chore(deps): update general modules - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
CycloneDX/gh-gomod-generate-sbom	action	digest	c18e41a -> b20a91b
actions/cache	action	digest	d974700 -> 2d8d0d1
actions/checkout	action	digest	ec3a7ce -> d50f8ea
actions/setup-go	action	digest	424fc82 -> a5865a9
actions/setup-python	action	digest	f382193 -> 6c048c7
actions/upload-artifact	action	digest	82c141c -> 6673cd0
azure/setup-helm	action	digest	18bc768 -> fa870ea
codecov/codecov-action	action	digest	f32b3a3 -> b049ab5
creekorful/goreportcard-action	action	digest	1f35ced -> b99cfba
docker/setup-buildx-action	action	digest	94ab11c -> 2a6fbda
docker/setup-qemu-action	action	digest	27d0a4f -> 2d4bfe7
github.com/awslabs/amazon-ecr-credential-helper/ecr-login	require	digest	3d7835a -> 7a06d24
github.com/chrismellard/docker-credential-acr-env	require	digest	fe33c00 -> c57b701
github.com/distribution/distribution	require	minor	v2.7.1+incompatible -> v2.8.1
github.com/go-git/go-billy/v5	require	minor	v5.0.0 -> v5.3.1
github.com/go-git/go-git/v5	require	minor	v5.2.0 -> v5.4.2
github.com/go-logr/logr	require	patch	v1.2.2 -> v1.2.3
github.com/google/go-containerregistry/pkg/authn/kubernetes	require	digest	c63684e -> efc62d8
github.com/googleapis/gnostic	require	minor	v0.5.5 -> v0.6.7
github.com/mattbaird/jsonpatch	require	digest	81af803 -> 098863c
github.com/onsi/gomega	require	minor	v1.18.1 -> v1.19.0
github.com/prometheus/client_golang	require	minor	v1.11.0 -> v1.12.1
github.com/sigstore/sigstore	require	minor	v1.1.1-0.20220217212907-e48ca03a5ba7 -> v1.2.0
github.com/spf13/cobra	require	minor	v1.3.0 -> v1.4.0
github.com/stretchr/testify	require	patch	v1.7.0 -> v1.7.1
golang	final	minor	1.17.6 -> 1.18.0
goreleaser/goreleaser-action	action	digest	5df302e -> 0110a4a
helm/chart-testing-action	action	digest	b0d4458 -> dae259e
popper.js (source)		minor	1.14.7 -> 1.16.1
rajatjindal/krew-release-bot	action	digest	3320c0b -> 621a27f
reviewdog/action-golangci-lint	action	digest	02bcf8c -> 5d76ca8
sigstore/cosign-installer	action	digest	116dc68 -> b4f5574
stefanprodan/helm-gh-pages	action	digest	b43a871 -> b43a871

---

Release Notes

distribution/distribution

v2.8.1

Compare Source

Welcome to the v2.8.1 release of registry!

The 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0

There have been no changes made in the released binaries other than the bump of the Go runtime.

See the changelog below for a full list of changes.

CI

• ci: use proper git ref for versioning #​3595
• Go: make Go version explicit and pin it to the latest 1.16 release #​3604

Contributors

• CrazyMax
• Milos Gajdos

Changes

6 commits

• 96cc1fdb FIx typo
• e744906f Update 2.8.1. release notes
• Prepare for v2.8.1 release (#​3596)
  • 6736d188 Prepare for v2.8.1 release
• [2.8 backport] ci: use proper git ref for versioning (#​3595)
  • 80acbdf0 ci: use proper git ref for versioning

##### Dependency Changes

This release has no dependency changes

The previous release can be found at v2.8.0

v2.8.0

Compare Source

registry 2.8.0

Welcome to the v2.8.0 release of registry!

The 2.8.0 registry release has been a long time overdue.
This is the first step towards the last 2.x release.
No further active development will continue on 2.x branch.
Security vulnerability patches to 2.x might be considered, but
all active development will be focussed on v3 release due in 2022.
This release includes a security vulnerability fix along
with a few minor bug fixes and improvemnts in documentation and CI.

See changelog below for full list of changes.

Bugfixes

• Close the io.ReadCloser from storage driver #​3370
• Remove empty Content-Type header #​3297
• Make ipfilteredby not required in cloudfront storage middleware #​3088

Features

• Add reference.ParseDockerRef utility function #​3002

CI build

• First draft of actions based ci #​3347
• Fix vndr and check #​3001
• Improve code quality by adding linter checks #​3385

Documentation

• Add redirect for old URL #​3197
• Fix broken table #​3073
• Adding deprecated schema v1 instructions #​2987
• Change should to must in v2 spec (#​3495)

Storage drivers

• S3 Driver: add support for ceph radosgw #​3119

Security

• Added flag for user configurable cipher suites #​3384
• Address CVE-2020-26160 by replacing vulnerable third-party depedency#​3466
• Replace math rand with crypto rand #​3531
• Address CVE-2021-41190 by validating document type before unmarshal GHSA-77vh-xpmg-72qh

Changes

50 commits

• Prepare for v2.8.0 release (#​3552)
  • d5d89a46 Make this releaes a beta release first.
  • 1ddad0ba Apply suggestions from code review
  • 3960a560 Prepare for v2.8.0 release
• [2.8] Release artifacts (#​3568)
  • 6241e099 [2.8] Release artifacts
• [2.8] Release workflow (#​3565)
  • 65ca39e6 release workflow
  • 3b7b5345 Merge pull request from GHSA-qq97-vm5h-rrhg
  • 10ade61d manifest: validate document type before unmarshal
• [release/2.7] github.com/golang-jwt/jwt v3.2.2 (#​3466)
  • c5679da3 [release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1
• [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2 (#​3535)
  • 97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
• [release/2.7]fix go check issues (#​3531)
  • 9a3ff113 fix go check issues
• [release/2.7 backport] Change should to must in v2 spec (#​3495)
  • 19b573a6 Change should to must in v2 spec
• [release/2.7] update to go1.16 (#​3472)
  • d836b23f [release/2.7] update to go1.16
• [backport release/2.7]Added flag for user configurable cipher suites (#​3384)
  • cc341b01 Added flag for user configurable cipher suites
• enable ci for release/2.7 (#​3385)
  • 09109ab5 Fix gosimple checks
  • 89e6568e Remove err nil check
  • 3c64ff10 Fix gometalint errors
  • f807afbf Migrate to golangci-lint
  • 9142de99 enable ci for release/2.7
• [cherry pick]close the io.ReadCloser from storage driver (#​3370)
  • 3fe1d67a close the io.ReadCloser from storage driver
• [backport release/2.7] First draft of actions based ci (#​3347)
  • f1bd6551 First draft of actions based ci
• [release/2.7 backport] Remove empty Content-Type header (#​3297)
  • cf8615de Remove empty Content-Type header
• [release/2.7 backport] docs: add redirect for old URL (#​3197)
  • 48eeac88 docs: add redirect for old URL
• [release/2.7] Fix s3 driver for supporting ceph radosgw (#​3119)
  • e2f006ac S3 Driver: added comment for missing KeyCount workaround
  • 0a1e4a57 Fix s3 driver for supporting ceph radosgw
• [release/2.7 backport] Bugfix: Make ipfilteredby not required (#​3088)
  • afa91463 Bugfix: Make ipfilteredby not required
• [release/2.7 backport] Add reference.ParseDockerRef utility function (#​3002)
  • fad36ed1 Add reference.ParseDockerRef utility function
• [release/2.7 backport] fix markdown issues on configuration page (#​3073)
  • f999f540 Fixing broken table
  • c636ed78 Fix cloudfront documentation formatting
• [release/2.7] Fix vndr and check (#​3001)
  • 5883e2d9 Fix vndr and check
• [release/2.7] Adding deprecated schema v1 page (#​2987)
  • a3c027e6 Adding deprecated schema instructions

##### Dependency Changes * github.com/dgrijalva/jwt-go -> github.com/golang-jwt/jwt.git # v3.2.2 (a601269ab70c -> 4bbdd8ac624f) * github.com/opencontainers/image-spec -> github.com/opencontainers/image-spec # v1.0.2 (ab7389ef9f50 -> 67d2d5658fe0)

Previous release can be found at v2.7.1

go-git/go-billy

v5.3.1

Compare Source

• util: fix TempDir and TempFile on non-root filesystems (3bf3fe5)

v5.3.0

Compare Source

• util: add ReadFile function
• osfs: add Default to avoid repetitive code

v5.2.0

Compare Source

Changelog

• osfs: js/wasm implementation based on menfs

v5.1.0

Compare Source

Change Log

• memfs: ReadDir sorted by filename #​13 (MetalBlueberry)
• memfs: Add support for O_EXC to memfs #​10 (jawr)

go-git/go-git

v5.4.2

Compare Source

Change Log

• Revert "plumbing: format/packfile, prevent large objects from being read into memory completely (#​303) (da81027)

v5.4.1

Compare Source

Change Log

• remote: patch default timeout for List from 600ms to 10s (#​321)

v5.4.0

Compare Source

Change Log

• Repository: test, use raw string to avoid double-escape #​288 (jeffwidman)
• Remote: new ListContext function #​278 (xiujuan95)
• Remote: add support for deepening shallow clones #​311 (marwatk)
• Submodele, fetch submodules pointing to orphaned but still reachable commits #​284 (edigaryev)
• plumbing: object/patch, printStat strings.Repeat cause panic #​310 (cookeem)
• plumbing: format/packfile, prevent large objects from being read into memory completely #​303 (zeripath)
• plumbing: transport/ssh, support more formats in NewPublicKeys SSH helper #​298 (hiddeco)
• *: replace golang.org/x/crypto/openpgp by github.com/ProtonMail/go-crypto/openpgp #​283 (johanfleury)
• *: typo fixes #​291 (jeffwidman)
• *: minor doc fixes #​287 (jeffwidman)
• *: remove unused unexported const #​286 (jeffwidman)

v5.3.0

Compare Source

Change Log

• transport: ssh, fix cloning large repositories #​272 (dcu)
• diff: Allow srcPrefix and dstPrefix to be configured #​265 (yabberyabber)
• Remote: add RequireRemoteRefs to PushOptions #​258 (asuffield)
• plumbing: gitignore, Fix gitconfig path in LoadSystemPatterns doc #​256 (andrewarchi)
• plumbing: wire up contexts for Transport.AdvertisedReferences #​246 (asuffield)
• worktree: Don't remove root directory when cleaning #​230 (hansmi)
• *: add insecureSkipTLS and cabundle #​228 (StrongMonkey)
• git: worktree_commit, just store objects not already stored #​224 (jsteuer)
• plumbing: packp: adding "object-format" and "filter" capabilities #​222 (rofc)
• Submodule: fix relative submodule resolution #​195 (adracus)
• git: worktree, Support relative submodule URL. #​184 (mikyk10)
• config: add init.defaultBranch to the config #​178 (tomlazar)
• config: support insteadOf for remotes' URLs #​79 (kostyay)

go-logr/logr

v1.2.3

Compare Source

This is a minor release.

What's Changed

• funcr: Handle nil Stringer, Marshaler, error by @​thockin in https://github.com/go-logr/logr/pull/130
  • Produce a useful error rather than panic.
• Move testing -> testr, deprecate, alias old names by @​thockin in https://github.com/go-logr/logr/pull/140
  • This is mostly about ergonomics and names, no behavioral changes.

New Contributors

• @​tonglil made their first contribution in https://github.com/go-logr/logr/pull/129

Full Changelog: go-logr/logr@v1.2.2...v1.2.3

googleapis/gnostic

v0.6.7

Compare Source

v0.6.6

Compare Source

We had a series of problems related to a multi-module configuration and its reversion that all now appear to be fixed in this release. Individual components in the cmd directory are now (again) part of the main module and can be independently installed with the following:

go install github.com/google/gnostic/cmd/disco@latest
go install github.com/google/gnostic/cmd/parse-linter-output@latest
go install github.com/google/gnostic/cmd/petstore-builder@latest
go install github.com/google/gnostic/cmd/protoc-gen-jsonschema@latest
go install github.com/google/gnostic/cmd/protoc-gen-openapi@latest
go install github.com/google/gnostic/cmd/report@latest
go install github.com/google/gnostic/cmd/report-messages@latest
go install github.com/google/gnostic/cmd/vocabulary-operations@latest

Verified with Go 1.16, 1.17, and 1.18beta1.

v0.6.5

Compare Source

v0.6.4

Compare Source

v0.6.3

Compare Source

v0.6.2

Compare Source

This adds a retract statement to go.mod to exclude v0.6.0 from dependency updates. Thanks @​morphar and @​shenqidebaozi for quickly catching and fixing problems with the multimodule configuration!

v0.6.1

Compare Source

v0.6.0

Compare Source

This renames the former apps directory to cmd and adds a go.mod for each cmd subdirectory. These directories contain demonstrations and various gnostic-related applications, and putting each in a separate module clarifies dependencies and reduces the apparent dependencies of gnostic itself (as listed in the top-level go.mod). Thanks @​shenqidebaozi for making this change and @​morphar for advising.

This also includes significant improvements to protoc-gen-openapi from @​morphar and @​tonybase and a new protoc-gen-jsonschema pluigin contributed by @​morphar.

v0.5.7

Compare Source

v0.5.6

Compare Source

onsi/gomega

v1.19.0

Compare Source

Features

• New HaveEach matcher to ensure that each and every element in an array, slice, or map satisfies the passed in matcher. (#​523) [9fc2ae2] (#​524) [c8ba582]
• Users can now wrap the Gomega interface to implement custom behavior on each assertion. (#​521) [1f2e714]
• ContainElement now accepts an additional pointer argument. Elements that satisfy the matcher are stored in the pointer enabling developers to easily add subsequent, more detailed, assertions against the matching element. (#​527) [1a4e27f]

Fixes

• update RELEASING instructions to match ginkgo [0917cde]
• Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 (#​519) [49ab4b0]
• Fix CVE-2021-38561 (#​534) [f1b4456]
• Fix max number of samples in experiments on non-64-bit systems. (#​528) [1c84497]
• Remove dependency on ginkgo v1.16.4 (#​530) [4dea8d5]
• Fix for Go 1.18 (#​532) [56d2a29]
• Document precendence of timeouts (#​533) [b607941]

prometheus/client_golang

v1.12.1

Compare Source

• [BUGFIX] Make the Go 1.17 collector concurrency-safe #​969
  • Use simpler locking in the Go 1.17 collector #​975
• [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #​974
• [ENHANCEMENT] API client: make HTTP reads more efficient #​976

Full Changelog: prometheus/client_golang@v1.12.0...v1.12.1

v1.12.0

Compare Source

• [CHANGE] example/random: Move flags and metrics into main() #​935
• [FEATURE] API client: Support wal replay status api #​944
• [FEATURE] Use the runtime/metrics package for the Go collector for 1.17+ #​955
• [ENHANCEMENT] API client: Update /api/v1/status/tsdb to include headStats #​925
• [SECURITY FIX] promhttp: Check validity of method and code label values #​962 (Addressed CVE-2022-21698)

What's Changed

• Address minor issues on the changelog by @​kakkoyun in https://github.com/prometheus/client_golang/pull/879
• Synchronize common files from prometheus/prometheus by @​prombot in https://github.com/prometheus/client_golang/pull/888
• Update status badgets by @​SuperQ in https://github.com/prometheus/client_golang/pull/885
• Updating dependency versions + cleanup by @​sivabalan in https://github.com/prometheus/client_golang/pull/881
• Synchronize common files from prometheus/prometheus by @​prombot in https://github.com/prometheus/client_golang/pull/892
• add ExponentialBucketsRange function by @​sbunce in https://github.com/prometheus/client_golang/pull/899
• Synchronize common files from prometheus/prometheus by @​prombot in https://github.com/prometheus/client_golang/pull/909
• Update cespare/xxhash dependency by @​dtrudg in https://github.com/prometheus/client_golang/pull/913
• example/random: Move flags and metrics into main() by @​beorn7 in https://github.com/prometheus/client_golang/pull/935
• Fix typo by @​gozeloglu in https://github.com/prometheus/client_golang/pull/939
• Add support for go 1.17 by @​mrueg in https://github.com/prometheus/client_golang/pull/950
• Synchronize common files from prometheus/prometheus by @​prombot in https://github.com/prometheus/client_golang/pull/928
• Synchronize common files from prometheus/prometheus by @​prombot in https://github.com/prometheus/client_golang/pull/952
• API: support wal replay status api by @​yeya24 in https://github.com/prometheus/client_golang/pull/944
• Update /api/v1/status/tsdb to include headStats by @​prymitive in https://github.com/prometheus/client_golang/pull/925
• Use the runtime/metrics package for the Go collector for 1.17+ by @​mknyszek in https://github.com/prometheus/client_golang/pull/955
• promhttp: Check validity of method and code label values by @​kakkoyun in https://github.com/prometheus/client_golang/pull/962
• go.*: Update dependencies by @​kakkoyun in https://github.com/prometheus/client_golang/pull/965

New Contributors

• @​sivabalan made their first contribution in https://github.com/prometheus/client_golang/pull/881
• @​sbunce made their first contribution in https://github.com/prometheus/client_golang/pull/899
• @​dtrudg made their first contribution in https://github.com/prometheus/client_golang/pull/913
• @​gozeloglu made their first contribution in https://github.com/prometheus/client_golang/pull/939
• @​mrueg made their first contribution in https://github.com/prometheus/client_golang/pull/950
• @​prymitive made their first contribution in https://github.com/prometheus/client_golang/pull/925
• @​mknyszek made their first contribution in https://github.com/prometheus/client_golang/pull/955

Full Changelog: prometheus/client_golang@v1.11.0...v1.12.0

v1.11.1

Compare Source

• [SECURITY FIX] promhttp: Check validity of method and code label valueshttps://github.com/prometheus/client_golang/pull/9877 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in https://github.com/prometheus/client_golang/pull/987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

spf13/cobra

v1.4.0

Compare Source

Winter 2022 Release ❄️

Another season, another release!

Goodbye viper! 🐍 🚀

The core Cobra library no longer requires Viper and all of its indirect dependencies. This means that Cobra's dependency tree has been drastically thinned! The Viper dependency was included because of the cobra CLI generation tool. This tool has migrated to spf13/cobra-cli.

It's pretty unlikely you were importing and using the bootstrapping CLI tool as part of your application (after all, it's just a tool to get going with core cobra).

But if you were, replace occurrences of

"github.com/spf13/cobra/cobra"

with

"github.com/spf13/cobra-cli"

And in your go.mod, you'll want to also include this dependency:

github.com/spf13/cobra-cli v1.3.0

Again, the maintainers do not anticipate this being a breaking change to users of the core cobra library, so minimal work should be required for users to integrate with this new release. Moreover, this means the dependency tree for your application using Cobra should no longer require dependencies that were inherited from Viper. Huzzah! 🥳

If you'd like to read more

• issue: https://github.com/spf13/cobra/issues/1597
• PR: https://github.com/spf13/cobra/pull/1604

Documentation 📝

• Update Go Doc link and badge in README: https://github.com/spf13/cobra/pull/1593
• Fix to install command, now targets @latest: https://github.com/spf13/cobra/pull/1576
• Added MAINTAINERS file: https://github.com/spf13/cobra/pull/1545

Other 💭

• Bumped license year to 2022 in golden files: https://github.com/spf13/cobra/pull/1575
• Added Pixie to projects: https://github.com/spf13/cobra/pull/1581
• Updated labeler for new labeling scheme: https://github.com/spf13/cobra/pull/1613 & syntax fix: https://github.com/spf13/cobra/pull/1624

Shoutout to our awesome contributors helping to make this cobra release possible!!
@​spf13 @​marckhouzam @​johnSchnake @​jpmcb @​liggitt @​umarcor @​hiljusti @​marians @​shyim @​htroisi

stretchr/testify

v1.7.1

Compare Source

popperjs/popper-core

v1.16.1

Compare Source

• chore: added funding field in package.json

v1.16.0

Compare Source

• 🚀 feat: referenceNode support for reference objects (closes #​800) (#​801) (thanks @​Benjamin-Dobell)
• 🛠 fix: make browser detection more reliable (#​768) (thanks @​mrzepinski)
• 🛠 fix: Remove /src from .npmignore (for debugging) (#​761) (thanks @​justingrant)
• 🛠 fix: calculation that results in NaN (#​790) (thanks @​snoozbuster)
• 🛠 fix: ESM style export of Padding in TS typedefs (#​802) (thanks @​Benjamin-Dobell)
• 🛠 fix: .js.flow definitions (#​829) (thanks @​pascalduez)
• ⚡️ perf: declared packages side effect free and fixed existing side effects (#​830) (thanks @​maclockard)
• 📖 docs: add complete live example
• 📖 docs: HTTPS codepen link (#​795) (thanks @​coliff)
• 📖 docs: fix typo in destroy.js comment (#​810) (thanks @​XhmikosR)
• 🏡 chore: upgrade lerna (#​803) (thanks @​jquense)

v1.15.0

Compare Source

• fix(types): add missing reference and popper class properties (#​759)
• fix: add "unpkg" field to package.json to link to minified version (#​758)
• feat: add 'flipVariationsByContent' option to flip modifier (#​754)

---

Configuration

📅 Schedule: "on friday after 11am" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: docker run --rm --name=renovate_go --label=renovate_child -v "/mnt/renovate/gh/wryonik/kyverno":"/mnt/renovate/gh/wryonik/kyverno" -v "/tmp/renovate-cache":"/tmp/renovate-cache" -e GOPATH -e GOPROXY -e GOFLAGS -e CGO_ENABLED -e GIT_CONFIG_KEY_0 -e GIT_CONFIG_VALUE_0 -e GIT_CONFIG_KEY_1 -e GIT_CONFIG_VALUE_1 -e GIT_CONFIG_KEY_2 -e GIT_CONFIG_VALUE_2 -e GIT_CONFIG_COUNT -e GIT_CONFIG_KEY_3 -e GIT_CONFIG_VALUE_3 -e GIT_CONFIG_KEY_4 -e GIT_CONFIG_VALUE_4 -e GIT_CONFIG_KEY_5 -e GIT_CONFIG_VALUE_5 -w "/mnt/renovate/gh/wryonik/kyverno" docker.io/renovate/go:1.18.0 bash -l -c "go get -d -t ./... && go mod tidy && go mod tidy"
go: github.com/googleapis/gnostic@v0.6.7: parsing go.mod:
	module declares its path as: github.com/google/gnostic
	        but was required as: github.com/googleapis/gnostic

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication