chore(deps): update dependency stacklok/minder to v0.0.65

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
stacklok/minder	patch	0.0.64 -> 0.0.65

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

stacklok/minder (stacklok/minder)

v0.0.65

Compare Source

What's Changed

• build(deps): bump github.com/thomaspoignant/go-feature-flag from 1.34.0 to 1.34.2 by @​dependabot in https://github.com/stacklok/minder/pull/4552
• build(deps): bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 by @​dependabot in https://github.com/stacklok/minder/pull/4553
• build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @​dependabot in https://github.com/stacklok/minder/pull/4551
• build(deps): bump actions/setup-node from 4.0.3 to 4.0.4 by @​dependabot in https://github.com/stacklok/minder/pull/4550
• Add new watermill handlers that get or refresh entities by properties and call another handler by @​jhrozek in https://github.com/stacklok/minder/pull/4545
• Disable the NATS tests temporarily again by @​jhrozek in https://github.com/stacklok/minder/pull/4555
• Revert "build(deps): bump github.com/thomaspoignant/go-feature-flag from 1.34.0 to 1.34.2 (#​4552)" by @​jhrozek in https://github.com/stacklok/minder/pull/4556
• Add template support to evaluation details. by @​blkt in https://github.com/stacklok/minder/pull/4532
• Add hint by provider class to the refreshAndDo handler by @​jhrozek in https://github.com/stacklok/minder/pull/4558
• Fix arguments passed to vulncheck template. by @​blkt in https://github.com/stacklok/minder/pull/4560
• Implement Gitlab event handling by @​JAORMX in https://github.com/stacklok/minder/pull/4559
• Update documentation for mindev, and add some handy debugging methods by @​evankanderson in https://github.com/stacklok/minder/pull/4548
• Allow customizing AckDeadline to allow for long-running sets of retries by @​evankanderson in https://github.com/stacklok/minder/pull/4549
• Fix data race in internal/entities/handlers/handler_test.go by @​evankanderson in https://github.com/stacklok/minder/pull/4566
• Use new path for trusty package URLs by @​JAORMX in https://github.com/stacklok/minder/pull/4567
• Remove backticks in vulncheck details template. by @​blkt in https://github.com/stacklok/minder/pull/4562
• Handle users deleted through the Keycloak management API, as well as through the Keycloak UI by @​evankanderson in https://github.com/stacklok/minder/pull/4563
• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in https://github.com/stacklok/minder/pull/4575
• build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by @​dependabot in https://github.com/stacklok/minder/pull/4574
• build(deps): bump mobx from 6.13.2 to 6.13.3 in /docs by @​dependabot in https://github.com/stacklok/minder/pull/4577
• build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.35 to 1.27.38 by @​dependabot in https://github.com/stacklok/minder/pull/4576
• build(deps): bump github.com/ThreeDotsLabs/watermill-sql/v3 from 3.0.3 to 3.1.0 by @​dependabot in https://github.com/stacklok/minder/pull/4580
• build(deps): bump docker/build-push-action from 6.7.0 to 6.8.0 by @​dependabot in https://github.com/stacklok/minder/pull/4581
• build(deps): bump github.com/nats-io/nats-server/v2 from 2.10.20 to 2.10.21 by @​dependabot in https://github.com/stacklok/minder/pull/4579
• Use the new handlers when evaluating repo webhooks by @​jhrozek in https://github.com/stacklok/minder/pull/4565
• Test otel instrumentation for panics. by @​blkt in https://github.com/stacklok/minder/pull/4582
• build(deps): bump docker/build-push-action from 6.8.0 to 6.9.0 by @​dependabot in https://github.com/stacklok/minder/pull/4592
• build(deps): bump github/codeql-action from 3.26.9 to 3.26.10 by @​dependabot in https://github.com/stacklok/minder/pull/4591
• build(deps): bump github.com/zitadel/oidc/v3 from 3.29.1 to 3.30.0 by @​dependabot in https://github.com/stacklok/minder/pull/4590
• Clean up test providers and move EntityToProtoMessage as top-level interface function by @​JAORMX in https://github.com/stacklok/minder/pull/4586
• Extend selectors to include provider name and class by @​jhrozek in https://github.com/stacklok/minder/pull/4583
• Store provider's refresh token and expiry if possible by @​JAORMX in https://github.com/stacklok/minder/pull/4588
• gitlab: don't use deprecated token database column by @​JAORMX in https://github.com/stacklok/minder/pull/4593
• build(deps): bump github.com/bufbuild/buf from 1.42.0 to 1.43.0 in /tools by @​dependabot in https://github.com/stacklok/minder/pull/4587
• Group otel-related updates into single PRs. by @​blkt in https://github.com/stacklok/minder/pull/4490
• build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.1 by @​dependabot in https://github.com/stacklok/minder/pull/4597
• build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.27.39 by @​dependabot in https://github.com/stacklok/minder/pull/4599
• build(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 by @​dependabot in https://github.com/stacklok/minder/pull/4589
• build(deps): bump github.com/openfga/go-sdk from 0.6.0 to 0.6.1 by @​dependabot in https://github.com/stacklok/minder/pull/4598
• build(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1 by @​dependabot in https://github.com/stacklok/minder/pull/4600
• Use one workflow for trivy by @​JAORMX in https://github.com/stacklok/minder/pull/4601
• GitHub: don't try to use OAuth token for github-app provider by @​JAORMX in https://github.com/stacklok/minder/pull/4594
• build(deps): bump github.com/docker/cli from 27.2.1+incompatible to 27.3.1+incompatible by @​dependabot in https://github.com/stacklok/minder/pull/4602
• build(deps): bump github.com/aws/aws-sdk-go-v2/service/sesv2 from 1.33.2 to 1.35.0 by @​dependabot in https://github.com/stacklok/minder/pull/4603
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.1.0 to 2.2.1 by @​dependabot in https://github.com/stacklok/minder/pull/4604
• Replace repository for entity in properties service by @​JAORMX in https://github.com/stacklok/minder/pull/4607
• Slight modification in properties fetch log by @​JAORMX in https://github.com/stacklok/minder/pull/4608
• Query Keycloak for user deletions every 5 minutes by @​eleftherias in https://github.com/stacklok/minder/pull/4615
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @​dependabot in https://github.com/stacklok/minder/pull/4622
• gitlab: Handle token refresh by @​JAORMX in https://github.com/stacklok/minder/pull/4606
• Adjust deadline on admin identity events as well as user events by @​evankanderson in https://github.com/stacklok/minder/pull/4617
• Pass along transaction to RetrieveAllPropertiesForEntity by @​jhrozek in https://github.com/stacklok/minder/pull/4633
• mindev: Use provider to construct entity protobufs by @​JAORMX in https://github.com/stacklok/minder/pull/4630
• gitlab: Handle query parameters in REST trait by @​JAORMX in https://github.com/stacklok/minder/pull/4632
• Update changelog and roadmap by @​ethomson in https://github.com/stacklok/minder/pull/4631
• Remove RefreshRepositoryByUpstreamID from the repo reconciler by @​jhrozek in https://github.com/stacklok/minder/pull/4620
• build(deps): bump github/codeql-action from 3.26.10 to 3.26.11 by @​dependabot in https://github.com/stacklok/minder/pull/4640
• build(deps): bump github.com/bufbuild/buf from 1.43.0 to 1.44.0 in /tools by @​dependabot in https://github.com/stacklok/minder/pull/4638
• build(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.0 by @​dependabot in https://github.com/stacklok/minder/pull/4639
• build(deps): bump github.com/aws/aws-sdk-go-v2/service/sesv2 from 1.35.0 to 1.35.1 by @​dependabot in https://github.com/stacklok/minder/pull/4635
• build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.40 by @​dependabot in https://github.com/stacklok/minder/pull/4637
• Use generic refresh and message forwarding to evaluator for profile init by @​jhrozek in https://github.com/stacklok/minder/pull/4634
• properties service: Don't fail if multiple entries are found by @​JAORMX in https://github.com/stacklok/minder/pull/4642
• Print entity status name if available by @​JAORMX in https://github.com/stacklok/minder/pull/4646
• Add eval details template for Trusty rule by @​eleftherias in https://github.com/stacklok/minder/pull/4645
• Add feature flag for improved evaluation details. by @​blkt in https://github.com/stacklok/minder/pull/4584
• build(deps): bump docker/setup-buildx-action from 3.7.0 to 3.7.1 by @​dependabot in https://github.com/stacklok/minder/pull/4652
• build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @​dependabot in https://github.com/stacklok/minder/pull/4653
• build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.31.0 to 1.32.0 by @​dependabot in https://github.com/stacklok/minder/pull/4655
• build(deps): bump golang.org/x/tools from 0.25.0 to 0.26.0 in /tools by @​dependabot in https://github.com/stacklok/minder/pull/4659
• build(deps): bump golang.org/x/crypto from 0.27.0 to 0.28.0 by @​dependabot in https://github.com/stacklok/minder/pull/4657
• build(deps): bump github.com/xanzy/go-gitlab from 0.109.0 to 0.110.0 by @​dependabot in https://github.com/stacklok/minder/pull/4656
• build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.40 to 1.27.41 by @​dependabot in https://github.com/stacklok/minder/pull/4658
• Add eval details template for deny-by-default rule. by @​blkt in https://github.com/stacklok/minder/pull/4647
• Enable the originating entity handlers by @​jhrozek in https://github.com/stacklok/minder/pull/4661
• origination: First get properties from provider before trying to persist by @​JAORMX in https://github.com/stacklok/minder/pull/4660
• Add additional test coverage for common functions in GitHub provider by @​gajananan in https://github.com/stacklok/minder/pull/4648
• Pass correct logger to watermill. by @​blkt in https://github.com/stacklok/minder/pull/4662
• gitlab: Add support for pull requests by @​JAORMX in https://github.com/stacklok/minder/pull/4641
• gitlab: Fix PR origination by @​JAORMX in https://github.com/stacklok/minder/pull/4665
• Use the AddOriginatingEntity/RemoveOriginatingEntity handlers to handle PRs in the webhook provider by @​jhrozek in https://github.com/stacklok/minder/pull/4663
• build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @​dependabot in https://github.com/stacklok/minder/pull/4672
• build(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.25.0 by @​dependabot in https://github.com/stacklok/minder/pull/4670
• build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @​dependabot in https://github.com/stacklok/minder/pull/4671
• build(deps): bump github.com/zitadel/oidc/v3 from 3.30.0 to 3.30.1 by @​dependabot in https://github.com/stacklok/minder/pull/4676
• build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.32.0 to 1.32.1 by @​dependabot in https://github.com/stacklok/minder/pull/4678
• build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.41 to 1.27.42 by @​dependabot in https://github.com/stacklok/minder/pull/4677
• Really fix PR origination by @​JAORMX in https://github.com/stacklok/minder/pull/4673
• build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 by @​dependabot in https://github.com/stacklok/minder/pull/4675
• cleanup/gitlab: Move repo and PR functions to relevant files by @​JAORMX in https://github.com/stacklok/minder/pull/4679
• gitlab: Move webhook handler functions to dedicated files by @​JAORMX in https://github.com/stacklok/minder/pull/4681
• build(deps): bump google.golang.org/protobuf from 1.34.3-0.20240906163944-03df6c145d96 to 1.35.1 in /tools by @​dependabot in https://github.com/stacklok/minder/pull/4669
• Add eval details template for mixed scripts by @​eleftherias in https://github.com/stacklok/minder/pull/4680
• Add eval details template for invisible characters by @​eleftherias in https://github.com/stacklok/minder/pull/4684
• Simplify the entity_add handlers in preparation for using the NewGetEntityAndDeleteHandler" by @​jhrozek in https://github.com/stacklok/minder/pull/4685
• Remove dead code that was added speculatively by @​evankanderson in https://github.com/stacklok/minder/pull/4689
• build(deps): bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 by @​dependabot in https://github.com/stacklok/minder/pull/4691
• build(deps): bump github.com/go-critic/go-critic from 0.11.4 to 0.11.5 in /tools by @​dependabot in https://github.com/stacklok/minder/pull/4696
• build(deps): bump github.com/styrainc/regal from 0.27.0 to 0.28.0 by @​dependabot in https://github.com/stacklok/minder/pull/4695
• Do not forward messages for archived and/or private repos by @​jhrozek in https://github.com/stacklok/minder/pull/4687
• Remove reconciling of artifacts during repo reconciliation by @​jhrozek in https://github.com/stacklok/minder/pull/4686
• build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.32.1 to 1.32.2 by @​dependabot in https://github.com/stacklok/minder/pull/4692
• build(deps): bump github.com/bufbuild/buf from 1.44.0 to 1.45.0 in /tools by @​dependabot in https://github.com/stacklok/minder/pull/4697
• EEA: Rely on central entities table as opposed to per-entity table by @​JAORMX in https://github.com/stacklok/minder/pull/4664
• Use the originating handlers for handling package published messages in the github webhook by @​jhrozek in https://github.com/stacklok/minder/pull/4668
• Drop the use of fetchRepo and its RefreshRepositoryByUpstreamID when deleting a repository by @​jhrozek in https://github.com/stacklok/minder/pull/4702
• fix flaky installation_repositories added test from TestHandleGitHubAppWebHook by @​JAORMX in https://github.com/stacklok/minder/pull/4711
• Add CVE-2024-47534 to trivyignore file by @​JAORMX in https://github.com/stacklok/minder/pull/4712
• Use single and unique entity ID to deal with entity info wrapper by @​JAORMX in https://github.com/stacklok/minder/pull/4704

Full Changelog: mindersec/minder@v0.0.64...v0.0.65

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/minder:0.0.65

📦 Image Reference ghcr.io/uniget-org/tools/minder:0.0.65

digest	sha256:c1b7bb6e16b27867ab0f7a87bc2f26ac8b63ff09a6d8ca5f62d4a9aff79533cb
vulnerabilities
platform	linux/amd64
size	25 MB
packages	213

github.com/theupdateframework/go-tuf 0.7.0 (golang) pkg:golang/github.com/theupdateframework/go-tuf@0.7.0 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <2.0.1 Fixed version 2.0.1 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Description During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the test in this PR: theupdateframework/tuf-conformance#115. The test - test_graph_traversal - sets up a repository with a series of delegations, invokes the clients refresh() and then checks the order in which the client traced the delegations. The test shows that the go-tuf client inconsistently traces the delegations in a wrong way. For example, during one CI run, the two-level-delegations test case triggered a wrong order. The delegations in this look as such: "two-level-delegations": DelegationsTestCase( delegations=[ DelegationTester("targets", "A"), DelegationTester("targets", "B"), DelegationTester("B", "C"), ], visited_order=["A", "B", "C"], ), Here, targets delegate to "A", and to "B", and "B" delegates to "C". The client should trace the delegations in the order "A" then "B" then "C" but in this particular CI run, go-tuf traced the delegations "B"->"C"->"A". In a subsequent CI run, this test case did not fail, but another one did. @jku has done a bit of debugging and believes that the returned map of GetRolesForTarget returns a map that causes this behavior: https://github.com/theupdateframework/go-tuf/blob/f95222bdd22d2ac4e5b8ed6fe912b645e213c3b5/metadata/metadata.go#L565-L580 We believe that this map should be an ordered list instead of a map.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11270463825.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/11270463825.