Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the go-deps group across 1 directory with 13 updates #1573

Closed
wants to merge 1 commit into from
Closed

build(deps): bump the go-deps group across 1 directory with 13 updates #1573

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 9, 2024
edited
Loading

Bumps the go-deps group with 8 updates in the / directory:

Package From To
github.com/cyphar/filepath-securejoin 0.2.4 0.3.1
github.com/fluxcd/pkg/oci 0.37.1 0.38.1
github.com/minio/minio-go/v7 7.0.70 7.0.74
github.com/notaryproject/notation-core-go 1.0.2 1.0.3
github.com/notaryproject/notation-go 1.1.0 1.1.1
github.com/onsi/gomega 1.33.1 1.34.1
github.com/prometheus/client_golang 1.19.0 1.19.1
github.com/sigstore/cosign/v2 2.2.4 2.4.0

Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.3.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.1

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai [email protected]

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from [libpathrs][1] and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

  • OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

  • Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.1] - 2024-07-23

Changed

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Fixed

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

[0.3.0] - 2024-07-11

Added

  • A new set of *os.File-based APIs have been added. These are adapted from [libpathrs][] and we strongly suggest using them if possible (as they provide far more protection against attacks than SecureJoin):

    • Open(at)InRoot resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the handle returned is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- [see open(2) for more details][open.2])

    • Reopen takes an O_PATH file handle and safely re-opens it to upgrade it to a regular handle. This can also be used with non-O_PATH handles, but O_PATH is the most obvious application.

    • MkdirAll is an implementation of os.MkdirAll that is safe to use to

... (truncated)

Commits
  • ce7b28a VERSION: release v0.3.1
  • a2c14f8 CHANGELOG: add readlinkat(fd, "") shout-out
  • 4ea279f merge #22 into cyphar/filepath-securejoin:main
  • 16e1bec CHANGELOG: add initial changelog with current history
  • 2404ffb merge #21 into cyphar/filepath-securejoin:main
  • f29b7a4 lookup: handle // and trailing slash components correctly
  • ecd61ca merge #19 into cyphar/filepath-securejoin:main
  • 38b1220 procfs: refactor statx mnt_id logic
  • 45c4415 procfs: use readlink(fd, "") for magic-links
  • edab538 merge #17 into cyphar/filepath-securejoin:main
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/oci from 0.37.1 to 0.38.1

Commits
  • c647aea Merge pull request #784 from fluxcd/cache-key-fix
  • 8a3ba60 Cache credentials tokens
  • c8409c0 Merge pull request #785 from fluxcd/dependabot/github_actions/ci-6034f0241a
  • 6be12d4 build(deps): bump github/codeql-action in the ci group
  • e8251e1 Merge pull request #783 from Skarlso/add-option-to-skip-gzip
  • e6984b4 feat: add un-taring plain, unzipped tar files
  • 328e8e9 Merge pull request #776 from fluxcd/cache-authn
  • bb65fa7 Addapting tests
  • b743354 cache authenticator retrieved when login to a provider
  • e79914f Merge pull request #782 from fluxcd/dependabot/github_actions/ci-840fb89e3c
  • Additional commits viewable in compare view

Updates github.com/minio/minio-go/v7 from 7.0.70 to 7.0.74

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix Release

What's Changed

New Contributors

Full Changelog: minio/minio-go@v7.0.73...v7.0.74

Bugfix Release

What's Changed

New Contributors

Full Changelog: minio/minio-go@v7.0.72...v7.0.73

Bugfix Release

What's Changed

Full Changelog: minio/minio-go@v7.0.71...v7.0.72

Bugfix Release

What's Changed

Full Changelog: minio/minio-go@v7.0.70...v7.0.71

Commits

Updates github.com/notaryproject/notation-core-go from 1.0.2 to 1.0.3

Release notes

Sourced from github.com/notaryproject/notation-core-go's releases.

v1.0.3

Vote PASSED [+4 -0]: #205

What's Changed

Full Changelog: notaryproject/notation-core-go@v1.0.2...v1.0.3

Commits
  • 4211b09 build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#204)
  • 6f8b75c build(deps): bump actions/stale from 8 to 9 (#195)
  • ff5e5b8 build(deps): bump apache/skywalking-eyes from a790ab8dd23a7f861c18bd6aaa9b012...
  • f624dfd build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#200)
  • 356b30e fix: leaf certificate validation (#202)
  • 9f13c9e fix(ci): update codecov token (#199)
  • 66ff8c2 chore: org maintainers update (#196)
  • 807a338 bump: bump up golang version to v1.21 (#194)
  • 9a2ff9e chore: add GitHub action for stale issues and PRs (#174)
  • 93218d9 build(deps): bump golang.org/x/crypto from 0.18.0 to 0.21.0 (#193)
  • Additional commits viewable in compare view

Updates github.com/notaryproject/notation-go from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/notaryproject/notation-go's releases.

v1.1.1

Vote PASSED [+4 -0]: #412

What's Changed

Full Changelog: notaryproject/notation-go@v1.1.0...v1.1.1

Commits
  • 94a0e13 revert: "feat: add support for signing blob (#379)" (#411)
  • 1a5b3e3 ci: enable ci for release branch (#409)
  • 254dfcd bump: bump up notation-core-go v1.0.3 (#407)
  • b7fde51 fix: error message for dangling reference index (#402)
  • b8508d0 test: improve test coverage to 80% (#405)
  • 5e98995 build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#403)
  • 378ee83 build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#396)
  • a901939 build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.7 to 3.4.8 (#399)
  • 97a5a86 build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.6 to 3.4.7 (#395)
  • 442ece7 build(deps): bump golang.org/x/mod from 0.16.0 to 0.17.0 (#397)
  • Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.33.1 to 1.34.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.1

1.34.1

Maintenance

  • Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

v1.34.0

1.34.0

Features

  • Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

  • fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
  • issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

  • bump ginkgo [8af2ece]
  • Fix typo in docs [123a071]
  • Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
  • Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
  • Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
  • Bump github-pages from 230 to 231 in /docs (#748) [892c303]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.1

Maintenance

  • Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

1.34.0

Features

  • Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

  • fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
  • issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

  • bump ginkgo [8af2ece]
  • Fix typo in docs [123a071]
  • Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
  • Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
  • Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
  • Bump github-pages from 230 to 231 in /docs (#748) [892c303]
Commits
  • fa057b8 v1.34.1
  • 5e71dcd Use slices from exp/slices to keep golang 1.20 compat
  • 32e5498 v1.34.0
  • cb3fa6a run go mod tidy and wonder why go get doesnt just run it for me in the first ...
  • 8af2ece bump ginkgo
  • 878940c fix incorrect handling of nil slices in HaveExactElements (fixes #771)
  • f5bec80 clean up bipartitegraph tests
  • ebadb67 issue_765 - fixed bug in Hopcroft-Karp algorithm
  • 123a071 Fix typo in docs
  • c549e0d Add RoundTripper method to ghttp.Server
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.19.0 to 1.19.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.19.1

What's Changed

  • Security patches for golang.org/x/sys and google.golang.org/protobuf

New Contributors

Full Changelog: prometheus/client_golang@v1.19.0...v1.19.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

Commits

Updates github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.0

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.4.0 begins the modernization of the Cosign client, which includes:

  • Support for the newer Sigstore specification-compliant bundle format
  • Support for providing trust roots (e.g. Fulcio certificates, Rekor keys) through a trust root file, instead of many different flags
  • Conformance test suite integration to verify signing and verification behavior

In future updates, we'll include:

  • General support for the trust root file, instead of only when using the bundle format during verification
  • Simplification of trust root flags and deprecation of the Cosign-specific bundle format
  • Bundle support with container signing

We have also moved nightly Cosign container builds to GHCR instead of GCR.

Features

  • Add new bundle support to verify-blob and verify-blob-attestation (#3796)
  • Adding protobuf bundle support to sign-blob and attest-blob (#3752)
  • Bump sigstore/sigstore to support email_verified as string or boolean (#3819)
  • Conformance testing for cosign (#3806)
  • move incremental builds per commit to GHCR instead of GCR (#3808)
  • Add support for recording creation timestamp for cosign attest (#3797)
  • Include SCT verification failure details in error message (#3799)

Contributors

  • Bob Callaway
  • Hayden B
  • Slavek Kabrda
  • Zach Steindler
  • Zsolt Horvath

Full Changelog: sigstore/cosign@v2.3.0...v2.4.0

v2.3.0

Features

  • Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
  • add registry options to cosign save (#3645)
  • Add debug providers command. (#3728)
  • Make config layers in ociremote mountable (#3741)
  • upgrade to go1.22 (#3739)
  • adds tsa cert chain check for env var or tuf targets. (#3600)
  • add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
  • add handling of keyless verification for all verify commands (#3761)

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.4.0

v2.4.0 begins the modernization of the Cosign client, which includes:

  • Support for the newer Sigstore specification-compliant bundle format
  • Support for providing trust roots (e.g. Fulcio certificates, Rekor keys) through a trust root file, instead of many different flags
  • Conformance test suite integration to verify signing and verification behavior

In future updates, we'll include:

  • General support for the trust root file, instead of only when using the bundle format during verification
  • Simplification of trust root flags and deprecation of the Cosign-specific bundle format
  • Bundle support with container signing

We have also moved nightly Cosign container builds to GHCR instead of GCR.

Features

  • Add new bundle support to verify-blob and verify-blob-attestation (#3796)
  • Adding protobuf bundle support to sign-blob and attest-blob (#3752)
  • Bump sigstore/sigstore to support email_verified as string or boolean (#3819)
  • Conformance testing for cosign (#3806)
  • move incremental builds per commit to GHCR instead of GCR (#3808)
  • Add support for recording creation timestamp for cosign attest (#3797)
  • Include SCT verification failure details in error message (#3799)

Contributors

  • Bob Callaway
  • Hayden B
  • Slavek Kabrda
  • Zach Steindler
  • Zsolt Horvath

v2.3.0

Features

  • Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
  • add registry options to cosign save (#3645)
  • Add debug providers command. (#3728)
  • Make config layers in ociremote mountable (#3741)
  • upgrade to go1.22 (#3739)
  • adds tsa cert chain check for env var or tuf targets. (#3600)
  • add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
  • add handling of keyless verification for all verify commands (#3761)

... (truncated)

Commits
  • b5e7dc1 Add login for GHCR (#3820)
  • c346825 Bump sigstore/sigstore (#3819)
  • fd0368a Conformance testing for cosign (#3806)
  • 2387b50 chore(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 (#3815)
  • be43902 move incremental builds per commit to GHCR instead of GCR (#3808)
  • d0492cf chore(deps): bump github.com/buildkite/agent/v3 from 3.75.1 to 3.76.2 (#3813)
  • e3a3914 chore(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (#3814)
  • 7bac5e9 tidy up validate release script (#3817)
  • 983a368 chore(deps): bump go.step.sm/crypto from 0.50.0 to 0.51.1 (#3812)
  • 71a4952 chore(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#3811)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.3 to 1.8.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.8

What's Changed

Full Changelog: sigstore/sigstore@v1.8.7...v1.8.8

v1.8.7

Dependencies updates only

What's Changed

Full Changelog: sigstore/sigstore@v1.8.6...v1.8.7

v1.8.6

What's Changed

New Contributors

Full Changelog: sigstore/sigstore@v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

... (truncated)

Commits
  • 7053232 build(deps): Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#1796)
  • dd948da build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1797)
  • 7cc4a3e build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp
  • 9584c8e build(deps): Bump dexidp/dex in /test/e2e in the all group
  • 5b69695 build(deps): Bump github.com/aws/aws-sdk-go
  • 54745c6 build(deps): Bump the all group with 2 updates
  • 0a54fea Support email_verified as a String (#1794)
  • 89b9585 Fixes issue in Device access token request (#1752)
  • 562745e build(deps): Bump localstack/localstack in /test/e2e in the all group
  • 516ef6e build(deps): Bump github.com/aws/aws-sdk-go in /pkg/signature/kms/aws
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.22.0 to 0.25.0

