build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 #873
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
pjbgf
force-pushed
the
dependabot/go_modules/golang.org/x/net-0.17.0
branch
from
0e255d7
to
3ee0288
Compare
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.17.0. - [Commits](golang/net@v0.15.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Paulo Gomes <pjbgf@linux.com>
pjbgf
approved these changes
Oct 13, 2023
renovate bot
added a commit
to anoriqq/qpm
that referenced
this pull request
Oct 25, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.9.0` -> `v5.10.0` | --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/anoriqq/qpm). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
cuixq
pushed a commit
to google/osv-scanner
that referenced
this pull request
Oct 30, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.9.0` -> `v5.10.0` | | [github.com/ianlancetaylor/demangle](https://togithub.com/ianlancetaylor/demangle) | require | digest | `eabc099` -> `e2daf7b` | | [github.com/jedib0t/go-pretty/v6](https://togithub.com/jedib0t/go-pretty) | require | patch | `v6.4.8` -> `v6.4.9` | --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 </details> <details> <summary>jedib0t/go-pretty (github.com/jedib0t/go-pretty/v6)</summary> ### [`v6.4.9`](https://togithub.com/jedib0t/go-pretty/releases/tag/v6.4.9) [Compare Source](https://togithub.com/jedib0t/go-pretty/compare/v6.4.8...v6.4.9) ### Bug-Fixes - **table** - do not merge content cells with empty ones ([#​280](https://togithub.com/jedib0t/go-pretty/issues/280)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
charithe
added a commit
to cerbos/cerbos
that referenced
this pull request
Oct 30, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/alecthomas/chroma/v2](https://togithub.com/alecthomas/chroma) | require | minor | `v2.9.1` -> `v2.10.0` | | [github.com/aws/aws-sdk-go](https://togithub.com/aws/aws-sdk-go) | require | patch | `v1.46.2` -> `v1.46.6` | | [github.com/bufbuild/buf](https://togithub.com/bufbuild/buf) | require | patch | `v1.27.1` -> `v1.27.2` | | [github.com/bufbuild/protovalidate-go](https://togithub.com/bufbuild/protovalidate-go) | require | patch | `v0.3.1` -> `v0.3.4` | | [github.com/cerbos/cerbos/api/genpb](https://togithub.com/cerbos/cerbos) | require | digest | `21315fe` -> `f134903` | | [github.com/cerbos/cloud-api](https://togithub.com/cerbos/cloud-api) | require | patch | `v0.1.7` -> `v0.1.8` | | [github.com/fullstorydev/grpcurl](https://togithub.com/fullstorydev/grpcurl) | require | patch | `v1.8.8` -> `v1.8.9` | | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.9.0` -> `v5.10.0` | | [github.com/google/cel-go](https://togithub.com/google/cel-go) | require | minor | `v0.17.6` -> `v0.18.1` | | [github.com/google/uuid](https://togithub.com/google/uuid) | require | minor | `v1.3.1` -> `v1.4.0` | | [github.com/rivo/tview](https://togithub.com/rivo/tview) | require | digest | `f7f32ad` -> `8b7bcf9` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>alecthomas/chroma (github.com/alecthomas/chroma/v2)</summary> ### [`v2.10.0`](https://togithub.com/alecthomas/chroma/releases/tag/v2.10.0) [Compare Source](https://togithub.com/alecthomas/chroma/compare/v2.9.1...v2.10.0) #### Changelog - [`810464a`](https://togithub.com/alecthomas/chroma/commit/810464a) Update Java lexer ([#​873](https://togithub.com/alecthomas/chroma/issues/873)) - [`77e9146`](https://togithub.com/alecthomas/chroma/commit/77e9146) Add file extensions to go_template lexer ([#​875](https://togithub.com/alecthomas/chroma/issues/875)) - [`b127e35`](https://togithub.com/alecthomas/chroma/commit/b127e35) Make `tty_indexed.go` respond to `None` like `tty_truecolour.go` ([#​869](https://togithub.com/alecthomas/chroma/issues/869)) - [`9ae4dae`](https://togithub.com/alecthomas/chroma/commit/9ae4dae) Add `*.Dockerfile` to docker lexer ([#​868](https://togithub.com/alecthomas/chroma/issues/868)) - [`2fa6f14`](https://togithub.com/alecthomas/chroma/commit/2fa6f14) Add PRQL to README ([#​863](https://togithub.com/alecthomas/chroma/issues/863)) - [`17597b6`](https://togithub.com/alecthomas/chroma/commit/17597b6) Add PRQL language ([#​862](https://togithub.com/alecthomas/chroma/issues/862)) - [`7eb0305`](https://togithub.com/alecthomas/chroma/commit/7eb0305) lexers/r: Match keywords prior to functions ([#​860](https://togithub.com/alecthomas/chroma/issues/860)) - [`827bd93`](https://togithub.com/alecthomas/chroma/commit/827bd93) lexers: add initial version of CUE lexer ([#​858](https://togithub.com/alecthomas/chroma/issues/858)) - [`9087c63`](https://togithub.com/alecthomas/chroma/commit/9087c63) docs: note about Get() being slow due to file matching - [`ccd8d68`](https://togithub.com/alecthomas/chroma/commit/ccd8d68) lexers: move to comparing bytes in tests ([#​856](https://togithub.com/alecthomas/chroma/issues/856)) - [`def00e9`](https://togithub.com/alecthomas/chroma/commit/def00e9) chore: update issue templates - [`0b08639`](https://togithub.com/alecthomas/chroma/commit/0b08639) lexers: support for nim GENERALIZED_TRIPLESTR_LIT ([#​853](https://togithub.com/alecthomas/chroma/issues/853)) - [`94d11ab`](https://togithub.com/alecthomas/chroma/commit/94d11ab) Update Bicep grammar with recent additions ([#​850](https://togithub.com/alecthomas/chroma/issues/850)) - [`c64e1be`](https://togithub.com/alecthomas/chroma/commit/c64e1be) add justfile filename to Makefile lexer ([#​852](https://togithub.com/alecthomas/chroma/issues/852)) - [`2b39461`](https://togithub.com/alecthomas/chroma/commit/2b39461) Fix GDScript3 analyse regexes ([#​848](https://togithub.com/alecthomas/chroma/issues/848)) </details> <details> <summary>aws/aws-sdk-go (github.com/aws/aws-sdk-go)</summary> ### [`v1.46.6`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1466-2023-10-27) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.5...v1.46.6) \=== ##### Service Client Updates - `service/elasticmapreduce`: Updates service API and documentation - Updated CreateCluster API request and DescribeCluster API responses to include EbsRootVolumeIops, and EbsRootVolumeThroughput attributes that specify the user configured root volume IOPS and throughput for Amazon EBS root device volume. This feature will be available from Amazon EMR releases 6.15.0 - `service/neptune`: Updates service API and documentation - Update TdeCredentialPassword type to SensitiveString - `service/pinpoint`: Updates service documentation - Updated documentation to describe the case insensitivity for EndpointIds. - `service/redshift`: Updates service API and documentation - added support to create a dual stack cluster - `service/wafv2`: Updates service documentation ### [`v1.46.5`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1465-2023-10-26) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.4...v1.46.5) \=== ##### Service Client Updates - `service/appstream`: Updates service API and documentation - This release introduces multi-session fleets, allowing customers to provision more than one user session on a single fleet instance. - `service/ec2`: Updates service API, documentation, and paginators - Launching GetSecurityGroupsForVpc API. This API gets security groups that can be associated by the AWS account making the request with network interfaces in the specified VPC. - `service/network-firewall`: Updates service API and documentation - `service/opensearch`: Updates service API and documentation - `service/redshift`: Updates service API, documentation, and paginators - Add Redshift APIs GetResourcePolicy, DeleteResourcePolicy, PutResourcePolicy and DescribeInboundIntegrations for the new Amazon Redshift Zero-ETL integration feature, which can be used to control data ingress into Redshift namespace, and view inbound integrations. - `service/sagemaker`: Updates service API and documentation - Amazon Sagemaker Autopilot now supports Text Generation jobs. - `service/sns`: Updates service API and documentation - Message Archiving and Replay is now supported in Amazon SNS for FIFO topics. - `service/ssm-sap`: Updates service API and documentation - `service/transfer`: Updates service API, documentation, waiters, and paginators - No API changes from previous release. This release migrated the model to Smithy keeping all features unchanged. ### [`v1.46.4`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1464-2023-10-25) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.3...v1.46.4) \=== ##### Service Client Updates - `service/connectcases`: Updates service API and documentation - `service/groundstation`: Updates service API and documentation - `service/iam`: Updates service API and documentation - Updates to GetAccessKeyLastUsed action to replace NoSuchEntity error with AccessDeniedException error. ### [`v1.46.3`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1463-2023-10-24) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.2...v1.46.3) \=== ##### Service Client Updates - `service/codepipeline`: Updates service API and documentation - Add ability to trigger pipelines from git tags, define variables at pipeline level and new pipeline type V2. - `service/ec2`: Updates service documentation - This release updates the documentation for InstanceInterruptionBehavior and HibernationOptionsRequest to more accurately describe the behavior of these two parameters when using Spot hibernation. - `service/eks`: Updates service API - `service/iam`: Adds new service - Add the partitional endpoint for IAM in iso-f. - `service/migrationhub-config`: Updates service API and documentation - `service/migrationhubstrategy`: Updates service API, documentation, and paginators - `service/opensearchserverless`: Updates service API, documentation, and paginators </details> <details> <summary>bufbuild/buf (github.com/bufbuild/buf)</summary> ### [`v1.27.2`](https://togithub.com/bufbuild/buf/blob/HEAD/CHANGELOG.md#v1272---2023-10-27) [Compare Source](https://togithub.com/bufbuild/buf/compare/v1.27.1...v1.27.2) - Fix issue where `buf build` and other commands may fail when handling certain archives created on macOS that contain files with extended attributes. </details> <details> <summary>bufbuild/protovalidate-go (github.com/bufbuild/protovalidate-go)</summary> ### [`v0.3.4`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.4) [Compare Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.3...v0.3.4) #### What's Changed - Make DefaultResolver public by [@​oliversun9](https://togithub.com/oliversun9) in [bufbuild/protovalidate-go#59 - Update minimum required Go version from 1.18 to 1.19 by [@​nicksnyder](https://togithub.com/nicksnyder) in [bufbuild/protovalidate-go#62 - Fix ignore path for resolver.go by [@​nicksnyder](https://togithub.com/nicksnyder) in [bufbuild/protovalidate-go#63 #### New Contributors - [@​nicksnyder](https://togithub.com/nicksnyder) made their first contribution in [bufbuild/protovalidate-go#62 **Full Changelog**: bufbuild/protovalidate-go@v0.3.3...v0.3.4 ### [`v0.3.3`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.3) [Compare Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.2...v0.3.3) #### What's Changed - Update benchmarks by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#50 - Bug: transitive field CEL expressions fail to resolve types during type checking by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#51 - Fix loading field message when dependency is more than one step by [@​oliversun9](https://togithub.com/oliversun9) in [bufbuild/protovalidate-go#54 - Bump github.com/google/cel-go from 0.18.0 to 0.18.1 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#55 - Make constraint resolution more flexible to different concrete extension types by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#57 - Move package `celext` out of internal by [@​oliversun9](https://togithub.com/oliversun9) in [bufbuild/protovalidate-go#56 #### New Contributors - [@​oliversun9](https://togithub.com/oliversun9) made their first contribution in [bufbuild/protovalidate-go#54 **Full Changelog**: bufbuild/protovalidate-go@v0.3.2...v0.3.3 ### [`v0.3.2`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.2) [Compare Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.1...v0.3.2) #### What's Changed - Build validator copy cache on write by [@​emcfarlane](https://togithub.com/emcfarlane) in [bufbuild/protovalidate-go#31 - Bump github.com/google/cel-go from 0.17.4 to 0.17.6 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#39 - Bump github.com/google/cel-go from 0.17.6 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#42 - Bump buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go from 1.31.0-20230824200731-b9b8148056b9.1 to 1.31.0-20230830185350-7a34d6557349.1 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#41 - Bypass deprecation lint warning by [@​akshayjshah](https://togithub.com/akshayjshah) in [bufbuild/protovalidate-go#45 - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#46 - Cleanup: replace deprecated OptCheckStringFormat by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#48 - Conformance: support for multiple uniques by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#49 #### New Contributors - [@​emcfarlane](https://togithub.com/emcfarlane) made their first contribution in [bufbuild/protovalidate-go#31 - [@​akshayjshah](https://togithub.com/akshayjshah) made their first contribution in [bufbuild/protovalidate-go#45 **Full Changelog**: bufbuild/protovalidate-go@v0.3.1...v0.3.2 </details> <details> <summary>cerbos/cloud-api (github.com/cerbos/cloud-api)</summary> ### [`v0.1.8`](https://togithub.com/cerbos/cloud-api/compare/v0.1.7...v0.1.8) [Compare Source](https://togithub.com/cerbos/cloud-api/compare/v0.1.7...v0.1.8) </details> <details> <summary>fullstorydev/grpcurl (github.com/fullstorydev/grpcurl)</summary> ### [`v1.8.9`](https://togithub.com/fullstorydev/grpcurl/releases/tag/v1.8.9) [Compare Source](https://togithub.com/fullstorydev/grpcurl/compare/v1.8.8...v1.8.9) #### Changelog - [`28c0ee2`](https://togithub.com/fullstorydev/grpcurl/commit/28c0ee2) Disable CGO for improved compatibility across distros ([#​420](https://togithub.com/fullstorydev/grpcurl/issues/420)) - [`bc2944d`](https://togithub.com/fullstorydev/grpcurl/commit/bc2944d) Bump golang.org/x/net from 0.9.0 to 0.17.0 ([#​419](https://togithub.com/fullstorydev/grpcurl/issues/419)) - [`7a845ca`](https://togithub.com/fullstorydev/grpcurl/commit/7a845ca) SIGSEGV: panic: runtime error: invalid memory address or nil pointer dereference in protoreflect ([#​416](https://togithub.com/fullstorydev/grpcurl/issues/416)) - [`c17f078`](https://togithub.com/fullstorydev/grpcurl/commit/c17f078) Added alts credential option ([#​341](https://togithub.com/fullstorydev/grpcurl/issues/341)) </details> <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 </details> <details> <summary>google/cel-go (github.com/google/cel-go)</summary> ### [`v0.18.1`](https://togithub.com/google/cel-go/releases/tag/v0.18.1) [Compare Source](https://togithub.com/google/cel-go/compare/v0.18.0...v0.18.1) #### What's Changed - Add support for a relative offset within ast.SourceInfo by \[[#​836](https://togithub.com/google/cel-go/issues/836)] - Fix last optional element to be retained as an optional index while folding \[[#​841](https://togithub.com/google/cel-go/issues/841)] - Fix deprecation notice for string format validation \[[#​840](https://togithub.com/google/cel-go/issues/840)] - Update cel-spec and enable wrappers conformance tests \[[#​842](https://togithub.com/google/cel-go/issues/842)] - refactor: remove lexer and parser pools \[[#​838](https://togithub.com/google/cel-go/issues/838)] #### New Contributors - [@​TulgaCG](https://togithub.com/TulgaCG) made their first contribution in [google/cel-go#835 - [@​aimuz](https://togithub.com/aimuz) made their first contribution in [google/cel-go#838 **Full Changelog**: google/cel-go@v0.18.0...v0.18.1 ### [`v0.18.0`](https://togithub.com/google/cel-go/releases/tag/v0.18.0) [Compare Source](https://togithub.com/google/cel-go/compare/v0.17.6...v0.18.0) #### Features The latest release of CEL introduces validators ([#​775](https://togithub.com/google/cel-go/issues/775)) and optimizers ([#​804](https://togithub.com/google/cel-go/issues/804), [#​827](https://togithub.com/google/cel-go/issues/827)) and migrates the core CEL internals off of the protobuf expression and type representations ([#​789](https://togithub.com/google/cel-go/issues/789)). - String format validator \[[#​775](https://togithub.com/google/cel-go/issues/775)] - Create a Function that Reverses a String \[[#​796](https://togithub.com/google/cel-go/issues/796)] - Introduce pre-order / post-order visitor pattern \[[#​813](https://togithub.com/google/cel-go/issues/813)] - Add Libraries() function to Env \[[#​822](https://togithub.com/google/cel-go/issues/822)] - Static optimizer for constant folding \[[#​804](https://togithub.com/google/cel-go/issues/804)] - Inlining optimizer \[[#​827](https://togithub.com/google/cel-go/issues/827)] - FindStructTypeFields support for types.Provider \[[#​814](https://togithub.com/google/cel-go/issues/814)] #### Breaking Changes The following PR changes the API signature of the `checker.AstNode` method `Expr` to return an `ast.Expr`. - Migrate the checker.Coster to the ast.Expr \[[#​798](https://togithub.com/google/cel-go/issues/798)] #### Fixes - Nil safety checks for cel.Ast \[[#​784](https://togithub.com/google/cel-go/issues/784)] - Fix cost estimates to propagate result sizes \[[#​787](https://togithub.com/google/cel-go/issues/787)] - Catch invalid literals created from expression factories \[[#​810](https://togithub.com/google/cel-go/issues/810)] - Ensure stable ordering of overload candidates \[[#​817](https://togithub.com/google/cel-go/issues/817)] - Clarify replace with/by empty string \[[#​820](https://togithub.com/google/cel-go/issues/820)] - Fix functional exemptions for homogeneous literal checks \[[#​832](https://togithub.com/google/cel-go/issues/832)] - Fix logical operator folding that only involve literals \[[#​833](https://togithub.com/google/cel-go/issues/833)] - Upgrade go-genproto to latest \[[#​831](https://togithub.com/google/cel-go/issues/831)] #### New Contributors - [@​bboogler](https://togithub.com/bboogler) made their first contribution in [google/cel-go#796 **Full Changelog**: google/cel-go@v0.17.1...v0.18.0 </details> <details> <summary>google/uuid (github.com/google/uuid)</summary> ### [`v1.4.0`](https://togithub.com/google/uuid/releases/tag/v1.4.0) [Compare Source](https://togithub.com/google/uuid/compare/v1.3.1...v1.4.0) ##### Features - UUIDs slice type with Strings() convenience method ([#​133](https://togithub.com/google/uuid/issues/133)) ([cd5fbbd](https://togithub.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4)) ##### Fixes - Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/cerbos/cerbos). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Charith Ellawala <charith@cerbos.dev> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Charith Ellawala <charith@cerbos.dev>
charithe
added a commit
to charithe/cerbos
that referenced
this pull request
Oct 30, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/alecthomas/chroma/v2](https://togithub.com/alecthomas/chroma) | require | minor | `v2.9.1` -> `v2.10.0` | | [github.com/aws/aws-sdk-go](https://togithub.com/aws/aws-sdk-go) | require | patch | `v1.46.2` -> `v1.46.6` | | [github.com/bufbuild/buf](https://togithub.com/bufbuild/buf) | require | patch | `v1.27.1` -> `v1.27.2` | | [github.com/bufbuild/protovalidate-go](https://togithub.com/bufbuild/protovalidate-go) | require | patch | `v0.3.1` -> `v0.3.4` | | [github.com/cerbos/cerbos/api/genpb](https://togithub.com/cerbos/cerbos) | require | digest | `21315fe` -> `f134903` | | [github.com/cerbos/cloud-api](https://togithub.com/cerbos/cloud-api) | require | patch | `v0.1.7` -> `v0.1.8` | | [github.com/fullstorydev/grpcurl](https://togithub.com/fullstorydev/grpcurl) | require | patch | `v1.8.8` -> `v1.8.9` | | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.9.0` -> `v5.10.0` | | [github.com/google/cel-go](https://togithub.com/google/cel-go) | require | minor | `v0.17.6` -> `v0.18.1` | | [github.com/google/uuid](https://togithub.com/google/uuid) | require | minor | `v1.3.1` -> `v1.4.0` | | [github.com/rivo/tview](https://togithub.com/rivo/tview) | require | digest | `f7f32ad` -> `8b7bcf9` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>alecthomas/chroma (github.com/alecthomas/chroma/v2)</summary> ### [`v2.10.0`](https://togithub.com/alecthomas/chroma/releases/tag/v2.10.0) [Compare Source](https://togithub.com/alecthomas/chroma/compare/v2.9.1...v2.10.0) #### Changelog - [`810464a`](https://togithub.com/alecthomas/chroma/commit/810464a) Update Java lexer ([#​873](https://togithub.com/alecthomas/chroma/issues/873)) - [`77e9146`](https://togithub.com/alecthomas/chroma/commit/77e9146) Add file extensions to go_template lexer ([#​875](https://togithub.com/alecthomas/chroma/issues/875)) - [`b127e35`](https://togithub.com/alecthomas/chroma/commit/b127e35) Make `tty_indexed.go` respond to `None` like `tty_truecolour.go` ([#​869](https://togithub.com/alecthomas/chroma/issues/869)) - [`9ae4dae`](https://togithub.com/alecthomas/chroma/commit/9ae4dae) Add `*.Dockerfile` to docker lexer ([#​868](https://togithub.com/alecthomas/chroma/issues/868)) - [`2fa6f14`](https://togithub.com/alecthomas/chroma/commit/2fa6f14) Add PRQL to README ([#​863](https://togithub.com/alecthomas/chroma/issues/863)) - [`17597b6`](https://togithub.com/alecthomas/chroma/commit/17597b6) Add PRQL language ([#​862](https://togithub.com/alecthomas/chroma/issues/862)) - [`7eb0305`](https://togithub.com/alecthomas/chroma/commit/7eb0305) lexers/r: Match keywords prior to functions ([#​860](https://togithub.com/alecthomas/chroma/issues/860)) - [`827bd93`](https://togithub.com/alecthomas/chroma/commit/827bd93) lexers: add initial version of CUE lexer ([#​858](https://togithub.com/alecthomas/chroma/issues/858)) - [`9087c63`](https://togithub.com/alecthomas/chroma/commit/9087c63) docs: note about Get() being slow due to file matching - [`ccd8d68`](https://togithub.com/alecthomas/chroma/commit/ccd8d68) lexers: move to comparing bytes in tests ([#​856](https://togithub.com/alecthomas/chroma/issues/856)) - [`def00e9`](https://togithub.com/alecthomas/chroma/commit/def00e9) chore: update issue templates - [`0b08639`](https://togithub.com/alecthomas/chroma/commit/0b08639) lexers: support for nim GENERALIZED_TRIPLESTR_LIT ([#​853](https://togithub.com/alecthomas/chroma/issues/853)) - [`94d11ab`](https://togithub.com/alecthomas/chroma/commit/94d11ab) Update Bicep grammar with recent additions ([#​850](https://togithub.com/alecthomas/chroma/issues/850)) - [`c64e1be`](https://togithub.com/alecthomas/chroma/commit/c64e1be) add justfile filename to Makefile lexer ([#​852](https://togithub.com/alecthomas/chroma/issues/852)) - [`2b39461`](https://togithub.com/alecthomas/chroma/commit/2b39461) Fix GDScript3 analyse regexes ([#​848](https://togithub.com/alecthomas/chroma/issues/848)) </details> <details> <summary>aws/aws-sdk-go (github.com/aws/aws-sdk-go)</summary> ### [`v1.46.6`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1466-2023-10-27) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.5...v1.46.6) \=== ##### Service Client Updates - `service/elasticmapreduce`: Updates service API and documentation - Updated CreateCluster API request and DescribeCluster API responses to include EbsRootVolumeIops, and EbsRootVolumeThroughput attributes that specify the user configured root volume IOPS and throughput for Amazon EBS root device volume. This feature will be available from Amazon EMR releases 6.15.0 - `service/neptune`: Updates service API and documentation - Update TdeCredentialPassword type to SensitiveString - `service/pinpoint`: Updates service documentation - Updated documentation to describe the case insensitivity for EndpointIds. - `service/redshift`: Updates service API and documentation - added support to create a dual stack cluster - `service/wafv2`: Updates service documentation ### [`v1.46.5`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1465-2023-10-26) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.4...v1.46.5) \=== ##### Service Client Updates - `service/appstream`: Updates service API and documentation - This release introduces multi-session fleets, allowing customers to provision more than one user session on a single fleet instance. - `service/ec2`: Updates service API, documentation, and paginators - Launching GetSecurityGroupsForVpc API. This API gets security groups that can be associated by the AWS account making the request with network interfaces in the specified VPC. - `service/network-firewall`: Updates service API and documentation - `service/opensearch`: Updates service API and documentation - `service/redshift`: Updates service API, documentation, and paginators - Add Redshift APIs GetResourcePolicy, DeleteResourcePolicy, PutResourcePolicy and DescribeInboundIntegrations for the new Amazon Redshift Zero-ETL integration feature, which can be used to control data ingress into Redshift namespace, and view inbound integrations. - `service/sagemaker`: Updates service API and documentation - Amazon Sagemaker Autopilot now supports Text Generation jobs. - `service/sns`: Updates service API and documentation - Message Archiving and Replay is now supported in Amazon SNS for FIFO topics. - `service/ssm-sap`: Updates service API and documentation - `service/transfer`: Updates service API, documentation, waiters, and paginators - No API changes from previous release. This release migrated the model to Smithy keeping all features unchanged. ### [`v1.46.4`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1464-2023-10-25) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.3...v1.46.4) \=== ##### Service Client Updates - `service/connectcases`: Updates service API and documentation - `service/groundstation`: Updates service API and documentation - `service/iam`: Updates service API and documentation - Updates to GetAccessKeyLastUsed action to replace NoSuchEntity error with AccessDeniedException error. ### [`v1.46.3`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1463-2023-10-24) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.2...v1.46.3) \=== ##### Service Client Updates - `service/codepipeline`: Updates service API and documentation - Add ability to trigger pipelines from git tags, define variables at pipeline level and new pipeline type V2. - `service/ec2`: Updates service documentation - This release updates the documentation for InstanceInterruptionBehavior and HibernationOptionsRequest to more accurately describe the behavior of these two parameters when using Spot hibernation. - `service/eks`: Updates service API - `service/iam`: Adds new service - Add the partitional endpoint for IAM in iso-f. - `service/migrationhub-config`: Updates service API and documentation - `service/migrationhubstrategy`: Updates service API, documentation, and paginators - `service/opensearchserverless`: Updates service API, documentation, and paginators </details> <details> <summary>bufbuild/buf (github.com/bufbuild/buf)</summary> ### [`v1.27.2`](https://togithub.com/bufbuild/buf/blob/HEAD/CHANGELOG.md#v1272---2023-10-27) [Compare Source](https://togithub.com/bufbuild/buf/compare/v1.27.1...v1.27.2) - Fix issue where `buf build` and other commands may fail when handling certain archives created on macOS that contain files with extended attributes. </details> <details> <summary>bufbuild/protovalidate-go (github.com/bufbuild/protovalidate-go)</summary> ### [`v0.3.4`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.4) [Compare Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.3...v0.3.4) #### What's Changed - Make DefaultResolver public by [@​oliversun9](https://togithub.com/oliversun9) in [bufbuild/protovalidate-go#59 - Update minimum required Go version from 1.18 to 1.19 by [@​nicksnyder](https://togithub.com/nicksnyder) in [bufbuild/protovalidate-go#62 - Fix ignore path for resolver.go by [@​nicksnyder](https://togithub.com/nicksnyder) in [bufbuild/protovalidate-go#63 #### New Contributors - [@​nicksnyder](https://togithub.com/nicksnyder) made their first contribution in [bufbuild/protovalidate-go#62 **Full Changelog**: bufbuild/protovalidate-go@v0.3.3...v0.3.4 ### [`v0.3.3`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.3) [Compare Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.2...v0.3.3) #### What's Changed - Update benchmarks by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#50 - Bug: transitive field CEL expressions fail to resolve types during type checking by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#51 - Fix loading field message when dependency is more than one step by [@​oliversun9](https://togithub.com/oliversun9) in [bufbuild/protovalidate-go#54 - Bump github.com/google/cel-go from 0.18.0 to 0.18.1 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#55 - Make constraint resolution more flexible to different concrete extension types by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#57 - Move package `celext` out of internal by [@​oliversun9](https://togithub.com/oliversun9) in [bufbuild/protovalidate-go#56 #### New Contributors - [@​oliversun9](https://togithub.com/oliversun9) made their first contribution in [bufbuild/protovalidate-go#54 **Full Changelog**: bufbuild/protovalidate-go@v0.3.2...v0.3.3 ### [`v0.3.2`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.2) [Compare Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.1...v0.3.2) #### What's Changed - Build validator copy cache on write by [@​emcfarlane](https://togithub.com/emcfarlane) in [bufbuild/protovalidate-go#31 - Bump github.com/google/cel-go from 0.17.4 to 0.17.6 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#39 - Bump github.com/google/cel-go from 0.17.6 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#42 - Bump buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go from 1.31.0-20230824200731-b9b8148056b9.1 to 1.31.0-20230830185350-7a34d6557349.1 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#41 - Bypass deprecation lint warning by [@​akshayjshah](https://togithub.com/akshayjshah) in [bufbuild/protovalidate-go#45 - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [bufbuild/protovalidate-go#46 - Cleanup: replace deprecated OptCheckStringFormat by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#48 - Conformance: support for multiple uniques by [@​rodaine](https://togithub.com/rodaine) in [bufbuild/protovalidate-go#49 #### New Contributors - [@​emcfarlane](https://togithub.com/emcfarlane) made their first contribution in [bufbuild/protovalidate-go#31 - [@​akshayjshah](https://togithub.com/akshayjshah) made their first contribution in [bufbuild/protovalidate-go#45 **Full Changelog**: bufbuild/protovalidate-go@v0.3.1...v0.3.2 </details> <details> <summary>cerbos/cloud-api (github.com/cerbos/cloud-api)</summary> ### [`v0.1.8`](https://togithub.com/cerbos/cloud-api/compare/v0.1.7...v0.1.8) [Compare Source](https://togithub.com/cerbos/cloud-api/compare/v0.1.7...v0.1.8) </details> <details> <summary>fullstorydev/grpcurl (github.com/fullstorydev/grpcurl)</summary> ### [`v1.8.9`](https://togithub.com/fullstorydev/grpcurl/releases/tag/v1.8.9) [Compare Source](https://togithub.com/fullstorydev/grpcurl/compare/v1.8.8...v1.8.9) #### Changelog - [`28c0ee2`](https://togithub.com/fullstorydev/grpcurl/commit/28c0ee2) Disable CGO for improved compatibility across distros ([#​420](https://togithub.com/fullstorydev/grpcurl/issues/420)) - [`bc2944d`](https://togithub.com/fullstorydev/grpcurl/commit/bc2944d) Bump golang.org/x/net from 0.9.0 to 0.17.0 ([#​419](https://togithub.com/fullstorydev/grpcurl/issues/419)) - [`7a845ca`](https://togithub.com/fullstorydev/grpcurl/commit/7a845ca) SIGSEGV: panic: runtime error: invalid memory address or nil pointer dereference in protoreflect ([#​416](https://togithub.com/fullstorydev/grpcurl/issues/416)) - [`c17f078`](https://togithub.com/fullstorydev/grpcurl/commit/c17f078) Added alts credential option ([#​341](https://togithub.com/fullstorydev/grpcurl/issues/341)) </details> <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 </details> <details> <summary>google/cel-go (github.com/google/cel-go)</summary> ### [`v0.18.1`](https://togithub.com/google/cel-go/releases/tag/v0.18.1) [Compare Source](https://togithub.com/google/cel-go/compare/v0.18.0...v0.18.1) #### What's Changed - Add support for a relative offset within ast.SourceInfo by \[[#​836](https://togithub.com/google/cel-go/issues/836)] - Fix last optional element to be retained as an optional index while folding \[[#​841](https://togithub.com/google/cel-go/issues/841)] - Fix deprecation notice for string format validation \[[#​840](https://togithub.com/google/cel-go/issues/840)] - Update cel-spec and enable wrappers conformance tests \[[#​842](https://togithub.com/google/cel-go/issues/842)] - refactor: remove lexer and parser pools \[[#​838](https://togithub.com/google/cel-go/issues/838)] #### New Contributors - [@​TulgaCG](https://togithub.com/TulgaCG) made their first contribution in [google/cel-go#835 - [@​aimuz](https://togithub.com/aimuz) made their first contribution in [google/cel-go#838 **Full Changelog**: google/cel-go@v0.18.0...v0.18.1 ### [`v0.18.0`](https://togithub.com/google/cel-go/releases/tag/v0.18.0) [Compare Source](https://togithub.com/google/cel-go/compare/v0.17.6...v0.18.0) #### Features The latest release of CEL introduces validators ([#​775](https://togithub.com/google/cel-go/issues/775)) and optimizers ([#​804](https://togithub.com/google/cel-go/issues/804), [#​827](https://togithub.com/google/cel-go/issues/827)) and migrates the core CEL internals off of the protobuf expression and type representations ([#​789](https://togithub.com/google/cel-go/issues/789)). - String format validator \[[#​775](https://togithub.com/google/cel-go/issues/775)] - Create a Function that Reverses a String \[[#​796](https://togithub.com/google/cel-go/issues/796)] - Introduce pre-order / post-order visitor pattern \[[#​813](https://togithub.com/google/cel-go/issues/813)] - Add Libraries() function to Env \[[#​822](https://togithub.com/google/cel-go/issues/822)] - Static optimizer for constant folding \[[#​804](https://togithub.com/google/cel-go/issues/804)] - Inlining optimizer \[[#​827](https://togithub.com/google/cel-go/issues/827)] - FindStructTypeFields support for types.Provider \[[#​814](https://togithub.com/google/cel-go/issues/814)] #### Breaking Changes The following PR changes the API signature of the `checker.AstNode` method `Expr` to return an `ast.Expr`. - Migrate the checker.Coster to the ast.Expr \[[#​798](https://togithub.com/google/cel-go/issues/798)] #### Fixes - Nil safety checks for cel.Ast \[[#​784](https://togithub.com/google/cel-go/issues/784)] - Fix cost estimates to propagate result sizes \[[#​787](https://togithub.com/google/cel-go/issues/787)] - Catch invalid literals created from expression factories \[[#​810](https://togithub.com/google/cel-go/issues/810)] - Ensure stable ordering of overload candidates \[[#​817](https://togithub.com/google/cel-go/issues/817)] - Clarify replace with/by empty string \[[#​820](https://togithub.com/google/cel-go/issues/820)] - Fix functional exemptions for homogeneous literal checks \[[#​832](https://togithub.com/google/cel-go/issues/832)] - Fix logical operator folding that only involve literals \[[#​833](https://togithub.com/google/cel-go/issues/833)] - Upgrade go-genproto to latest \[[#​831](https://togithub.com/google/cel-go/issues/831)] #### New Contributors - [@​bboogler](https://togithub.com/bboogler) made their first contribution in [google/cel-go#796 **Full Changelog**: google/cel-go@v0.17.1...v0.18.0 </details> <details> <summary>google/uuid (github.com/google/uuid)</summary> ### [`v1.4.0`](https://togithub.com/google/uuid/releases/tag/v1.4.0) [Compare Source](https://togithub.com/google/uuid/compare/v1.3.1...v1.4.0) ##### Features - UUIDs slice type with Strings() convenience method ([#​133](https://togithub.com/google/uuid/issues/133)) ([cd5fbbd](https://togithub.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4)) ##### Fixes - Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/cerbos/cerbos). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Charith Ellawala <charith@cerbos.dev> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Charith Ellawala <charith@cerbos.dev>
hogo6002
pushed a commit
to google/osv.dev
that referenced
this pull request
Dec 4, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | [cloud.google.com/go/secretmanager](https://togithub.com/googleapis/google-cloud-go) | require | patch | `v1.11.1` -> `v1.11.4` | | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.9.0` -> `v5.10.1` | | [github.com/google/go-cmp](https://togithub.com/google/go-cmp) | require | minor | `v0.5.9` -> `v0.6.0` | | [github.com/google/osv-scanner](https://togithub.com/google/osv-scanner) | require | patch | `v1.4.0` -> `v1.4.3` | | golang | stage | digest | `f475434` -> `70afe55` | | golang.org/x/exp | require | digest | `7918f67` -> `6522937` | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.10.1`](https://togithub.com/go-git/go-git/releases/tag/v5.10.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.0...v5.10.1) #### What's Changed - Worktree, ignore ModeSocket files by [@​steiler](https://togithub.com/steiler) in [go-git/go-git#930 - git: add tracer package by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#916 - remote: Flip clause for fast-forward only check by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#875 - plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes [#​900](https://togithub.com/go-git/go-git/issues/900) by [@​anandf](https://togithub.com/anandf) in [go-git/go-git#901 - plumbing: uppload-server-info, implement upload-server-info by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#896 - plumbing: optimise memory consumption for filesystem storage by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#799 - plumbing: format/packfile, Refactor patch delta by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#908 - plumbing: fix empty uploadpack request error by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#932 - plumbing: transport/git, Improve tests error message by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#752 - plumbing: format/pktline, Respect pktline error-line errors by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#936 - utils: remove ioutil.Pipe and use std library io.Pipe by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#922 - utils: move trace to utils by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#931 - cli: separate go module for cli by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#914 - build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#887 - build: bump actions/setup-go from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#891 - build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#888 - build: bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#890 - build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#907 - build: bump golang.org/x/text from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#906 - build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#917 - build: bump golang.org/x/net from 0.17.0 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#918 #### New Contributors - [@​anandf](https://togithub.com/anandf) made their first contribution in [go-git/go-git#901 - [@​steiler](https://togithub.com/steiler) made their first contribution in [go-git/go-git#930 **Full Changelog**: go-git/go-git@v5.10.0...v5.10.1 ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 </details> <details> <summary>google/go-cmp (github.com/google/go-cmp)</summary> ### [`v0.6.0`](https://togithub.com/google/go-cmp/releases/tag/v0.6.0) [Compare Source](https://togithub.com/google/go-cmp/compare/v0.5.9...v0.6.0) New API: - ([#​340](https://togithub.com/google/go-cmp/issues/340)) Add `cmpopts.EquateComparable` Documentation changes: - ([#​337](https://togithub.com/google/go-cmp/issues/337)) Use of hotlinking of Go identifiers Build changes: - ([#​325](https://togithub.com/google/go-cmp/issues/325)) Remove purego fallbacks Testing changes: - ([#​322](https://togithub.com/google/go-cmp/issues/322)) Run tests for Go 1.20 version - ([#​332](https://togithub.com/google/go-cmp/issues/332)) Pin GitHub action versions - ([#​327](https://togithub.com/google/go-cmp/issues/327)) set workflow permission to read-only </details> <details> <summary>google/osv-scanner (github.com/google/osv-scanner)</summary> ### [`v1.4.3`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v143) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.2...v1.4.3) ##### Features - [Feature #​621](https://togithub.com/google/osv-scanner/pull/621) Add support for scanning vendored C/C++ files. - [Feature #​581](https://togithub.com/google/osv-scanner/pull/581) Scan submodules commit hashes. ##### Fixes - [Bug #​626](https://togithub.com/google/osv-scanner/issues/626) Fix gitignore matching for root directory - [Bug #​622](https://togithub.com/google/osv-scanner/issues/622) Go binary not found should not be an error - [Bug #​588](https://togithub.com/google/osv-scanner/issues/588) handle npm/yarn aliased packages - [Bug #​607](https://togithub.com/google/osv-scanner/pull/607) fix: remove some extra newlines in sarif report ### [`v1.4.2`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v142) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.1...v1.4.2) ##### Fixes - [Bug #​574](https://togithub.com/google/osv-scanner/issues/574) Support versions with build metadata in `yarn.lock` files - [Bug #​599](https://togithub.com/google/osv-scanner/issues/599) Add name field to sarif rule output ### [`v1.4.1`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v141) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.0...v1.4.1) ##### Features - [Feature #​534](https://togithub.com/google/osv-scanner/pull/534) New SARIF format that separates out individual vulnerabilities, see https://github.com/google/osv-scanner/issue/216 - [Experimental Feature #​57](https://togithub.com/google/osv-scanner/issues/57) Experimental Github Action! Have a look at https://google.github.io/osv-scanner/experimental/ for how to use the new Github Action in your repo. Experimental, so might change with only a minor update. ##### API Features - [Feature #​557](https://togithub.com/google/osv-scanner/pull/557) Add new ecosystems, and a slice containing all of them. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
amenowanna
added a commit
to mergestat/mergestat
that referenced
this pull request
Mar 13, 2024
](https://renovatebot.com){kind=link}
…rity] (#1148) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | `v5.5.2` -> `v5.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-49568](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) #### [CVE-2023-49569](https://togithub.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88) ### Impact A path traversal vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the [ChrootOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS), which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using [BoundOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS) or in-memory filesystems are not affected by this issue. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible in a timely manner, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.11.0`](https://togithub.com/go-git/go-git/releases/tag/v5.11.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.1...v5.11.0) #### What's Changed - git: validate reference names ([#​929](https://togithub.com/go-git/go-git/issues/929)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#950 - git: stop iterating at oldest shallow when pulling. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​dhoizner](https://togithub.com/dhoizner) in [go-git/go-git#939 - plumbing: object, enable renames in getFileStatsFromFilePatches by [@​djmoch](https://togithub.com/djmoch) in [go-git/go-git#941 - storage: filesystem, Add option to set a specific FS for alternates by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#953 - Align worktree validation with upstream and remove build warnings by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#958 #### New Contributors - [@​dhoizner](https://togithub.com/dhoizner) made their first contribution in [go-git/go-git#939 - [@​djmoch](https://togithub.com/djmoch) made their first contribution in [go-git/go-git#941 **Full Changelog**: go-git/go-git@v5.10.1...v5.11.0 ### [`v5.10.1`](https://togithub.com/go-git/go-git/releases/tag/v5.10.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.0...v5.10.1) #### What's Changed - Worktree, ignore ModeSocket files by [@​steiler](https://togithub.com/steiler) in [go-git/go-git#930 - git: add tracer package by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#916 - remote: Flip clause for fast-forward only check by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#875 - plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes [#​900](https://togithub.com/go-git/go-git/issues/900) by [@​anandf](https://togithub.com/anandf) in [go-git/go-git#901 - plumbing: uppload-server-info, implement upload-server-info by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#896 - plumbing: optimise memory consumption for filesystem storage by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#799 - plumbing: format/packfile, Refactor patch delta by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#908 - plumbing: fix empty uploadpack request error by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#932 - plumbing: transport/git, Improve tests error message by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#752 - plumbing: format/pktline, Respect pktline error-line errors by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#936 - utils: remove ioutil.Pipe and use std library io.Pipe by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#922 - utils: move trace to utils by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#931 - cli: separate go module for cli by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#914 - build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#887 - build: bump actions/setup-go from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#891 - build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#888 - build: bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#890 - build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#907 - build: bump golang.org/x/text from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#906 - build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#917 - build: bump golang.org/x/net from 0.17.0 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#918 #### New Contributors - [@​anandf](https://togithub.com/anandf) made their first contribution in [go-git/go-git#901 - [@​steiler](https://togithub.com/steiler) made their first contribution in [go-git/go-git#930 **Full Changelog**: go-git/go-git@v5.10.0...v5.10.1 ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 ### [`v5.9.0`](https://togithub.com/go-git/go-git/releases/tag/v5.9.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.8.1...v5.9.0) #### What's Changed - git: worktree: add Amend option to CommitOptions by [@​john-cai](https://togithub.com/john-cai) in [go-git/go-git#438 - git: worktree, reset ignored files that are part of the worktree: Fixes [#​819](https://togithub.com/go-git/go-git/issues/819) by [@​daolis](https://togithub.com/daolis) in [go-git/go-git#821 - plumbing: Do not swallow http message coming from VCS providers by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#835 - plumbing: transport, handle IPv6 while parsing endpoint. Fixes [#​740](https://togithub.com/go-git/go-git/issues/740) by [@​ninedraft](https://togithub.com/ninedraft) in [go-git/go-git#820 - \*: update goproxy dependency to fix CVE-2023-37788 vulnerability by [@​svghadi](https://togithub.com/svghadi) in [go-git/go-git#832 - \*: bump dependencies and Go to 1.19 by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#837 #### New Contributors - [@​svghadi](https://togithub.com/svghadi) made their first contribution in [go-git/go-git#832 - [@​daolis](https://togithub.com/daolis) made their first contribution in [go-git/go-git#821 **Full Changelog**: go-git/go-git@v5.8.1...v5.9.0 ### [`v5.8.1`](https://togithub.com/go-git/go-git/releases/tag/v5.8.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.8.0...v5.8.1) #### What's Changed - \*: Bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#815 **Full Changelog**: go-git/go-git@v5.8.0...v5.8.1 ### [`v5.8.0`](https://togithub.com/go-git/go-git/releases/tag/v5.8.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.7.0...v5.8.0) #### What's Changed - git: Fix fetching after shallow clone. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#778 - git: enable fetch with unqualified references by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#762 - git: don't add to want if exists, shallow and depth 1 by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#763 - git: Clone HEAD should not force master. Fixes [#​363](https://togithub.com/go-git/go-git/issues/363) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#758 - git: fix the issue with submodules having the SCP style URL fail due to the wrong URL parsing by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#756 - git: add a clone option to allow for shallow cloning of submodules by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#765 - worktree: minor speedup for `doAddDirectory` by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#702 - \_examples: Remove wrong comment by [@​pascal-hofmann](https://togithub.com/pascal-hofmann) in [go-git/go-git#357 - \*: Handle paths starting with tilde by [@​ricci2511](https://togithub.com/ricci2511) in [go-git/go-git#808 - \*: Handle paths starting with ~Username by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#809 - storage: filesystem/dotgit, add support for tmp_objdir prefix by [@​L11R](https://togithub.com/L11R) in [go-git/go-git#812 - plumbing: gitignore, replace user dir in path by [@​Jleagle](https://togithub.com/Jleagle) in [go-git/go-git#772 - plumbing: gitignore, fix incorrect parsing. Fixes [#​500](https://togithub.com/go-git/go-git/issues/500) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#781 - plumbing: http, Fix empty repos on Git v2.41+ by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#802 - plumbing: packp, A request is not empty if it contains shallows. Fixes [#​328](https://togithub.com/go-git/go-git/issues/328) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#792 - plumbing: blame, Complete rewrite. Fixes [#​603](https://togithub.com/go-git/go-git/issues/603) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#789 - plumbing: gitignore, Allow gitconfig to contain a gitignore relative to any user home. Fixes [#​578](https://togithub.com/go-git/go-git/issues/578) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#785 #### New Contributors - [@​Jleagle](https://togithub.com/Jleagle) made their first contribution in [go-git/go-git#772 - [@​pascal-hofmann](https://togithub.com/pascal-hofmann) made their first contribution in [go-git/go-git#357 - [@​ricci2511](https://togithub.com/ricci2511) made their first contribution in [go-git/go-git#808 - [@​L11R](https://togithub.com/L11R) made their first contribution in [go-git/go-git#812 **Full Changelog**: go-git/go-git@v5.7.0...v5.7.1 ### [`v5.7.0`](https://togithub.com/go-git/go-git/releases/tag/v5.7.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.6.1...v5.7.0) #### What's Changed - \*: Add support for initializing SHA256 repositories by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#707 - git: add mirror clone option by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#735 - git: Add support to ls-remote with peeled references. Fixes [#​749](https://togithub.com/go-git/go-git/issues/749) by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#750 - git: fix cloning with branch name by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#755 - git: Worktree, add check to see if file already checked in. Fixes [#​718](https://togithub.com/go-git/go-git/issues/718) by [@​cbbm142](https://togithub.com/cbbm142) in [go-git/go-git#719 - git: Worktree, git grep bare repositories by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#728 - git: Add Depth to SubmoduleUpdateOptions by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#754 - git: Testing, Fix tests not cleaning temp folders by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#769 - git: remote, add support for a configurable timeout. by [@​andrewpollock](https://togithub.com/andrewpollock) in [go-git/go-git#753 - git: Allow Initial Branch to be configurable by [@​techknowlogick](https://togithub.com/techknowlogick) in [go-git/go-git#764 - storage: filesystem/dotgit, Improve load packed-refs by [@​fcharlie](https://togithub.com/fcharlie) in [go-git/go-git#743 - storage: filesystem, Populate index before use. Fixes [#​148](https://togithub.com/go-git/go-git/issues/148) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#722 - plumbing: resolve non-external delta references by [@​ZauberNerd](https://togithub.com/ZauberNerd) in [go-git/go-git#485 - plumbing/transport: fix regression in scp-like match by [@​jotadrilo](https://togithub.com/jotadrilo) in [go-git/go-git#715 - plumbing/transport: Add support for custom proxy settings by [@​aryan9600](https://togithub.com/aryan9600) in [go-git/go-git#744 - \*: small fixes across the codebase by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#770 - \*: bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#776 - \*: bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#748 - \*: bump Go version to 1.18 on go.mod by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#774 - \*: add Codeql workflow and bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#775 - ci: fix upstream git build for master branch by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#739 #### New Contributors - [@​ZauberNerd](https://togithub.com/ZauberNerd) made their first contribution in [go-git/go-git#485 - [@​jotadrilo](https://togithub.com/jotadrilo) made their first contribution in [go-git/go-git#715 - [@​fcharlie](https://togithub.com/fcharlie) made their first contribution in [go-git/go-git#743 - [@​AriehSchneier](https://togithub.com/AriehSchneier) made their first contribution in [go-git/go-git#755 - [@​cbbm142](https://togithub.com/cbbm142) made their first contribution in [go-git/go-git#719 - [@​aryan9600](https://togithub.com/aryan9600) made their first contribution in [go-git/go-git#744 - [@​matejrisek](https://togithub.com/matejrisek) made their first contribution in [go-git/go-git#754 - [@​andrewpollock](https://togithub.com/andrewpollock) made their first contribution in [go-git/go-git#753 - [@​techknowlogick](https://togithub.com/techknowlogick) made their first contribution in [go-git/go-git#764 **Full Changelog**: go-git/go-git@v5.6.1...v5.7.0 ### [`v5.6.1`](https://togithub.com/go-git/go-git/releases/tag/v5.6.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.6.0...v5.6.1) #### What's Changed - plumbing/transport: don't use the `firstErrLine` when it is empty by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#682 - plumbing/transport: ssh, unable to pass a custom HostKeyCallback func by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#655 - storage/filesystem: dotgit: fix a filesystem race in Refs/walkReferencesTree by [@​MichaelMure](https://togithub.com/MichaelMure) in [go-git/go-git#659 - \*: bump golang.org/x/net from 0.2.0 to 0.7.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#684 - \*: bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#697 - \*: fix panic for empty revisions by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#696 - ci: bump GitHub actions, enable go test race detection and stop using developer's GPG keys during test execution by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#701 **Full Changelog**: go-git/go-git@v5.6.0...v5.6.1 ### [`v5.6.0`](https://togithub.com/go-git/go-git/releases/tag/v5.6.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.5.2...v5.6.0) #### What's Changed - Worktree, check for empty parent dirs during Reset (Fixes [#​670](https://togithub.com/go-git/go-git/issues/670)) by [@​mbohy](https://togithub.com/mbohy) in [go-git/go-git#671 - \*: remove need to build with CGO by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#688 - plumbing: support SSH/X509 signed tags by [@​hiddeco](https://togithub.com/hiddeco) in [go-git/go-git#690 **Full Changelog**: go-git/go-git@v5.5.2...v5.6.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/mergestat/mergestat). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps golang.org/x/net from 0.15.0 to 0.17.0.
Commits
b225e7chttp2: limit maximum handler goroutines to MaxConcurrentStreams88194adgo.mod: update golang.org/x dependencies2b60a61quic: fix several bugs in flow control accounting73d82efquic: handle DATA_BLOCKED frames5d5a036quic: handle streams moving from the data queue to the meta queue350aad2quic: correctly extend peer's flow control window after MAX_DATA21814e7quic: validate connection id transport parametersa600b35quic: avoid redundant MAX_DATA updatesea63359http2: check stream body is present on read timeoutddd8598quic: version negotiationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.