chore(deps): bump the go group across 1 directory with 5 updates #178

dependabot · 2024-12-15T16:48:45Z

Bumps the go group with 3 updates in the / directory: github.com/Masterminds/semver/v3, github.com/fluxcd/pkg/apis/meta and github.com/fluxcd/pkg/runtime.

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.1

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

Fix for allowing some version that were invalid by @mattfarina in Masterminds/semver#253

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

v3.3.0

What's Changed

Fix: bad package in README by @sdelicata in Masterminds/semver#226

Updating the GitHub Actions and versions of Go used by @mattfarina in Masterminds/semver#229

Fix spelling in README by @robinschneider in Masterminds/semver#222

Adding go build cache to fuzz output by @mattfarina in Masterminds/semver#232

Add caching to fuzz testing by @mattfarina in Masterminds/semver#234

updating github actions by @mattfarina in Masterminds/semver#235

feat: nil version equality by @KnutZuidema in Masterminds/semver#213

add >= and <= by @grosser in Masterminds/semver#238

doc: hyphen range constraint without whitespace by @johnnychen94 in Masterminds/semver#216

Removing reference to vert by @mattfarina in Masterminds/semver#245

simplify StrictNewVersion by @grosser in Masterminds/semver#241

Updating the testing version of Go used by @mattfarina in Masterminds/semver#246

bumping min version in go.mod based on what's tested by @mattfarina in Masterminds/semver#248

Updating changelog for 3.3.0 by @mattfarina in Masterminds/semver#249

New Contributors

@sdelicata made their first contribution in Masterminds/semver#226

@robinschneider made their first contribution in Masterminds/semver#222

@KnutZuidema made their first contribution in Masterminds/semver#213

@grosser made their first contribution in Masterminds/semver#238

@johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

3.3.0 (2024-08-27)

Added

#238: Add LessThanEqual and GreaterThanEqual functions (thanks @grosser)

#213: nil version equality checking (thanks @KnutZuidema)

Changed

#241: Simplify StrictNewVersion parsing (thanks @grosser)

Testing support up through Go 1.23

Minimum version set to 1.21 as this is what's tested now

Fuzz testing now supports caching

Commits

1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
252dd61 Fix for allowing some version that were invalid
e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
e80c4ea Updating changelog for 3.3.0
80427ad Merge pull request #248 from mattfarina/bump-min-version
b610837 bumping min version in go.mod based on what's tested
a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
7c178cf Updating the testing version of Go used
29f94c1 Merge pull request #241 from grosser/grosser/validate
2cf1b16 Merge pull request #245 from mattfarina/remove-vert
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.9.0

Commits

b9b6a10 Merge pull request #842 from fluxcd/k8s-1.32.0
7b6cd90 Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
b9c338a Merge pull request #841 from fluxcd/load-vars
cf1915e Make the variables loading function public
84013d4 Merge pull request #839 from fluxcd/workflow-tf-setup
b91dc11 workflows: Use setup-terraform install latest
5bf9095 Merge pull request #838 from fluxcd/meta-v1.8.0
05a2b81 Update apis/meta version in chartutil and runtime
f58229d Merge pull request #836 from fluxcd/chartutil
8f0cbf5 Add chartutil package and ValuesReference type to APIs
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.42.0 to 0.51.0

Commits

42918b3 Merge pull request #843 from fluxcd/deps-int-k8s-1.32
ad9c74a Update internal dependencies
b9b6a10 Merge pull request #842 from fluxcd/k8s-1.32.0
7b6cd90 Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
b9c338a Merge pull request #841 from fluxcd/load-vars
cf1915e Make the variables loading function public
84013d4 Merge pull request #839 from fluxcd/workflow-tf-setup
b91dc11 workflows: Use setup-terraform install latest
5bf9095 Merge pull request #838 from fluxcd/meta-v1.8.0
05a2b81 Update apis/meta version in chartutil and runtime
Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

Fix lint: named but unused params by @thockin in go-logr/logr#268

Add a Go report card, fix lint by @thockin in go-logr/logr#271

funcr: Handle nested empty groups properly by @thockin in go-logr/logr#274

Dependencies:

build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in go-logr/logr#254

build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in go-logr/logr#256

build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in go-logr/logr#257

build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in go-logr/logr#259

build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in go-logr/logr#260

build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in go-logr/logr#263

build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in go-logr/logr#262

build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in go-logr/logr#264

build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in go-logr/logr#266

build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in go-logr/logr#267

build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in go-logr/logr#270

build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in go-logr/logr#272

build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in go-logr/logr#275

build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in go-logr/logr#276

build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in go-logr/logr#277

build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in go-logr/logr#278

build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in go-logr/logr#279

build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in go-logr/logr#280

build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in go-logr/logr#281

build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in go-logr/logr#282

build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in go-logr/logr#283

build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in go-logr/logr#284

build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in go-logr/logr#285

build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in go-logr/logr#286

build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in go-logr/logr#288

build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in go-logr/logr#289

build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in go-logr/logr#293

build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in go-logr/logr#292

build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in go-logr/logr#291

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in go-logr/logr#290

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in go-logr/logr#294

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in go-logr/logr#295

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

Commits

1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
4ade8d3 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
88d98bd Merge pull request #289 from go-logr/dependabot/github_actions/golangci/golan...
432cd86 Merge pull request #288 from go-logr/dependabot/github_actions/actions/setup-...
Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

Add PanicAssertionFunc by @fahimbagar in stretchr/testify#1337

assert: deprecate CompareType by @dolmen in stretchr/testify#1566

assert: make YAML dependency pluggable via build tags by @dolmen in stretchr/testify#1579

assert: new assertion NotElementsMatch by @hendrywiranto in stretchr/testify#1600

mock: in order mock calls by @ReyOrtiz in stretchr/testify#1637

Add assertion for NotErrorAs by @palsivertsen in stretchr/testify#1129

Record Return Arguments of a Call by @jayd3e in stretchr/testify#1636

assert.EqualExportedValues: accepts everything by @redachl in stretchr/testify#1586

Fixes

assert: make tHelper a type alias by @dolmen in stretchr/testify#1562

Do not get argument again unnecessarily in Arguments.Error() by @TomWright in stretchr/testify#820

Fix time.Time compare by @myxo in stretchr/testify#1582

assert.Regexp: handle []byte array properly by @kevinburkesegment in stretchr/testify#1587

assert: collect.FailNow() should not panic by @marshall-lee in stretchr/testify#1481

mock: simplify implementation of FunctionalOptions by @dolmen in stretchr/testify#1571

mock: caller information for unexpected method call by @spirin in stretchr/testify#1644

suite: fix test failures by @stevenh in stretchr/testify#1421

Fix issue #1662 (comparing infs should fail) by @ybrustin in stretchr/testify#1663

NotSame should fail if args are not pointers #1661 by @sikehish in stretchr/testify#1664

Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI by @sikehish in stretchr/testify#1667

fix: compare functional option names for indirect calls by @arjun-1 in stretchr/testify#1626

Documantation, Build & CI

.gitignore: ignore "go test -c" binaries by @dolmen in stretchr/testify#1565

mock: improve doc by @dolmen in stretchr/testify#1570

mock: fix FunctionalOptions docs by @snirye in stretchr/testify#1433

README: link out to the excellent testifylint by @brackendawson in stretchr/testify#1568

assert: fix typo in comment by @JohnEndson in stretchr/testify#1580

Correct the EventuallyWithT and EventuallyWithTf example by @JonCrowther in stretchr/testify#1588

CI: bump softprops/action-gh-release from 1 to 2 by @dependabot in stretchr/testify#1575

mock: document more alternatives to deprecated AnythingOfTypeArgument by @dolmen in stretchr/testify#1569

assert: Correctly document EqualValues behavior by @brackendawson in stretchr/testify#1593

fix: grammar in godoc by @miparnisari in stretchr/testify#1607

.github/workflows: Run tests for Go 1.22 by @HaraldNordgren in stretchr/testify#1629

Document suite's lack of support for t.Parallel by @brackendawson in stretchr/testify#1645

assert: fix typos in comments by @alexandear in stretchr/testify#1650

mock: fix doc comment for NotBefore by @alexandear in stretchr/testify#1651

Generate better comments for require package by @Neokil in stretchr/testify#1610

README: replace Testify V2 notice with @dolmen's V2 manifesto by @hendrywiranto in stretchr/testify#1518

New Contributors

@fahimbagar made their first contribution in stretchr/testify#1337

@TomWright made their first contribution in stretchr/testify#820

@snirye made their first contribution in stretchr/testify#1433

@myxo made their first contribution in stretchr/testify#1582

@JohnEndson made their first contribution in stretchr/testify#1580

... (truncated)

Commits

89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
07bac60 Merge pull request #1667 from sikehish/flaky
716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
118fb83 NotSame should fail if args are not pointers #1661 (#1664)
7d99b2b attempt 2
05f87c0 more similar
ea7129e better fmt
a1b9c9e Merge pull request #1663 from ybrustin/master
8302de9 Merge branch 'master' into master
89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 3 updates in the / directory: [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver), [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) and [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg). Updates `github.com/Masterminds/semver/v3` from 3.2.1 to 3.3.1 - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.2.1...v3.3.1) Updates `github.com/fluxcd/pkg/apis/meta` from 1.1.2 to 1.9.0 - [Commits](fluxcd/pkg@apis/meta/v1.1.2...apis/meta/v1.9.0) Updates `github.com/fluxcd/pkg/runtime` from 0.42.0 to 0.51.0 - [Commits](fluxcd/pkg@oci/v0.42.0...runtime/v0.51.0) Updates `github.com/go-logr/logr` from 1.4.1 to 1.4.2 - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/Masterminds/semver/v3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/apis/meta dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2024-12-15T16:50:21Z

Mend Scan Summary: ❌

Repository: open-component-model/replication-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	7
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	1
LICENSE RISK HIGH	7
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

dependabot · 2024-12-22T16:25:59Z

Superseded by #179.

dependabot bot requested a review from a team as a code owner December 15, 2024 16:48

dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Dec 15, 2024

dependabot bot mentioned this pull request Dec 15, 2024

chore(deps): bump the go group across 1 directory with 5 updates #176

Closed

dependabot bot closed this Dec 22, 2024

dependabot bot deleted the dependabot/go_modules/go-fa481ac6df branch December 22, 2024 16:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go group across 1 directory with 5 updates #178

chore(deps): bump the go group across 1 directory with 5 updates #178

dependabot bot commented on behalf of github Dec 15, 2024 •

edited

Loading

github-actions bot commented Dec 15, 2024

dependabot bot commented on behalf of github Dec 22, 2024

chore(deps): bump the go group across 1 directory with 5 updates #178

chore(deps): bump the go group across 1 directory with 5 updates #178

Conversation

dependabot bot commented on behalf of github Dec 15, 2024 • edited Loading

v3.3.1

What's Changed

v3.3.0

What's Changed

New Contributors

Changelog

3.3.0 (2024-08-27)

Added

Changed

v1.4.2

What's Changed

Dependencies:

v1.10.0

What's Changed

Functional Changes

Fixes

Documantation, Build & CI

New Contributors

github-actions bot commented Dec 15, 2024

Mend Scan Summary: ❌

Repository: open-component-model/replication-controller

dependabot bot commented on behalf of github Dec 22, 2024

dependabot bot commented on behalf of github Dec 15, 2024 •

edited

Loading