Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go_modules group across 2 directories with 4 updates #7213

Merged
merged 1 commit into from
Feb 10, 2024
Merged

Bump the go_modules group across 2 directories with 4 updates #7213

merged 1 commit into from
Feb 10, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2024
edited
Loading

Bumps the go_modules group with 3 updates in the /. directory: github.com/cloudflare/circl, github.com/moby/buildkit and golang.org/x/net.
Bumps the go_modules group with 2 updates in the /.ibm/tools/tests-results directory: golang.org/x/crypto and golang.org/x/net.

Updates github.com/cloudflare/circl from 1.3.3 to 1.3.7

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.3.7

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.3.6...v1.3.7

CIRCL v1.3.6

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.3.3...v1.3.6

Commits
  • c48866b Releasing CIRCL v1.3.7
  • 75ef91e kyber: remove division by q in ciphertext compression
  • 899732a build(deps): bump golang.org/x/crypto
  • 99f0f71 Releasing CIRCL v1.3.6
  • e728d0d Apply thibmeu code review suggestions
  • ceb2d90 Updating blindrsa to be compliant with RFC9474.
  • 44133f7 spelling: tripped
  • c2076d6 spelling: transposes
  • dad2166 spelling: title
  • 171c418 spelling: threshold
  • Additional commits viewable in compare view

Updates github.com/moby/buildkit from 0.11.6 to 0.12.5

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.12.5

https://hub.docker.com/r/moby/buildkit

Notable changes:

This release contains following security fixes:

v0.12.4

Welcome to the 0.12.4 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable changes

  • Fix possible concurrent map access on remote cache export #4346
  • Fix hang on debug server listener #4361
  • Fix possible deadlock in History API under high number of parallel builds #4362
  • Fix possible panic on handling deleted records in History API #4451
  • Fix possible data corruption in zstd library #4372

v0.12.3

Welcome to the 0.12.3 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable changes

  • Fix possible duplicate source files in provenance attestation for chained builds #4190
  • Fix possible negative step time in progressbar for step shared with other build request #4183
  • Fix properly closing history and cache DB on shutdown to avoid corruption #4185 #4189
  • Fix incorrect error handling for invalid HTTP source URLs #4201
  • Fix fallback cases for ambiguous insecure configuration provided for registry used as push target. #4299
  • Fix possible data race with parallel image config resolves #4157
  • Fix regression in v0.12 for clients waiting on buildkitd to become available #4200
  • Fix Cgroup NS handling for hosts supporting only CgroupV1 #4308

v0.12.2

Welcome to the 0.12.2 release of buildkit!

... (truncated)

Commits
  • bac3f2b update runc to v1.1.12
  • f781267 exec: add extra validation for submount sources
  • d089e0b oci: fix error handling on submount calls
  • 00fe637 executor: recheck mount stub path within root after container run
  • 92cc595 llbsolver: make sure interactive container API validates entitlements
  • 5026d95 gateway: pass executor with build and not access worker directly
  • 7718bd5 pb: add extra validation to protobuf types
  • e1924dc sourcepolicy: add validations for nil values
  • 96663dd exporter: add validation for platforms key value
  • 481d9c4 exporter: add validation for invalid platorm
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.16.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.19.0 to 0.21.0

Commits
  • 73d21fd go.mod: update golang.org/x dependencies
  • 643fd16 html: fix SOLIDUS '/' handling in attribute parsing
  • 73e4b50 dns/dnsmessage: allow name compression for SRV resource parsing
  • b2208d0 internal/quic/qlog: fix typo
  • 0d0b98c http2: avoid goroutine starvation in TestServer_Push_RejectAfterGoAway
  • 07e05fd http2: remove suspicious uint32->v conversion in frame code
  • 26b646e quic: avoid deadlock in Endpoint.Close
  • cb5b10f go.mod: update golang.org/x dependencies
  • 689bbc7 quic: deflake TestStreamsCreateConcurrency
  • f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.9.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.10.0 to 0.17.0

Commits
  • 73d21fd go.mod: update golang.org/x dependencies
  • 643fd16 html: fix SOLIDUS '/' handling in attribute parsing
  • 73e4b50 dns/dnsmessage: allow name compression for SRV resource parsing
  • b2208d0 internal/quic/qlog: fix typo
  • 0d0b98c http2: avoid goroutine starvation in TestServer_Push_RejectAfterGoAway
  • 07e05fd http2: remove suspicious uint32->v conversion in frame code
  • 26b646e quic: avoid deadlock in Endpoint.Close
  • cb5b10f go.mod: update golang.org/x dependencies
  • 689bbc7 quic: deflake TestStreamsCreateConcurrency
  • f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 9, 2024
@netlify Netlify
Copy link

netlify bot commented Feb 9, 2024
edited
Loading

Deploy Preview for odo-docusaurus-preview canceled.

Name Link
🔨 Latest commit 7c28834
🔍 Latest deploy log https://app.netlify.com/sites/odo-docusaurus-preview/deploys/65c6adcf9b5aff0008bba33f

@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. Required by Prow. label Feb 9, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 9, 2024

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a redhat-developer member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from kadel and rm3l February 9, 2024 22:18
@rm3l
Copy link
Member

rm3l commented Feb 9, 2024

@dependabot rebase

@dependabot
Bump the go_modules group across 2 directories with 4 updates
7c28834 
Bumps the go_modules group with 3 updates in the /. directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl), [github.com/moby/buildkit](https://github.com/moby/buildkit) and [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 2 updates in the /.ibm/tools/tests-results directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/cloudflare/circl` from 1.3.3 to 1.3.7
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.3...v1.3.7)

Updates `github.com/moby/buildkit` from 0.11.6 to 0.12.5
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.11.6...v0.12.5)

Updates `golang.org/x/crypto` from 0.16.0 to 0.17.0
- [Commits](golang/crypto@v0.9.0...v0.17.0)

Updates `golang.org/x/net` from 0.19.0 to 0.21.0
- [Commits](golang/net@v0.19.0...v0.21.0)

Updates `golang.org/x/crypto` from 0.9.0 to 0.17.0
- [Commits](golang/crypto@v0.9.0...v0.17.0)

Updates `golang.org/x/net` from 0.10.0 to 0.17.0
- [Commits](golang/net@v0.19.0...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/moby/buildkit
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/go_modules-security-group-f79b9142c3 branch from 4adfc2c to 7c28834 Compare February 9, 2024 22:57
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 9, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. Required by Prow. label Feb 10, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 8b50f83 into main Feb 10, 2024
27 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/go_modules-security-group-f79b9142c3 branch February 10, 2024 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rm3l rm3l rm3l approved these changes

@kadel kadel Awaiting requested review from kadel

Assignees

@rm3l rm3l

Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code lgtm Indicates that a PR is ready to be merged. Required by Prow. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. Required by Prow.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rm3l