Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the backend group with 6 updates #2

Merged
merged 1 commit into from
Nov 23, 2024
Merged

Bump the backend group with 6 updates #2

merged 1 commit into from
Nov 23, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 23, 2024
edited by sourcery-ai bot
Loading

Bumps the backend group with 6 updates:

Package From To
github.com/Masterminds/semver/v3 3.3.0 3.3.1
github.com/aquasecurity/trivy 0.57.0 0.57.1
github.com/stretchr/testify 1.9.0 1.10.0
github.com/tektoncd/pipeline 0.65.1 0.65.2
google.golang.org/api 0.205.0 0.209.0
helm.sh/helm/v3 3.16.2 3.16.3

Updates github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits
  • 1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
  • 252dd61 Fix for allowing some version that were invalid
  • See full diff in compare view

Updates github.com/aquasecurity/trivy from 0.57.0 to 0.57.1

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.57.1

⚡Release highlights and summary⚡

👉aquasecurity/trivy#7951

Changelog

https://github.com/aquasecurity/trivy/blob/release/v0.57/CHANGELOG.md#0571-2024-11-18

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.57.1 (2024-11-18)

Bug Fixes

  • Update registry fallbacks [backport: release/v0.57] (#7944) (cd0d128)
  • redhat: don't return error if root/buildinfo/content_manifests/ contains files that are not contentSets files [backport: release/v0.57] (#7939) (7dd70dc)
Commits
  • b7947b3 release: v0.57.1 [release/v0.57] (#7943)
  • cd0d128 feat: Update registry fallbacks [backport: release/v0.57] (#7944)
  • 7dd70dc fix(redhat): don't return error if root/buildinfo/content_manifests/ contai...
  • 3d537b9 test: change branch in spdx schema link to check in integration tests [backpo...
  • See full diff in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

Fixes

Documantation, Build & CI

New Contributors

... (truncated)

Commits
  • 89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
  • 07bac60 Merge pull request #1667 from sikehish/flaky
  • 716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
  • 118fb83 NotSame should fail if args are not pointers #1661 (#1664)
  • 7d99b2b attempt 2
  • 05f87c0 more similar
  • ea7129e better fmt
  • a1b9c9e Merge pull request #1663 from ybrustin/master
  • 8302de9 Merge branch 'master' into master
  • 89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 0.65.1 to 0.65.2

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.65.2 "Sokoke Herbie"

-Docs @ v0.65.2 -Examples @ v0.65.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.2/release.yaml
REKOR_UUID=108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.2@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

... (truncated)

Commits
  • 7b76131 Use io.ReadFull to read the bundle content
  • 9664cb4 Fix StepAction support in Cluster resolver
  • See full diff in compare view

Updates google.golang.org/api from 0.205.0 to 0.209.0

Release notes

Sourced from google.golang.org/api's releases.

v0.209.0

0.209.0 (2024-11-21)

Features

v0.208.0

0.208.0 (2024-11-20)

Features

  • all: Auto-regenerate discovery clients (#2881) (44435a9)
  • gensupport: Per-chunk transfer timeout configs (09fa125)
  • gensupport: Per-chunk transfer timeout configs (#2865) (09fa125)

v0.207.0

0.207.0 (2024-11-19)

Features

v0.206.0

0.206.0 (2024-11-14)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.209.0 (2024-11-21)

Features

0.208.0 (2024-11-20)

Features

  • all: Auto-regenerate discovery clients (#2881) (44435a9)
  • gensupport: Per-chunk transfer timeout configs (09fa125)
  • gensupport: Per-chunk transfer timeout configs (#2865) (09fa125)

0.207.0 (2024-11-19)

Features

0.206.0 (2024-11-14)

Features

Commits

Updates helm.sh/helm/v3 from 3.16.2 to 3.16.3

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.16.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.16.3. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.16.4 is the next patch release and will be on December 11, 2024
  • 3.17.0 is the next feature release and will be on January 15, 2025

Changelog

  • fix: fix label name cfd07493f46efc9debd9cc1b02a0961186df7fdf (wangjingcun)
  • Fix typo in pkg/lint/rules/chartfile_test.go a303060fc60bc713cd0757503b3fcb4636b14f34 (Zach Burgess)
  • Increasing the size of the runner used for releases. ab45e8a861e929e40163a7ad5a8636cb41f381ac (Matt Farina)
  • fix(hooks): correct hooks delete order 19fe320ae87e8d1d4bc1952d9da8ea2fe435aa6e (Suleiman Dibirov)
  • Bump github.com/containerd/containerd from 1.7.12 to 1.7.23 4fcc5c2cadf49d1399adfdbc5ab7222b2dff1d5b (dependabot[bot])
Commits
  • cfd0749 fix: fix label name
  • a303060 Fix typo in pkg/lint/rules/chartfile_test.go
  • ab45e8a Increasing the size of the runner used for releases.
  • 19fe320 fix(hooks): correct hooks delete order
  • 4fcc5c2 Bump github.com/containerd/containerd from 1.7.12 to 1.7.23
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by Sourcery

Bump various dependencies in the backend group to their latest versions to incorporate bug fixes and improvements.

Enhancements:

  • Update github.com/Masterminds/semver/v3 from version 3.3.0 to 3.3.1.
  • Update github.com/aquasecurity/trivy from version 0.57.0 to 0.57.1.
  • Update github.com/stretchr/testify from version 1.9.0 to 1.10.0.
  • Update github.com/tektoncd/pipeline from version 0.65.1 to 0.65.2.
  • Update google.golang.org/api from version 0.205.0 to 0.209.0.
  • Update helm.sh/helm/v3 from version 3.16.2 to 3.16.3.

@dependabot
Bump the backend group with 6 updates
874d8c0 
Bumps the backend group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.3.0` | `3.3.1` |
| [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) | `0.57.0` | `0.57.1` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.9.0` | `1.10.0` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `0.65.1` | `0.65.2` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.205.0` | `0.209.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.16.2` | `3.16.3` |


Updates `github.com/Masterminds/semver/v3` from 3.3.0 to 3.3.1
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](Masterminds/semver@v3.3.0...v3.3.1)

Updates `github.com/aquasecurity/trivy` from 0.57.0 to 0.57.1
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/v0.57.1/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.57.0...v0.57.1)

Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.9.0...v1.10.0)

Updates `github.com/tektoncd/pipeline` from 0.65.1 to 0.65.2
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v0.65.1...v0.65.2)

Updates `google.golang.org/api` from 0.205.0 to 0.209.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.205.0...v0.209.0)

Updates `helm.sh/helm/v3` from 3.16.2 to 3.16.3
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.16.2...v3.16.3)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/tektoncd/pipeline
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 23, 2024
@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Nov 23, 2024
edited
Loading

Reviewer's Guide by Sourcery

This PR updates 6 backend dependencies to their latest patch or minor versions. The changes are primarily bug fixes, security updates, and minor feature enhancements across the dependencies.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Update Masterminds/semver to fix version validation
  • Fix for allowing some versions that were previously invalid
 go.mod
go.sum
Update Trivy with registry and RedHat-related fixes
  • Update registry fallbacks
  • Fix error handling for RedHat content manifests
 go.mod
go.sum
Update testify with new features and bug fixes
  • Add new assertions: NotElementsMatch, NotErrorAs
  • Add support for in-order mock calls
  • Fix time.Time comparisons
  • Fix NotSame pointer validation
  • Make YAML dependency pluggable via build tags
 go.mod
go.sum
Update Tekton Pipeline with bug fixes
  • Fix bundle content reading
  • Fix StepAction support in Cluster resolver
 go.mod
go.sum
Update Google API client with feature additions
  • Add support for user loggers
  • Add per-chunk transfer timeout configs
  • Auto-regenerate discovery clients
 go.mod
go.sum
Update Helm with hook and security fixes
  • Fix hooks delete order
  • Fix label name
  • Update containerd dependency for security
 go.mod
go.sum
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Nov 23, 2024

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 23, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

@NxPKG NxPKG merged commit 1faa2c8 into master Nov 23, 2024
14 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/backend-aefccd6af4 branch November 23, 2024 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@NxPKG