8000 Update Go Dependencies by red-hat-konflux[bot] · Pull Request #394 · securesign/cosign · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Update Go Dependencies #394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Update Go Dependencies #394

wants to merge 4 commits into from

Conversation

red-hat-konflux[bot]
Copy link
@red-hat-konflux red-hat-konflux bot commented May 18, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
cloud.google.com/go indirect minor v0.120.0 -> v0.121.1
cloud.google.com/go/auth indirect minor v0.15.0 -> v0.16.1
cloud.google.com/go/auth/oauth2adapt indirect patch v0.2.7 -> v0.2.8
cloud.google.com/go/compute/metadata indirect minor v0.6.0 -> v0.7.0
cloud.google.com/go/iam indirect patch v1.5.0 -> v1.5.2
cloud.google.com/go/kms indirect patch v1.21.1 -> v1.21.2
cloud.google.com/go/longrunning indirect patch v0.6.6 -> v0.6.7
cuelang.org/go require patch v0.12.0 -> v0.12.1
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider indirect minor v0.14.0 -> v0.18.1
github.com/Azure/azure-sdk-for-go/sdk/azcore indirect minor v1.17.0 -> v1.18.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity indirect minor v1.8.1 -> v1.10.0
github.com/Azure/azure-sdk-for-go/sdk/internal indirect minor v1.10.0 -> v1.11.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys indirect patch v1.3.0 -> v1.3.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal indirect patch v1.1.0 -> v1.1.1
github.com/Azure/go-autorest/autorest indirect patch v0.11.29 -> v0.11.30
github.com/Azure/go-autorest/autorest/adal indirect patch v0.9.23 -> v0.9.24
github.com/Azure/go-autorest/autorest/azure/auth indirect patch v0.5.12 -> v0.5.13
github.com/Azure/go-autorest/autorest/azure/cli indirect patch v0.4.6 -> v0.4.7
github.com/Azure/go-autorest/autorest/date indirect patch v0.3.0 -> v0.3.1
github.com/Azure/go-autorest/logger indirect patch v0.2.1 -> v0.2.2
github.com/Azure/go-autorest/tracing indirect patch v0.6.0 -> v0.6.1
github.com/AzureAD/microsoft-authentication-library-for-go indirect minor v1.3.2 -> v1.4.2
github.com/ThalesIgnite/crypto11 require minor v1.2.5 -> v1.4.1
github.com/agnivade/levenshtein indirect patch v1.2.0 -> v1.2.1
github.com/alibabacloud-go/alibabacloud-gateway-spi indirect patch v0.0.4 -> v0.0.5
github.com/alibabacloud-go/debug indirect patch v1.0.0 -> v1.0.1
github.com/alibabacloud-go/openapi-util indirect patch v0.1.0 -> v0.1.1
github.com/alibabacloud-go/tea indirect minor v1.2.1 -> v1.3.9
github.com/aliyun/credentials-go indirect minor v1.3.2 -> v1.4.6
github.com/aws/smithy-go indirect patch v1.22.2 -> v1.22.3
github.com/cloudflare/circl indirect minor v1.3.7 -> v1.6.1
github.com/docker/docker-credential-helpers indirect minor v0.8.2 -> v0.9.3
github.com/emicklei/proto indirect minor v1.13.4 -> v1.14.1
github.com/fsnotify/fsnotify indirect minor v1.8.0 -> v1.9.0
github.com/go-openapi/errors indirect patch v0.22.0 -> v0.22.1
github.com/go-openapi/jsonpointer indirect patch v0.21.0 -> v0.21.1
github.com/go-openapi/swag require patch v0.23.0 -> v0.23.1
github.com/hashicorp/go-secure-stdlib/parseutil indirect minor v0.1.7 -> v0.2.0
github.com/hashicorp/go-sockaddr indirect patch v1.0.5 -> v1.0.7
github.com/in-toto/attestation indirect patch v1.1.0 -> v1.1.1
github.com/klauspost/compress indirect minor v1.17.11 -> v1.18.0
github.com/letsencrypt/boulder indirect digest de9c061 -> ac2dae7
github.com/magiconair/properties indirect patch v1.8.9 -> v1.8.10
github.com/mailru/easyjson indirect minor v0.7.7 -> v0.9.0
github.com/open-policy-agent/opa require minor v1.1.0 -> v1.4.2
github.com/prometheus/client_golang indirect minor v1.20.5 -> v1.22.0
github.com/prometheus/client_model indirect patch v0.6.1 -> v0.6.2
github.com/prometheus/common indirect minor v0.62.0 -> v0.64.0
github.com/prometheus/procfs indirect minor v0.15.1 -> v0.16.1
github.com/sagikazarmark/locafero indirect minor v0.4.0 -> v0.9.0
github.com/sigstore/fulcio require minor v1.6.6 -> v1.7.1
github.com/sigstore/protobuf-specs require patch v0.4.0 -> v0.4.2
github.com/sigstore/rekor require patch v1.3.9 -> v1.3.10
github.com/sigstore/sigstore require patch v1.9.1 -> v1.9.4
github.com/sigstore/sigstore-go require patch v0.7.0 -> v0.7.3
github.com/sigstore/sigstore/pkg/signature/kms/aws require patch v1.9.1 -> v1.9.4
github.com/sigstore/sigstore/pkg/signature/kms/azure require minor v1.8.15 -> v1.9.4
github.com/sigstore/sigstore/pkg/signature/kms/gcp require minor v1.8.15 -> v1.9.4
github.com/sigstore/sigstore/pkg/signature/kms/hashivault require minor v1.8.15 -> v1.9.4
github.com/sigstore/timestamp-authority require patch v1.2.4 -> v1.2.7
github.com/spf13/afero indirect minor v1.11.0 -> v1.14.0
github.com/spf13/cast indirect minor v1.7.0 -> v1.8.0
github.com/spf13/viper require minor v1.19.0 -> v1.20.1
github.com/vbatts/tar-split indirect minor v0.11.6 -> v0.12.1
gitlab.com/gitlab-org/api/client-go require minor v0.123.0 -> v0.128.0
go.mongodb.org/mongo-driver indirect minor v1.14.0 -> v1.17.3
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc indirect minor v0.59.0 -> v0.60.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp indirect minor v0.59.0 -> v0.60.0
go.step.sm/crypto indirect minor v0.57.0 -> v0.63.0
golang.org/x/crypto indirect minor v0.31.0 -> v0.38.0
golang.org/x/crypto require minor v0.37.0 -> v0.38.0
golang.org/x/exp indirect digest 7e4ce0a -> ce4c2cf
golang.org/x/net indirect minor v0.39.0 -> v0.40.0
golang.org/x/oauth2 require minor v0.28.0 -> v0.30.0
golang.org/x/sync require minor v0.13.0 -> v0.14.0
golang.org/x/sys indirect minor v0.32.0 -> v0.33.0
golang.org/x/term require minor v0.31.0 -> v0.32.0
golang.org/x/text indirect minor v0.24.0 -> v0.25.0
golang.org/x/tools indirect minor v0.32.0 -> v0.33.0
google.golang.org/api require minor v0.227.0 -> v0.233.0
google.golang.org/genproto indirect digest de1ac95 -> 5a2f75b
google.golang.org/genproto/googleapis/api indirect digest de1ac95 -> 5a2f75b
google.golang.org/genproto/googleapis/rpc indirect digest 207652e -> 5a2f75b
k8s.io/api require minor v0.28.3 -> v0.33.1
k8s.io/apimachinery require minor v0.28.3 -> v0.33.1
k8s.io/client-go require minor v0.28.3 -> v0.33.1
k8s.io/utils require digest 1f6e0b7 -> 0f33e8f
sigs.k8s.io/release-utils require patch v0.11.0 -> v0.11.1

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

googleapis/google-cloud-go (cloud.google.com/go)

v0.121.1

Compare Source

Bug Fixes
  • civil: Add support for civil.Date, civil.Time and civil.DateTime arguments to their respective Scan methods (#​12240) (7127ce9), refs #​12060

v0.121.0

Compare Source

Features

v0.120.1

Compare Source

Bug Fixes
cue-lang/cue (cuelang.org/go)

v0.12.1

Compare Source

Evaluator

Embedding binary files like @embed(file="foo", type=binary) no longer interprets the files as Unicode text, which mangled invalid UTF-8 bytes.

cmd/cue

The release archives are now built with Go 1.24, which should fix cue get go when used with Go installed at version 1.24.

Full list of changes since v0.12.0
AliyunContainerService/ack-ram-tool (github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider)

v0.18.1

Compare Source

Changelog

中国大陆地区下载地址:

v0.18.0

Compare Source

Changelog

中国大陆地区下载地址:

v0.17.1

Compare Source

Changelog

  • d425e39 Merge remote-tracking branch 'origin/develop'
  • 7671f4a Merge remote-tracking branch 'origin/main' into develop
  • 64c4fc5 Merge remote-tracking branch 'origin/main' into develop
  • 88a1610 build(deps): bump actions/setup-go from 4 to 5 (#​318)
  • 482a236 build(deps): bump actions/setup-go from 4 to 5 (#​318)
  • b590bf2 build(deps): bump alpine from 3.18.4 to 3.19.0 (#​324)
  • ef14720 build(deps): bump alpine from 3.18.4 to 3.19.0 (#​324)
  • fe689bb build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go (#​322)
  • 5c8586c build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go (#​322)
  • 8b8890d build(deps): bump github.com/go-logr/zapr from 1.2.4 to 1.3.0 (#​311)
  • c78622c build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#​320)
  • 4710244 build(deps): bump k8s.io/client-go from 0.28.1 to 0.29.0 (#​321)
  • 6abf9e2 build(deps): bump k8s.io/client-go from 0.28.1 to 0.29.0 (#​321)
  • 8307e67 build(deps): bump pycryptodome in /examples/rrsa/python3-sdk (#​325)
  • b72fbae build(deps): bump pycryptodome in /examples/rrsa/python3-sdk (#​325)
  • 7558c4b cli: show debug info when startup for debug mode
  • dc955b9 examples: setting RAMIdentityMapping for test
  • 65165bf examples: update docs
  • 5dfaade ramauthenticator: remove needless header
  • 78aa394 rrsa: improve cluster type check

中国大陆地区下载地址:

v0.17.0

Changelog

  • 227c4c2 chore: fix lint
  • a5783bc chore: upgrade deps
  • debdeb1 cli: add more rbac utils sub-commands
  • 7ea5187 openapi: add ListRoles, ListUsers, DescribeClustersV1
  • 67fed20 update vendor
  • 2225b31 Makefile: add build-all
  • ef17c0b chore: fix lint
  • c276ada examples: add e2e test for authenticator and rbac
  • e3a4468 log: change to use capitalcolor as DefaultLogLevelEncoder
  • 0a54361 log: support save logger into context
  • 5be7fe0 openapi: add GetCallerIdentity
  • 8e75716 rbac: add precheck before cleanup
  • 584edc5 rbac: add warn for not include all users
  • e3e792d rbac: backup binding before delete it
  • 60ae5ac rbac: check cluster state when scan all clusters
  • 34b1d79 rbac: display the audit log details
  • ca61c4c rbac: fix precheck parse failed
  • fa1aaaf rbac: raise error when no users/roles found
  • f4b4d34 rbac: remove --all-deleted-users flag
  • 1eaf0b9 rbac: scan-user-permissions support scan all clusters
  • 32d3374 rbac: skip delete bindings in local
  • f1a1a74 rbac: support cleanup atction for all clusters
  • 599de60 rbac: support cleanup one cluster bindings for all deleted users
  • 0148683 Merge remote-tracking branch 'origin/develop'
  • dcafec7 build(deps): bump aiohttp in /examples/rrsa/python3-sdk (#​301)
  • ded0c16 build(deps): bump cryptography in /examples/rrsa/python3-sdk (#​305)
  • 33c025e example: [java sdk] add example for credConf.setSTSEndpoint
  • b9a4bb7 examples: setting RAMIdentityMapping for test

中国大陆地区下载地址:

v0.16.0

Changelog

  • 73742a1 Merge remote-tracking branch 'origin/develop'
  • e794cf4 chore: fix lint
  • b867099 chore: improve lint
  • 4f06f40 chore: prepare for v0.16.0
  • 2b6db5d credential-plugin: add Expiration to then token
  • c83a6e4 credential-plugin: change to generate v2 version of ack-ram-authenticator token
  • e491579 website: fix missing files

中国大陆地区下载地址:

v0.15.1

Compare Source

v0.15.0

Compare Source

Changelog

  • dbc04a5 Merge remote-tracking branch 'origin/develop'
  • 4490c21 Merge remote-tracking branch 'origin/main' into develop
  • 9199622 add --role-arn to support assume role
  • f689eff build(deps): bump alpine from 3.18.2 to 3.18.3 (#​267)
  • 0988430 build(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#​262)
  • 1de513f build(deps): bump k8s.io/client-go from 0.27.2 to 0.28.1 (#​264)
  • ff9c911 build(deps): bump securego/gosec from 2.16.0 to 2.17.0 (#​259)
  • ebd14c0 chore: add debug log for sts endpoint
  • 0f315b0 chore: add lint
  • 6ff643e chore: improve debug log
  • 447262b chore: prepare v0.15.0
  • c57a438 chore: upgrade dependencies
  • 14edf57 credential-plugin: add path info the cache hash
  • b26315b credentials: support vpc endpoint and don't ignroe error when get credentials from aliyun cli config files
  • e46268a examples: upgrade dependencies
  • 35d2bae examples: upgrade dependencies
  • a989fe2 export-credentials: add --role-arn flag
  • 73c88a3 provider: add FunctionProvider
  • 3fd3cd6 provider: add NewDefaultChainProvider and GetSTSEndpoint
  • ecd0068 provider: add STSTokenProvider
  • d5d35ed provider: add SetExpiration method to STSTokenProvider
  • 651730b provider: add debug mode
  • 71c7c71 provider: allow setting arn and token file by OIDCProviderOptions
  • 16f0d0a provider: change Credentials.DeepCopy() to return *Credentials
  • 5cfe447 provider: improve debug mode
  • 110042d provider: let EnvProvider support ALIBABA_CLOUD_SECURITY_TOKEN
  • c0d261a provider: let RefreshPeriod to 0 by default
  • f5626a9 provider: support using session name from env

中国大陆地区下载地址:

AzureAD/microsoft-authentication-library-for-go (github.com/AzureAD/microsoft-authentication-library-for-go)

v1.4.2

Compare Source

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.4.1...v1.4.2

v1.4.1

Compare Source

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.4.0...v1.4.1

v1.4.0

Compare Source

Release Summary: Add Managed Identity Support
Overview

This Release introduces Managed Identity support to the Microsoft Authentication Library for Go through a new client. The new client supports multiple sources for managed identities, including:

  • IMDS
  • Azure Arc
  • Service Fabric
  • App Service
  • Azure Machine Learning
  • Cloud Shell

The client can handle both System Assigned Managed Identities and User Assigned Managed Identities.
For user-assigned identities, you can specify:

  • Client ID
  • Resource ID
  • Object ID
Key Changes
  • New Managed Identity Client: Added a new client to handle managed identity authentication.
  • Multiple Sources Support: The client supports various managed identity sources, enhancing flexibility and usability.
  • Tests: Comprehensive tests have been added to ensure the reliability and correctness of the new functionality.
  • Documentation: Updated documentation to include details on the new managed identity client and usage instructions.
Code Sample

Here's a basic example of how to use the new managed identity client to acquire a token:

package main

import (
    "context"
    "fmt"
    "github.com/AzureAD/microsoft-authentication-library-for-go/msal"
)

func main() {
	miSystemAssigned, err := mi.New(mi.SystemAssigned())
	if err != nil {
		log.Fatal(err)
	}
	result, err := miSystemAssigned.AcquireToken(context.TODO(), "https://management.azure.com")
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println("token expire at : ", result.ExpiresOn)
}

v1.3.3

Compare Source

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.3.2...v1.3.3

ThalesIgnite/crypto11 (github.com/ThalesIgnite/crypto11)

v1.4.1

Compare Source

What's Changed

New Contributors

Full Changelog: ThalesGroup/crypto11@v1.4.0...v1.4.1

v1.4.0

Compare Source

What's Changed

New Contributors

Full Changelog: ThalesGroup/crypto11@v1.3.0...v1.4.0

v1.3.0

Compare Source

What's Changed

New Contributors

Full Changelog: ThalesGroup/crypto11@v1.2.1...v1.3.0

agnivade/levenshtein (github.com/agnivade/levenshtein)

v1.2.1

Compare Source

alibabacloud-go/alibabacloud-gateway-spi (github.com/alibabacloud-go/alibabacloud-gateway-spi)

v0.0.5

Compare Source

alibabacloud-go/debug (github.com/alibabacloud-go/debug)

v1.0.1

Compare Source

What's Changed

Full Changelog: alibabacloud-go/debug@v1.0.0...v1.0.1

alibabacloud-go/openapi-util (github.com/alibabacloud-go/openapi-util)

v0.1.1

Compare Source

Update tea-util.

alibabacloud-go/tea (github.com/alibabacloud-go/tea)

v1.3.9

Compare Source

v1.3.8

Compare Source

  • Add runtime retry options
  • Fixed the default judge logic
  • Fixed the ToMap

v1.3.7

Compare Source

v1.3.6

Compare Source

v1.3.5

Compare Source

v1.3.4

Compare Source

v1.3.3

Compare Source

v1.3.2: Rlease v1.3.2

Compare Source

  • fix the ReadAsSSE as stream.go

[v1.3.1](https://redirect.github.com/alibabacloud-go/tea/compare/v1.3.0...v

@sourcery-ai Sourcery AI
Copy link
sourcery-ai bot commented May 18, 2025
edited
Loading

Reviewer's Guide

This PR refreshes the project’s dependency graph by bumping a large set of direct and indirect modules to their latest patch or minor versions, ensuring compatibility with updated Go, cloud SDKs, observability, security and cryptography libraries.

File-Level Changes

Change Details Files
Extensive dependency version upgrades in main go.mod
  • Bump core libraries (cuelang.org/go, crypto11, openapi swag) to latest releases
  • Upgrade policy and signature toolchain (OPA, sigstore, rekor, fulcio, timestamp-authority)
  • Update cloud SDKs across GCP, Azure, AWS, Alibaba and Kubernetes clients
  • Refresh observability dependencies (Prometheus client, OpenTelemetry instrumentation)
  • Miscellaneous version bumps (spf13/viper, golang.org/x modules, smallstep crypto, tar-split)
 go.mod
Sync indirect crypto dependency in test fixture
  • Update golang.org/x/crypto version to match main go.mod
 test/fakeoidc/go.mod
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@openshift-ci OpenShift CI
Copy link
openshift-ci bot commented May 18, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tommyd450
Copy link

/retest

red-hat-konflux bot and others added 4 commits May 19, 2025 10:22
@red-hat-konflux @tommyd450
Update Go Dependencies
2ccc605 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@tommyd450
Bumping Brew Image
f7cc8de
@tommyd450
Updating Dependency ref
fded88b
@tommyd450
Gating Deps to 1.23.6
ffaffca
@tommyd450 tommyd450 force-pushed the konflux/mintmaker/main/go-deps branch from 1b4086e to ffaffca Compare May 19, 2025 09:23
@red-hat-konflux Red Hat Konflux
Copy link
Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tommyd450
0