chore(deps): update all dependencies #32
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![narwhal-bot[bot]](https://avatars.githubusercontent.com/in/382791?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.86.0->v1.89.01.15.0->2.0.14v0.46.9->v0.46.131.21.6->1.22.2v0.17.0->v0.23.0v1.31.0->v1.33.0v3->v4v2->v3v4.5.0->v4.6.037.132.1->37.303.20.6.3->0.6.6Note: The
pre-commitmanager in Renovate is not supported by thepre-commitmaintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.HTTP/2 CONTINUATION flood in net/http
BIT-golang-2023-45288 / CVE-2023-45288 / GHSA-4v7x-pqxf-cx7m / GO-2024-2687
More information
Details
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames.
Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed.
This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send.
The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
GitHub Vulnerability Alerts
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
CVE-2024-24786 / GHSA-8r3f-844c-mc37 / GO-2024-2611
More information
Details
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Severity
Moderate
References
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Infinite loop in JSON unmarshaling in google.golang.org/protobuf
CVE-2024-24786 / GHSA-8r3f-844c-mc37 / GO-2024-2611
More information
Details
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Release Notes
antonbabenko/pre-commit-terraform (antonbabenko/pre-commit-terraform)
v1.89.0Compare Source
Features
v1.88.4Compare Source
Bug Fixes
v1.88.3Compare Source
Bug Fixes
terraform_providers_lock: Requireterraform init(andterraform_validatehook) run when only lockfile changed (#649) (02c1935)v1.88.2Compare Source
Bug Fixes
tracelog level (#645) (a2a2990)v1.88.1Compare Source
Bug Fixes
docker buildin arm64. Workaround till issue will be fixed incheckovitself (#635) (f255b05)v1.88.0Compare Source
Features
terragrunt_providers_lockhook (#632) (77940fd)v1.87.1Compare Source
Bug Fixes
mapfileto support Bash 3.2.57 pre-installed in macOS (#628) (01ab3f0)v1.87.0Compare Source
Features
Parallelismsection in README (#620) (6c6eca4)v1.86.1Compare Source
Bug Fixes
grep: warning: stray \ before /which pop-up ingrep 3.8(#625) (e1a93b2)defenseunicorns/build-harness (defenseunicorns/build-harness)
v2.0.14Compare Source
Miscellaneous Chores
v2.0.13Compare Source
Miscellaneous Chores
v2.0.12Compare Source
Miscellaneous Chores
v2.0.11Compare Source
Miscellaneous Chores
v2.0.10Compare Source
Miscellaneous Chores
v2.0.9Compare Source
Miscellaneous Chores
v2.0.8Compare Source
Miscellaneous Chores
v2.0.7Compare Source
Miscellaneous Chores
v2.0.6Compare Source
Miscellaneous Chores
v2.0.5Compare Source
Miscellaneous Chores
v2.0.4Compare Source
Miscellaneous Chores
v2.0.3Compare Source
Miscellaneous Chores
v2.0.2Compare Source
Miscellaneous Chores
v2.0.1Compare Source
Miscellaneous Chores
v2.0.0Compare Source
⚠ BREAKING CHANGES
Miscellaneous Chores
Build System
v1.15.6Compare Source
Miscellaneous Chores
v1.15.5Compare Source
Miscellaneous Chores
v1.15.4Compare Source
Miscellaneous Chores
v1.15.3Compare Source
Miscellaneous Chores
v1.15.2Compare Source
Miscellaneous Chores
v1.15.1Compare Source
Miscellaneous Chores
gruntwork-io/terratest (github.com/gruntwork-io/terratest)
v0.46.13Compare Source
Modules affected
dockerDescription
github.com/docker/dockerfrom24.0.7+incompatibleto24.0.9+incompatibleRelated links
v0.46.12Compare Source
Description
Related links
v0.46.11Compare Source
Modules affected
awsDescription
GetAmazonLinuxAmiEto search for Amazon Linux 2 AMIsRelated links
v0.46.10Compare Source
Modules affected
test-structuregitDescription
runValidateOnAllTerraformModulesfunction, which is used under the hood byValidateAllTerraformModulesandOPAEvalAllTerraformModules, to:git.GetRepoRootForDirE, instead of a hard-coded../../file path.Related links
golang/go (go)
v1.22.2v1.22.1v1.22.0v1.21.9v1.21.8v1.21.7protocolbuffers/protobuf-go (google.golang.org/protobuf)
v1.33.0Compare Source
v1.32.0Compare Source
Full Changelog: protocolbuffers/protobuf-go@v1.31.0...v1.32.0
This release contains commit protocolbuffers/protobuf-go@bfcd647, which fixes a denial of service vulnerability by preventing a stack overflow through a default maximum recursion limit. See https://github.com/golang/protobuf/issues/1583 and https://github.com/golang/protobuf/issues/1584 for details.
peter-evans/slash-command-dispatch (peter-evans/slash-command-dispatch)
v4Compare Source
peter-murray/workflow-application-token-action (peter-murray/workflow-application-token-action)
v3Compare Source
pre-commit/pre-commit-hooks (pre-commit/pre-commit-hooks)
v4.6.0: pre-commit-hooks v4.6.0Compare Source
Features
requirements-txt-fixer: remove duplicate packages.Migrating
fix-encoding-pragma: deprecated -- will be removed in 5.0.0. usepyupgrade or some other tool.
renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)
v37.303.2Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.303.2 for more changes
v37.303.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.303.1 for more changes
v37.302.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.302.0 for more changes
v37.301.6Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.301.6 for more changes
v37.301.5Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.301.5 for more changes
v37.301.4Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.301.4 for more changes
v37.301.3Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.301.3 for more changes
v37.301.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.301.1 for more changes
v37.300.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.300.1 for more changes
v37.296.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.296.0 for more changes
v37.286.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.286.0 for more changes
v37.284.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.284.1 for more changes
v37.278.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.278.0 for more changes
v37.277.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.277.0 for more changes
v37.276.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.276.0 for more changes
v37.275.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.275.0 for more changes
v37.274.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.274.0 for more changes
v37.273.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.273.0 for more changes
v37.272.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.272.0 for more changes
v37.271.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.271.1 for more changes
v37.271.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.271.0 for more changes
v37.270.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.270.0 for more changes
v37.269.5Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.269.5 for more changes
v37.269.4Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.269.4 for more changes
v37.269.3Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.269.3 for more changes
v37.269.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.269.0 for more changes
v37.267.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.267.1 for more changes
v37.266.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.266.0 for more changes
v37.265.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.265.0 for more changes
v37.264.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.264.0 for more changes
v37.263.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.263.0 for more changes
v37.262.2Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.262.2 for more changes
v37.262.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.262.1 for more changes
v37.262.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.262.0 for more changes
v37.261.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.261.0 for more changes
v37.260.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.260.0 for more changes
v37.258.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.258.0 for more changes
v37.256.2Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.256.2 for more changes
v37.256.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.256.1 for more changes
v37.256.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.256.0 for more changes
v37.255.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.255.0 for more changes
v37.254.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.254.0 for more changes
v37.253.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.253.1 for more changes
v37.252.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.252.1 for more changes
v37.252.0Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.252.0 for more changes
v37.250.1Compare Source
See https://github.com/renovatebot/renovate/releases/tag/37.250.1 for more changes
v37.250.0Compare Source
Se
Configuration
📅 Schedule: Branch creation - "after 4am and before 10am on Monday" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.