Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the patches group with 9 updates #758

Closed
wants to merge 1 commit into from
Closed

Bump the patches group with 9 updates #758

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2023
edited
Loading

Bumps the patches group with 9 updates:

Package From To
github.com/cert-manager/cert-manager 1.13.1 1.13.2
github.com/docker/cli 24.0.6+incompatible 24.0.7+incompatible
github.com/docker/docker 24.0.0-rc.2.0.20230718135204-8e51b8b59cb8+incompatible 24.0.7+incompatible
github.com/labstack/echo/v4 4.11.1 4.11.2
github.com/moby/buildkit 0.12.2 0.12.3
github.com/regclient/regclient 0.5.2 0.5.3
github.com/traefik/traefik/v2 2.10.4 2.10.5
k8s.io/api 0.28.2 0.28.3
k8s.io/client-go 0.28.2 0.28.3

Updates github.com/cert-manager/cert-manager from 1.13.1 to 1.13.2

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.13.2

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.13.2 fixes some CVE alerts and contains fixes for:

  1. a CertificateRequest runaway situation in case two Certificate resources point to the same Secret target resource
  2. a small bug in the Helm chart (feature gate options)
  3. a Venafi issuer bug

⚠️ READ https://github.com/cert-manager/cert-manager/releases/tag/v1.13.0 before you upgrade from a < v1.13 version!

Changes since v1.13.1

Bug or Regression

  • Bump golang.org/x/net v0.15.0 => v0.17.0 as part of addressing CVE-2023-44487 / CVE-2023-39325 (#6432, @​SgtCoDFish)
  • BUGFIX[helm]: Fix issue where webhook feature gates were only set if controller feature gates are set. (#6381, @​jetstack-bot)
  • Fix runaway bug caused by multiple Certificate resources that point to the same Secret resource. (#6425, @​jetstack-bot)
  • The Venafi issuer now properly resets the certificate and should no longer get stuck with WebSDK CertRequest Module Requested Certificate or This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.. (#6402, @​jetstack-bot)

Other (Cleanup or Flake)

Commits
  • 432a489 Merge pull request #6451 from inteon/release-1.13_fix_cve_alerts
  • 24a22a8 update ctl's cert-manager dependency to latest 1.13 commit
  • eca879c Merge pull request #6446 from inteon/release-1.13_fix_cve_alerts
  • 29f6ef5 bump go dependencies to fix remaining HTTP2 CVE alerts
  • 300d5b8 Merge pull request #6438 from inteon/release-1.13_bump_otel
  • 3ee3b1c bump otel version and related dependencies
  • fcda9a5 Merge pull request #6432 from SgtCoDFish/release-1.13-bumpnet
  • 5f19cb1 Merge pull request #6430 from SgtCoDFish/release-1.13-licensemacos
  • 3aa659a [release-1.13] Bump /x/net to address CVE-2023-44487 / CVE-2023-39325
  • 6bdf62a bump jmespath version to fix license
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 24.0.6+incompatible to 24.0.7+incompatible

Commits
  • afdd53b Merge pull request #4629 from thaJeztah/24.0_update_engine
  • 12c309f Merge pull request #4628 from thaJeztah/24.0_backport_bump_compress
  • f427198 vendor: github.com/docker/docker v24.0.6
  • 1777018 vendor: github.com/klauspost/compress v1.17.2
  • cde0441 vendor: github.com/klauspost/compress v1.16.5
  • d9f94d5 Merge pull request #4618 from thaJeztah/24.0_backport_cli-issue-502
  • 54d83fb Add docker ps status descriptions
  • 30a185e Merge pull request #4609 from thaJeztah/24.0_backport_x_net
  • d43c48d vendor: golang.org/x/net v0.17.0
  • 1919679 vendor: golang.org/x/crypto v0.14.0
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.0-rc.2.0.20230718135204-8e51b8b59cb8+incompatible to 24.0.7+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.7

24.0.7

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Write overlay2 layer metadata atomically. moby/moby#46703
  • Fix "Rootful-in-Rootless" Docker-in-Docker on systemd version 250 and later. moby/moby#46626
  • Fix dockerd-rootless-setuptools.sh when username contains a backslash. moby/moby#46407
  • Fix a bug that would prevent network sandboxes to be fully deleted when stopping containers with no network attachments and when dockerd --bridge=none is used. moby/moby#46702
  • Fix a bug where cancelling an API request could interrupt container restart. moby/moby#46697
  • Fix an issue where containers would fail to start when providing --ip-range with a range larger than the subnet. docker/for-mac#6870
  • Fix data corruption with zstd output. moby/moby#46709
  • Fix the conditions under which the container's MAC address is applied. moby/moby#46478
  • Improve the performance of the stats collector. moby/moby#46448
  • Fix an issue with source policy rules ending up in the wrong order. moby/moby#46441

Packaging updates

Security

v24.0.6

24.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • containerd storage backend: Fix docker ps failing when a container image is no longer present in the content store. moby/moby#46095
  • containerd storage backend: Fix docker ps -s -a and docker container prune failing when a container image config is no longer present in the content store. moby/moby#46097
  • containerd storage backend: Fix docker inspect failing when a container image config is no longer (or was never) present in the content store. moby/moby#46244
  • containerd storage backend: Fix diff and export with the overlayfs snapshotter by using reference-counted rootfs mounts. moby/moby#46266
  • containerd storage backend: Fix a misleading error message when the image platforms available locally do not match the desired platform. moby/moby#46300
  • containerd storage backend: Fix the FROM scratch Dockerfile instruction with the classic builder. moby/moby#46302
  • containerd storage backend: Fix mismatched image rootfs and manifest layers errors with the classic builder. moby/moby#46310

... (truncated)

Commits

Updates github.com/labstack/echo/v4 from 4.11.1 to 4.11.2

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.11.2

Security

Enhancements

  • Delete unused context in body_limit.go #2483
  • Use Go 1.21 in CI #2505
  • Fix some typos #2511
  • Allow CORS middleware to send Access-Control-Max-Age: 0 #2518
  • Bump dependancies #2522
Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.11.2 - 2023-10-11

Security

Enhancements

  • Delete unused context in body_limit.go #2483
  • Use Go 1.21 in CI #2505
  • Fix some typos #2511
  • Allow CORS middleware to send Access-Control-Max-Age: 0 #2518
  • Bump dependancies #2522
Commits

Updates github.com/moby/buildkit from 0.12.2 to 0.12.3

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.12.3

Welcome to the 0.12.3 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable changes

  • Fix possible duplicate source files in provenance attestation for chained builds #4190
  • Fix possible negative step time in progressbar for step shared with other build request #4183
  • Fix properly closing history and cache DB on shutdown to avoid corruption #4185 #4189
  • Fix incorrect error handling for invalid HTTP source URLs #4201
  • Fix fallback cases for ambiguous insecure configuration provided for registry used as push target. #4299
  • Fix possible data race with parallel image config resolves #4157
  • Fix regression in v0.12 for clients waiting on buildkitd to become available #4200
  • Fix Cgroup NS handling for hosts supporting only CgroupV1 #4308
Commits
  • 438f472 Merge pull request #4300 from vvoland/http-fallback-insecure-host-0.12
  • b022d6d Merge pull request #4351 from crazy-max/v0.12.3_backport_fix-riscv64
  • d57dfa4 Dockerfile: update xx to 1.3.0
  • 6a2e5b8 chore: enable riscv64 build
  • 7373dd3 Merge pull request #4345 from crazy-max/v0.12.3_cherry-picks-take2
  • 56cb6e7 chore: temporarily disable riscv64 build
  • 6560bb9 Merge pull request #4304 from jedevc/v0.12.3-cherry-picks
  • 58a5cb9 ResolveImageConfig: Only fetch best matching config
  • 3a2904a Rename cgroupNamespaceSupported, add details
  • 5f72472 Don't support cgroupns on cgroups v1
  • Additional commits viewable in compare view

Updates github.com/regclient/regclient from 0.5.2 to 0.5.3

Release notes

Sourced from github.com/regclient/regclient's releases.

v0.5.3

Release v0.5.3

Fixes:

  • Fix formatting variables in regctl image inspect. (PR 554)

New Features:

  • Add a GetSize method to image manifests (OCI and Docker2 manifests). (PR 565)

Chores:

  • Refactoring CLIs to remove global state. (PR 550)
  • Set GOTOOLCHAIN=local in CI (PR 556)
  • Reorder Go imports to move local packages last. (PR 557)
  • Remove duplicated tests from ci-registry action. (PR 559)
  • Run tests using t.Parallel where possible. (PR 564)
  • Update install guidance for quarantined binaries on MacOS. (PR 569)
  • Release notes now include contributors. (PR 570)

Contributors:

Changelog

Sourced from github.com/regclient/regclient's changelog.

Release v0.5.3

Fixes:

  • Fix formatting variables in regctl image inspect. (PR 554)

New Features:

  • Add a GetSize method to image manifests (OCI and Docker2 manifests). (PR 565)

Chores:

  • Refactoring CLIs to remove global state. (PR 550)
  • Set GOTOOLCHAIN=local in CI (PR 556)
  • Reorder Go imports to move local packages last. (PR 557)
  • Remove duplicated tests from ci-registry action. (PR 559)
  • Run tests using t.Parallel where possible. (PR 564)
  • Update install guidance for quarantined binaries on MacOS. (PR 569)
  • Release notes now include contributors. (PR 570)

Contributors:

Commits
  • 63bcd1a Release v0.5.3
  • 982f88b Merge for release v0.5.3
  • 7f5b7bf Merge pull request #571 from sudo-bmitch/pr-update-20231006
  • f1ccf87 Version bump
  • 109c897 Merge pull request #570 from sudo-bmitch/pr-track-contributors
  • 559623e Include contributor list in releases
  • e019ea8 Merge pull request #569 from sudo-bmitch/pr-macos-quarantine
  • 3f5ed98 Document method to remove quarantine on MacOS
  • 8fff2bc Merge pull request #565 from sudo-bmitch/pr-manifest-size
  • 227add5 Add GetSize method on images
  • Additional commits viewable in compare view

Updates github.com/traefik/traefik/v2 from 2.10.4 to 2.10.5

Release notes

Sourced from github.com/traefik/traefik/v2's releases.

v2.10.5

Github Advisory GHSA-7v4p-328v-8v5g Related to CVE-2023-39325

Bug fixes:

  • [accesslogs] Move origin fields capture to service level (#10126 by rtribotte)
  • [accesslogs] Fix preflight response status in access logs (#10142 by rtribotte)
  • [acme] Update go-acme/lego to v4.14.0 (#10087 by ldez)
  • [acme] Update go-acme/lego to v4.13.3 (#10077 by ldez)
  • [http3] Update quic-go to v0.37.5 (#10083 by ldez)
  • [http3] Update quic-go to v0.39.0 (#10137 by ldez)
  • [http3] Update quic-go to v0.37.6 (#10085 by ldez)
  • [http3] Update quic-go to v0.38.0 (#10086 by ldez)
  • [http3] Update quic-go to v0.38.1 (#10090 by ldez)
  • [kv] Ignore ErrKeyNotFound error for the KV provider (#10082 by sunyakun)
  • [middleware,authentication] Adjust forward auth to avoid connection leak (#10096 by wdhongtw)
  • [middleware,server] Improve CNAME flattening to avoid unnecessary error logging (#10128 by niallnsec)
  • [middleware] Allow X-Forwarded-For delete operation (#10132 by rtribotte)
  • [server] Update x/net and grpc/grpc-go (#10161 by rtribotte)
  • [webui] Add missing accessControlAllowOriginListRegex to middleware view (#10157 by DBendit)
  • Fix false positive in url anonymization (#10138 by jspdown)

Documentation:

Changelog

Sourced from github.com/traefik/traefik/v2's changelog.

v2.10.5 (2023-10-11)

All Commits

Bug fixes:

  • [accesslogs] Move origin fields capture to service level (#10126 by rtribotte)
  • [accesslogs] Fix preflight response status in access logs (#10142 by rtribotte)
  • [acme] Update go-acme/lego to v4.14.0 (#10087 by ldez)
  • [acme] Update go-acme/lego to v4.13.3 (#10077 by ldez)
  • [http3] Update quic-go to v0.37.5 (#10083 by ldez)
  • [http3] Update quic-go to v0.39.0 (#10137 by ldez)
  • [http3] Update quic-go to v0.37.6 (#10085 by ldez)
  • [http3] Update quic-go to v0.38.0 (#10086 by ldez)
  • [http3] Update quic-go to v0.38.1 (#10090 by ldez)
  • [kv] Ignore ErrKeyNotFound error for the KV provider (#10082 by sunyakun)
  • [middleware,authentication] Adjust forward auth to avoid connection leak (#10096 by wdhongtw)
  • [middleware,server] Improve CNAME flattening to avoid unnecessary error logging (#10128 by niallnsec)
  • [middleware] Allow X-Forwarded-For delete operation (#10132 by rtribotte)
  • [server] Update x/net and grpc/grpc-go (#10161 by rtribotte)
  • [webui] Add missing accessControlAllowOriginListRegex to middleware view (#10157 by DBendit)
  • Fix false positive in url anonymization (#10138 by jspdown)

Documentation:

Commits
  • 6a34f23 Prepare release v2.10.5
  • 4b2c763 update x/net and grpc/grpc-go
  • d03d8d5 Add missing accessControlAllowOriginListRegex to middleware view
  • e95fde5 Fix preflight response status in access logs
  • ab79934 Improve CNAME flattening to avoid unnecessary error logging
  • b966215 Move origin fields capture to service level
  • b786f58 fix: false positive in url anonymization
  • 173154c Ignore ErrKeyNotFound error for the KV provider
  • c3880a6 Update quic-go to v0.39.0
  • 4d63eb3 Allow X-Forwarded-For delete operation
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.28.2 to 0.28.3

Commits

Updates k8s.io/client-go from 0.28.2 to 0.28.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the patches group with 9 updates
3cc0549 
Bumps the patches group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.13.1` | `1.13.2` |
| [github.com/docker/cli](https://github.com/docker/cli) | `24.0.6+incompatible` | `24.0.7+incompatible` |
| [github.com/docker/docker](https://github.com/docker/docker) | `24.0.0-rc.2.0.20230718135204-8e51b8b59cb8+incompatible` | `24.0.7+incompatible` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.11.1` | `4.11.2` |
| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.12.2` | `0.12.3` |
| [github.com/regclient/regclient](https://github.com/regclient/regclient) | `0.5.2` | `0.5.3` |
| [github.com/traefik/traefik/v2](https://github.com/traefik/traefik) | `2.10.4` | `2.10.5` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.28.2` | `0.28.3` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.28.2` | `0.28.3` |


Updates `github.com/cert-manager/cert-manager` from 1.13.1 to 1.13.2
- [Release notes](https://github.com/cert-manager/cert-manager/releases)
- [Commits](cert-manager/cert-manager@v1.13.1...v1.13.2)

Updates `github.com/docker/cli` from 24.0.6+incompatible to 24.0.7+incompatible
- [Commits](docker/cli@v24.0.6...v24.0.7)

Updates `github.com/docker/docker` from 24.0.0-rc.2.0.20230718135204-8e51b8b59cb8+incompatible to 24.0.7+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/commits/v24.0.7)

Updates `github.com/labstack/echo/v4` from 4.11.1 to 4.11.2
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](labstack/echo@v4.11.1...v4.11.2)

Updates `github.com/moby/buildkit` from 0.12.2 to 0.12.3
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.12.2...v0.12.3)

Updates `github.com/regclient/regclient` from 0.5.2 to 0.5.3
- [Release notes](https://github.com/regclient/regclient/releases)
- [Changelog](https://github.com/regclient/regclient/blob/v0.5.3/release.md)
- [Commits](regclient/regclient@v0.5.2...v0.5.3)

Updates `github.com/traefik/traefik/v2` from 2.10.4 to 2.10.5
- [Release notes](https://github.com/traefik/traefik/releases)
- [Changelog](https://github.com/traefik/traefik/blob/v2.10.5/CHANGELOG.md)
- [Commits](traefik/traefik@v2.10.4...v2.10.5)

Updates `k8s.io/api` from 0.28.2 to 0.28.3
- [Commits](kubernetes/api@v0.28.2...v0.28.3)

Updates `k8s.io/client-go` from 0.28.2 to 0.28.3
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.28.2...v0.28.3)

---
updated-dependencies:
- dependency-name: github.com/cert-manager/cert-manager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: github.com/labstack/echo/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: github.com/regclient/regclient
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: github.com/traefik/traefik/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 1, 2023
@motoki317
Copy link
Member

@dependabot recreate

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 1, 2023

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Nov 1, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/patches-864c6c4d8c branch November 1, 2023 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@motoki317