8000 chore(deps): Bump the go_modules group across 2 directories with 12 updates by dependabot[bot] · Pull Request #20 · sredevopsorg/kluctl · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore(deps): Bump the go_modules group across 2 directories with 12 updates #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): Bump the go_modules group across 2 directories with 12 updates #20

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
@dependabot dependabot bot commented on behalf of github Mar 20, 2024

Bumps the go_modules group with 8 updates in the / directory:

Package From To
golang.org/x/crypto 0.13.0 0.17.0
golang.org/x/net 0.15.0 0.17.0
helm.sh/helm/v3 3.12.3 3.14.3
github.com/go-git/go-git/v5 5.9.0 5.11.0
github.com/cloudflare/circl 1.3.3 1.3.7
github.com/go-jose/go-jose/v3 3.0.0 3.0.3
github.com/opencontainers/runc 1.1.6 1.1.12
google.golang.org/protobuf 1.31.0 1.33.0
Bumps the go_modules group with 5 updates in the /internal/ipfs-exchange-info directory:
Package From To
golang.org/x/crypto 0.10.0 0.17.0
golang.org/x/net 0.10.0 0.17.0
google.golang.org/protobuf 1.30.0 1.33.0
github.com/libp2p/go-libp2p 0.27.6 0.27.8
github.com/quic-go/quic-go 0.33.0 0.37.7

Updates golang.org/x/crypto from 0.13.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.15.0 to 0.17.0

Commits
  • b225e7c http2: limit maximum handler goroutines to MaxConcurrentStreams
  • 88194ad go.mod: update golang.org/x dependencies
  • 2b60a61 quic: fix several bugs in flow control accounting
  • 73d82ef quic: handle DATA_BLOCKED frames
  • 5d5a036 quic: handle streams moving from the data queue to the meta queue
  • 350aad2 quic: correctly extend peer's flow control window after MAX_DATA
  • 21814e7 quic: validate connection id transport parameters
  • a600b35 quic: avoid redundant MAX_DATA updates
  • ea63359 http2: check stream body is present on read timeout
  • ddd8598 quic: version negotiation
  • Additional commits viewable in compare view

Updates helm.sh/helm/v3 from 3.12.3 to 3.14.3

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.14.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.14.3. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.14.4 will contain only bug fixes and be released on April 10, 2024.
  • 3.15.0 is the next feature release and will be on May 08, 2024.

Changelog

  • Add a note about --dry-run displaying secrets f03cc04caaa8f6d7c3e67cf918929150cf6f3f12 (Matt Farina)
  • add error messages 1a7330fe3802beeb3f897a1c701d8a4b9c1316c5 (George Jenkins)
  • Fix: Ignore alias validation error for index load d6acc0027dca47dec40ccdd66febd0c8bcf4813f (George Jenkins)
  • chore(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.12 b2738fb782d149ffa4748cb0ee78d674986d04b0 (dependabot[bot])
  • chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.5.0 to 1.5.2 5b0847e0e763e98bcbf8a12e8f9c5f7c11d123a1 (dependabot[bot])
  • Update architecture detection method 7e18c39f0753c73e4660f3796f01f5b33f2552b5 (weidongkl)

Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Jakub Ciolek with AlphaSense discovered the vulnerability.

Installation and Upgrading

... (truncated)

Commits
  • f03cc04 Add a note about --dry-run displaying secrets
  • 1a7330f add error messages
  • d6acc00 Fix: Ignore alias validation error for index load
  • b2738fb chore(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.12
  • 5b0847e chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.5.0 to 1.5.2
  • 7e18c39 Update architecture detection method
  • c309b6f Some fixes
  • e8858f8 validation fix
  • 3fc9f4b Improve release action
  • 69dcc92 bump version to
  • Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.9.0 to 5.11.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.11.0

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.10.1...v5.11.0

v5.10.1

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.10.0...v5.10.1

v5.10.0

What's Changed

... (truncated)

Commits
  • 5d08d3b Merge pull request #958 from pjbgf/workval
  • 5bd1d8f build: Ensure checkout is the first operation
  • b2c1982 git: worktree, Align validation with upstream rules
  • cec7da6 Merge pull request #953 from pjbgf/alternates
  • 8b47ceb storage: filesystem, Add option to set a specific FS for alternates
  • 4f61489 Merge pull request #941 from djmoch/filestats-rename
  • ae552ce Merge pull request #939 from dhoizner/fix-pull-after-shallow
  • cc1895b Merge pull request #950 from aymanbagabas/validate-ref
  • de1d5a5 git: validate reference names
  • d87110b Merge pull request #948 from go-git/dependabot/go_modules/cli/go-git/github.c...
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.58.1 to 1.58.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.58.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.58.2

Bug Fixes

  • balancer/weighted_round_robin: fix ticker leak on update

    A new ticker is created every time there is an update of addresses or configuration, but was not properly stopped. This change stops the ticker when it is no longer needed.

Commits

Updates github.com/cloudflare/circl from 1.3.3 to 1.3.7

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.3.7

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.3.6...v1.3.7

CIRCL v1.3.6

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.3.3...v1.3.6

Commits
  • c48866b Releasing CIRCL v1.3.7
  • 75ef91e kyber: remove division by q in ciphertext compression
  • 899732a build(deps): bump golang.org/x/crypto
  • 99f0f71 Releasing CIRCL v1.3.6
  • e728d0d Apply thibmeu code review suggestions
  • ceb2d90 Updating blindrsa to be compliant with RFC9474.
  • 44133f7 spelling: tripped
  • c2076d6 spelling: transposes
  • dad2166 spelling: title
  • 171c418 spelling: threshold
  • Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.4 to 1.7.12

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.12

Welcome to the v1.7.12 release of containerd!

The twelfth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

  • Fix on dialer function for Windows (#9501)
  • Improve /etc/group handling when appending groups (#9544)
  • Update shim pidfile permissions to 0644 (#9548)
  • Update runc binary to v1.1.11 (#9596)
  • Allow import and export to reference missing content (#9600)
  • Remove runc import (#9605)
  • Update Go version to 1.20.13 (#9624)

Deprecation Warnings

  • Emit deprecation warning for containerd.io/restart.logpath label usage (#9567)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Sebastiaan van Stijn
  • Wei Fu
  • Derek McGowan
  • Paweł Gronowski
  • Jaroslav Jindrak
  • Maksym Pavlenko
  • Samuel Karp
  • Anthony Nandaa
  • Bjorn Neergaard
  • Djordje Lukic
  • Kay Yan

Changes

  • [release/1.7] Prepare release notes for v1.7.12 (#9632)
    • 775d544fe Prepare release notes for v1.7.12
  • [release/1.7] update to go1.20.13, test go1.21.6 (#9624)
    • a5dc5b894 update to go1.20.13, test go1.21.6
  • [release/1.7] shim: Create pid-file and address with 0644 permissions (#9548)
    • 8d82242eb shim: Create address file with 0644 permissions
    • 260963a35 shim: Create pid-file with 0644 permissions

... (truncated)

Commits
  • 71909c1 Merge pull request #9632 from dmcgowan/prepare-v1.7.12
  • 775d544 Prepare release notes for v1.7.12
  • 4ebe8e2 Merge pull request #9624 from thaJeztah/1.7_update_golang_1.20.13
  • a5dc5b8 update to go1.20.13, test go1.21.6
  • 50e7359 Merge pull request #9548 from Dzejrou/1.7_fix_ignoring_umask
  • 5a675f2 Merge pull request #9602 from thaJeztah/1.7_backport_no_execabs
  • ccca466 Merge pull request #9605 from thaJeztah/1.7_backport_switch_moby_user
  • 9251072 remove github.com/opencontainers/runc dependency
  • 4e67213 vendor: github.com/cncf-tags/container-device-interface v0.6.1
  • e0ee0be go.mod: github.com/opencontainers/runtime-spec v1.1.0
  • Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.3

Release notes

Sourced from github.com/go-jose/go-jose/v3's releases.

Version 3.0.3

Fixed

  • Limit decompression output size to prevent a DoS. Backport from v4.0.1.

Version 3.0.2

Fixed

  • DecryptMulti: handle decompression error (#19)

Changed

  • jwe/CompactSerialize: improve performance (#67)
  • Increase the default number of PBKDF2 iterations to 600k (#48)
  • Return the proper algorithm for ECDSA keys (#45)
  • Update golang.org/x/crypto to v0.19 (#94)

Added

  • Add Thumbprint support for opaque signers (#38)

Version 3.0.1

Fixed

Security issue: an attacker specifying a large "p2c" value can cause JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large amounts of CPU, causing a DoS. Thanks to Matt Schwager (@​mschwager) for the disclosure and to Tom Tervoort for originally publishing the category of attack. https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf

The release is tagged off the release-v3.0.1 branch to avoid mixing in some as-yet unreleased changes on the v3 branch.

Changelog

Sourced from github.com/go-jose/go-jose/v3's changelog.

v3.0.3

Fixed

  • Limit decompression output size to prevent a DoS. Backport from v4.0.1.

v3.0.2

Fixed

  • DecryptMulti: handle decompression error (#19)

Changed

  • jwe/CompactSerialize: improve performance (#67)
  • Increase the default number of PBKDF2 iterations to 600k (#48)
  • Return the proper algorithm for ECDSA keys (#45)

Added

  • Add Thumbprint support for opaque signers (#38)

v3.0.1

Fixed

Commits
  • add6a28 v3: backport decompression limit fix (#107)
  • 11bb4e7 doc: in v3 branch's README, point to v4 as latest (#101)
  • 863f73b v3.0.2: Update changelog (#95)
  • bdbc794 Update golang.org/x/crypto to v0.19 (backport) (#94)
  • 25bce79 Updated go-jose v3.0.0 to v3.0.1 in jose-util (#70)
  • aa386df jwe/CompactSerialize: improve performance. (#67)
  • 053c9bf DecryptMulti: handle decompression error (#19)
  • ca9011b Bump go version to 1.21.4 to satisfy govulncheck (#68)
  • c8399df Revert pull request #10 (multiple audiences) (#24)
  • ec819e9 Add a security.md doc for contacting us about potential security vulnerabilit...
  • Additional commits viewable in compare view

Updates github.com/opencontainers/runc from 1.1.6 to 1.1.12

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1.12 -- "Now you're thinking with Portals™!"

This is the twelfth patch release in the 1.1.z release branch of runc. It fixes a high-severity container breakout vulnerability involving leaked file descriptors, and users are strongly encouraged to update as soon as possible.

  • Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process).

    In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again.

    Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.12] - 2024-01-31

Now you're thinking with Portals™!

Security

  • Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process). In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again. Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

[1.1.11] - 2024-01-01

Happy New Year!

Fixed

Changed

  • Support memory.peak and memory.swap.peak in cgroups v2. Add swapOnlyUsage in MemoryStats. This field reports swap-only usage. For cgroupv1, Usage and Failcnt are set by subtracting memory usage from memory+swap usage. For cgroupv2, Usage, Limit, and MaxUsage are set. (#4000, #4010, #4131)
  • build(deps): bump github.com/cyphar/filepath-securejoin. (#4140)

[1.1.10] - 2023-10-31

Śruba, przykręcona we śnie, nie zmieni sytuacji, jaka panuje na jawie.

Added

  • Support for hugetlb.<pagesize>.rsvd limiting and accounting. Fixes the issue of postres failing when hugepage limits are set. (#3859, #4077)

Fixed

  • Fixed permissions of a newly created directories to not depend on the value of umask in tmpcopyup feature implementation. (#3991, #4060)
  • libcontainer: cgroup v1 GetStats now ignores missing kmem.limit_in_bytes (fixes the compatibility with Linux kernel 6.1+). (#4028)

... (truncated)

Commits
  • 51d5e94 VERSION: release 1.1.12
  • 2a4ed3e merge 1.1-GHSA-xr7r-f8xq-vfvv into release-1.1
  • e9665f4 init: don't special-case logrus fds
  • 683ad2f libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
  • b6633f4 cgroup: plug leaks of /sys/fs/cgroup handle
  • 284ba30 init: close internal fds before execve
  • fbe3eed setns init: do explicit lookup of execve argument early
  • 0994249 init: verify after chdir that cwd is inside the container
  • 506552a Fix File to Close
  • 099ff69 merge #4177 into opencontainers/runc:release-1.1
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates golang.org/x/crypto from 0.10.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.10.0 to 0.17.0

Commits
  • b225e7c http2: limit maximum handler goroutines to MaxConcurrentStreams
  • 88194ad go.mod: update golang.org/x dependencies
  • 2b60a61 quic: fix several bugs in flow control accounting
  • 73d82ef quic: handle DATA_BLOCKED frames
  • 5d5a036 quic: handle streams moving from the data queue to the meta queue
  • 350aad2 quic: correctly extend peer's flow control window after MAX_DATA
  • 21814e7 quic: validate connection id transport parameters
  • a600b35 quic: avoid redundant MAX_DATA updates
  • ea63359 http2: check stream body is present on read timeout
  • ddd8598 quic: version negotiation
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.30.0 to 1.33.0

Updates github.com/libp2p/go-libp2p from 0.27.6 to 0.27.8

Release notes

Sourced from github.com/libp2p/go-libp2p's releases.

v0.27.8

This patch release contains backports of:

  • updating the qtls dependencies (qtls is quic-go's fork of crypto/tls). The new versions now contain a backport of the Go standard library fix included in the Go 1.20.7 / 1.19.12 release for quic-go's crypto/tls fork: golang/go@2350afd
  • core/crypto: restrict RSA keys to <= 8192 bits: libp2p/go-libp2p#2454. The analogous vulnerability in go-libp2p's crypto package.
  • swarm: don't open new streams over transient connections: libp2p/go-libp2p#2450. This fixes a regression introduced in v0.26.0.

Note that in order to be protected against the DoS attack making use of large RSA keys, it's necessary to update to this patch release AND to use the updated Go compiler (1.20.7 or 1.19.12, respectively).

Full Changelog: libp2p/go-libp2p@v0.27.7...v0.27.8

v0.27.7

What's Changed

  • fix: in the swarm move Connectedness emit after releasing conns #2373
  • identify: set stream deadlines for Identify and Identify Push streams #2382

Full Changelog: libp2p/go-libp2p@v0.27.6...v0.27.7

Commits

Updates github.com/quic-go/quic-go from 0.33.0 to 0.37.7

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.37.7

This release contains fixes for the Honeybadger vulnerability (CVE-2023-49295):

  • limit the number of queued PATH_RESPONSE frames to 256 (#4199)
  • don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)

Full Changelog: quic-go/quic-go@v0.37.6...v0.37.7

v0.37.6

This patch release contains a backport of quic-go/quic-go#4038.

Full Changelog: quic-go/quic-go@v0.37.5...v0.37.6

v0.37.5

This patch release contains the backport of 3 fixes:

  • fix handshake failure if tls.Config.SessionTicketDisabled = false, but tls.Config.GetConfigForClient returns a config that disables session tickets: #4030
  • use the correct hash function for TLS_AES_256_GCM_SHA384: #4031
  • automatically set the tls.Config.ServerName: #4032

Full Changelog: quic-go/quic-go@v0.37.4...v0.37.5

v0.37.4

This release contains a fix for a last-minute breaking API change in Go 1.21: quic-go/quic-go#4020

Full Changelog: quic-go/quic-go@v0.37.3...v0.37.4

v0.37.3

This patch release

  • fixes handling of ACK frames serialized after CRYPTO frames: #4018
  • sets a net.Conn on the tls.ClientHelloInfo used on GetCertificate and GetConfigForClient, for tls.Configs returned (recursively) from GetConfigForClient: quic-go/quic-go#4016

Full Changelog: quic-go/quic-go@v0.37.2...v0.37.3

v0.37.2

This patch release

Note that i 8000 n order to be protected against the DoS attack making use of large RSA keys, it's necessary to update to this patch release (for Go 1.20). For Go 1.21, please update the Go compiler.

Full Changelog: quic-go/quic-go@v0.37.1...v0.37.2

v0.37.1

This is a patch release fixing two regressions introduced in the v0.37.0 release:

New Contributors

... (truncated)

Commits
  • 21609dd don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
  • d7aa627 limit the number of queued PATH_RESPONSE frames to 256 (#4199)
  • e2c360c reassemble post-handshake TLS messages before passing them to crypto/tls (#4038)
  • e9f7f46 automatically set the tls.Config.ServerName if unset (#4032)

@dependabot
chore(deps): Bump the go_modules group across 2 directories with 12 u…
745587e 
…pdates

Bumps the go_modules group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.13.0` | `0.17.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.15.0` | `0.17.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.12.3` | `3.14.3` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.9.0` | `5.11.0` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.3.3` | `1.3.7` |
| [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) | `3.0.0` | `3.0.3` |
| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.1.6` | `1.1.12` |
| google.golang.org/protobuf | `1.31.0` | `1.33.0` |
Bumps the go_modules group with 5 updates in the /internal/ipfs-exchange-info directory:

| Package | From | To |
| --- | --- | --- |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.10.0` | `0.17.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.10.0` | `0.17.0` |
| google.golang.org/protobuf | `1.30.0` | `1.33.0` |
| [github.com/libp2p/go-libp2p](https://github.com/libp2p/go-libp2p) | `0.27.6` | `0.27.8` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.33.0` | `0.37.7` |


Updates `golang.org/x/crypto` from 0.13.0 to 0.17.0
- [Commits](golang/crypto@v0.13.0...v0.17.0)

Updates `golang.org/x/net` from 0.15.0 to 0.17.0
- [Commits](golang/net@v0.15.0...v0.17.0)

Updates `helm.sh/helm/v3` from 3.12.3 to 3.14.3
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.12.3...v3.14.3)

Updates `github.com/go-git/go-git/v5` from 5.9.0 to 5.11.0
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.9.0...v5.11.0)

Updates `google.golang.org/grpc` from 1.58.1 to 1.58.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.58.1...v1.58.3)

Updates `github.com/cloudflare/circl` from 1.3.3 to 1.3.7
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.3...v1.3.7)

Updates `github.com/containerd/containerd` from 1.7.4 to 1.7.12
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.4...v1.7.12)

Updates `github.com/go-jose/go-jose/v3` from 3.0.0 to 3.0.3
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](go-jose/go-jose@v3.0.0...v3.0.3)

Updates `github.com/opencontainers/runc` from 1.1.6 to 1.1.12
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.1.6...v1.1.12)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `golang.org/x/crypto` from 0.10.0 to 0.17.0
- [Commits](golang/crypto@v0.13.0...v0.17.0)

Updates `golang.org/x/net` from 0.10.0 to 0.17.0
- [Commits](golang/net@v0.15.0...v0.17.0)

Updates `google.golang.org/protobuf` from 1.30.0 to 1.33.0

Updates `github.com/libp2p/go-libp2p` from 0.27.6 to 0.27.8
- [Release notes](https://github.com/libp2p/go-libp2p/releases)
- [Changelog](https://github.com/libp2p/go-libp2p/blob/master/CHANGELOG.md)
- [Commits](libp2p/go-libp2p@v0.27.6...v0.27.8)

Updates `github.com/quic-go/quic-go` from 0.33.0 to 0.37.7
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.33.0...v0.37.7)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/containerd/containerd
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/libp2p/go-libp2p
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/quic-go/quic-go
  dependency-type: indirect
  dependency-group: go_modules-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants
0