Bump the go-modules group with 12 updates

[dependabot]

Bumps the go-modules group with 12 updates:

Package	From	To
github.com/ProtonMail/gopenpgp/v2	2.7.4	2.7.5
github.com/PuerkitoBio/goquery	1.8.1	1.9.1
go.etcd.io/bbolt	1.3.8	1.3.9
golang.org/x/crypto	0.14.0	0.19.0
golang.org/x/term	0.13.0	0.17.0
golang.org/x/time	0.3.0	0.5.0
github.com/ProtonMail/go-crypto	0.0.0-20230923063757-afb1ddc0824c	1.1.0-alpha.2
github.com/cloudflare/circl	1.3.6	1.3.7
github.com/shopspring/decimal	1.3.1	1.4.0
golang.org/x/net	0.17.0	0.21.0
golang.org/x/sys	0.14.0	0.17.0
golang.org/x/text	0.13.0	0.14.0

Updates github.com/ProtonMail/gopenpgp/v2 from 2.7.4 to 2.7.5

Release notes

Sourced from github.com/ProtonMail/gopenpgp/v2's releases.

Release v2.7.5

Added

• API to get signature key IDs for mobile:

  func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte

• API to get encryption key IDs for mobile:

  func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte

• API to get the number of key packets in a PGP message:

  func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error)

• API in package helper to encrypt a PGP message to an additional key:

  func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error

Release v2.7.5-proton

This release is 2.7.5 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Changelog

Sourced from github.com/ProtonMail/gopenpgp/v2's changelog.

[2.7.5] 2023-31-01

Added

• API to get signature key IDs for mobile:

  func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte

• API to get encryption key IDs for mobile:

  func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte

• API to get the number of key packets in a PGP message:

  func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error)

• API in package helper to encrypt a PGP message to an additional key:

  func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error

Commits

• c6a3058 Prepare release 2.7.5 with packet API (#269)
• See full diff in compare view

Updates github.com/PuerkitoBio/goquery from 1.8.1 to 1.9.1

Release notes

Sourced from github.com/PuerkitoBio/goquery's releases.

v1.9.1

Improve allocation of Map, better document cascadia behavior differences.

v1.9.0 Add generic Map function

Note that starting with this release, goquery now requires Go 1.18+. If you need to build with an older Go version, use goquery v1.8.x.

Commits

• 3ce7428 Prepare new minor version
• 153f1ea Add notes on cascadia behavior that may differ from jQuery`s
• 2095230 Merge pull request #469 from jwilsson/pre-allocate-slice-in-map
• ce7330a Pre-allocate slice in generic Map function
• 4cbe087 Update dependencies
• a475435 Prepare README for the new version
• 86d2456 Update CI to run Go 1.21 and 1.22 (latest 2 versions at the moment)
• 1fad3d4 Implement Selection.Map by calling the generic Map
• de2d209 Merge pull request #467 from Fesaa/feature/generics
• 65c0ed3 Impl PuerkitoBio/goquery#466
• Additional commits viewable in compare view

Updates go.etcd.io/bbolt from 1.3.8 to 1.3.9

Release notes

Sourced from go.etcd.io/bbolt's releases.

v1.3.9

See the CHANGELOG for more details.

Commits

• 50aef26 Merge pull request #683 from Elbehery/backport_fix_cli_panics
• 25dacb3 fix cli cmds panics
• e102fcf Merge pull request #639 from fuweid/cp-copy-key-before-seek
• fabe2fb *: copy key before comparing during CreateBucket
• 50ddad0 bucket: copy key before Put
• b3bdd17 tests/robustness: add issue72 reproducer
• d520aaa *: introduce failpoint beforeBucketPut
• 0a521c0 bucket: allow to allocate key on stack in Put()
• defa564 Merge pull request #600 from Richabanker/release-1.3
• fe23f52 Backport concurrent_test.go to release-1.3 branch
• See full diff in compare view

Updates golang.org/x/crypto from 0.14.0 to 0.19.0

Commits

• 405cb3b go.mod: update golang.org/x dependencies
• 913d3ae x509roots/fallback: update bundle
• dbb6ec1 ssh/test: skip tests on darwin that fail on the darwin-amd64-longtest LUCI bu...
• 403f699 ssh/test: avoid leaking a net.UnixConn in server.TryDialWithAddr
• 055043d go.mod: update golang.org/x dependencies
• 08396bb internal/poly1305: drop Go 1.12 compatibility
• 9d2ee97 ssh: implement strict KEX protocol changes
• 4e5a261 ssh: close net.Conn on all NewServerConn errors
• 152cdb1 x509roots/fallback: update bundle
• fdfe1f8 ssh: defer channel window adjustment
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.13.0 to 0.17.0

