git/go-git#799

plumbing: format/packfile, Refactor patch delta by @pjbgf in go-git/go-git#908

plumbing: fix empty uploadpack request error by @aymanbagabas in go-git/go-git#932

plumbing: transport/git, Improve tests error message by @pjbgf in go-git/go-git#752

plumbing: format/pktline, Respect pktline error-line errors by @aymanbagabas in go-git/go-git#936

utils: remove ioutil.Pipe and use std library io.Pipe by @aymanbagabas in go-git/go-git#922

utils: move trace to utils by @aymanbagabas in go-git/go-git#931

cli: separate go module for cli by @aymanbagabas in go-git/go-git#914

build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in go-git/go-git#887

build: bump actions/setup-go from 3 to 4 by @dependabot in go-git/go-git#891

build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by @dependabot in go-git/go-git#888

build: bump actions/checkout from 3 to 4 by @dependabot in go-git/go-git#890

build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by @dependabot in go-git/go-git#907

build: bump golang.org/x/text from 0.13.0 to 0.14.0 by @dependabot in go-git/go-git#906

build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by @dependabot in go-git/go-git#917

build: bump golang.org/x/net from 0.17.0 to 0.18.0 by @dependabot in go-git/go-git#918

New Contributors

@anandf made their first contribution in go-git/go-git#901

@steiler made their first contribution in go-git/go-git#930

Full Changelog: go-git/go-git@v5.10.0...v5.10.1

Commits

90348bd Merge pull request #936 from aymanbagabas/more-packp
f46d04a plumbing: transport: use git-proto-request and decode error-line errors
e2c6ae3 plumbing: handle pktline erro-line as errors
e187533 plumbing: add git-proto-request type
fecea41 Merge pull request #930 from steiler/fixSockets
5349b8a utils: merkletrie, Skip loading sockets as filesystem nodes. Fixes #312
c114af0 Merge pull request #752 from pjbgf/rt1
2e14e3a plumbing: transport/git, Improve tests error message
6d62dd1 Merge pull request #932 from aymanbagabas/fix-empty
05551b7 plumbing: fix empty uploadpack request error
Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.11.2 to 4.11.3

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.11.3

Security

'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #2541

Enhancements

Tests: refactor context tests to be separate functions #2540

Proxy middleware: reuse echo request context #2537

Mark unmarshallable yaml struct tags as ignored #2536

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.11.3 - 2023-11-07

Security

'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #2541

Enhancements

Tests: refactor context tests to be separate functions #2540

Proxy middleware: reuse echo request context #2537

Mark unmarshallable yaml struct tags as ignored #2536

Commits

4b26cde Changelog for v4.11.3 (#2542)
14daeb9 Security: c.Attachment and c.Inline should escape name in `Content-Dispositio...
50ebcd8 refactor context tests to be separate functions (#2540)
c7d6d43 proxy middleware: reuse echo request context (#2537)
69a0de8 Mark unmarshallable yaml struct tags as ignored (#2536)
See full diff in compare view

Updates github.com/moby/buildkit from 0.12.3 to 0.12.4

Commits

833949d Merge pull request #4452 from crazy-max/v0.12.4_cherry-picks
020073b llbsolver: fix possible panic when setting event to nil
5f41ca6 llbsolver: fix possible deadlock in history listen
646e71a buildkitd: fix debug handler listener
f83447b solver: fix possible concurrent map access on cache export
f4f4d2a Merge pull request #4372 from thaJeztah/0.12_backport_bump_compress
263be91 vendor: github.com/klauspost/compress v1.17.2
See full diff in compare view

Updates github.com/regclient/regclient from 0.5.3 to 0.5.5

Release notes

Sourced from github.com/regclient/regclient's releases.

v0.5.5

Release v0.5.5

New Features:

Add OpenSSF Best Practices Badge. (PR 607)

Adding OpenSSF Scorecard badge and GHA workflow. (PR 609)

Fixes:

Validate references in regclient methods. (PR 595)

Data race in the reghttp fallback timeout handling. (PR 599)

HTTP proxy using environment variables. (PR 615)

Chores:

Reorder descriptor fields. (PR 594)

Add test for ocidir throttle race. (PR 601)

Add gomajor utility to Makefile. (PR 602)

Add commands to Makefile for managing releases. (PR 604)

Pin GitHub actions. (PR 605)

Use full semver on dependencies where available. (PR 605)

Adjust token permissions on GitHub actions. (PR 606)

Include disclosure timeline in security policy. (PR 608)

Improve contributor guidelines. (PR 612)

Improve BlobPut tests. (PR 613)

Contributors:

@peusebiu

@sudo-bmitch

v0.5.4

Release v0.5.4

... (truncated)

Changelog

Sourced from github.com/regclient/regclient's changelog.

Release v0.5.5

New Features:

Add OpenSSF Best Practices Badge. (PR 607)

Adding OpenSSF Scorecard badge and GHA workflow. (PR 609)

Fixes:

Validate references in regclient methods. (PR 595)

Data race in the reghttp fallback timeout handling. (PR 599)

HTTP proxy using environment variables. (PR 615)

Chores:

Reorder descriptor fields. (PR 594)

Add test for ocidir throttle race. (PR 601)

Add gomajor utility to Makefile. (PR 602)

Add commands to Makefile for managing releases. (PR 604)

Pin GitHub actions. (PR 605)

Use full semver on dependencies where available. (PR 605)

Adjust token permissions on GitHub actions. (PR 606)

Include disclosure timeline in security policy. (PR 608)

Improve contributor guidelines. (PR 612)

Improve BlobPut tests. (PR 613)

Contributors:

@peusebiu

@sudo-bmitch

Commits

278ecbf Release v0.5.5
f1e4387 Merge for release v0.5.5
2893be7 Merge pull request #615 from sudo-bmitch/pr-http-proxy-fix
de8971b Use http.Client default values
1a8e8e1 Merge pull request #613 from sudo-bmitch/pr-blob-reg-tests
f5f7e77 Add blob tests
e749823 Merge pull request #612 from sudo-bmitch/pr-contributing-guidelines
ecfb165 Improve the contributor guidance
0210613 Merge pull request #609 from sudo-bmitch/pr-scorecard
0618cb0 Add scorecard GHA and badge
Additional commits viewable in compare view

Updates github.com/traefik/traefik/v2 from 2.10.5 to 2.10.6

Release notes

Sourced from github.com/traefik/traefik/v2's releases.

v2.10.6

Go CVEs:

CVE-2023-45283

CVE-2023-45284

Bug fixes:

[acme] Remove backoff for http challenge (CVE-2023-47124) (#10224 by youkoulayley)

[consul,consulcatalog] Update github.com/hashicorp/consul/api (#10220 by kevinpollet)

[http3] Update quic-go to v0.39.1 (#10171 by tomMoulard)

[middleware] Fix stripPrefix middleware is not applied to retried attempts (#10255 by niki-timofe)

[provider] Refuse recursive requests (CVE-2023-47633) (#10242 by rtribotte)

[server] Deny request with fragment in URL path (CVE-2023-47106) (#10229 by lbenguigui)

[tracing] Remove deprecated code usage for datadog tracer (#10196 by mmatur)

Documentation:

[governance] Update the review process and maintainers team documentation (#10230 by geraldcroes)

[governance] Guidelines Update (#10197 by geraldcroes)

[metrics] Add a mention for the host header in metrics headers labels doc (#10172 by rtribotte)

[middleware] Rephrase BasicAuth and DigestAuth docs (#10226 by sssash18)

[middleware] Improve ErrorPages examples (#10209 by arendhummeling)

Add @lbenguigui to maintainers (#10222 by kevinpollet)

Changelog

Sourced from github.com/traefik/traefik/v2's changelog.

v2.10.6 (2023-11-28)

All Commits

Bug fixes:

[acme] Remove backoff for http challenge (#10224 by youkoulayley)

[consul,consulcatalog] Update github.com/hashicorp/consul/api (#10220 by kevinpollet)

[http3] Update quic-go to v0.39.1 (#10171 by tomMoulard)

[middleware] Fix stripPrefix middleware is not applied to retried attempts (#10255 by niki-timofe)

[provider] Refuse recursive requests (#10242 by rtribotte)

[server] Deny request with fragment in URL path (#10229 by lbenguigui)

[tracing] Remove deprecated code usage for datadog tracer (#10196 by mmatur)

Documentation:

[governance] Update the review process and maintainers team documentation (#10230 by geraldcroes)

[governance] Guidelines Update (#10197 by geraldcroes)

[metrics] Add a mention for the host header in metrics headers labels doc (#10172 by rtribotte)

[middleware] Rephrase BasicAuth and DigestAuth docs (#10226 by sssash18)

[middleware] Improve ErrorPages examples (#10209 by arendhummeling)

Add @lbenguigui to maintainers (#10222 by kevinpollet)

Commits

dae0491 Prepare release v2.10.6
f4ddf25 Fixed stripPrefix middleware is not applied to retried attempts
789046f feat: upgrade codegen for kubernetes to v0.28.3
186e3e1 Refuse recursive requests
088fe3c docs: improve errorpages examples to avoid confusion
553ef94 chore: update linter
12e50e2 Deny request with fragment in URL path
cd32665 Guidelines Update
3de2943 docs: better visibility of the review process + maintainers team
84516f9 Remove backoff for http challenge
Additional commits viewable in compare view

Updates k8s.io/api from 0.28.3 to 0.28.4

Commits

6946e30 Update dependencies to v0.28.4 tag
a4f9a1a Merge pull request #121545dims/automated-cherry-pick-of-#121364
5aafa00 bump golang.org/grpc to v1.56.3
See full diff in compare view

Updates k8s.io/client-go from 0.28.3 to 0.28.4

Commits

dc247fe Update dependencies to v0.28.4 tag
6ecf5b9 Merge pull request #121545dims/automated-cherry-pick-of-#121364
8ad28e8 bump golang.org/grpc to v1.56.3
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the patches group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.10.0` | `5.10.1` | | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.11.2` | `4.11.3` | | [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.12.3` | `0.12.4` | | [github.com/regclient/regclient](https://github.com/regclient/regclient) | `0.5.3` | `0.5.5` | | [github.com/traefik/traefik/v2](https://github.com/traefik/traefik) | `2.10.5` | `2.10.6` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.28.3` | `0.28.4` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.28.3` | `0.28.4` | Updates `github.com/go-git/go-git/v5` from 5.10.0 to 5.10.1 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.10.0...v5.10.1) Updates `github.com/labstack/echo/v4` from 4.11.2 to 4.11.3 - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](labstack/echo@v4.11.2...v4.11.3) Updates `github.com/moby/buildkit` from 0.12.3 to 0.12.4 - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.12.3...v0.12.4) Updates `github.com/regclient/regclient` from 0.5.3 to 0.5.5 - [Release notes](https://github.com/regclient/regclient/releases) - [Changelog](https://github.com/regclient/regclient/blob/v0.5.5/release.md) - [Commits](regclient/regclient@v0.5.3...v0.5.5) Updates `github.com/traefik/traefik/v2` from 2.10.5 to 2.10.6 - [Release notes](https://github.com/traefik/traefik/releases) - [Changelog](https://github.com/traefik/traefik/blob/v2.10.6/CHANGELOG.md) - [Commits](traefik/traefik@v2.10.5...v2.10.6) Updates `k8s.io/api` from 0.28.3 to 0.28.4 - [Commits](kubernetes/api@v0.28.3...v0.28.4) Updates `k8s.io/client-go` from 0.28.3 to 0.28.4 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.28.3...v0.28.4) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: github.com/labstack/echo/v4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: github.com/regclient/regclient dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: github.com/traefik/traefik/v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/motoki317/sc](https://github.com/motoki317/sc) from 1.6.0 to 1.7.1. - [Release notes](https://github.com/motoki317/sc/releases) - [Commits](motoki317/sc@v1.6.0...v1.7.1) --- updated-dependencies: - dependency-name: github.com/motoki317/sc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> # Conflicts: # go.mod

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.16.0. - [Commits](golang/crypto@v0.14.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> # Conflicts: # go.mod # go.sum

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.4.0 to 0.5.0. - [Commits](golang/sync@v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> # Conflicts: # go.mod

Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.12.1 to 1.13.0. - [Release notes](https://github.com/mongodb/mongo-go-driver/releases) - [Commits](mongodb/mongo-go-driver@v1.12.1...v1.13.0) --- updated-dependencies: - dependency-name: go.mongodb.org/mongo-driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> # Conflicts: # go.mod

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.47.0 to 1.48.10. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](aws/aws-sdk-go@v1.47.0...v1.48.10) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.19.0. - [Commits](golang/net@v0.17.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> # Conflicts: # go.mod # go.sum

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 1, 2023

dependabot bot added 6 commits December 1, 2023 22:02

motoki317 merged commit a2e47cc into main Dec 1, 2023
11 checks passed

motoki317 deleted the dependabot/go_modules/patches-a8000e7736 branch December 1, 2023 13:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the patches group with 7 updates #788

Bump the patches group with 7 updates #788

dependabot bot commented on behalf of github Dec 1, 2023

Bump the patches group with 7 updates #788

Bump the patches group with 7 updates #788

Conversation

dependabot bot commented on behalf of github Dec 1, 2023

v5.10.1

What's Changed

New Contributors

v4.11.3

v4.11.3 - 2023-11-07

v0.5.5

Release v0.5.5

v0.5.4

Release v0.5.4

Release v0.5.5

v2.10.6

v2.10.6 (2023-11-28)