fix(deps): update all#319
Conversation
a2e84cb to
ec65ef0
Compare
ec65ef0 to
f7075e8
Compare
f7075e8 to
7a49373
Compare
7a49373 to
92eef3a
Compare
92eef3a to
1222172
Compare
cb00655 to
f43cfe7
Compare
41f4efb to
f1cf282
Compare
7c324a8 to
e684342
Compare
e684342 to
52e0917
Compare
a6777f4 to
6b682e0
Compare
b57a58c to
af6d109
Compare
a1bdb10 to
72b1efe
Compare
3a73794 to
5bcea1f
Compare
a9e11be to
9bab928
Compare
7aac983 to
a02dae4
Compare
119e774 to
6c3c508
Compare
| github.com/dustin/go-humanize v1.0.0 | ||
| github.com/gliderlabs/ssh v0.3.3 | ||
| github.com/go-gormigrate/gormigrate/v2 v2.0.0 | ||
| github.com/dustin/go-humanize v1.0.1 |
There was a problem hiding this comment.
Risk: github.com/docker/docker versions >= 23.0.0 before 23.0.3, >= 1.12.0 before 20.10.24 are vulnerable to Unprotected Alternate Channel / Not Failing Securely ('Failing Open'). Affected configurations silently accept cleartext VXLAN datagrams, enabling attackers to inject arbitrary Ethernet frames into the encrypted network. This can result in denial of service attacks or further escalations,
Fix: Upgrade this library to at least version 20.10.24 at sshportal/go.mod:7.
Reference(s): GHSA-232p-vwff-86mp, CVE-2023-28840
Ignore this finding from ssc-6c040726-d493-4854-b380-987107b4c1bb.|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
This PR contains the following updates:
v2.1.7→v2.1.8f21760c→a9d515av1.0.0→v1.0.1v0.3.3→v0.3.8v2.0.0→v2.1.69ff0b2a→7da9ad7v1.7.2→v1.8.1720c4b4→835d31cv1.22.5→v1.22.171.18.0→1.26.4v0.0.0-20220208050332-20e1d8d225ab→v0.53.0v0.1.10→v0.47.0v1.50.1→v1.64.8v1.2.3→v1.6.0v1.2.3→v1.6.0v1.2.6→v1.6.0v1.22.5→v1.31.2Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
actions/cache (actions/cache)
v2.1.8: Updating actions/core to version 1.10.0Compare Source
The ::save-state and ::set-output are deprecated. The newer version of actions/core >1.10.0 uses the new syntax for save and set output. After this change, customers using actions/cache@v2 won't see deprecation warning message.
dustin/go-humanize (github.com/dustin/go-humanize)
v1.0.1Compare Source
gliderlabs/ssh (github.com/gliderlabs/ssh)
v0.3.8Compare Source
This bumps x/crypto to 0.31.0 to resolve CVE-2024-45337. The API has not changed, which means there are still a number of ways you could be vulnerable if your code improperly uses the PublicKeyHandler.
Note that this may result in a performance regression, as the PublicKeyHandler may be called multiple times for the same key. The last time it is called will be the key the user is actually using.
Note that if you are using Permissions to pass information about the public key out of the handler, you need to make sure you always overwrite all relevant stored map keys in order to avoid being vulnerable.
Full Changelog: gliderlabs/ssh@v0.3.7...v0.3.8
v0.3.7Compare Source
What's Changed
New Contributors
Full Changelog: gliderlabs/ssh@v0.3.6...v0.3.7
v0.3.6Compare Source
v0.3.5Compare Source
v0.3.4Compare Source
go-gormigrate/gormigrate (github.com/go-gormigrate/gormigrate/v2)
v2.1.6Compare Source
v2.1.5Compare Source
v2.1.4Compare Source
v2.1.3Compare Source
Changed
v2.1.2Compare Source
Added
Changed
v2.1.1Compare Source
Changed
v2.1.0Compare Source
Changed
v2.0.3Compare Source
v2.0.2Compare Source
v2.0.1Compare Source
smartystreets/goconvey (github.com/smartystreets/goconvey)
v1.8.1Compare Source
v1.8.0: - Updating to Go 1.18Compare Source
What's Changed
New Contributors
Full Changelog: smartystreets/goconvey@v1.7.2...v1.8.0
urfave/cli (github.com/urfave/cli)
v1.22.17Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.16...v1.22.17
v1.22.16Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.15...v1.22.16
v1.22.15Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.14...v1.22.15
v1.22.14Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.13...v1.22.14
v1.22.13Compare Source
What's Changed
v1-maintby @meatballhat in #1712Full Changelog: urfave/cli@v1.22.12...v1.22.13
v1.22.12Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.11...v1.22.12
v1.22.11Compare Source
What's Changed
v1series by @meatballhat in #1646Full Changelog: urfave/cli@v1.22.10...v1.22.11
v1.22.10Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.9...v1.22.10
v1.22.9Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.8...v1.22.9
v1.22.8Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.7...v1.22.8
v1.22.7: Release 1.22.7Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.6...v1.22.7
v1.22.6: Release 1.22.6Compare Source
What's Changed
Full Changelog: urfave/cli@v1.22.5...v1.22.6
golangci/golangci-lint (golangci/golangci-lint)
v1.64.8Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
8b37f14fix: check version of the configuration (#5564)v1.64.7Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
94946f3build(deps): bump github.com/OpenPeeDeeP/depguard/v2 from 2.2.0 to 2.2.1 (#5509)132365ebuild(deps): bump github.com/golangci/dupl from3e9179atof665c8d(#5512)bddd1bcbuild(deps): bump github.com/securego/gosec/v2 from 2.22.1 to 2.22.2 (#5515)624fb4ebuild(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 (#5507)8cffdb7build(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 in /scripts/gen_github_action_config in the scripts group (#5521)7a3f3d7build(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0 (#5508)c13fd5bbuild(deps): bump honnef.co/go/tools from 0.6.0 to 0.6.1 (#5510)v1.64.6Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
3d28c57Require type for oneOf mutual exclusion (#5426)84ab753build(deps): bump 4d63.com/gocheckcompilerdirectives from 1.2.1 to 1.3.0 (#5485)9fddfc4build(deps): bump github.com/4meepo/tagalign from 1.4.1 to 1.4.2 (#5430)404916abuild(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v3 from 3.3.0 to 3.3.1 (#5467)3b6b9dabuild(deps): bump github.com/catenacyber/perfsprint from 0.8.1 to 0.8.2 (#5441)336b21bbuild(deps): bump github.com/kisielk/errcheck from 1.8.0 to 1.9.0 (#5447)baad5bbbuild(deps): bump github.com/kkHAIKE/contextcheck from 1.1.5 to 1.1.6 (#5482)9e832c9build(deps): bump github.com/ldez/exptostd from 0.4.1 to 0.4.2 (#5456)f2c6303build(deps): bump github.com/mgechev/revive from 1.6.1 to 1.7.0 (#5422)9a2423abuild(deps): bump github.com/nunnatsa/ginkgolinter from 0.19.0 to 0.19.1 (#5435)140d96ebuild(deps): bump github.com/rogpeppe/go-internal from 1.13.1 to 1.14.0 (#5469)3eecab1build(deps): bump github.com/rogpeppe/go-internal from 1.14.0 to 1.14.1 (#5476)d574f35build(deps): bump github.com/shirou/gopsutil/v4 from 4.25.1 to 4.25.2 (#5486)1a6b95bbuild(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.0 (#5421)69ed661build(deps): bump github.com/spf13/cobra from 1.9.0 to 1.9.1 (#5429)5e17a57build(deps): bump github.com/tdakkota/asciicheck from 0.4.0 to 0.4.1 (#5418)2c1d661build(deps): bump github.com/tetafro/godot from 1.4.20 to 1.5.0 (#5420)414f446build(deps): bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 in /scripts/gen_github_action_config in the scripts group (#5471)042d640build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 in the github-actions group (#5419)d4f4d16build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 in /pkg/golinters/protogetter/testdata in the linter-testdata group across 1 directory (#5484)f69da39fix: use commit hash when version is v0.0.0 (#5479)53d58e8govet: skip fieldalignment test on 32bit platforms (#5463)v1.64.5Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
a43c84cbuild(deps): bump github.com/gostaticanalysis/forcetypeassert from 0.1.0 to 0.2.0 (#5409)4be8bf8build(deps): bump github.com/securego/gosec/v2 from 2.22.0 to 2.22.1 (#5410)e352220build(deps): bump github.com/tdakkota/asciicheck from 0.3.0 to 0.4.0 (#5411)0a603e4fix: add missing new-from-merge-base flag (#5412)v1.64.4Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
04aec4fgci: fix section parsing (#5407)v1.64.3Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
b8920ddbuild(deps): bump github.com/go-critic/go-critic from 0.11.5 to 0.12.0 (#5400)1a0b85bbuild(deps): bump github.com/mgechev/revive from 1.6.0 to 1.6.1 (#5399)750e1abbuild(deps): bump github.com/nunnatsa/ginkgolinter from 0.18.4 to 0.19.0 (#5404)08ae805gci: fix standard packages list for go1.24 (#5402)v1.64.2Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
07019eebuild(deps): bump honnef.co/go/tools from 0.5.1 to 0.6.0 (#5391)474fdafgo1.24 support (#5224)e21ee9abuild(deps): bump github.com/ldez/exptostd from 0.4.0 to 0.4.1 (#5390)8e1d5f4build(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0 (#5389)23eafd5build(deps): bump github.com/catenacyber/perfsprint from 0.8.0 to 0.8.1 (#5386)71445eebuild(deps): bump go-simpler.org/sloglint from 0.7.2 to 0.9.0 (#5384)9ce9097build(deps): bump 4d63.com/gochecknoglobals from 0.2.1 to 0.2.2 (#5380)1200be2build(deps): bump github.com/catenacyber/perfsprint from 0.7.1 to 0.8.0 (#5382)2b24c4ebuild(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 (#5376)fbc663dbuild(deps): bump golang.org/x/mod from 0.22.0 to 0.23.0 (#5375)0284fa9tenv: deprecation (#5373)a2ef9eebuild(deps): bump github.com/polyfloyd/go-errorlint from 1.7.0 to 1.7.1 (#5368)a7da404build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#5367)72a1b33build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.12 to 4.25.1 (#5366)10c03d7feat: use run.relative-path-mode for output format paths (#5363)fc94060build(deps): bump the linter-testdata group across 2 directories with 4 updates (#5365)192e98bfeat: add new issues.new-from-merge-base option (#5362)980a911fix: sanitize severities by output format (#5359)4b05170build(deps): bump github.com/matoous/godox from 0.0.0-20230222163458-006bad1f9d26 to 1.1.0 (#5355)98c110bfeat: new linter exclusions system (#5339)d1e9da0fix: fallback on unknown severities for code climate (#5350)2637593build(deps): bump github.com/mgechev/revive from 1.5.1 to 1.6.0 (#5346)23641e3build(deps): bump github.com/golangci/revgrep from 0.6.1 to 0.7.0 (#5337)a10bfc5build(deps): bump github.com/golangci/revgrep from 0.6.0 to 0.6.1 (#5336)2084a50build(deps): bump github.com/Crocmagnon/fatcontext from 0.6.0 to 0.7.1 (#5335)ac95a23build(deps): bump github.com/ldez/exptostd from 0.3.1 to 0.4.0 (#5330)20e4b1ebuild(deps): bump github.com/Crocmagnon/fatcontext from 0.5.3 to 0.6.0 (#5332)29eaf2dbuild(deps): bump github.com/ldez/gomoddirectives from 0.6.0 to 0.6.1 (#5329)5a7c7e6fix: spancheck default StartSpanMatchersSlice values (#5324)019bde5build(deps): bump github.com/golangci/revgrep from 0.5.3 to 0.6.0 (#5319)2502d20build(deps): bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 (#5318)8f187ffbuild(deps): bump github.com/securego/gosec/v2 from 2.21.4 to 2.22.0 (#5311)e24c18cbuild(deps): bump github.com/karamaru-alpha/copyloopvar from 1.1.0 to 1.2.1 (#5307)ace35f0fix: avoid panic with plugin without description (#5312)09489d5build(deps): bump github.com/uudashr/iface from 1.3.0 to 1.3.1 (#5308)c07dc97build(deps): bump github.com/ghostiam/protogetter from 0.3.8 to 0.3.9 (#5306)555fb5cbuild(deps): bump github.com/alingse/nilnesserr from 0.1.1 to 0.1.2 (#5305)b7fd295build(deps): bump golang.org/x/tools from 0.28.0 to 0.29.0 (#5309)b747025build(deps): bump github.com/ldez/grignotin from 0.7.0 to 0.8.0 (#5295)d516da9build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 (#5293)v1.63.4Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
c114969fix: filter Go filenames (#5291)v1.63.3Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
bb896aabuild(deps): bump github.com/ldez/exptostd from 0.3.0 to 0.3.1 (#5283)e7a1c9fbuild(deps): bump github.com/ldez/usetesting from 0.4.1 to 0.4.2 (#5282)472b9b9build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.11 to 4.24.12 (#5281)e1b7346fix: invalid from position (#5287)8e4b0c3goheader: skip issues with invalid positions (#5286)v1.63.2Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
15412b3fix: invalid position when missing EOL (#5279)v1.63.1Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
afa0e27fix: filter files (#5272)ffb15cagci: fix cgo (#5274)v1.63.0Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
0640d3fAdd UseTesting linter (#5170)aa0450cAdd exptostd linter (#5259)1467bc0Add nilnesserr linter (#5240)6a20504build(deps): bump github.com/shirou/gopsutil to v4.24.10 (#5167)a6c26eebuild(deps): bump github.com/4meepo/tagalign from 1.3.4 to 1.4.1 (#5255)e85310cbuild(deps): bump github.com/Antonboom/nilnil from 1.0.0 to 1.0.1 (#5233)c751e5cbuild(deps): bump github.com/alecthomas/go-check-sumtype from 0.2.0 to 0.3.1 (#5230)c882e89build(deps): bump github.com/ashanbrown/makezero from 1.1.1 to 1.2.0 (#5181)acfb3bebuild(deps): bump github.com/bombsimon/wsl/v4 from 4.4.1 to 4.5.0 (#5262)321e03fbuild(deps): bump github.com/butuzov/ireturn from 0.3.0 to 0.3.1 (#5188)72bbc45build(deps): bump github.com/butuzov/mirror from 1.2.0 to 1.3.0 (#5178)06ffc05build(deps): bump github.com/ckaznocha/intrange from 0.2.1 to 0.3.0 (#5203)a92ccc7build(deps): bump github.com/curioswitch/go-reassign from 0.2.0 to 0.3.0 (#5176)043275fbuild(deps): bump github.com/go-xmlfmt/xmlfmt from 1.1.2 to 1.1.3 (#5177)c8cf7a4build(deps): bump github.com/jjti/go-spancheck from 0.6.2 to 0.6.4 (#5174)dafd655build(deps): bump github.com/julz/importas from 0.1.0 tob26b8fc(#5219)b322a16build(deps): bump github.com/julz/importas from 0.1.1-0.20241016092914-b26b8fc96f8a to 0.2.0 (#5256)d40b6dabuild(deps): bump github.com/ldez/gomoddirectives from 0.2.4 to 0.4.2 (#5175)794a340build(deps): bump github.com/ldez/gomoddirectives from 0.4.2 to 0.5.0 (#5187)67825febuild(deps): bump github.com/ldez/gomoddirectives from 0.5.0 to 0.6.0 (#5196)0c6bccbbuild(deps): bump github.com/ldez/grignotin from 0.6.0 to 0.7.0 (#5248)d74f1aebuild(deps): bump github.com/ldez/tagliatelle from 0.5.0 to 0.6.0 (#5164)59f05b5build(deps): bump github.com/ldez/tagliatelle from 0.6.0 to 0.7.1 (#5204)9686758build(deps): bump github.com/ldez/usetesting from 0.2.0 to 0.2.1 (#5189)fc650e4build(deps): bump github.com/ldez/usetesting from 0.2.1 to 0.2.2 (#5198)cf4c529build(deps): bump github.com/ldez/usetesting from 0.2.2 to 0.3.0 ([#5261](htConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.