Commits

• 353276a go.mod: update golang.org/x dependencies
• ae94145 go.mod: update golang.org/x dependencies
• ee66497 go.mod: update golang.org/x dependencies
• 70d3a0b go.mod: update golang.org/x dependencies
• 6a610bc all: update go directive to 1.18
• See full diff in compare view

Updates golang.org/x/time from 0.3.0 to 0.5.0

Commits

• 883aed5 rate: add documentation on Limiter concurrent usage
• b24d3b5 all: add a go directive, set it to 1.18
• See full diff in compare view

Updates github.com/ProtonMail/go-crypto from 0.0.0-20230923063757-afb1ddc0824c to 1.1.0-alpha.2

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

v1.1.0-alpha.1

What's Changed

Removes the openpgp.VerifyDetachedSignatureAndSaltedHash function and the packet.SaltedHashSpecifier as they are no longer required. They were introduced for verifying the headers in cleartext messages. However, in the latest crypto-refresh specification, cleartext message headers were dropped.

Full Changelog: v1.1.0-alpha.0...v1.1.0-alpha.1

v1.1.0-alpha.1-proton

This pre-release is v1.1.0-alpha.1 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

v1.1.0-alpha.0

What's Changed

This major pre-release adds full support for the OpenPGP crypto refresh. In addition, the pre-release introduces an improved non-backwards compatible v2 API. The API in the openpgp package remains fully backwards compatible while the new v2 API is located in a separate v2 package in openpgp.

Full Changelog: v1.0.0...v1.1.0-alpha.0

V2 API

Import

The v2 API can be imported as:

openpgp ProtonMail/go-crypto/openpgp/v2

V2 API Breaking Changes

openpgp.v2.Entity struct fields have changed:

• SelfSignature *packet.Signature removed
• Signatures []*packet.Signature removed
• DirectSignatures []*packet.VerifiableSignature added
• Revocations []*packet.VerifiableSignature changed type

Methods of openpgp.v2.Entity that changed:

• PrimaryIdentity(date time.Time) now requires a time argument.
• EncryptionKey(date time.Time, config *packet.Config) now requires a new config argument.
• CertificationKey(date time.Time, config *packet.Config) now requires a new config argument.
• CertificationKeyById(date time.Time, id uint64, config *packet.Config) now requires a new config argument.
• SigningKey(date time.Time, config *packet.Config) now requires a new config argument.
• SigningKeyById(date time.Time, id uint64, config *packet.Config) now requires a new config argument.
• Revoke(reason packet.ReasonForRevocation, reasonText string, config *packet.Config) is renamed to RevokeKey.

Removed methods of openpgp.v2.Entity:

• RevokeSubkey(...) is replaced by (Subkey).Revoke(...)

openpgp.v2.Subkey struct fields have changed:

• Sig *packet.Signature removed
• Bindings []*packet.VerifiableSignature added
• Primary *Entity added, pointing to the primary key.

... (truncated)

Commits

• See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.6 to 1.3.7

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.3.7

What's Changed

• build(deps): bump golang.org/x/crypto from 0.3.1-0.20221117191849-2c476679df9a to 0.17.0 by @​dependabot in cloudflare/circl#467
• kyber: remove division by q in ciphertext compression by @​bwesterb in cloudflare/circl#468
• Releasing CIRCL v1.3.7 by @​armfazh in cloudflare/circl#469

New Contributors

• @​dependabot made their first contribution in cloudflare/circl#467

Full Changelog: cloudflare/circl@v1.3.6...v1.3.7

Commits

• c48866b Releasing CIRCL v1.3.7
• 75ef91e kyber: remove division by q in ciphertext compression
• 899732a build(deps): bump golang.org/x/crypto
• See full diff in compare view

Updates github.com/shopspring/decimal from 1.3.1 to 1.4.0

Release notes

Sourced from github.com/shopspring/decimal's releases.

v1.4.0

Full Changelog can be found in CHANGELOG.md

New Contributors

• @​VadimKulagin made their first contribution in shopspring/decimal#278
• @​CAEL0 made their first contribution in shopspring/decimal#341
• @​zlasd made their first contribution in shopspring/decimal#301
• @​falsaffa made their first contribution in shopspring/decimal#342
• @​frankli0324 made their first contribution in shopspring/decimal#322
• @​cbelsole made their first contribution in shopspring/decimal#265
• @​acln0 made their first contribution in shopspring/decimal#346
• @​davseby made their first contribution in shopspring/decimal#288
• @​serprex made their first contribution in shopspring/decimal#355
• @​agmt made their first contribution in shopspring/decimal#352
• @​richardJiang made their first contribution in shopspring/decimal#285
• @​axopadyani made their first contribution in shopspring/decimal#328
• @​Bububuger made their first contribution in shopspring/decimal#131

Changelog

Sourced from github.com/shopspring/decimal's changelog.

Decimal v1.4.0

BREAKING

• Drop support for Go version older than 1.10 #361

FEATURES

• Add implementation of natural logarithm #339 #357
• Add improved implementation of power operation #358
• Add Compare method which forwards calls to Cmp #346
• Add NewFromBigRat constructor #288
• Add NewFromUint64 constructor #352

ENHANCEMENTS

• Migrate to Github Actions #245 #340
• Fix examples for RoundDown, RoundFloor, RoundUp, and RoundCeil #285 #328 #341
• Use Godoc standard to mark deprecated Equals and StringScaled methods #342
• Removed unnecessary min function for RescalePair method #265
• Avoid reallocation of initial slice in MarshalBinary (GobEncode) #355
• Optimize NumDigits method #301 #356
• Optimize BigInt method #359
• Support scanning uint64 #131 #364
• Add docs section with alternative libraries #363

BUGFIXES

• Fix incorrect calculation of decimal modulo #258 #317
• Allocate new(big.Int) in Copy method to deeply clone it #278
• Fix overflow edge case in QuoRem method #322

Commits

• a1bdfc3 Release version 1.4.0 (#365)
• 275e48e Add docs section with alternative libraries (#363)
• dd603cb Support scanning uint64 (#364)
• 80ec940 Add NewFromUint64 constructor (#352)
• 2fa107d Remove production usage from docs (#362)
• 645a76e Optimize BigInt (#359)
• ed8f76e Drop support for Go versions older than 1.10 (#361)
• 0e69d5c Run CI on both push to origin branches and pull requests (#360)
• bf7794e Optimize NumDigits method (#356)
• 547861c Avoid reallocation of initial slice in MarshalBinary (GobEncode) (#355)
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.17.0 to 0.21.0

Commits

• 73d21fd go.mod: update golang.org/x dependencies
• 643fd16 html: fix SOLIDUS '/' handling in attribute parsing
• 73e4b50 dns/dnsmessage: allow name compression for SRV resource parsing
• b2208d0 internal/quic/qlog: fix typo
• 0d0b98c http2: avoid goroutine starvation in TestServer_Push_RejectAfterGoAway
• 07e05fd http2: remove suspicious uint32->v conversion in frame code
• 26b646e quic: avoid deadlock in Endpoint.Close
• cb5b10f go.mod: update golang.org/x dependencies
• 689bbc7 quic: deflake TestStreamsCreateConcurrency
• f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
• Additional commits viewable in compare view

Updates golang.org/x/sys from 0.14.0 to 0.17.0

Commits

• 914b96c windows: support ill-formed UTF-16 in UTF16PtrToString
• 511ec84 Revert "windows: support nil done parameter in ReadFile and WriteFile"
• 628365d windows: support nil done parameter in ReadFile and WriteFile
• bef1bd8 unix: move mksyscall regexp to package level variables
• 5710a32 unix/linux: update Linux kernel to 6.7
• b3ce6a3 windows: build env_windows_test.go only go Go 1.21 and above
• c3fa2b8 windows: fix parsing of non-ASCII entries in token.Environ
• f69d32a unix: in TestDirent, make as many ReadDirent calls as are needed
• 0d9df52 unix: add more SECCOMP constants
• 0829ab1 windows: add SetFileValidData
• Additional commits viewable in compare view

Updates golang.org/x/text from 0.13.0 to 0.14.0

Commits

• 6c97a16 all: update go directive to 1.18
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.