Commits
  • 9fadb0b go.mod: update golang.org/x dependencies
  • a6a393f all: bump go.mod version and drop compatibility shims
  • 1c74500 ssh/test: make struct comment match struct name
  • d4e7c9c ssh: fail client auth immediately on receiving disconnect message
  • 332fd65 go.mod: update golang.org/x dependencies
  • 0b431c7 x509roots/fallback: update bundle
  • 349231f ssh: implement CryptoPublicKey on sk keys
  • 44c9b0f ssh: allow server auth callbacks to send additional banners
  • 67b1361 sha3: reenable s390x assembly
  • 477a5b4 sha3: make APIs usable with zero allocations
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.19.0 to 0.22.0

Commits
  • 6d8340f LICENSE: update per Google Legal
  • 5fd4241 google: update compute token refresh
  • 84cb9f7 oauth2: fix typo in comment
  • 4b7f0bd go.mod: update cloud.google.com/go/compute/metadata dependency
  • e11eea8 microsoft: added DeviceAuthURL to AzureADEndpoint
  • See full diff in compare view

Updates `golang.org...

Description has been truncated

@dependabot dependabot bot added the dependencies Pull requests that update a dependency label Aug 9, 2024
@dependabot
build(deps): bump the go-deps group across 1 directory with 13 updates
1c7a2b0 
Bumps the go-deps group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.4` | `0.3.1` |
| [github.com/fluxcd/pkg/oci](https://github.com/fluxcd/pkg) | `0.37.1` | `0.38.1` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.70` | `7.0.74` |
| [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) | `1.0.2` | `1.0.3` |
| [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) | `1.1.0` | `1.1.1` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.33.1` | `1.34.1` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.19.0` | `1.19.1` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.2.4` | `2.4.0` |



Updates `github.com/cyphar/filepath-securejoin` from 0.2.4 to 0.3.1
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.2.4...v0.3.1)

Updates `github.com/fluxcd/pkg/oci` from 0.37.1 to 0.38.1
- [Commits](fluxcd/pkg@oci/v0.37.1...oci/v0.38.1)

Updates `github.com/minio/minio-go/v7` from 7.0.70 to 7.0.74
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](minio/minio-go@v7.0.70...v7.0.74)

Updates `github.com/notaryproject/notation-core-go` from 1.0.2 to 1.0.3
- [Release notes](https://github.com/notaryproject/notation-core-go/releases)
- [Commits](notaryproject/notation-core-go@v1.0.2...v1.0.3)

Updates `github.com/notaryproject/notation-go` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/notaryproject/notation-go/releases)
- [Commits](notaryproject/notation-go@v1.1.0...v1.1.1)

Updates `github.com/onsi/gomega` from 1.33.1 to 1.34.1
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.33.1...v1.34.1)

Updates `github.com/prometheus/client_golang` from 1.19.0 to 1.19.1
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.19.0...v1.19.1)

Updates `github.com/sigstore/cosign/v2` from 2.2.4 to 2.4.0
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.2.4...v2.4.0)

Updates `github.com/sigstore/sigstore` from 1.8.3 to 1.8.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.3...v1.8.8)

Updates `golang.org/x/crypto` from 0.22.0 to 0.25.0
- [Commits](golang/crypto@v0.22.0...v0.25.0)

Updates `golang.org/x/oauth2` from 0.19.0 to 0.22.0
- [Commits](golang/oauth2@v0.19.0...v0.22.0)

Updates `golang.org/x/sync` from 0.7.0 to 0.8.0
- [Commits](golang/sync@v0.7.0...v0.8.0)

Updates `google.golang.org/api` from 0.177.0 to 0.190.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.177.0...v0.190.0)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/notaryproject/notation-core-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/notaryproject/notation-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/go-deps-ca44fb8e92 branch from 8cf1055 to 1c7a2b0 Compare August 12, 2024 02:10
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 13, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Aug 13, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/go-deps-ca44fb8e92 branch August 13, 2024 02:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants