Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the gomodupdates group across 1 directory with 9 updates #4990

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 16, 2024

Bumps the gomodupdates group with 9 updates in the / directory:

Package From To
github.com/CycloneDX/cyclonedx-go 0.9.1 0.9.2
github.com/aws/aws-sdk-go-v2/service/ec2 1.195.0 1.197.0
github.com/pierrec/lz4/v4 4.1.21 4.1.22
golang.org/x/crypto 0.30.0 0.31.0
google.golang.org/grpc 1.68.1 1.69.0
k8s.io/apimachinery 0.28.9 0.32.0
k8s.io/client-go 0.28.9 0.32.0
k8s.io/component-base 0.28.9 0.32.0
k8s.io/kubelet 0.28.9 0.32.0

Updates github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.2

Changelog

Features

  • 39ede217f126cfbc80eabf880f6643be3d392a4f: feat: add MarshalXML and UnmarshalXML (@​DmitriyLewen)
  • e9191ed11a269fcb6b3fb54e000ed6d81b5bf9db: feat: add UnmarshalJSON (@​DmitriyLewen)

Fixes

  • 80fede1f13a956d35eb14696cd2ca9d2d943f809: fix: add json tag for Identity (@​DmitriyLewen)
  • 24e9503293f0837e6e7ea3ff670ef958e6075b87: fix: tests (@​DmitriyLewen)
  • d68a199bc1747e5d6a7d4196c2f270535bbf6e3e: fix: use identity as array in valid-evidence.json (@​DmitriyLewen)
  • ff9cc28f9c9554328bd6c1ad56098be5a692d5e9: fix: use componentEvidence array for Evidence.Identity field (@​DmitriyLewen)

Building and Packaging

  • 016ee293d464d6383be3a714f7fb0debebef8ad5: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (@​dependabot[bot])
  • 77153ab5fe005f6484ac1e1225e7152df00db3f1: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (@​dependabot[bot])
  • 4f50d02c1282ac1d0d7448502b231a0e84a1e529: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (@​dependabot[bot])
  • b84451219e77e0fbbe7d5ba054bcf25dbc7aaea4: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (@​dependabot[bot])
  • 238cbea3479fed9fdfcbfa5f1751828390a05211: build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (@​dependabot[bot])
  • bbe8f3c2c7c4567514ae966c69bf93fc1b3dba2a: build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (@​dependabot[bot])
  • 05f8930fe918a31941ebf90eec627e5e6e908d1c: build(deps): bump github.com/terminalstatic/go-xsd-validate (@​dependabot[bot])
  • 082f87791a5e290c9d4c6e8126dc0cc987028a60: build(deps): bump gitpod/workspace-go from 2a9e01c to 9c95281 (@​dependabot[bot])
  • 093b1c15164dad5d46768db0e3f6ee43eb60ca20: build(deps): bump gitpod/workspace-go from 9c95281 to 6932342 (@​dependabot[bot])
  • 47b7e01ce8f8209894065e9656217b8c00a3c8ea: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (@​dependabot[bot])
  • ce6eb841cb1e21aa28efbccd9eb8fe5eea0555c9: build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (@​dependabot[bot])

Others

  • 4d3aff9fab9ae78bd6fbbc9fd0912fab14c8fb64: UPDATE_SNAPSHOTS=true make test (@​DmitriyLewen)
  • 31d954443e6563aeee69d82bdfb82aee83e07df1: refactor (@​DmitriyLewen)
  • 0170729e313a681fc8659643601410ae10ffe803: refactor: update convert package (@​DmitriyLewen)
Commits
  • cba06ff Merge pull request #205 from CycloneDX/dependabot/go_modules/github.com/termi...
  • 5c81749 Merge pull request #211 from CycloneDX/dependabot/github_actions/actions/setu...
  • 753526c Merge pull request #204 from DmitriyLewen/fix/componentEvidence-as-array
  • 4d3aff9 UPDATE_SNAPSHOTS=true make test
  • d68a199 fix: use identity as array in valid-evidence.json
  • 24e9503 fix: tests
  • 238cbea build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
  • a7f7415 Merge branch 'master' of github.com:DmitriyLewen/cyclonedx-go into fix/compon...
  • 05f8930 build(deps): bump github.com/terminalstatic/go-xsd-validate
  • 464d426 Merge pull request #202 from CycloneDX/dependabot/github_actions/actions/chec...
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ec2 from 1.195.0 to 1.197.0

Commits

Updates github.com/pierrec/lz4/v4 from 4.1.21 to 4.1.22

Commits
  • fdaa7e2 lz4stream/block: compute block checksum on the block not its source.
  • See full diff in compare view

Updates golang.org/x/crypto from 0.30.0 to 0.31.0

Commits

Updates google.golang.org/grpc from 1.68.1 to 1.69.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.69.0

Known Issues

  • The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (#7556)

New Features

  • stats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (#7874)
  • xdsclient: add support to fallback to lower priority servers when higher priority ones are down (#7701)
  • dns: Add support for link local IPv6 addresses (#7889)
  • The new experimental pickfirst LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in RFC-8305 section 4, to attempt connections to multiple backends concurrently. The experimental pickfirst policy can be enabled by setting the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to true. (#7725, #7742)
  • balancer/pickfirst: Emit metrics from the pick_first load balancing policy (#7839)
  • grpc: export MethodHandler, which is the type of an already-exported field in MethodDesc (#7796)

Bug Fixes

  • credentials/google: set scope for application default credentials (#7887)
  • xds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (#7851, #7853)
  • examples: fix the debugging example, which was broken by a recent change (#7833)

Behavior Changes

  • client: update retry attempt backoff to apply jitter per updates to gRFC A6. (#7869)
  • balancer/weightedroundrobin: use the pick_first LB policy to manage connections (#7826)

API Changes

  • balancer: An internal method is added to the balancer.SubConn interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (#7840)

Performance Improvements

  • mem: implement a ReadAll() method for more efficient io.Reader consumption (#7653)
  • mem: use slice capacity instead of length to determine whether to pool buffers or directly allocate them (#7702)

Documentation

  • examples/csm_observability: Add xDS Credentials and switch server to be xDS enabled (#7875)
Commits
  • 317271b pickfirst: Register a health listener when used as a leaf policy (#7832)
  • 5565631 balancer/pickfirst: replace grpc.Dial with grpc.NewClient in tests (#7879)
  • 634497b test: Split import paths for generated message and service code (#7891)
  • 78aa51b pickfirst: Stop test servers without closing listeners (#7872)
  • 00272e8 dns: Support link local IPv6 addresses (#7889)
  • 17d08f7 scripts/gen-deps: filter out grpc modules (#7890)
  • ab189b0 examples/features/csm_observability: Add xDS Credentials (#7875)
  • 3ce87dd credentials/google: Add cloud-platform scope for ADC (#7887)
  • 3c0586a stats/opentelemetry: Cleanup OpenTelemetry API's before stabilization (#7874)
  • 4c07bca stream: add jitter to retry backoff in accordance with gRFC A6 (#7869)
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.28.9 to 0.32.0

Commits
  • 59e9003 Merge remote-tracking branch 'origin/master' into release-1.32
  • 639247c Drop use of winreadlinkvolume godebug option
  • 220d7c3 Merge remote-tracking branch 'origin/master' into release-1.32
  • c199d3b Revert to go1.22 windows filesystem stdlib behavior
  • 16af2ff implement unsafe deletion, and wire it
  • 6ff8305 api: run codegen
  • ca9b8b2 api: add a new field to meta/v1 DeleteOptions
  • d941d9f Merge pull request #128503 from benluddy/cbor-codecs-featuregate
  • 3b4250f Wire serving codecs to CBOR feature gate.
  • daaad09 Merge pull request #128501 from benluddy/watch-cbor-seq
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.28.9 to 0.32.0

Commits
  • 0d55461 Update dependencies to v0.32.0 tag
  • 4765ade Merge remote-tracking branch 'origin/master' into release-1.32
  • 692a511 Drop use of winreadlinkvolume godebug option
  • 9df5099 Merge remote-tracking branch 'origin/master' into release-1.32
  • 120beb2 Revert to go1.22 windows filesystem stdlib behavior
  • 55d23e2 Align fake client-go clients with the main interface
  • 646e79b Run codegen
  • c475fe0 Generify fake clientsets
  • 955401c Merge pull request #128407 from ndixita/pod-level-resources
  • eddb107 Merge pull request #127857 from Jefftree/cle-v1alpha2
  • Additional commits viewable in compare view

Updates k8s.io/component-base from 0.28.9 to 0.32.0

Commits
  • 52977b0 Update dependencies to v0.32.0 tag
  • e168b31 Merge remote-tracking branch 'origin/master' into release-1.32
  • 46e6e7b Drop use of winreadlinkvolume godebug option
  • c7b5643 Merge remote-tracking branch 'origin/master' into release-1.32
  • a6cf394 Merge pull request #129081 from stlaz/fg_remote_uid
  • af0d53b Merge remote-tracking branch 'origin/master' into release-1.32
  • ceed2e3 Update tests to handle RemoteRequestHeaderUID
  • 6a10d97 Revert to go1.22 windows filesystem stdlib behavior
  • ad7c524 Generify fake clientsets
  • 804c007 Merge pull request #127581 from richabanker/flagz-apiserver
  • Additional commits viewable in compare view

Updates k8s.io/kubelet from 0.28.9 to 0.32.0

Commits
  • ab6d6c0 Update dependencies to v0.32.0 tag
  • 78330cb Merge remote-tracking branch 'origin/master' into release-1.32
  • 9aa82a6 Drop use of winreadlinkvolume godebug option
  • 351b167 Merge remote-tracking branch 'origin/master' into release-1.32
  • 97885c0 Revert to go1.22 windows filesystem stdlib behavior
  • de4c476 DRA kubelet: use unique protobuf package name
  • 3b14f64 KEP-4603: Node specific kubelet config for maximum backoff down to 1 second (...
  • 353a4bc Merge pull request #126503 from skitt/generic-fake-client
  • 35e9b33 Generify fake clientsets
  • 2466f75 Merge pull request #128646 from pohly/dra-kubelet-separate-beta-api
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gomodupdates group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.9.1` | `0.9.2` |
| [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.195.0` | `1.197.0` |
| [github.com/pierrec/lz4/v4](https://github.com/pierrec/lz4) | `4.1.21` | `4.1.22` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.30.0` | `0.31.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.68.1` | `1.69.0` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.28.9` | `0.32.0` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.28.9` | `0.32.0` |
| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.28.9` | `0.32.0` |
| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.28.9` | `0.32.0` |



Updates `github.com/CycloneDX/cyclonedx-go` from 0.9.1 to 0.9.2
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](CycloneDX/cyclonedx-go@v0.9.1...v0.9.2)

Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.195.0 to 1.197.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/ec2/v1.195.0...service/ec2/v1.197.0)

Updates `github.com/pierrec/lz4/v4` from 4.1.21 to 4.1.22
- [Commits](pierrec/lz4@v4.1.21...v4.1.22)

Updates `golang.org/x/crypto` from 0.30.0 to 0.31.0
- [Commits](golang/crypto@v0.30.0...v0.31.0)

Updates `google.golang.org/grpc` from 1.68.1 to 1.69.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.68.1...v1.69.0)

Updates `k8s.io/apimachinery` from 0.28.9 to 0.32.0
- [Commits](kubernetes/apimachinery@v0.28.9...v0.32.0)

Updates `k8s.io/client-go` from 0.28.9 to 0.32.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.28.9...v0.32.0)

Updates `k8s.io/component-base` from 0.28.9 to 0.32.0
- [Commits](kubernetes/component-base@v0.28.9...v0.32.0)

Updates `k8s.io/kubelet` from 0.28.9 to 0.32.0
- [Commits](kubernetes/kubelet@v0.28.9...v0.32.0)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomodupdates
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: github.com/pierrec/lz4/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomodupdates
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: k8s.io/component-base
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: k8s.io/kubelet
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 16, 2024
Copy link
Contributor

Test Results

0 tests   - 3 171   0 ✅  - 3 169   0s ⏱️ - 1m 54s
0 suites  -   379   0 💤  -     2 
0 files    -    29   0 ❌ ±    0 

Results for commit 10dff3e. ± Comparison against base commit fee2739.

Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 20, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 20, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/gomodupdates-8307be3a14 branch December 20, 2024 16:19
@github-actions github-actions bot locked and limited conversation to collaborators Dec 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants