Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the backend group with 7 updates #3544

Closed
wants to merge 1 commit into from
Closed

Bump the backend group with 7 updates #3544

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 11, 2023
edited
Loading

Bumps the backend group with 7 updates:

Package From To
github.com/aquasecurity/trivy 0.47.0 0.48.0
github.com/go-git/go-git/v5 5.10.1 5.11.0
github.com/open-policy-agent/opa 0.58.0 0.59.0
github.com/operator-framework/api 0.19.0 0.20.0
github.com/sigstore/cosign 1.5.2 1.13.2
github.com/spf13/viper 1.17.0 1.18.1
github.com/tektoncd/pipeline 0.53.2 0.54.0

Updates github.com/aquasecurity/trivy from 0.47.0 to 0.48.0

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.48.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#5724

Changelog

  • f2aa9bf3e chore(deps): bump sigstore/cosign-installer from 4a861528be5e691840a69536975ada1d4c30349d to 1fc5bd396d372bee37d608f955b336615edf79c8 (#5696)
  • 6d7e2f811 chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)
  • 0ff5f96bb feat: filter k8s core components vuln results (#5713)
  • a54d1e95f feat(vuln): remove duplicates in Fixed Version (#5596)
  • 99c04c438 feat(report): output plugin (#4863)
  • 70078b9c0 chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)
  • 49e83a6ad chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704)
  • af32cb310 chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)
  • 176627192 chore(deps): bump actions/github-script from 6 to 7 (#5697)
  • 7ee854767 chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)
  • 654147fc6 docs: typo in modules.md (#5712)
  • 256957523 feat: Add flag to configure node-collector image ref (#5710)
  • c0610097a chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702)
  • aedbd85d6 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698)
  • e018b9c42 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706)
  • b5874e3ad feat(misconf): Add --misconfig-scanners option (#5670)
  • 075d8f628 chore: bump Go to 1.21 (#5662)
  • 16b757d18 feat: Packagesprops support (#5605)
  • 372efc9ec chore(deps): Bump up trivy misconf deps (#5656)
  • edad5f690 docs: update adopters discussion template (#5632)
  • ed9d34030 docs: terraform tutorial links updated to point to correct loc (#5661)
  • 8ff574e3f fix(secret): add sec and space to secret prefix for aws-secret-access-key (#5647)
  • ad977a425 fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)
  • b1dc60b88 fix(secret): exclude upper case before secret for alibaba-access-key-id (#5618)
  • 65351d4f2 docs: Update Arch Linux package URL in installation.md (#5619)
  • c866f1c4e chore: add prefix to image errors (#5601)
  • ed0022b91 docs(vuln): fix link anchor (#5606)
  • 3c8172703 docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)
  • 214546427 fix: k8s friendly error messages kbom non cluster scans (#5594)
  • 44d0b28ad feat: set InstalledFiles for DEB and RPM packages (#5488)
  • ae4bcf6a0 fix(report): use time.Time for CreatedAt (#5598)
  • b6fafa04a test: retry containerd initialization (#5597)
  • 13362233c feat(misconf): Expose misconf engine debug logs with --debug option (#5550)
  • 71051863c test: mock VM walker (#5589)
  • d9d7f3f19 chore: bump node-collector v0.0.9 (#5591)
  • e3c28f8ee feat(misconf): Add support for --cf-params for CFT (#5507)
  • ac0e32749 feat(flag): replace '--slow' with '--parallel' (#5572)
  • 537206761 fix(report): add escaping for Sarif format (#5568)
  • a3895298d chore: show a deprecation notice for --scanners config (#5587)
  • f4dd062f5 feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)
  • d005f5af2 test: mock RPM DB (#5567)
  • a96ec3557 feat: add aliases to '--scanners' (#5558)
  • 950e431f0 refactor: reintroduce output writer (#5564)
  • 2310f0dd6 chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543)

... (truncated)

Commits
  • f2aa9bf chore(deps): bump sigstore/cosign-installer from 4a861528be5e691840a69536975a...
  • 6d7e2f8 chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)
  • 0ff5f96 feat: filter k8s core components vuln results (#5713)
  • a54d1e9 feat(vuln): remove duplicates in Fixed Version (#5596)
  • 99c04c4 feat(report): output plugin (#4863)
  • 70078b9 chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)
  • 49e83a6 chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17....
  • af32cb3 chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)
  • 1766271 chore(deps): bump actions/github-script from 6 to 7 (#5697)
  • 7ee8547 chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)
  • Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.11.0

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.10.1...v5.11.0

Commits
  • 5d08d3b Merge pull request #958 from pjbgf/workval
  • 5bd1d8f build: Ensure checkout is the first operation
  • b2c1982 git: worktree, Align validation with upstream rules
  • cec7da6 Merge pull request #953 from pjbgf/alternates
  • 8b47ceb storage: filesystem, Add option to set a specific FS for alternates
  • 4f61489 Merge pull request #941 from djmoch/filestats-rename
  • ae552ce Merge pull request #939 from dhoizner/fix-pull-after-shallow
  • cc1895b Merge pull request #950 from aymanbagabas/validate-ref
  • de1d5a5 git: validate reference names
  • d87110b Merge pull request #948 from go-git/dependabot/go_modules/cli/go-git/github.c...
  • Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.58.0 to 0.59.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.59.0

This release adds tooling to help prepare existing policies for the upcoming OPA 1.0 release. It also contains a mix of improvements, bugfixes and security fixes for third-party libraries.

NOTES:

  • All published OPA images now run with a non-root uid/gid. The uid:gid is set to 1000:1000 for all images. As a result there is no longer a need for the -rootless image variant and hence it will not be published as part of future releases. This change is in line with container security best practices. OPA can still be run with root privileges by explicitly setting the user, either with the --user argument for docker run, or by specifying the securityContext in the Kubernetes Pod specification.

Rego v1

The upcoming release of OPA 1.0, which will be released at a future date, will introduce breaking changes to the Rego language. Most notably:

  • the keywords that currently must be imported through import future.keywords into a module before use will be part of the Rego language by default, without the need to first import them.
  • the if keyword will be required before the body of a rule.
  • the contains keyword will be required when declaring a multi-value rule (partial set rule).
  • deprecated built-in functions will be removed.

This current release (0.59.0) introduces a new --rego-v1 flag to the opa fmt and opa check commands to facilitate the transition of existing policies to be compatible with the 1.0 syntax.

When used with opa fmt, the --rego-v1 flag will format the module(s) according to the new Rego syntax in OPA 1.0. Formatted modules are compatible with both the current version of OPA and 1.0. Modules using deprecated built-ins will terminate formatting with an error. Future versions of OPA will support rewriting applicable function calls with equivalent Rego compatible with 1.0.

When used with opa check, the --rego-v1 flag will check that the modules are compatible with both the current version of OPA and 1.0.

Relevant Changes

Runtime, Tooling, SDK

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.59.0

This release adds tooling to help prepare existing policies for the upcoming OPA 1.0 release. It also contains a mix of improvements, bugfixes and security fixes for third-party libraries.

NOTES:

  • All published OPA images now run with a non-root uid/gid. The uid:gid is set to 1000:1000 for all images. As a result there is no longer a need for the -rootless image variant and hence it will not be published as part of future releases. This change is in line with container security best practices. OPA can still be run with root privileges by explicitly setting the user, either with the --user argument for docker run, or by specifying the securityContext in the Kubernetes Pod specification.

Rego v1

The upcoming release of OPA 1.0, which will be released at a future date, will introduce breaking changes to the Rego language. Most notably:

  • the keywords that currently must be imported through import future.keywords into a module before use will be part of the Rego language by default, without the need to first import them.
  • the if keyword will be required before the body of a rule.
  • the contains keyword will be required when declaring a multi-value rule (partial set rule).
  • deprecated built-in functions will be removed.

This current release (0.59.0) introduces a new --rego-v1 flag to the opa fmt and opa check commands to facilitate the transition of existing policies to be compatible with the 1.0 syntax.

When used with opa fmt, the --rego-v1 flag will format the module(s) according to the new Rego syntax in OPA 1.0. Formatted modules are compatible with both the current version of OPA and 1.0. Modules using deprecated built-ins will terminate formatting with an error. Future versions of OPA will support rewriting applicable function calls with equivalent Rego compatible with 1.0.

When used with opa check, the --rego-v1 flag will check that the modules are compatible with both the current version of OPA and 1.0.

Relevant Changes

Runtime, Tooling, SDK

... (truncated)

Commits
  • c8e7863 Prepare v0.59.0 release (#6447)
  • 7927156 docs: Update generated CLI docs
  • 8497550 Adding --rego-v1 flag to check cmd (#6430)
  • 26a02e4 docs: Update generated CLI docs
  • 187d688 cmd & format: Adding rego-v1 mode to opa fmt (#6413)
  • 4f9058b update istio envoy tutorial to use AuthorizationPolicy
  • 7a32e8f topdown/crypto: Add URIStrings field to JSON certs
  • 8194a22 Fixed XACML Policy in documentation (Comparing to Other Systems) to be XACML ...
  • 0b9bbc5 plugins/rest: masks X-AMZ-SECURITY-TOKEN header in decision logs (#6423)
  • f66f7e0 build(deps): bump golang.org/x/net from 0.18.0 to 0.19.0 (#6441)
  • Additional commits viewable in compare view

Updates github.com/operator-framework/api from 0.19.0 to 0.20.0

Release notes

Sourced from github.com/operator-framework/api's releases.

v0.20.0

What's Changed

New Contributors

Full Changelog: operator-framework/api@v0.19.0...v0.20.0

Commits
  • 5efe1a2 Replace github.com/ghodss/yaml with sigs.k8s.io/yaml (#308)
  • 047dce1 Add additional deprecation types for each level (package, channel, bundle). (...
  • 6b3567d Adds 'OperatorDeprecated' status condition for Subscription. (#306)
  • 3417188 OWNERS: Remove timflannagan from reviewers (#305)
  • See full diff in compare view

Updates github.com/sigstore/cosign from 1.5.2 to 1.13.2

Release notes

Sourced from github.com/sigstore/cosign's releases.

v1.13.2

What's Changed

Full Changelog: sigstore/cosign@v1.13.1...v1.13.2

v1.13.1

What's Changed

New Contributors

Full Changelog: sigstore/cosign@v1.13.0...v1.13.1

v1.13.0

Highlights

  • For users who have deployed a private instance of Fulcio release v0.6.x and issue certificates with the Username identity, you will need to upgrade to use this version."

What's Changed

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign's changelog.

v2.2.2

v2.2.2 adds a new container with a shell, gcr.io/projectsigstore/cosign:vx.y.z-dev, in addition to the existing container gcr.io/projectsigstore/cosign:vx.y.z without a shell.

For private deployments, we have also added an alias for --insecure-skip-log, --private-infrastructure.

Bug Fixes

  • chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#3411) which fixes a bug with using Azure KMS
  • Don't require CT log keys if using a key/sk (#3415)
  • Fix copy without any flag set (#3409)
  • Update cosign generate cmd to not include newline (#3393)
  • Fix idempotency error with signing (#3371)

Features

  • Add --yes flag cosign import-key-pair to skip the overwrite confirmation. (#3383)
  • Use the timeout flag value in verify* commands. (#3391)
  • add --private-infrastructure flag (#3369)

Container Updates

  • Bump builder image to use go1.21.4 and add new cosign image tags with shell (#3373)

Documentation

  • Update SBOM_SPEC.md (#3358)

Contributors

  • Carlos Tadeu Panato Junior
  • Dylan Richardson
  • Hayden B
  • Lily Sturmann
  • Nikos Fotiou
  • Yonghe Zhao

v2.2.1

Note: This release comes with a fix for CVE-2023-46737 described in this Github Security Advisory. Please upgrade to this release ASAP

Enhancements

  • feat: Support basic auth and bearer auth login to registry (#3310)
  • add support for ignoring certificates with pkcs11 (#3334)
  • Support ReplaceOp in Signatures (#3315)
  • feat: added ability to get image digest back via triangulate (#3255)
  • feat: add --only flag in cosign copy to copy sign, att & sbom (#3247)
  • feat: add support attaching a Rekor bundle to a container (#3246)
  • feat: add support outputting rekor response on signing (#3248)
  • feat: improve dockerfile verify subcommand (#3264)

... (truncated)

Commits

Updates github.com/spf13/viper from 1.17.0 to 1.18.1

Release notes

Sourced from github.com/spf13/viper's releases.

v1.18.1

What's Changed

Bug Fixes 🐛

Full Changelog: spf13/viper@v1.18.0...v1.18.1

v1.18.0

Major changes

Highlighting some of the changes for better visibility.

Please share your feedback in the Discussion forum. Thanks! ❤️

AutomaticEnv works with Unmarshal

Previously, environment variables that weren't bound manually or had no defaults could not be mapped by Unmarshal. (The problem is explained in details in this issue: #761)

#1429 introduced a solution that solves that issue.

What's Changed

Enhancements 🚀

Bug Fixes 🐛

Dependency Updates ⬆️

Other Changes

... (truncated)

Commits
  • fb6eb1e fix: merge missing struct keys inside UnmarshalExact
  • f5fcb4a chore: update crypt
  • f736363 fix isPathShadowedInFlatMap type cast bug (#1585)
  • 36a3868 Review changes
  • f0c4ccd fix: gocritic lint issues
  • 3a23b80 ci: enable test shuffle; fix tests
  • 73dfb94 feat: make Unmarshal work with AutomaticEnv
  • 6ea31ae refactor: move all settings code to a getter
  • c4dcd31 fix: godot lint issues
  • 4c9b2a2 Note Get* behavior on parse failure
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 0.53.2 to 0.54.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.54.0 "Korat Bender"

🎉 Reusable Steps via StepActions, Param Enums, HTTP Resolver! 🎉

-Docs @ v0.54.0 -Examples @ v0.54.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml
REKOR_UUID=24296fb24b8ad77a6a820444f8789f9b68835a66c6c0ad3cecabee051b9af0c824b04baf1b57433c
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.54.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ TEP-0142: Surface step results via sidecar logs (#7414)

    Surface step results via sidecar logs

... (truncated)

Changelog

Sourced from github.com/tektoncd/pipeline's changelog.

Tekton Pipeline Releases

Release Frequency

Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:

  • Versions are numbered according to semantic versioning: vX.Y.Z
  • A new release is produced on a monthly basis
  • Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
    • LTS releases take place in January, April, July and October every year
    • The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
    • Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness

Tekton Pipelines produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.

Release Process

Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be verified through the [public key][chains-public-key] hosted by the Tekton Chains project.

Further documentation available:

  • The Tekton Pipeline [release process][tekton-releases-docs]
  • [Installing Tekton][tekton-installation]
  • Standard for [release notes][release-notes-standards]

Release

v0.54

  • Latest Release: [v0.54.0][v0.54-0] (2023-11-27) ([docs][v0.54-0-docs], [examples][v0.54-0-examples])
  • Initial Release: [v0.54.0][v0.54-0] (2023-11-27)
  • Estimated End of Life: 2023-12-27
  • Patch Releases: [v0.54.0][v0.54-0]

... (truncated)

Commits
  • 30540fc TEP-0142: Surface step results via sidecar logs
  • b395663 TEP-0142: Surface step results via termination message
  • 8a8c0c3 [TEP-0144] Validate PipelineRun for Param Enum
  • 140b633 TEP-0142: Introduce StepResults in Steps
  • 9f5449c fix: move getFeatureFlagsBaseOnAPIFlag from custom_task_test to another file
  • 5e7b5bb Bump k8s.io/client-go in /test/custom-task-ctrls/wait-task-beta
  • 4054026 Improve migration documentation
  • 4e4772e Cleanup v1beta1 reference in pipelinerun reconciler
  • 23581c5 fix: the pr may lose finallyStartTime when pipeline controller is not synchro...
  • a8bbefe Bump github.com/spiffe/spire-api-sdk from 1.8.1 to 1.8.4
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • `@dependabot uni...

Description has been truncated

@dependabot
Bump the backend group with 7 updates
6482bb6 
Bumps the backend group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) | `0.47.0` | `0.48.0` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.10.1` | `5.11.0` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.58.0` | `0.59.0` |
| [github.com/operator-framework/api](https://github.com/operator-framework/api) | `0.19.0` | `0.20.0` |
| [github.com/sigstore/cosign](https://github.com/sigstore/cosign) | `1.5.2` | `1.13.2` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.17.0` | `1.18.1` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `0.53.2` | `0.54.0` |


Updates `github.com/aquasecurity/trivy` from 0.47.0 to 0.48.0
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.47.0...v0.48.0)

Updates `github.com/go-git/go-git/v5` from 5.10.1 to 5.11.0
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.10.1...v5.11.0)

Updates `github.com/open-policy-agent/opa` from 0.58.0 to 0.59.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v0.58.0...v0.59.0)

Updates `github.com/operator-framework/api` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/operator-framework/api/releases)
- [Changelog](https://github.com/operator-framework/api/blob/master/RELEASE.md)
- [Commits](operator-framework/api@v0.19.0...v0.20.0)

Updates `github.com/sigstore/cosign` from 1.5.2 to 1.13.2
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v1.5.2...v1.13.2)

Updates `github.com/spf13/viper` from 1.17.0 to 1.18.1
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.17.0...v1.18.1)

Updates `github.com/tektoncd/pipeline` from 0.53.2 to 0.54.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v0.53.2...v0.54.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/operator-framework/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/tektoncd/pipeline
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 11, 2023
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 11, 2023

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 11, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/backend-9ece0f6b92 branch December 11, 2023 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants