Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the backend group with 12 updates #3402

Closed
wants to merge 1 commit into from
Closed

Bump the backend group with 12 updates #3402

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 9, 2023
edited
Loading

Bumps the backend group with 12 updates:

Package From To
github.com/aquasecurity/trivy 0.42.1 0.45.1
github.com/hashicorp/golang-lru/v2 2.0.6 2.0.7
github.com/operator-framework/api 0.17.5 0.17.7
github.com/prometheus/client_golang 1.16.0 1.17.0
github.com/rs/cors 1.10.0 1.10.1
github.com/sigstore/cosign 1.5.2 1.13.1
github.com/spf13/viper 1.16.0 1.17.0
github.com/tektoncd/pipeline 0.31.4 0.52.0
golang.org/x/crypto 0.13.0 0.14.0
golang.org/x/oauth2 0.12.0 0.13.0
google.golang.org/api 0.143.0 0.145.0
helm.sh/helm/v3 3.12.3 3.13.0

Updates github.com/aquasecurity/trivy from 0.42.1 to 0.45.1

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.45.1

Changelog

  • daae88287 fix(purl): handle rust types (#5186)
  • 81240cf08 chore: auto-close issues (#5177)
  • bd0accd8a chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
  • ecee79403 fix(k8s): kbom support addons labels (#5178)
  • 9ebc25d88 test: validate SPDX with the JSON schema (#5124)
  • 9a49a3773 chore: bump trivy-kubernetes-latest (#5161)
  • ad1dc6327 docs: add 'Signature Verification' guide (#4731)
  • 7c68d4a7e docs: add image-scanner-with-trivy for ecosystem (#5159)
  • ed49609a7 fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
  • 19539722e chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
  • c7516011b Update filtering.md (#5131)
  • ccc6d7cb2 chore(deps): bump sigstore/cosign-installer (#5104)
  • 48cbf4553 chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)
  • a9c2c74c5 chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)
  • 120ac68b5 chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)
  • 41eaa78ae chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)
  • 932f92755 chaging adopters discussion tempalte (#5091)
  • db3133346 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)
  • 8c0b7d619 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)
  • c61c664c3 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)
  • a99944c1c chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)
  • 9fc844ecf chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)
  • c504f8be4 chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)

v0.45.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#5082

Changelog

  • cdab67e7f docs: add Bitnami (#5078)
  • 7acc5e831 feat(docker): add support for scanning Bitnami components (#5062)
  • 9628b1cbf feat: add support for .trivyignore.yaml (#5070)
  • 4547e2766 fix(terraform): improve detection of terraform files (#4984)
  • 0c8919e1e feat: filter artifacts on --exclude-owned flag (#5059)
  • c04f234fa fix(sbom): cyclonedx advisory should omit null value (#5041)
  • f811ed2d4 build: maximize build space for build tests (#5072)
  • 69ea5bf70 feat: improve kbom component name (#5058)
  • 3715dcb3f fix(pom): add licenses for pom artifacts (#5071)
  • 07f7e9853 chore(deps): Update defsec to v0.92.0 (#5068)
  • d4ca3cce2 chore: bump Go to 1.20 (#5067)
  • 49fdd584b feat: PURL matching with qualifiers in OpenVEX (#5061)
  • 4401998ec feat(java): add graph support for pom.xml (#4902)
  • 9c211d005 feat(swift): add vulns for cocoapods (#5037)
  • 422fa414e fix: support image pull secret for additional workloads (#5052)
  • 8e933860a fix: #5033 Superfluous double quote in html.tpl (#5036)
  • 9345a98ed docs(repo): update trivy repo usage and example (#5049)
  • 5d8da70c6 perf: Optimize Dockerfile for reduced layers and size (#5038)

... (truncated)

Commits
  • daae882 fix(purl): handle rust types (#5186)
  • 81240cf chore: auto-close issues (#5177)
  • bd0accd chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
  • ecee794 fix(k8s): kbom support addons labels (#5178)
  • 9ebc25d test: validate SPDX with the JSON schema (#5124)
  • 9a49a37 chore: bump trivy-kubernetes-latest (#5161)
  • ad1dc63 docs: add 'Signature Verification' guide (#4731)
  • 7c68d4a docs: add image-scanner-with-trivy for ecosystem (#5159)
  • ed49609 fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem...
  • 1953972 chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
  • Additional commits viewable in compare view

Updates github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7

Release notes

Sourced from github.com/hashicorp/golang-lru/v2's releases.

golang-lru 2.0.7

What's Changed

New Contributors

Full Changelog: hashicorp/golang-lru@v2.0.6...v2.0.7

Commits
  • d851586 add a Resize method to 2Q
  • d46c1d9 expirable LRU: fix so that Get/Peek cannot return an ok and empty value (#156)
  • 56a2dc0 Update arc to base package v2.0.6
  • See full diff in compare view

Updates github.com/operator-framework/api from 0.17.5 to 0.17.7

Release notes

Sourced from github.com/operator-framework/api's releases.

v0.17.7

What's Changed

New Contributors

Full Changelog: operator-framework/api@v0.17.6...v0.17.7

v0.17.6

What's Changed

New Contributors

Full Changelog: operator-framework/api@v0.17.5...v0.17.6

Commits

Updates github.com/prometheus/client_golang from 1.16.0 to 1.17.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.17.0

What's Changed

  • [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
  • [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
  • [ENHANCEMENT] Enable detection of a native histogram without observations. #1314

New Contributors

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.17.0 / 2023-09-27

  • [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
  • [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
  • [ENHANCEMENT] Enable detection of a native histogram without observations. #1314
Commits
  • fa1408e Merge pull request #1352 from prometheus/arthursens/cut-1.17.0
  • 24a72b8 Add changelog entry for 1.17
  • 1bae6c1 Deprecated comment should begin with "Deprecated:" (#1347)
  • bbab8fe Fix typos in comments, tests, and errors (#1346)
  • df7fa49 Extend Counters, Summaries and Histograms with creation timestamp (#1313)
  • 74cc262 Add go_godebug_non_default_behavior_tlsmaxrsasize_events_total (#1348)
  • d03abf3 Cleanup golangci-lint errcheck (#1339)
  • ca6ba04 Update common Prometheus files (#1338)
  • 51d24f8 Update common Prometheus files (#1332)
  • c17edf0 Merge pull request #1304 from prometheus/dependabot/go_modules/google.golang....
  • Additional commits viewable in compare view

Updates github.com/rs/cors from 1.10.0 to 1.10.1

Commits

Updates github.com/sigstore/cosign from 1.5.2 to 1.13.1

Release notes

Sourced from github.com/sigstore/cosign's releases.

v1.13.1

What's Changed

New Contributors

Full Changelog: sigstore/cosign@v1.13.0...v1.13.1

v1.13.0

Highlights

  • For users who have deployed a private instance of Fulcio release v0.6.x and issue certificates with the Username identity, you will need to upgrade to use this version."

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign's changelog.

v1.13.1

Enhancements

  • verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341)
  • Add verify-blob-attestation command and tests (#2337)
  • Add --output-attestation flag to attest-blob and remove experimental signing (#2332)
  • Add attest-blob command (#2286)
  • Add '--cert-identity' flag to support subject alternate names for ver… (#2278)
  • Update Dockerfile section of README (#2323)

Bug Fixes

  • Update warning when users sign images by tag. (#2313)

Others

  • Remove experimental flags from attest-blob and refactor (#2338)

Contributors

  • Alex Cameron
  • Ville Aikas
  • Zack Newman
  • asraa
  • kpk47
  • priyawadhwa

v1.13.0

Highlights

  • For users who have deployed a private instance of Fulcio release v0.6.x and issue certificates with the Username identity, you will need to upgrade to use this version."

Enhancements

Bug Fixes

Others

Contributors

... (truncated)

Commits
  • d1c6336 Add CHANGELOG for v1.13.1 (#2349)
  • e79cb5c chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#2326)
  • eba132f chore(deps): bump github.com/go-openapi/runtime from 0.24.1 to 0.24.2 (#2347)
  • 2860144 chore(deps): bump google.golang.org/api from 0.98.0 to 0.99.0 (#2348)
  • ef9cf9d chore(deps): bump google-github-actions/setup-gcloud from 0.6.1 to 0.6.2 (#2344)
  • fc83e43 chore(deps): bump google-github-actions/auth from 0.8.2 to 0.8.3 (#2343)
  • e652561 chore(deps): bump google-github-actions/setup-gcloud from 0.6.0 to 0.6.1 (#2340)
  • d637a3b verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341)
  • a7ad7e7 Nits for #2337 (#2342)
  • 797033c Add verify-blob-attestation command and tests (#2337)
  • Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.16.0 to 1.17.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.17.0

Major changes

Highlighting some of the changes for better visibility.

Please share your feedback in the Discussion forum. Thanks! ❤️

Minimum Go version: 1.19

Viper now requires Go 1.19

This change ensures we can stay up to date with modern practices and dependencies.

log/slog support [BREAKING]

Viper v1.11.0 added an experimental Logger interface to allow custom implementations (besides jwalterweatherman).

In addition, it also exposed an experimental WithLogger function allowing to set a custom logger.

This release deprecates that interface in favor of log/slog released in Go 1.21.

[!WARNING] WithLogger accepts an *slog.Logger from now on.

To preserve backwards compatibility with older Go versions, prior to Go 1.21 Viper accepts a *golang.org/x/exp/slog.Logger.

The experimental flag is removed.

New finder implementation [BREAKING]

As of this release, Viper uses a new library to look for files, called locafero.

The new library is better covered by tests and has been built from scratch as a general purpose file finder library.

The implementation is experimental and is hidden behind a finder build tag.

[!WARNING] The io/fs based implementation (that used to be hidden behind a finder build tag) has been removed.

What's Changed

Exciting New Features 🎉

Enhancements 🚀

... (truncated)

Commits
  • f62f86a refactor: make use of strings.Cut
  • 94632fa chore: Use pip3 explicitly to install yamllint
  • 3f6cadc chore: Fix copy-paste error for yamllint target
  • 287507c docs: add set subset KV example
  • f1cb226 chore(deps): update crypt
  • c292b55 test: refactor asserts
  • 3d006fe refactor: replace interface{} with any
  • 8a6dc5d build(deps): bump github/codeql-action from 2.21.8 to 2.21.9
  • 96c5c00 chore: remove deprecated build tags
  • 44911d2 build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 0.31.4 to 0.52.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.52.0 "California Spangled Optimus"

🎉 Task and Pipeline Resolver Metrics, API Specifications for pipelines-in-pipelines 🎉

-Docs @ v0.52.0 -Examples @ v0.52.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.52.0/release.yaml
REKOR_UUID=24296fb24b8ad77aede6ff3c84da87cdeda75e9dcf779abc736bf5423b8a4151bad8193f0c76dd15
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.52.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add taskrun/pipelinerun gauge metrics around resolving respective tasks/pipelines (#7094)

New gauge metrics are introduced that count the number of TaskRuns waiting for resolution of any Tasks they reference, as well as count the number of PipelineRuns waiting on Pipeline resolution, and lastly count the number of PipelineRuns waiting on Task resolution for their underlying TaskRuns.

... (truncated)

Changelog

Sourced from github.com/tektoncd/pipeline's changelog.

Tekton Pipeline Releases

Release Frequency

Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:

  • Versions are numbered according to semantic versioning: vX.Y.Z
  • A new release is produced on a monthly basis
  • Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
    • LTS releases take place in January, April, July and October every year
    • The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
    • Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness

Tekton Pipelines produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.

Release Process

Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be verified through the [public key][chains-public-key] hosted by the Tekton Chains project.

Further documentation available:

  • The Tekton Pipeline [release process][tekton-releases-docs]
  • [Installing Tekton][tekton-installation]
  • Standard for [release notes][release-notes-standards]

Release

v0.52

  • Latest Release: [v0.52.0][v0.52-0] (2023-09-20) ([docs][v0.52-0-docs], [examples][v0.52-0-examples])
  • Initial Release: [v0.52.0][v0.52-0] (2023-09-20)
  • Estimated End of Life: 2023-10-20
  • Patch Releases: [v0.52.0][v0.52-0]

... (truncated)

Commits
  • feb943c Bump github.com/jenkins-x/go-scm from 1.13.13 to 1.14.14
  • 6364191 fix: clean results when taskrun retries
  • 503cc3d Bump google.golang.org/grpc from 1.56.2 to 1.58.1
  • 3076240 fix 6093 task results not replaced with their values in childReferences
  • 3835c75 Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.3
  • a41fafe Bump github.com/spiffe/spire-api-sdk from 1.7.1 to 1.7.2
  • 44e1707 Bump github.com/containerd/containerd from 1.7.3 to 1.7.6
  • d783556 Remove results annotations filtering
  • f27f333 Bump google.golang.org/protobuf from 1.30.0 to 1.31.0
  • 5131016 add docs for emitting object results
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.13.0 to 0.14.0

Commits
  • e3cc52e go.mod: update golang.org/x dependencies
  • 833695f ssh: add server side support for [email protected] protocol extension
  • ec07f4e chacha20: drop Go 1.10 compatibility for arm64
  • b665ba6 all: use crypto/ed25519 instead of golang.org/x/crypto/ed25519
  • a1aeb9b ssh: add test cases for compatibility with old (buggy) clients
  • 28c53ff ssh: add MultiAlgorithmSigner
  • 3f0842a sha3: have ShakeHash extend hash.Hash
  • e90f1e1 cryptobyte: add uint48 methods
  • d359caa ssh: support for marshaling keys using the OpenSSH format
  • c5370d2 ssh: check the declared public key algo against decoded one
  • See full diff in compare view

Updates golang.org/x/oauth2 from 0.12.0 to 0.13.0

Commits
  • 3c5dbf0 go.mod: update golang.org/x dependencies
  • 11625cc google: add authorized_user conditional to Credentials.UniverseDomain
  • 8d6d45b google: add Credentials.UniverseDomain to support TPC
  • 43b6a7b google: adding support for external account authorized user
  • 14b275c oauth2: workaround misspelling of verification_uri
  • 18352fc google/internal/externalaccount: adding BYOID Metrics
  • 9095a51 oauth2: clarify error if endpoint missing DeviceAuthURL
  • 2d9e4a2 oauth2/google: remove meta validations for aws external credentials
  • 55cd552 oauth2: support PKCE
  • e3fb0fb oauth2: support device flow
  • See full diff in compare view

Updates google.golang.org/api from 0.143.0 to 0.145.0

Release notes

Sourced from google.golang.org/api's releases.

v0.145.0

0.145.0 (2023-10-05)

Features

v0.144.0

0.144.0 (2023-10-04)

Features

@dependabot
Bump the backend group with 12 updates
7121e6b 
Bumps the backend group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) | `0.42.1` | `0.45.1` |
| [github.com/hashicorp/golang-lru/v2](https://github.com/hashicorp/golang-lru) | `2.0.6` | `2.0.7` |
| [github.com/operator-framework/api](https://github.com/operator-framework/api) | `0.17.5` | `0.17.7` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.16.0` | `1.17.0` |
| [github.com/rs/cors](https://github.com/rs/cors) | `1.10.0` | `1.10.1` |
| [github.com/sigstore/cosign](https://github.com/sigstore/cosign) | `1.5.2` | `1.13.1` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.16.0` | `1.17.0` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `0.31.4` | `0.52.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.13.0` | `0.14.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.12.0` | `0.13.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.143.0` | `0.145.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.12.3` | `3.13.0` |


Updates `github.com/aquasecurity/trivy` from 0.42.1 to 0.45.1
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.42.1...v0.45.1)

Updates `github.com/hashicorp/golang-lru/v2` from 2.0.6 to 2.0.7
- [Release notes](https://github.com/hashicorp/golang-lru/releases)
- [Commits](hashicorp/golang-lru@v2.0.6...v2.0.7)

Updates `github.com/operator-framework/api` from 0.17.5 to 0.17.7
- [Release notes](https://github.com/operator-framework/api/releases)
- [Changelog](https://github.com/operator-framework/api/blob/master/RELEASE.md)
- [Commits](operator-framework/api@v0.17.5...v0.17.7)

Updates `github.com/prometheus/client_golang` from 1.16.0 to 1.17.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.16.0...v1.17.0)

Updates `github.com/rs/cors` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/rs/cors/releases)
- [Commits](rs/cors@v1.10.0...v1.10.1)

Updates `github.com/sigstore/cosign` from 1.5.2 to 1.13.1
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v1.5.2...v1.13.1)

Updates `github.com/spf13/viper` from 1.16.0 to 1.17.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.16.0...v1.17.0)

Updates `github.com/tektoncd/pipeline` from 0.31.4 to 0.52.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v0.31.4...v0.52.0)

Updates `golang.org/x/crypto` from 0.13.0 to 0.14.0
- [Commits](golang/crypto@v0.13.0...v0.14.0)

Updates `golang.org/x/oauth2` from 0.12.0 to 0.13.0
- [Commits](golang/oauth2@v0.12.0...v0.13.0)

Updates `google.golang.org/api` from 0.143.0 to 0.145.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.143.0...v0.145.0)

Updates `helm.sh/helm/v3` from 3.12.3 to 3.13.0
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.12.3...v3.13.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/hashicorp/golang-lru/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: github.com/operator-framework/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/tektoncd/pipeline
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 9, 2023
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 16, 2023

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Oct 16, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/backend-43c8db42b0 branch October 16, 2023 04:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants