Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump the go-deps group across 1 directory with 9 updates #1604

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 5, 2024

Bumps the go-deps group with 9 updates in the / directory:

Package From To
github.com/Masterminds/semver/v3 3.2.1 3.3.0
github.com/minio/minio-go/v7 7.0.75 7.0.76
github.com/notaryproject/notation-core-go 1.0.3 1.1.0
github.com/notaryproject/notation-go 1.1.1 1.2.0
github.com/onsi/gomega 1.34.1 1.34.2
github.com/prometheus/client_golang 1.20.0 1.20.2
github.com/sigstore/sigstore 1.8.8 1.8.9
golang.org/x/oauth2 0.22.0 0.23.0
google.golang.org/api 0.190.0 0.196.0

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

Changed

  • #241: Simplify StrictNewVersion parsing (thanks @​grosser)
  • Testing support up through Go 1.23
  • Minimum version set to 1.21 as this is what's tested now
  • Fuzz testing now supports caching
Commits
  • e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
  • e80c4ea Updating changelog for 3.3.0
  • 80427ad Merge pull request #248 from mattfarina/bump-min-version
  • b610837 bumping min version in go.mod based on what's tested
  • a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
  • 7c178cf Updating the testing version of Go used
  • 29f94c1 Merge pull request #241 from grosser/grosser/validate
  • 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
  • b55476a Removing reference to vert
  • d07450b simplify StrictNewVersion
  • Additional commits viewable in compare view

Updates github.com/minio/minio-go/v7 from 7.0.75 to 7.0.76

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix Release

What's Changed

Full Changelog: minio/minio-go@v7.0.75...v7.0.76

Commits
  • e634c81 upgrade deps
  • 21381fc Add configurable auto-checksum (#1990)
  • e337e77 Adjust functional tests for bucket cors, to detect NotImplemented response vi...
  • f755095 Update version to next release
  • See full diff in compare view

Updates github.com/notaryproject/notation-core-go from 1.0.3 to 1.1.0

Release notes

Sourced from github.com/notaryproject/notation-core-go's releases.

v1.1.0

Vote PASSED [+4 -0]: #225

What's Changed

Full Changelog: notaryproject/notation-core-go@v1.1.0-rc.1...v1.1.0

v1.1.0-rc.1

Vote PASSED [+5 -0]: #218

What's Changed

Full Changelog: notaryproject/notation-core-go@v1.1.0-beta.1...v1.1.0-rc.1

v1.1.0-beta.1

Vote PASSED [+4 -0]: #213

What's Changed

Full Changelog: notaryproject/notation-core-go@v1.0.3...v1.1.0-beta.1

Commits
  • 55e3568 bump: bump up golang to v1.22 (#224)
  • 235910b build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#219)
  • 453a5eb bump: bump up tspclient-go (#217)
  • 004b86d refactor!: update revocation (#215)
  • 45dcf46 build(deps): bump github.com/notaryproject/tspclient-go from 0.0.0-2024070205...
  • f45197c fix: fix signerInfo.authenticSigningTime according to spec (#211)
  • e18808c build(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#210)
  • faac9b7 feat: Timestamp (#207)
  • a1c0af6 fix(ci): pass CODECOV_TOKEN to reusable-build.yml (#209)
  • c85a3d9 build(deps): bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#206)
  • Additional commits viewable in compare view

Updates github.com/notaryproject/notation-go from 1.1.1 to 1.2.0

Release notes

Sourced from github.com/notaryproject/notation-go's releases.

v1.2.0

Vote PASSED [+4 -0]: #445

What's Changed

Full Changelog: notaryproject/notation-go@v1.2.0-rc.1...v1.2.0

v1.2.0-rc.1

Vote PASSED [+4 -0]: #439

What's Changed

Full Changelog: notaryproject/notation-go@v1.2.0-beta.1...v1.2.0-rc.1

v1.2.0-beta.1

Vote PASSED [+4 -0]: #427

What's Changed

... (truncated)

Changelog

Sourced from github.com/notaryproject/notation-go's changelog.

Release Checklist

Overview

This document describes the checklist to publish a release for notation-go.

Release Process from main

  1. Check if there are any security vulnerabilities fixed and security advisories published before a release. Security advisories should be linked on the release notes.
  2. Determine a SemVer2-valid version prefixed with the letter v for release. For example, version="v1.0.0-rc.1".
  3. If there is new release in notation-core-go library that are required to be upgraded in notation-go, update the dependency versions in the follow go.mod and go.sum files of notation-go:
  4. Open a bump up PR and submit the changes in step 3 to the notation-go repository.
  5. After PR from step 4 is merged. Create another PR to update the value of signingAgent defined in file https://github.com/notaryproject/notation-go/blob/main/signer/signer.go with notation-go/<version>, where <version> is $version from step 2 without the v prefix. For example, notation-go/1.0.0-rc.1. The commit message MUST follow the conventional commit and could be bump: release $version. Record the digest of that commit as <commit_digest>. This PR is also used for voting purpose of the new release. Add the link of change logs and repo-level maintainer list in the PR's description. The PR title could be bump: release $version. Make sure to reach a majority of approvals from the repo-level maintainers before merging it. This PR MUST be merged using Create a merge commit method in GitHub.
  6. After the voting PR is merged, execute git clone https://github.com/notaryproject/notation-go.git to clone the repository to your local file system.
  7. Enter the cloned repository and execute git checkout <commit_digest> to switch to the specified branch based on the voting result.
  8. Create a tag by running git tag -am $version $version -s.
  9. Run git tag and ensure the desired tag name in the list looks correct, then push the new tag directly to the repository by running git push origin $version.
  10. On notation-go GitHub page, goto Tags. Your newly pushed tag should be shown on the top. Create a new release from the tag. Generate the release notes, revise the release description and change logs, and publish the release.
  11. Announce the new release in the Notary Project community.

Release Process from a release branch

  1. Check if there are any security vulnerabilities fixed and security advisories published before a release. Security advisories should be linked on the release notes.
  2. Determine a SemVer2-valid version prefixed with the letter v for release. For example, version="v1.2.0-rc.1".
  3. If a new release branch is needed, from main branch's commit list, find the commit that you want to cut the release. Click <> (Browse repository at this point). Create branch with name release-<version> from the commit, where <version> is $version from step 2 with the major and minor versions only. For example release-1.2. If the release branch already exists, skip this step.
  4. If there is new release in notation-core-go library that are required to be upgraded in notation-go, update the dependency versions in the follow go.mod and go.sum files of notation-go:
  5. Open a bump up PR and submit the changes in step 4 to the release branch.
  6. After PR from step 5 is merged. Create another PR to update the value of signingAgent defined in file signer/signer.go with notation-go/<version>, where <version> is $version from step 2 without the v prefix. For example, notation-go/1.2.0-rc.1. The commit message MUST follow the conventional commit and could be bump: release $version. Record the digest of that commit as <commit_digest>. This PR is also used for voting purpose of the new release. Add the link of change logs and repo-level maintainer list in the PR's description. The PR title could be bump: release $version. Make sure to reach a majority of approvals from the repo-level maintainers before merging it. This PR MUST be merged using Create a merge commit method in GitHub.
  7. After the voting PR is merged, execute git clone https://github.com/notaryproject/notation-go.git to clone the repository to your local file system.
  8. Enter the cloned repository and execute git checkout <commit_digest> to switch to the specified branch based on the voting result.
  9. Create a tag by running git tag -am $version $version -s.
  10. Run git tag and ensure the desired tag name in the list looks correct, then push the new tag directly to the repository by running git push origin $version.
  11. On notation-go GitHub page, goto Tags. Your newly pushed tag should be shown on the top. Create a new release from the tag. Generate the release notes, revise the release description and change logs, and publish the release.
  12. Announce the new release in the Notary Project community.
Commits

Updates github.com/onsi/gomega from 1.34.1 to 1.34.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.2

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Commits

Updates github.com/prometheus/client_golang from 1.20.0 to 1.20.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.2

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

v1.20.1

This release contains the critical fix for the issue. Thanks to @​geberl, @​CubicrootXYZ, @​zetaab and @​timofurrer for helping us with the investigation!

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on Linux machines. #1587
Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.2 / 2024-08-23

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587
Commits
  • 67121dc Merge pull request #1596 from mrueg/fix-uncompressed-content-header
  • 187acd4 Cut 1.20.2
  • f7f8f3a fix: Unset Content-Encoding header when uncompressed
  • 2254d6c Merge pull request #1587 from prometheus/fix-processcollector
  • 4a15d05 Cut 1.20.1
  • f2dd7b3 Use pedantic registry in other places too, to double check.
  • 261fe84 bugfix: Pass network metrics to processCollector's Describe() function
  • 5bf3341 Use NewPedanticRegistry in Process' Collector tests
  • See full diff in compare view

Updates github.com/sigstore/sigstore from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.9

What's Changed

Full Changelog: sigstore/sigstore@v1.8.8...v1.8.9

Commits
  • 4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
  • b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
  • 65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
  • 21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
  • ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
  • 615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
  • 6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
  • 075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
  • 0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
  • 26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.22.0 to 0.23.0

Commits

Updates google.golang.org/api from 0.190.0 to 0.196.0

Release notes

Sourced from google.golang.org/api's releases.

v0.196.0

0.196.0 (2024-09-03)

Features

v0.195.0

0.195.0 (2024-08-28)

Features

v0.194.0

0.194.0 (2024-08-22)

Features

Bug Fixes

  • gen: Change HttpBody.Data from string to any for monitoring:v1 (#2744) (eda6a59), refs #2304

v0.193.0

0.193.0 (2024-08-20)

Features

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.196.0 (2024-09-03)

Features

0.195.0 (2024-08-28)

Features

0.194.0 (2024-08-22)

Features

Bug Fixes

  • gen: Change HttpBody.Data from string to any for monitoring:v1 (#2744) (eda6a59), refs #2304

0.193.0 (2024-08-20)

Features

0.192.0 (2024-08-13)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-deps group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.2.1` | `3.3.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.75` | `7.0.76` |
| [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) | `1.0.3` | `1.1.0` |
| [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) | `1.1.1` | `1.2.0` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.34.1` | `1.34.2` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.20.0` | `1.20.2` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.8` | `1.8.9` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.22.0` | `0.23.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.190.0` | `0.196.0` |



Updates `github.com/Masterminds/semver/v3` from 3.2.1 to 3.3.0
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](Masterminds/semver@v3.2.1...v3.3.0)

Updates `github.com/minio/minio-go/v7` from 7.0.75 to 7.0.76
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](minio/minio-go@v7.0.75...v7.0.76)

Updates `github.com/notaryproject/notation-core-go` from 1.0.3 to 1.1.0
- [Release notes](https://github.com/notaryproject/notation-core-go/releases)
- [Commits](notaryproject/notation-core-go@v1.0.3...v1.1.0)

Updates `github.com/notaryproject/notation-go` from 1.1.1 to 1.2.0
- [Release notes](https://github.com/notaryproject/notation-go/releases)
- [Changelog](https://github.com/notaryproject/notation-go/blob/main/RELEASE_CHECKLIST.md)
- [Commits](notaryproject/notation-go@v1.1.1...v1.2.0)

Updates `github.com/onsi/gomega` from 1.34.1 to 1.34.2
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.34.1...v1.34.2)

Updates `github.com/prometheus/client_golang` from 1.20.0 to 1.20.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.20.0...v1.20.2)

Updates `github.com/sigstore/sigstore` from 1.8.8 to 1.8.9
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.8...v1.8.9)

Updates `golang.org/x/oauth2` from 0.22.0 to 0.23.0
- [Commits](golang/oauth2@v0.22.0...v0.23.0)

Updates `google.golang.org/api` from 0.190.0 to 0.196.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.190.0...v0.196.0)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/notaryproject/notation-core-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/notaryproject/notation-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency label Sep 5, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 5, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/go_modules/go-deps-369df8c48f branch September 5, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants