Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the all group across 1 directory with 7 updates #2273

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the all group across 1 directory with 7 updates #2273

wants to merge 1 commit into from
+853 −129

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 17, 2025
edited
Loading

Bumps the all group with 6 updates in the / directory:

Package From To
github.com/enterprise-contract/enterprise-contract-controller/api 0.1.71 0.1.72
github.com/enterprise-contract/go-gather 0.0.5 0.0.6
github.com/gkampitakis/go-snaps 0.5.7 0.5.8
github.com/hashicorp/go-getter 1.7.6 1.7.8
github.com/open-policy-agent/opa 0.70.0 1.0.0
github.com/spf13/afero 1.11.0 1.12.0

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.71 to 0.1.72

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.72

What's Changed

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.71...api/v0.1.72

Commits
  • d29d50c Merge pull request #455 from enterprise-contract/dependabot/go_modules/github...
  • fd25c44 Merge pull request #452 from enterprise-contract/dependabot/github_actions/gi...
  • 4b64593 Merge pull request #453 from enterprise-contract/dependabot/github_actions/ac...
  • de49bd3 Merge pull request #454 from enterprise-contract/dependabot/github_actions/co...
  • 4dc5ab0 Bump github.com/onsi/gomega from 1.36.1 to 1.36.2
  • 33e21db Bump codecov/codecov-action from 5.1.1 to 5.1.2
  • 2bf30e1 Bump actions/upload-artifact from 4.4.3 to 4.5.0
  • fc9d6e7 Bump github/codeql-action from 3.27.9 to 3.28.0
  • See full diff in compare view

Updates github.com/enterprise-contract/go-gather from 0.0.5 to 0.0.6

Changelog

Sourced from github.com/enterprise-contract/go-gather's changelog.

0.0.6 (2025-01-10)

Bug Fixes

  • TLS or not determination (7ac9200)
Commits
  • fb27666 chore(release): 0.0.6 [skip ci]
  • c5b5b8b Merge pull request #153 from zregvart/pr/fixes
  • 1e8448f Merge pull request #161 from enterprise-contract/renovate/step-security-harde...
  • 8751c9c Merge pull request #156 from enterprise-contract/dependabot/github_actions/gi...
  • 73d1084 Merge pull request #152 from enterprise-contract/renovate/github-codeql-actio...
  • e95254a Merge pull request #159 from enterprise-contract/dependabot/go_modules/github...
  • 3d7098a chore(deps): update step-security/harden-runner action to v2.10.3
  • a1a1fd9 chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.1
  • 42dd050 chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0
  • 75c48a4 chore(deps): update github/codeql-action action to v3.28.0
  • Additional commits viewable in compare view

Updates github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.8

Release notes

Sourced from github.com/gkampitakis/go-snaps's releases.

v0.5.8

What's Changed

Full Changelog: gkampitakis/go-snaps@v0.5.7...v0.5.8

Commits

Updates github.com/go-git/go-git/v5 from 5.13.0 to 5.13.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.13.1

What's Changed

Full Changelog: go-git/go-git@v5.13.0...v5.13.1

Commits
  • b6bc0c0 Merge pull request #1346 from go-git/revert-1157-ja/knownHostsDb
  • 42f9d6b Revert "plumbing: transport/ssh, Add support for SSH @​cert-authority."
  • 88c7471 Merge pull request #1340 from go-git/dependabot/go_modules/github.com/elazarl...
  • 2fae180 build: bump github.com/elazarl/goproxy from 1.2.2 to 1.2.3
  • a0dfb09 Merge pull request #1329 from go-git/dependabot/go_modules/github.com/elazarl...
  • 05ae621 Merge pull request #1327 from go-git/dependabot/go_modules/github.com/go-git/...
  • b0d72b3 build: bump github.com/elazarl/goproxy from 1.2.1 to 1.2.2
  • b77b83a build: bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1
  • See full diff in compare view

Updates github.com/hashicorp/go-getter from 1.7.6 to 1.7.8

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.8

What's Changed

Full Changelog: hashicorp/go-getter@v1.7.7...v1.7.8

v1.7.7

What's Changed

New Contributors

Full Changelog: hashicorp/go-getter@v1.7.6...v1.7.7

Commits
  • f7836fb sec: fix s3 and gcs host checks (#512)
  • 7dddd13 Merge pull request #515 from hashicorp/Vulnerability_Fix_v1
  • 0f05341 IND-1804 Updating .goreleaser.yml file with valid version
  • 81c6950 Merge pull request #514 from hashicorp/Vulnerability_Fix_v1
  • d315d97 IND-1804 Updating arguments in github release CI
  • 6552f72 Merge pull request #513 from hashicorp/Vulnerability_Fix_v1
  • 2e56c18 IND-1804 Bump up dependencies to remediate vulnerabiities
  • 842d6c3 Merge pull request #505 from mukeshjc/main
  • 7edd4e0 Add CODEOWNERS file in .github/CODEOWNERS
  • 6077ad5 Merge pull request #409 from hashicorp/compliance/add-headers
  • Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.70.0 to 1.0.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.0.0

NOTES:

  • The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

  • Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
  • Other new keywords (every, in) are available without any imports.
  • Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
  • OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement here on our blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

Support customized buckets bundle_loading_duration_ns metric

PR #7156 extends OPA’s Prometheus configuration to allow the setting of user defined buckets for metrics. This aids when debugging the loading of slow bundles.

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.0.0

NOTES:

  • The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

  • Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
  • Other new keywords (every, in) are available without any imports.
  • Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
  • OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement on the OPA blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

... (truncated)

Commits
  • 00cc7ae Prepare v1.0.0 release
  • 94118ac docs/website/scripts: Control eval behavior via the rego.v1 import rather tha...
  • bb10c56 docs/website/scripts: Eval pre-1.0 policies in v0 compatibility mode
  • c91c895 go.mod: require go 1.22.7
  • b8a1376 build(deps): bump the go-opentelemetry-io group with 6 updates (#7217)
  • a190ea3 Fixing optimized numbers.range builtin reversed range bug (#7230)
  • 9a7d920 Update docs and server binding addr per OPA v1.0 specs (#7140)
  • c5757a5 build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2
  • c97b640 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
  • 50b5ee5 Reduce allocations, chapter III (#7222)
  • Additional commits viewable in compare view

Updates github.com/spf13/afero from 1.11.0 to 1.12.0

Release notes

Sourced from github.com/spf13/afero's releases.

v1.12.0

What's Changed

New Contributors

Full Changelog: spf13/afero@v1.11.0...v1.12.0

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/go-git/go-git/v5 [>= 5.5.a, < 5.6]
github.com/open-policy-agent/opa [>= 0.50.a, < 0.51]
github.com/enterprise-contract/enterprise-contract-controller/api [>= 0.1.33.a, < 0.1.34]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all group across 1 directory with 7 updates
aea86fa 
Bumps the all group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/enterprise-contract/enterprise-contract-controller/api](https://github.com/enterprise-contract/enterprise-contract-controller) | `0.1.71` | `0.1.72` |
| [github.com/enterprise-contract/go-gather](https://github.com/enterprise-contract/go-gather) | `0.0.5` | `0.0.6` |
| [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) | `0.5.7` | `0.5.8` |
| [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.7.6` | `1.7.8` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.70.0` | `1.0.0` |
| [github.com/spf13/afero](https://github.com/spf13/afero) | `1.11.0` | `1.12.0` |



Updates `github.com/enterprise-contract/enterprise-contract-controller/api` from 0.1.71 to 0.1.72
- [Release notes](https://github.com/enterprise-contract/enterprise-contract-controller/releases)
- [Commits](enterprise-contract/enterprise-contract-controller@api/v0.1.71...api/v0.1.72)

Updates `github.com/enterprise-contract/go-gather` from 0.0.5 to 0.0.6
- [Changelog](https://github.com/enterprise-contract/go-gather/blob/main/CHANGELOG.md)
- [Commits](enterprise-contract/go-gather@v0.0.5...v0.0.6)

Updates `github.com/gkampitakis/go-snaps` from 0.5.7 to 0.5.8
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](gkampitakis/go-snaps@v0.5.7...v0.5.8)

Updates `github.com/go-git/go-git/v5` from 5.13.0 to 5.13.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.13.0...v5.13.1)

Updates `github.com/hashicorp/go-getter` from 1.7.6 to 1.7.8
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](hashicorp/go-getter@v1.7.6...v1.7.8)

Updates `github.com/open-policy-agent/opa` from 0.70.0 to 1.0.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v0.70.0...v1.0.0)

Updates `github.com/spf13/afero` from 1.11.0 to 1.12.0
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](spf13/afero@v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/enterprise-contract/enterprise-contract-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/enterprise-contract/go-gather
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants