From ed7d1dae8cbed63bb4749bff99019a439b847244 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 6 Sep 2024 16:56:46 +0200 Subject: [PATCH 001/194] add initial release cadence and permissions update (#484) Co-authored-by: Billy Lynch <1844673+wlynch@users.noreply.github.com> --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index b35561a..e96587c 100644 --- a/README.md +++ b/README.md @@ -73,3 +73,21 @@ The App will attempt to load the trust policy from `.github/chainguard/${NAME}.sts.yaml` from `${REPO}` and if the provided `${TOKEN}` satisfies those rules, it will return a token with the permissions in the trust policy. + +### Release cadence + +Our release cadence at this moment is set to when is needed, meaning if we have a bug fix or a new feature +we will might make a new release. + +### Permission updates + +Sometimes we need to add or remove a GitHub Permission in order to add/remove permissions that will be include in the +octo-sts token for the users. Due to the nature of GitHub Apps, OctoSTS must request all permissions it might need to use, even if you don't want to use them for your particular installation or policy. + +To avoid disruptions for the users, making them to review and approve the changes in the installed GitHub App we +will apply permissions changes for the `octo-sts app` quarterly at any day during the quarter. + +An issue will be created to explain what permissions is being added or removed. + +Special cases will be discussed in a GitHub issue in https://github.com/octo-sts/app/issues and we might apply more than +one change during the quarter. From dbdbb17bc6485a9717bc4e9a344e1a377fde6347 Mon Sep 17 00:00:00 2001 From: Phil Date: Mon, 16 Sep 2024 10:08:18 -0700 Subject: [PATCH 002/194] Support for custom audience (#508) Fixes #259 Adds the option for a trust policy to specify which audience is expected from the upstream token. - Add support for the `audience` and `audience_pattern`: The trust policy is accepted if at least one of the provided audience matches. - Adds support for boolean claims: If a boolean claim is found in the upstream token, it is converted to the "true" or "false" string --- pkg/octosts/octosts.go | 5 +- pkg/octosts/trust_policy.go | 55 ++++++- pkg/octosts/trust_policy_test.go | 240 +++++++++++++++++++++++++++---- 3 files changed, 272 insertions(+), 28 deletions(-) diff --git a/pkg/octosts/octosts.go b/pkg/octosts/octosts.go index bf469b3..7e71875 100644 --- a/pkg/octosts/octosts.go +++ b/pkg/octosts/octosts.go @@ -120,7 +120,8 @@ func (s *sts) Exchange(ctx context.Context, request *pboidc.ExchangeRequest) (_ } verifier := p.Verifier(&oidc.Config{ - ClientID: s.domain, + // The audience is verified later on by the trust policy. + SkipClientIDCheck: true, }) tok, err := verifier.Verify(ctx, bearer) if err != nil { @@ -140,7 +141,7 @@ func (s *sts) Exchange(ctx context.Context, request *pboidc.ExchangeRequest) (_ clog.FromContext(ctx).Infof("trust policy: %#v", e.TrustPolicy) // Check the token against the federation rules. - e.Actor, err = e.TrustPolicy.CheckToken(tok) + e.Actor, err = e.TrustPolicy.CheckToken(tok, s.domain) if err != nil { clog.FromContext(ctx).Warnf("token does not match trust policy: %v", err) return nil, err diff --git a/pkg/octosts/trust_policy.go b/pkg/octosts/trust_policy.go index f8a37a8..348711c 100644 --- a/pkg/octosts/trust_policy.go +++ b/pkg/octosts/trust_policy.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" "regexp" + "slices" "github.com/coreos/go-oidc/v3/oidc" "github.com/google/go-github/v61/github" @@ -21,6 +22,10 @@ type TrustPolicy struct { SubjectPattern string `json:"subject_pattern,omitempty"` subjectPattern *regexp.Regexp `json:"-"` + Audience string `json:"audience,omitempty"` + AudiencePattern string `json:"audience_pattern,omitempty"` + audiencePattern *regexp.Regexp `json:"-"` + ClaimPattern map[string]string `json:"claim_pattern,omitempty"` claimPattern map[string]*regexp.Regexp `json:"-"` @@ -70,6 +75,18 @@ func (tp *TrustPolicy) Compile() error { tp.subjectPattern = r } + // Check that we got oneof Audience[Pattern] or none. + switch { + case tp.Audience != "" && tp.AudiencePattern != "": + return errors.New("trust policy: only one of audience or audience_pattern can be set, got both") + case tp.AudiencePattern != "": + r, err := regexp.Compile("^" + tp.AudiencePattern + "$") + if err != nil { + return err + } + tp.audiencePattern = r + } + // Compile the claim patterns. tp.claimPattern = make(map[string]*regexp.Regexp, len(tp.ClaimPattern)) for k, v := range tp.ClaimPattern { @@ -86,7 +103,7 @@ func (tp *TrustPolicy) Compile() error { } // CheckToken checks the token against the trust policy. -func (tp *TrustPolicy) CheckToken(token *oidc.IDToken) (Actor, error) { +func (tp *TrustPolicy) CheckToken(token *oidc.IDToken, domain string) (Actor, error) { act := Actor{ Issuer: token.Issuer, Subject: token.Subject, @@ -130,6 +147,33 @@ func (tp *TrustPolicy) CheckToken(token *oidc.IDToken) (Actor, error) { return act, fmt.Errorf("trust policy: no subject or subject_pattern set") } + // Check the audience. + switch { + case tp.audiencePattern != nil: + // Check that the audience pattern matches at least one of the token's audiences. + found := false + for _, aud := range token.Audience { + if tp.audiencePattern.MatchString(aud) { + found = true + break + } + } + if !found { + return act, fmt.Errorf("trust policy: audience_pattern %q did not match any of %q", tp.AudiencePattern, token.Audience) + } + + case tp.Audience != "": + if !slices.Contains(token.Audience, tp.Audience) { + return act, fmt.Errorf("trust policy: audience %q did not match any of %q", tp.Audience, token.Audience) + } + + default: + // If `audience` or `audience_pattern` is not provided, we fall back to the domain. + if !slices.Contains(token.Audience, domain) { + return act, fmt.Errorf("trust policy: audience %q did not match any of %q", domain, token.Audience) + } + } + // Check the claims. if len(tp.claimPattern) != 0 { customClaims := make(map[string]interface{}) @@ -141,6 +185,15 @@ func (tp *TrustPolicy) CheckToken(token *oidc.IDToken) (Actor, error) { if !ok { return act, fmt.Errorf("trust policy: expected claim %q not found in token", k) } + + // Convert bool claims into a string + boolVal, ok := raw.(bool) + if ok { + raw = "false" + if boolVal { + raw = "true" + } + } val, ok := raw.(string) if !ok { return act, fmt.Errorf("trust policy: expected claim %q not a string", k) diff --git a/pkg/octosts/trust_policy_test.go b/pkg/octosts/trust_policy_test.go index 2755afc..c59f732 100644 --- a/pkg/octosts/trust_policy_test.go +++ b/pkg/octosts/trust_policy_test.go @@ -4,7 +4,9 @@ package octosts import ( + "reflect" "testing" + "unsafe" "github.com/coreos/go-oidc/v3/oidc" ) @@ -61,6 +63,14 @@ func TestCompile(t *testing.T) { SubjectPattern: ")(", }, wantErr: true, + }, { + name: "invalid audience pattern", + tp: &TrustPolicy{ + Issuer: "https://examples.com", + Subject: "asdf", + AudiencePattern: ")(", + }, + wantErr: true, }, { name: "invalid claim pattern", tp: &TrustPolicy{ @@ -99,6 +109,7 @@ func TestCheckToken(t *testing.T) { name string tp *TrustPolicy token *oidc.IDToken + claims []byte wantErr bool }{{ name: "valid token", @@ -107,8 +118,9 @@ func TestCheckToken(t *testing.T) { Subject: "subject", }, token: &oidc.IDToken{ - Issuer: "https://example.com", - Subject: "subject", + Issuer: "https://example.com", + Subject: "subject", + Audience: []string{"octo-sts.dev"}, }, wantErr: false, }, { @@ -118,8 +130,9 @@ func TestCheckToken(t *testing.T) { Subject: "subject", }, token: &oidc.IDToken{ - Issuer: "https://example.org", - Subject: "subject", + Issuer: "https://example.org", + Subject: "subject", + Audience: []string{"octo-sts.dev"}, }, wantErr: true, }, { @@ -129,8 +142,22 @@ func TestCheckToken(t *testing.T) { Subject: "subject", }, token: &oidc.IDToken{ - Issuer: "https://example.com", - Subject: "asdf", + Issuer: "https://example.com", + Subject: "asdf", + Audience: []string{"octo-sts.dev"}, + }, + wantErr: true, + }, { + name: "invalid audience", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "subject", + Audience: "octo-sts.com", + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "asdf", + Audience: []string{"octo-sts.dev"}, }, wantErr: true, }, { @@ -140,8 +167,9 @@ func TestCheckToken(t *testing.T) { SubjectPattern: "[0-9]{10}", }, token: &oidc.IDToken{ - Issuer: "https://example.com", - Subject: "1234567890", + Issuer: "https://example.com", + Subject: "1234567890", + Audience: []string{"octo-sts.dev"}, }, wantErr: false, }, { @@ -151,8 +179,9 @@ func TestCheckToken(t *testing.T) { Subject: "blah", }, token: &oidc.IDToken{ - Issuer: "https://example.org", - Subject: "blah", + Issuer: "https://example.org", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, }, wantErr: true, }, { @@ -162,8 +191,22 @@ func TestCheckToken(t *testing.T) { SubjectPattern: "[0-9]{10}", }, token: &oidc.IDToken{ - Issuer: "https://example.com", - Subject: "blah", + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, + }, + wantErr: true, + }, { + name: "invalid audience pattern", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + AudiencePattern: "octo-sts\\.com", + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev", "octo-sts.co"}, }, wantErr: true, }, { @@ -179,6 +222,7 @@ func TestCheckToken(t *testing.T) { Issuer: "https://example.com", Subject: "subject", // No email claim. + Audience: []string{"octo-sts.dev"}, }, wantErr: true, }, { @@ -188,8 +232,9 @@ func TestCheckToken(t *testing.T) { SubjectPattern: "^(123|456)$", }, token: &oidc.IDToken{ - Issuer: "https://accounts.google.com", - Subject: "123999", + Issuer: "https://accounts.google.com", + Subject: "123999", + Audience: []string{"octo-sts.dev"}, }, wantErr: true, }, { @@ -199,28 +244,173 @@ func TestCheckToken(t *testing.T) { SubjectPattern: "(123|456)", }, token: &oidc.IDToken{ - Issuer: "https://accounts.google.com", - Subject: "123999", + Issuer: "https://accounts.google.com", + Subject: "123999", + Audience: []string{"octo-sts.dev"}, + }, + wantErr: true, + }, { + name: "matches one of audience pattern", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + AudiencePattern: "(octo|nona)-sts\\.dev", + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"deka-sts.dev", "nona-sts.dev"}, + }, + wantErr: false, + }, { + name: "matches one of audience", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + AudiencePattern: "example.com", + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev", "deka-sts.dev", "example.com", "nona-sts.dev"}, + }, + wantErr: false, + }, { + name: "matching boolean claims", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + ClaimPattern: map[string]string{ + "email_verified": "true", + }, + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, + }, + claims: []byte(`{"email_verified": true}`), + wantErr: false, + }, { + name: "matching custom claim", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + ClaimPattern: map[string]string{ + "email": ".*@example.com", + }, + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, + }, + claims: []byte(`{"email": "test@example.com"}`), + wantErr: false, + }, { + name: "matching multiple custom claim", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + ClaimPattern: map[string]string{ + "email": ".*@example.com", + "domain": ".*\\.net", + }, + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, + }, + claims: []byte(`{"email": "test@example.com", "domain": "example.net", "extra": "extra"}`), + wantErr: false, + }, { + name: "missing custom claim", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + ClaimPattern: map[string]string{ + "email_verified": "true", + "email": ".*@example.com", + }, + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, + }, + claims: []byte(`{"email_verified": true}`), + wantErr: true, + }, { + name: "number custom claim", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + ClaimPattern: map[string]string{ + "age": "\\d+", + }, + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, + }, + claims: []byte(`{"age": 21}`), + wantErr: true, + }, { + name: "mismatching custom claim", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + ClaimPattern: map[string]string{ + "email": ".*@example.com", + }, + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, + }, + claims: []byte(`{"email": "test@example.dev"}`), + wantErr: true, + }, { + name: "mismatching one of multiple custom claim", + tp: &TrustPolicy{ + Issuer: "https://example.com", + Subject: "blah", + ClaimPattern: map[string]string{ + "email": ".*@example.com", + "domain": ".*\\.net", + }, + }, + token: &oidc.IDToken{ + Issuer: "https://example.com", + Subject: "blah", + Audience: []string{"octo-sts.dev"}, }, + claims: []byte(`{"email": "test@example.dev", "domain": "example.net"}`), wantErr: true, }} - // TODO(mattmoor): Figure out how to test custom claims with IDToken. - // - Test for extra custom claims, - // - Test for matching a custom claim, - // - Test for mismatching a custom claim, - // - Test for matching multiple custom claims, - // - Test for mismatching one of several custom claims. - // - Test for a non-string custom claim. - for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { if err := tt.tp.Compile(); err != nil { t.Fatalf("Compile() = %v", err) } - if _, err := tt.tp.CheckToken(tt.token); (err != nil) != tt.wantErr { + withClaims(tt.token, tt.claims) + if _, err := tt.tp.CheckToken(tt.token, "octo-sts.dev"); (err != nil) != tt.wantErr { t.Errorf("CheckToken() error = %v, wantErr %v", err, tt.wantErr) } }) } } + +// reflect hack because "claims" field is unexported by oidc IDToken +// https://github.com/coreos/go-oidc/pull/329 +func withClaims(token *oidc.IDToken, data []byte) { + val := reflect.Indirect(reflect.ValueOf(token)) + member := val.FieldByName("claims") + pointer := unsafe.Pointer(member.UnsafeAddr()) + realPointer := (*[]byte)(pointer) + *realPointer = data +} From db5321df135494f01353303f3ed6fcc7c4167598 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 13:20:57 -0700 Subject: [PATCH 003/194] Bump chainguard-dev/common/infra from 0.6.74 to 0.6.80 in /modules/app in the all group across 1 directory (#509) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /modules/app directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.74 to 0.6.80
Release notes

Sourced from chainguard-dev/common/infra's releases.

v0.6.80

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.79...v0.6.80

v0.6.79

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.78...v0.6.79

v0.6.78

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.77...v0.6.78

v0.6.77

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.76...v0.6.77

v0.6.76

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.75...v0.6.76

v0.6.75

What's Changed

... (truncated)

Commits
  • ae471a8 remove provider restriction for serverless-gclb (#547)
  • e9ee050 Add an explicit deduplication test (#546)
  • 2decf50 Bring over the module and binary entrypoints. (#545)
  • 05ae852 Migrate the go-workqueue libraries into common infra (#544)
  • ee942e7 build(deps): bump the gomod group across 1 directory with 9 updates (#543)
  • 14c6804 build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 in the act...
  • 3bdd70b build(deps): bump cloud.google.com/go/pubsub from 1.42.0 to 1.43.0 in the gom...
  • dba507c Reapply "pin google provider to less than 6 (#518)" (#537) (#538)
  • d49dacb Revert "pin google provider to less than 6 (#518)" (#537)
  • 4eb77b6 build(deps): bump terraform-docs/gh-actions from 1.2.0 to 1.2.2 in the action...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.74&new-version=0.6.80)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 577852e..cccef29 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.74" + version = "0.6.80" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.74" + version = "0.6.80" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 95ce6f1..776e850 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.74" + version = "0.6.80" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.74" + version = "0.6.80" project_id = var.project_id name = "${var.name}-webhook" From 4c36b76b06d248c0c362c1779591ff1ea02dc09d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 13:21:28 -0700 Subject: [PATCH 004/194] Bump the all group across 1 directory with 3 updates (#510) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 3 updates in the / directory: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint), [google-github-actions/auth](https://github.com/google-github-actions/auth) and [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform). Updates `reviewdog/action-actionlint` from 1.54.0 to 1.55.0
Release notes

Sourced from reviewdog/action-actionlint's releases.

Release v1.55.0

v1.55.0: PR #140 - chore(deps): update reviewdog to 0.20.2

Commits

Updates `google-github-actions/auth` from 2.1.3 to 2.1.5
Release notes

Sourced from google-github-actions/auth's releases.

v2.1.5

What's Changed

New Contributors

Full Changelog: https://github.com/google-github-actions/auth/compare/v2.1.4...v2.1.5

v2.1.4

What's Changed

Full Changelog: https://github.com/google-github-actions/auth/compare/v2.1.3...v2.1.4

Commits

Updates `hashicorp/setup-terraform` from 3.1.1 to 3.1.2
Release notes

Sourced from hashicorp/setup-terraform's releases.

v3.1.2

NOTES:

  • This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#430)
Changelog

Sourced from hashicorp/setup-terraform's changelog.

3.1.2 (2024-08-19)

NOTES:

  • This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#430)

3.1.1 (2024-05-07)

BUG FIXES:

  • wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (#395)

3.1.0 (2024-04-23)

ENHANCEMENTS:

  • Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available (#409)

3.0.0 (2023-10-30)

NOTES:

  • Updated default runtime to node20 (#346)
  • The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with v3.0.0, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (#367)

BUG FIXES:

  • Fixed malformed stdout when wrapper is enabled (#367)

[2.0.3] (2022-11-01)

NOTES

  • Reduced occurrences of GitHub Actions warnings for setting output #247

[2.0.2] (2022-10-12)

BUG FIXES

INTERNAL

[2.0.1] (2022-10-12)

ENHANCEMENTS

... (truncated)

Commits
  • b9cd54a Update package version
  • 47b7a54 Update changelog
  • 20bffec Bump @​hashicorp/js-releases from 1.7.2 to 1.7.3 (#430)
  • 7f4493e Result of tsccr-helper -log-level=info gha update -latest . (#426)
  • bda2976 Bump semver from 7.6.2 to 7.6.3 (#427)
  • 3235006 Result of tsccr-helper -log-level=info gha update -latest . (#421)
  • 81777d5 deps: Bump braces to 3.0.3 (#423)
  • c5b46f3 [CI] Update lock workflow file
  • 0ec620c [CI] terraform-devex-repos automation
  • 02909a6 [CI] terraform-devex-repos automation
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/deploy.yaml | 4 ++-- .github/workflows/terraform.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index a567839..49685f3 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@4f8f9963ca57a41e5fd5b538dd79dbfbd3e0b38a # v1.54.0 + uses: reviewdog/action-actionlint@05c9d7bef25a46caf572df3497afa7082fc111df # v1.55.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 44e95d8..eb1d2db 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -28,7 +28,7 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 + - uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5 id: auth with: token_format: 'access_token' @@ -43,7 +43,7 @@ jobs: registry: 'gcr.io' # Attempt to deploy the terraform configuration - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v2.0.0 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v2.0.0 with: terraform_version: 1.6 diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 1e3489f..e4210c8 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -21,7 +21,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - run: terraform fmt -check From 52663cb475e2474298509353dbcf79d4d5426507 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:26:05 +0200 Subject: [PATCH 005/194] Bump the all group across 1 directory with 2 updates (#533) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint). Updates `actions/checkout` from 4.1.7 to 4.2.0
Release notes

Sourced from actions/checkout's releases.

v4.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.1.7...v4.2.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

... (truncated)

Commits

Updates `reviewdog/action-actionlint` from 1.55.0 to 1.56.0
Release notes

Sourced from reviewdog/action-actionlint's releases.

Release v1.56.0

v1.56.0: PR #141 - chore(deps): update actionlint to 1.7.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 4 ++-- .github/workflows/boilerplate.yaml | 2 +- .github/workflows/deploy.yaml | 2 +- .github/workflows/donotsubmit.yaml | 2 +- .github/workflows/go-test.yaml | 2 +- .github/workflows/style.yaml | 8 ++++---- .github/workflows/terraform.yaml | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 49685f3..5d8b123 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Find yamls id: get_yamls @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@05c9d7bef25a46caf572df3497afa7082fc111df # v1.55.0 + uses: reviewdog/action-actionlint@15a7a477ab5ab768a41c39b2c53970bf151c73f3 # v1.56.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} diff --git a/.github/workflows/boilerplate.yaml b/.github/workflows/boilerplate.yaml index 1af924b..a333eb9 100644 --- a/.github/workflows/boilerplate.yaml +++ b/.github/workflows/boilerplate.yaml @@ -35,7 +35,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: chainguard-dev/actions/boilerplate@main with: diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index eb1d2db..33baa55 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -22,7 +22,7 @@ jobs: id-token: write # federates with GCP steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v3 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: './go.mod' diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index 5fad5e7..bdf729a 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Do Not Submit uses: chainguard-dev/actions/donotsubmit@main diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 5e50196..1587dc1 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code onto GOPATH - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 9148def..9a00b90 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -50,7 +50,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -70,7 +70,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index e4210c8..7bda49e 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -20,7 +20,7 @@ jobs: - ./iac steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - run: terraform fmt -check From c393676a8e7338c344d30ebb8bc92481c0f94673 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 27 Sep 2024 15:55:35 +0200 Subject: [PATCH 006/194] Update go to 1.23 and terraform to 1.9 (#535) --- .github/workflows/deploy.yaml | 2 +- .github/workflows/style.yaml | 3 +-- .github/workflows/terraform.yaml | 2 ++ go.mod | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 33baa55..705dd00 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -45,7 +45,7 @@ jobs: # Attempt to deploy the terraform configuration - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v2.0.0 with: - terraform_version: 1.6 + terraform_version: 1.9 - working-directory: ./iac run: | diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 9a00b90..210cf8c 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -61,8 +61,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v3.7.1 with: - version: v1.56 - args: --timeout=5m + version: v1.61 lint: name: Lint diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 7bda49e..5b8199f 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -22,6 +22,8 @@ jobs: steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 + with: + terraform_version: 1.9 - run: terraform fmt -check diff --git a/go.mod b/go.mod index aa941ba..6c6333e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/octo-sts/app -go 1.22.5 +go 1.23.1 require ( chainguard.dev/go-grpc-kit v0.17.5 From 986f61bafa59f5932e449c787ea8d008ab5f42d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 16:01:19 +0200 Subject: [PATCH 007/194] Bump chainguard-dev/common/infra from 0.6.74 to 0.6.85 in /iac in the all group across 1 directory (#532) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.74 to 0.6.85
Release notes

Sourced from chainguard-dev/common/infra's releases.

v0.6.85

What's Changed

New Contributors

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.84...v0.6.85

v0.6.84

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.83...v0.6.84

v0.6.83

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.82...v0.6.83

v0.6.82

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.81...v0.6.82

v0.6.81

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.80...v0.6.81

v0.6.80

What's Changed

... (truncated)

Commits
  • ea23b2b feat(github-bots): Add support for projects_v2_item events (#571)
  • 95e8508 build(deps): bump the actions group across 1 directory with 2 updates (#570)
  • a259ce7 feat(github-events): Record projects_v2_item events (#568)
  • 6ef6da6 build(deps): bump terraform-docs/gh-actions from 1.2.2 to 1.3.0 in the action...
  • f5f2d31 build(deps): bump the gomod group with 2 updates (#566)
  • 91e3ba3 github-events: record check-run and check-suite events (#567)
  • df2be52 allow configuring prober service timeout (#565)
  • 9436dd7 alerting: ratelimit metrics (#562)
  • 7ad4e7e build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 in the gomod g...
  • 71e2492 build(deps): bump the gomod group with 2 updates (#561)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.74&new-version=0.6.85)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 8b08903..2925aa2 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.74" + version = "0.6.85" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.74" + version = "0.6.85" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index dae4f46..7f8de9b 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.74" + version = "0.6.85" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 767d2db..47b7e00 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.74" + version = "0.6.85" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index f33eb1a..a610999 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.74" + version = "0.6.85" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.74" + version = "0.6.85" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.74" + version = "0.6.85" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index cccef29..76d657e 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.80" + version = "0.6.85" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.80" + version = "0.6.85" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 776e850..96f7918 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.80" + version = "0.6.85" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.80" + version = "0.6.85" project_id = var.project_id name = "${var.name}-webhook" From ea009f3acde6bdb792e0489e7e07af19960150c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:49:51 -0400 Subject: [PATCH 008/194] Bump the all group across 1 directory with 10 updates (#531) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 3 updates in the / directory: [chainguard.dev/go-grpc-kit](https://github.com/chainguard-dev/go-grpc-kit), [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk) and [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard.dev/go-grpc-kit` from 0.17.5 to 0.17.6
Release notes

Sourced from chainguard.dev/go-grpc-kit's releases.

v0.17.6

What's Changed

Full Changelog: https://github.com/chainguard-dev/go-grpc-kit/compare/v0.17.5...v0.17.6

Commits
  • 5c5ce94 Bump the golang-org-x group with 2 updates (#301)
  • e2d1952 Bump github.com/prometheus/client_golang in the prom group (#302)
  • 101d70b Bump google.golang.org/grpc from 1.66.0 to 1.66.1 (#303)
  • 942dbb3 Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#300)
  • d89a45f Bump github.com/chainguard-dev/clog from 1.4.0 to 1.5.0 (#295)
  • b3a3dc1 Bump github.com/prometheus/client_golang (#298)
  • ab8d8b0 Bump the otel group with 4 updates (#299)
  • 03f612c Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#293)
  • 3540060 Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 in the golang-org-x group (#292)
  • 9433cd2 Bump github.com/grpc-ecosystem/grpc-gateway/v2 in the grpc group (#291)
  • Additional commits viewable in compare view

Updates `chainguard.dev/sdk` from 0.1.22 to 0.1.25
Release notes

Sourced from chainguard.dev/sdk's releases.

v0.1.25

Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.24...v0.1.25

v0.1.24

Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.23...v0.1.24

v0.1.23

Full Changelog: https://github.com/chainguard-dev/sdk/compare/0.1.22...v0.1.23

Commits
  • 3cb4e97 Merge pull request #58 from chainguard-dev/create-pull-request/patch
  • 59fd5a5 Export ab3a61f8c1137b4893257b8b6975e3849d9ad2c4
  • 11d7450 Export 6b5fc54c8a5613d10b3856b7008475a06ebf0cd1
  • e2e1e1a Export 046a9a76c6aaa3d99e31ce68182c8a58e1fcd2ea
  • 64cf18e Export 541efa9287cd47b39455b5643810e349e82ed383
  • 0db905a Export 25cfb894f43f6b1ece53343c70e3ae75427f9999
  • 408b9b9 Export 4530c0d65d0dfc1511e7fd833dcf4ec5e428348a
  • 70f67b7 Export 459080a35fa844e1a6e8dc2076924ede94ae084c
  • 6c2d81a Export 1c10867c1ca2c2b4b60f0ce2b92c500783cae491
  • d6fd009 Export b22dba6df69c09745d06eec5aba2a33515270e39
  • Additional commits viewable in compare view

Updates `cloud.google.com/go/kms` from 1.18.4 to 1.19.0
Release notes

Sourced from cloud.google.com/go/kms's releases.

dlp: v1.19.0

1.19.0 (2024-09-19)

Features

  • dlp: Action for publishing data profiles to SecOps (formelly known as Chronicle) (#10884) (fdb4ea9)
  • dlp: Action for publishing data profiles to Security Command Center (fdb4ea9)
  • dlp: Discovery configs for AWS S3 buckets (fdb4ea9)

Documentation

  • dlp: Small improvements and clarifications (fdb4ea9)
Changelog

Sourced from cloud.google.com/go/kms's changelog.

1.19.0 (2023-05-30)

Features

  • documentai: Update all direct dependencies (b340d03)

1.18.1 (2023-05-08)

Bug Fixes

  • documentai: Update grpc to v1.55.0 (1147ce0)

1.18.0 (2023-03-22)

Features

  • documentai: Add ImportProcessorVersion in v1beta3 (c967961)

1.17.0 (2023-03-15)

Features

  • documentai: Added hints.language_hints field in OcrConfig (#7522) (b2c40c3)

1.16.0 (2023-02-22)

Features

1.15.0 (2023-02-14)

⚠ BREAKING CHANGES

  • documentai: The TrainProcessorVersion parent was incorrectly annotated.

Features

  • documentai: Add REST client (06a54a1)
  • documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
  • documentai: Added EvaluationReference to evaluation.proto (#7290) (4623db8)
  • documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
  • documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
  • documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)

... (truncated)

Commits

Updates `cloud.google.com/go/secretmanager` from 1.13.5 to 1.14.0
Release notes

Sourced from cloud.google.com/go/secretmanager's releases.

orgpolicy: v1.14.0

1.14.0 (2024-09-19)

Features

  • orgpolicy: Support adding constraints to new method types REMOVE_GRANTS and GOVERN_TAGS (0b3c268)

maps: v1.14.0

1.14.0 (2024-09-25)

Features

  • maps/routeoptimization: A new field route_token is added to message .google.maps.routeoptimization.v1.ShipmentRoute.Transition (7250d71)
  • maps/routeoptimization: Add support for generating route tokens (7250d71)

Documentation

  • maps/routeoptimization: A comment for field code in message .google.maps.routeoptimization.v1.OptimizeToursValidationError is changed (7250d71)
  • maps/routeoptimization: A comment for field populate_transition_polylines in message .google.maps.routeoptimization.v1.OptimizeToursRequest is changed (7250d71)
  • maps/routeoptimization: A comment for method BatchOptimizeTours in service RouteOptimization is changed (7250d71)
Changelog

Sourced from cloud.google.com/go/secretmanager's changelog.

1.14.0 (2023-01-04)

Features

  • documentai: Add REST client (06a54a1)

1.13.0 (2022-12-01)

Features

  • documentai: added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)

1.12.0 (2022-11-16)

Features

  • documentai: added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)

1.11.0 (2022-11-09)

Features

  • documentai: added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)

1.10.0 (2022-11-03)

Features

  • documentai: rewrite signatures in terms of new location (3c4b2b3)

1.9.0 (2022-10-25)

Features

  • documentai: start generating stubs dir (de2d180)

1.8.0 (2022-09-21)

Features

  • documentai: rewrite signatures in terms of new types for betas (9f303f9)

1.7.0 (2022-09-19)

... (truncated)

Commits

Updates `github.com/chainguard-dev/clog` from 1.4.0 to 1.5.1-0.20240811185937-4c523ae4593f
Release notes

Sourced from github.com/chainguard-dev/clog's releases.

v1.5.0

What's Changed

Dependencies

New Contributors

Full Changelog: https://github.com/chainguard-dev/clog/compare/v1.4.0...v1.5.0

Commits

Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.60 to 0.6.85
Release notes

Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

v0.6.85

What's Changed

New Contributors

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.84...v0.6.85

v0.6.84

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.83...v0.6.84

v0.6.83

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.82...v0.6.83

v0.6.82

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.81...v0.6.82

v0.6.81

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.80...v0.6.81

v0.6.80

What's Changed

... (truncated)

Commits
  • ea23b2b feat(github-bots): Add support for projects_v2_item events (#571)
  • 95e8508 build(deps): bump the actions group across 1 directory with 2 updates (#570)
  • a259ce7 feat(github-events): Record projects_v2_item events (#568)
  • 6ef6da6 build(deps): bump terraform-docs/gh-actions from 1.2.2 to 1.3.0 in the action...
  • f5f2d31 build(deps): bump the gomod group with 2 updates (#566)
  • 91e3ba3 github-events: record check-run and check-suite events (#567)
  • df2be52 allow configuring prober service timeout (#565)
  • 9436dd7 alerting: ratelimit metrics (#562)
  • 7ad4e7e build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 in the gomod g...
  • 71e2492 build(deps): bump the gomod group with 2 updates (#561)
  • Additional commits viewable in compare view

Updates `golang.org/x/oauth2` from 0.21.0 to 0.23.0
Commits
  • 3e64809 x/oauth2: add Token.ExpiresIn
  • 16a9973 jwt: rename example to avoid vet error
  • b52af7d endpoints: add GitLab DeviceAuthURL
  • 6d8340f LICENSE: update per Google Legal
  • See full diff in compare view

Updates `google.golang.org/api` from 0.190.0 to 0.198.0
Release notes

Sourced from google.golang.org/api's releases.

v0.198.0

0.198.0 (2024-09-19)

Features

v0.197.0

0.197.0 (2024-09-10)

Features

Bug Fixes

  • transport: Set UniverseDomain in http.NewClient for new auth (#2773) (140d0a5)

v0.196.0

0.196.0 (2024-09-03)

Features

v0.195.0

0.195.0 (2024-08-28)

Features

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.198.0 (2024-09-19)

Features

0.197.0 (2024-09-10)

Features

Bug Fixes

  • transport: Set UniverseDomain in http.NewClient for new auth (#2773) (140d0a5)

0.196.0 (2024-09-03)

Features

0.195.0 (2024-08-28)

Features

... (truncated)

Commits

Updates `google.golang.org/grpc` from 1.65.0 to 1.67.0
Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.67.0

Bug Fixes

  • ringhash: when used with multiple EDS priorities, fix bug that could prevent a higher priority from recovering from transient failure. (#7364)

Behavior Changes

  • In accordance with RFC 7540, clients and servers will now reject TLS connections that don't support ALPN. This can be disabled by setting the environment variable GRPC_ENFORCE_ALPN_ENABLED to false (case insensitive). Please file a bug if you encounter any issues with this behavior. The environment variable to revert this behavior will be removed in an upcoming release. (#7535)

Release 1.66.2

Dependencies

  • Remove unintentional dependency on the testing package (#7579)
  • Remove unintentional dependency on the flate package (#7595)

Bug Fixes

  • client: fix a bug that prevented memory reuse after handling unary RPCs (#7571)

Release 1.66.0

New Features

  • metadata: stabilize ValueFromIncomingContext (#7368)
  • client: stabilize the WaitForStateChange and GetState methods, which were previously experimental. (#7425)
  • xds: Implement ADS flow control mechanism (#7458)
  • balancer/rls: Add metrics for data cache and picker internals (#7484, #7495)
  • xds: LRS load reports now include the total_issued_requests field. (#7544)

Bug Fixes

  • grpc: Clients now return status code INTERNAL instead of UNIMPLEMENTED when the server uses an unsupported compressor. This is consistent with the gRPC compression spec. (#7461)
  • transport: Fix a bug which could result in writes busy looping when the underlying conn.Write returns errors (#7394)
  • client: fix race that could lead to orphaned connections and associated resources. (#7390)
  • xds: use locality from the connected address for load reporting with pick_first (#7378)
    • without this fix, if a priority contains multiple localities with pick_first, load was reported for the wrong locality
  • client: prevent hanging during ClientConn.Close() when the network is unreachable (#7540)

Performance Improvements

  • transport: double buffering is avoided when using an http connect proxy and the target server waits for client to send the first message. ( Date: Mon, 30 Sep 2024 10:52:44 +0200 Subject: [PATCH 009/194] Bump chainguard-dev/common/infra from 0.6.74 to 0.6.85 in /iac/bootstrap in the all group across 1 directory (#536) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac/bootstrap directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.74 to 0.6.85
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.85

    What's Changed

    New Contributors

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.84...v0.6.85

    v0.6.84

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.83...v0.6.84

    v0.6.83

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.82...v0.6.83

    v0.6.82

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.81...v0.6.82

    v0.6.81

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.80...v0.6.81

    v0.6.80

    What's Changed

    ... (truncated)

    Commits
    • ea23b2b feat(github-bots): Add support for projects_v2_item events (#571)
    • 95e8508 build(deps): bump the actions group across 1 directory with 2 updates (#570)
    • a259ce7 feat(github-events): Record projects_v2_item events (#568)
    • 6ef6da6 build(deps): bump terraform-docs/gh-actions from 1.2.2 to 1.3.0 in the action...
    • f5f2d31 build(deps): bump the gomod group with 2 updates (#566)
    • 91e3ba3 github-events: record check-run and check-suite events (#567)
    • df2be52 allow configuring prober service timeout (#565)
    • 9436dd7 alerting: ratelimit metrics (#562)
    • 7ad4e7e build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 in the gomod g...
    • 71e2492 build(deps): bump the gomod group with 2 updates (#561)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.74&new-version=0.6.85)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 00a7bef..69fb376 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.74" + version = "0.6.85" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.74" + version = "0.6.85" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.74" + version = "0.6.85" project_id = var.project_id name = "github-pull-requests" From 5d885431ee2dbc36a2fc96c6b995dcddbf93369b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 11:06:01 +0200 Subject: [PATCH 010/194] Bump the all group with 2 updates (#537) Bumps the all group with 2 updates: [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) and [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `cloud.google.com/go/secretmanager` from 1.14.0 to 1.14.1
    Release notes

    Sourced from cloud.google.com/go/secretmanager's releases.

    language: v1.14.1

    1.14.1 (2024-09-12)

    Bug Fixes

    • language: Bump dependencies (2ddeb15)

    metastore: v1.14.1

    1.14.1 (2024-09-12)

    Bug Fixes

    • metastore: Bump dependencies (2ddeb15)

    networkmanagement: v1.14.1

    1.14.1 (2024-09-12)

    Bug Fixes

    • networkmanagement: Bump dependencies (2ddeb15)

    osconfig: v1.14.1

    1.14.1 (2024-09-12)

    Bug Fixes

    • osconfig: Bump dependencies (2ddeb15)

    oslogin: v1.14.1

    1.14.1 (2024-09-12)

    Bug Fixes

    • oslogin: Bump dependencies (2ddeb15)

    secretmanager: v1.14.1

    1.14.1 (2024-09-12)

    Bug Fixes

    • secretmanager: Bump dependencies (2ddeb15)

    servicecontrol: v1.14.1

    1.14.1 (2024-09-12)

    ... (truncated)

    Changelog

    Sourced from cloud.google.com/go/secretmanager's changelog.

    Changes

    1.34.0 (2024-09-12)

    Features

    • documentai: Add API fields for the descriptions of entity type and property in the document schema (2d5a9f9)

    Bug Fixes

    • documentai: Bump dependencies (2ddeb15)

    1.33.0 (2024-08-20)

    Features

    • documentai: Add support for Go 1.23 iterators (84461c0)

    1.32.0 (2024-08-08)

    Features

    • documentai: A new field gen_ai_model_info is added to message .google.cloud.documentai.v1.ProcessorVersion (649c075)
    • documentai: A new field imageless_mode is added to message .google.cloud.documentai.v1.ProcessRequest (649c075)

    Bug Fixes

    • documentai: Update google.golang.org/api to v0.191.0 (5b32644)

    1.31.0 (2024-08-01)

    Features

    • documentai: A new field imageless_mode is added to message .google.cloud.documentai.v1.ProcessRequest (#10615) (97fa560)

    Documentation

    • documentai: Keep the API doc up-to-date with recent changes (97fa560)

    1.30.5 (2024-07-24)

    ... (truncated)

    Commits

    Updates `k8s.io/apimachinery` from 0.31.0 to 0.31.1
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 504d53b..1e3d540 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( chainguard.dev/go-grpc-kit v0.17.6 chainguard.dev/sdk v0.1.25 cloud.google.com/go/kms v1.19.0 - cloud.google.com/go/secretmanager v1.14.0 + cloud.google.com/go/secretmanager v1.14.1 github.com/bradleyfalzon/ghinstallation/v2 v2.10.1-0.20240507094914-84bb4cbb7874 github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f github.com/chainguard-dev/terraform-infra-common v0.6.85 @@ -21,7 +21,7 @@ require ( golang.org/x/oauth2 v0.23.0 google.golang.org/api v0.198.0 google.golang.org/grpc v1.67.0 - k8s.io/apimachinery v0.31.0 + k8s.io/apimachinery v0.31.1 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 8917a6b..bc0f825 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkB cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= cloud.google.com/go/monitoring v1.21.0 h1:EMc0tB+d3lUewT2NzKC/hr8cSR9WsUieVywzIHetGro= cloud.google.com/go/monitoring v1.21.0/go.mod h1:tuJ+KNDdJbetSsbSGTqnaBvbauS5kr3Q/koy3Up6r+4= -cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= -cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= +cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= +cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= cloud.google.com/go/trace v1.11.0 h1:UHX6cOJm45Zw/KIbqHe4kII8PupLt/V5tscZUkeiJVI= cloud.google.com/go/trace v1.11.0/go.mod h1:Aiemdi52635dBR7o3zuc9lLjXo3BwGaChEjCa3tJNmM= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -342,7 +342,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= -k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 7918b9c3316feb51a2fcd1e0bd1d88b7670d4bd8 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 30 Sep 2024 15:01:37 +0200 Subject: [PATCH 011/194] add new field to bq (#540) slack thread: https://chainguard-dev.slack.com/archives/C06HP2VFDJL/p1727474301548949 --- iac/sts_exchange.schema.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/iac/sts_exchange.schema.json b/iac/sts_exchange.schema.json index af9a855..1964e78 100644 --- a/iac/sts_exchange.schema.json +++ b/iac/sts_exchange.schema.json @@ -78,6 +78,11 @@ "type": "STRING", "mode": "NULLABLE" }, + { + "name": "email_verified", + "type": "STRING", + "mode": "NULLABLE" + }, { "name": "actor", "type": "STRING", From 55546a68304ef471f526fce7cd6cc48e936d6231 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 16:45:22 +0200 Subject: [PATCH 012/194] Bump cloud.google.com/go/kms from 1.19.0 to 1.20.0 (#538) Bumps [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) from 1.19.0 to 1.20.0.
    Release notes

    Sourced from cloud.google.com/go/kms's releases.

    kms: v1.20.0

    1.20.0 (2024-09-19)

    Features

    • kms: Adding a state field for AutokeyConfig (fdb4ea9)

    Bug Fixes

    • kms: Pagination feature is introduced for method ListKeyHandles in service Autokey (fdb4ea9)

    Documentation

    • kms: A comment for field destroy_scheduled_duration in message .google.cloud.kms.v1.CryptoKey is updated for the default duration (fdb4ea9)
    • kms: Field service_resolvers in message .google.cloud.kms.v1.EkmConnection is Explicitly is marked as to have field behavior of Optional (fdb4ea9)

    kms: v1.19.1

    1.19.1 (2024-09-12)

    Bug Fixes

    Changelog

    Sourced from cloud.google.com/go/kms's changelog.

    1.20.0 (2023-06-20)

    Features

    • documentai: Add StyleInfo to document.proto (b726d41)
    • documentai: Add StyleInfo to document.proto (b726d41)

    Bug Fixes

    • documentai: REST query UpdateMask bug (df52820)
    Commits
    • ac256c5 chore: release main (#10856)
    • cb7b0a1 feat(storage/dataflux): add dataflux interface (#10748)
    • 9199843 fix(firestore): Add UTF-8 validation (#10881)
    • 9ae039a feat(firestore): surfacing the error returned from the service in Bulkwriter ...
    • cf67711 chore(all): update deps (#10871)
    • fdb4ea9 feat(dlp): action for publishing data profiles to SecOps (formelly known as C...
    • f847c75 chore(main): release bigquery 1.63.0 (#10575)
    • ce3d492 fix(bigquery): properly handle RANGE type arrays (#10883)
    • 0b3c268 feat(aiplatform): A new field generation_config is added to message `.googl...
    • 2f0aec8 feat(aiplatform): add new PipelineTaskRerunConfig field to `pipeline_job.pr...
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cloud.google.com/go/kms&package-manager=go_modules&previous-version=1.19.0&new-version=1.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 1e3d540..efd70aa 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.1 require ( chainguard.dev/go-grpc-kit v0.17.6 chainguard.dev/sdk v0.1.25 - cloud.google.com/go/kms v1.19.0 + cloud.google.com/go/kms v1.20.0 cloud.google.com/go/secretmanager v1.14.1 github.com/bradleyfalzon/ghinstallation/v2 v2.10.1-0.20240507094914-84bb4cbb7874 github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f @@ -27,7 +27,7 @@ require ( require ( cloud.google.com/go v0.115.1 // indirect - cloud.google.com/go/longrunning v0.6.0 // indirect + cloud.google.com/go/longrunning v0.6.1 // indirect cloud.google.com/go/trace v1.11.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.24.2 // indirect @@ -45,7 +45,7 @@ require ( cloud.google.com/go/auth v0.9.4 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect - cloud.google.com/go/iam v1.2.0 // indirect + cloud.google.com/go/iam v1.2.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index bc0f825..fd22658 100644 --- a/go.sum +++ b/go.sum @@ -11,14 +11,14 @@ cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= -cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= -cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= -cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU= -cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM= +cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= +cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= +cloud.google.com/go/kms v1.20.0 h1:uKUvjGqbBlI96xGE669hcVnEMw1Px/Mvfa62dhM5UrY= +cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM= cloud.google.com/go/logging v1.11.0 h1:v3ktVzXMV7CwHq1MBF65wcqLMA7i+z3YxbUsoK7mOKs= cloud.google.com/go/logging v1.11.0/go.mod h1:5LDiJC/RxTt+fHc1LAt20R9TKiUTReDg6RuuFOZ67+A= -cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= -cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= +cloud.google.com/go/longrunning v0.6.1 h1:lOLTFxYpr8hcRtcwWir5ITh1PAKUD/sG2lKrTSYjyMc= +cloud.google.com/go/longrunning v0.6.1/go.mod h1:nHISoOZpBcmlwbJmiVk5oDRz0qG/ZxPynEGs1iZ79s0= cloud.google.com/go/monitoring v1.21.0 h1:EMc0tB+d3lUewT2NzKC/hr8cSR9WsUieVywzIHetGro= cloud.google.com/go/monitoring v1.21.0/go.mod h1:tuJ+KNDdJbetSsbSGTqnaBvbauS5kr3Q/koy3Up6r+4= cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= From e80db7eb752b1909346cea633143175f14460dd5 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 30 Sep 2024 17:27:35 +0200 Subject: [PATCH 013/194] add new field to bq (audience_pattern) (#541) follow up of #540 --- iac/sts_exchange.schema.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/iac/sts_exchange.schema.json b/iac/sts_exchange.schema.json index 1964e78..11fad5f 100644 --- a/iac/sts_exchange.schema.json +++ b/iac/sts_exchange.schema.json @@ -58,6 +58,11 @@ "type": "STRING", "mode": "NULLABLE" }, + { + "name": "audience_pattern", + "type": "STRING", + "mode": "NULLABLE" + }, { "name": "claim_pattern", "type": "RECORD", From 6fec305a63edfa0c68d44f7ed7bc00641da530c0 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 30 Sep 2024 17:55:06 +0200 Subject: [PATCH 014/194] add new field to bq (audience) (#542) --- iac/sts_exchange.schema.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/iac/sts_exchange.schema.json b/iac/sts_exchange.schema.json index 11fad5f..3c31775 100644 --- a/iac/sts_exchange.schema.json +++ b/iac/sts_exchange.schema.json @@ -58,6 +58,11 @@ "type": "STRING", "mode": "NULLABLE" }, + { + "name": "audience", + "type": "STRING", + "mode": "NULLABLE" + }, { "name": "audience_pattern", "type": "STRING", From fb04e15a6e5bafe57e979b4f1b2a95d703884190 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 18:39:49 +0200 Subject: [PATCH 015/194] Bump google.golang.org/api from 0.198.0 to 0.199.0 (#539) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.198.0 to 0.199.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.199.0

    0.199.0 (2024-09-25)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.199.0 (2024-09-25)

    Features

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.198.0&new-version=0.199.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index efd70aa..57424ac 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.198.0 + google.golang.org/api v0.199.0 google.golang.org/grpc v1.67.0 k8s.io/apimachinery v0.31.1 sigs.k8s.io/yaml v1.4.0 @@ -42,7 +42,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.4 // indirect + cloud.google.com/go/auth v0.9.5 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.1 // indirect diff --git a/go.sum b/go.sum index fd22658..ebfc6ee 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ chainguard.dev/sdk v0.1.25/go.mod h1:k88fQlFggN176oyRjg7c1ICpEAbDJOlTcZe+BBHk+70 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI= -cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= +cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw= +cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= @@ -295,8 +295,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.198.0 h1:OOH5fZatk57iN0A7tjJQzt6aPfYQ1JiWkt1yGseazks= -google.golang.org/api v0.198.0/go.mod h1:/Lblzl3/Xqqk9hw/yS97TImKTUwnf1bv89v7+OagJzc= +google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs= +google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= From d731383df5c4f7d48c78e2288e8e61b42d4ab66f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 13:08:14 -0400 Subject: [PATCH 016/194] Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.10.1-0.20240507094914-84bb4cbb7874 to 2.11.0 (#407) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.10.1-0.20240507094914-84bb4cbb7874 to 2.11.0.
    Release notes

    Sourced from github.com/bradleyfalzon/ghinstallation/v2's releases.

    v2.11.0

    What's Changed

    NOTE: Now requires Go >= 1.16 to build.

    New Contributors

    Full Changelog: https://github.com/bradleyfalzon/ghinstallation/compare/v2.10.0...v2.11.0

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/bradleyfalzon/ghinstallation/v2&package-manager=go_modules&previous-version=2.10.1-0.20240507094914-84bb4cbb7874&new-version=2.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- go.mod | 5 +++-- go.sum | 6 ++++-- pkg/octosts/octosts.go | 2 +- pkg/octosts/trust_policy.go | 2 +- pkg/prober/prober.go | 2 +- pkg/webhook/webhook.go | 2 +- pkg/webhook/webhook_test.go | 2 +- 7 files changed, 12 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 57424ac..1f357ee 100644 --- a/go.mod +++ b/go.mod @@ -7,14 +7,14 @@ require ( chainguard.dev/sdk v0.1.25 cloud.google.com/go/kms v1.20.0 cloud.google.com/go/secretmanager v1.14.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.10.1-0.20240507094914-84bb4cbb7874 + github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f github.com/chainguard-dev/terraform-infra-common v0.6.85 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/google/go-cmp v0.6.0 - github.com/google/go-github/v61 v61.0.0 + github.com/google/go-github/v62 v62.0.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 @@ -33,6 +33,7 @@ require ( github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.24.2 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.2 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/google/go-github/v61 v61.0.0 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect diff --git a/go.sum b/go.sum index ebfc6ee..526f4c3 100644 --- a/go.sum +++ b/go.sum @@ -38,8 +38,8 @@ github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bradleyfalzon/ghinstallation/v2 v2.10.1-0.20240507094914-84bb4cbb7874 h1:xdoEBslnsmZhk3g0orn0db7Pu6eOkth545qLPnlb9JA= -github.com/bradleyfalzon/ghinstallation/v2 v2.10.1-0.20240507094914-84bb4cbb7874/go.mod h1:HQQ3tNU9uzAsEA4beLQTs4VTOJOONGp9Vog/SAWBGbk= +github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 h1:R9d0v+iobRHSaE4wKUnXFiZp53AL4ED5MzgEMwGTZag= +github.com/bradleyfalzon/ghinstallation/v2 v2.11.0/go.mod h1:0LWKQwOHewXO/1acI6TtyE0Xc4ObDb2rFN7eHBAG71M= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -107,6 +107,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v61 v61.0.0 h1:VwQCBwhyE9JclCI+22/7mLB1PuU9eowCXKY5pNlu1go= github.com/google/go-github/v61 v61.0.0/go.mod h1:0WR+KmsWX75G2EbpyGsGmradjo3IiciuI4BmdVCobQY= +github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= +github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= diff --git a/pkg/octosts/octosts.go b/pkg/octosts/octosts.go index 7e71875..95ad025 100644 --- a/pkg/octosts/octosts.go +++ b/pkg/octosts/octosts.go @@ -19,7 +19,7 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" cloudevents "github.com/cloudevents/sdk-go/v2" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v61/github" + "github.com/google/go-github/v62/github" lru "github.com/hashicorp/golang-lru/v2" expirablelru "github.com/hashicorp/golang-lru/v2/expirable" diff --git a/pkg/octosts/trust_policy.go b/pkg/octosts/trust_policy.go index 348711c..133c982 100644 --- a/pkg/octosts/trust_policy.go +++ b/pkg/octosts/trust_policy.go @@ -10,7 +10,7 @@ import ( "slices" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v61/github" + "github.com/google/go-github/v62/github" ) type TrustPolicy struct { diff --git a/pkg/prober/prober.go b/pkg/prober/prober.go index 60dd52c..5dd31e6 100644 --- a/pkg/prober/prober.go +++ b/pkg/prober/prober.go @@ -11,7 +11,7 @@ import ( "chainguard.dev/sdk/sts" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v61/github" + "github.com/google/go-github/v62/github" "github.com/kelseyhightower/envconfig" "github.com/octo-sts/app/pkg/octosts" "golang.org/x/oauth2" diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index 00d36bf..35fd952 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -17,7 +17,7 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v61/github" + "github.com/google/go-github/v62/github" "github.com/hashicorp/go-multierror" "github.com/octo-sts/app/pkg/octosts" "k8s.io/apimachinery/pkg/util/sets" diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go index 477c9af..040311c 100644 --- a/pkg/webhook/webhook_test.go +++ b/pkg/webhook/webhook_test.go @@ -24,7 +24,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/chainguard-dev/clog/slogtest" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v61/github" + "github.com/google/go-github/v62/github" ) func TestValidatePolicy(t *testing.T) { From 6b3a4bab4501c5c82262023451e9de3c4c346a0b Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Mon, 30 Sep 2024 21:05:59 -0700 Subject: [PATCH 017/194] Plumb through a deletion protection option. (#544) Signed-off-by: Matt Moore --- modules/app/main.tf | 2 ++ modules/app/variables.tf | 6 ++++++ modules/app/webhook.tf | 2 ++ 3 files changed, 10 insertions(+) diff --git a/modules/app/main.tf b/modules/app/main.tf index 76d657e..4a17d6a 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -77,6 +77,8 @@ module "this" { name = var.name regions = var.regions + deletion_protection = var.deletion_protection + // Only accept traffic coming from GCLB. ingress = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER" // This needs to egress in order to talk to Github diff --git a/modules/app/variables.tf b/modules/app/variables.tf index a939e00..6b0039c 100644 --- a/modules/app/variables.tf +++ b/modules/app/variables.tf @@ -15,6 +15,12 @@ variable "regions" { })) } +variable "deletion_protection" { + type = bool + description = "Whether to enable delete protection for the service." + default = true +} + variable "private-services" { description = "The names of the private services this module depends on." type = object({ diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 96f7918..fd3f572 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -26,6 +26,8 @@ module "webhook" { name = "${var.name}-webhook" regions = var.regions + deletion_protection = var.deletion_protection + // Only accept traffic coming from GCLB. ingress = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER" // This needs to egress in order to talk to Github From 53d763fa6d78e3d1452eef48e6a9a3ea88a45a71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 09:07:18 +0200 Subject: [PATCH 018/194] Bump reviewdog/action-actionlint from 1.56.0 to 1.57.0 in the all group (#543) Bumps the all group with 1 update: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint). Updates `reviewdog/action-actionlint` from 1.56.0 to 1.57.0
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.57.0

    v1.57.0: PR #144 - chore(deps): update actionlint to 1.7.3

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reviewdog/action-actionlint&package-manager=github_actions&previous-version=1.56.0&new-version=1.57.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 5d8b123..83cdb19 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@15a7a477ab5ab768a41c39b2c53970bf151c73f3 # v1.56.0 + uses: reviewdog/action-actionlint@7eeec1dd160c2301eb28e1568721837d084558ad # v1.57.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} From 6b44bd123f0c90da33434995fdef452149540f3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 17:46:40 +0100 Subject: [PATCH 019/194] Bump the all group across 1 directory with 5 updates (#570) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.0` | `4.2.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.2` | `5.1.0` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.5` | `2.1.6` | | [rtCamp/action-slack-notify](https://github.com/rtcamp/action-slack-notify) | `2.3.0` | `2.3.2` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.0` | `6.1.1` | Updates `actions/checkout` from 4.2.0 to 4.2.2
    Release notes

    Sourced from actions/checkout's releases.

    v4.2.2

    What's Changed

    Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

    v4.2.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

    Changelog

    Sourced from actions/checkout's changelog.

    Changelog

    v4.2.2

    v4.2.1

    v4.2.0

    v4.1.7

    v4.1.6

    v4.1.5

    v4.1.4

    v4.1.3

    v4.1.2

    v4.1.1

    v4.1.0

    ... (truncated)

    Commits

    Updates `actions/setup-go` from 5.0.2 to 5.1.0
    Release notes

    Sourced from actions/setup-go's releases.

    v5.1.0

    What's Changed

    Bug Fixes

    New Contributors

    Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.1.0

    Commits

    Updates `google-github-actions/auth` from 2.1.5 to 2.1.6
    Release notes

    Sourced from google-github-actions/auth's releases.

    v2.1.6

    What's Changed

    Full Changelog: https://github.com/google-github-actions/auth/compare/v2.1.5...v2.1.6

    Commits

    Updates `rtCamp/action-slack-notify` from 2.3.0 to 2.3.2
    Release notes

    Sourced from rtCamp/action-slack-notify's releases.

    v2.3.2

    What's Changed

    Changelog:

    What's Changed

    Full Changelog: https://github.com/rtCamp/action-slack-notify/compare/v2.3.1...v2.3.2

    v2.3.1

    What's Changed

    Changelog:

    What's Changed

    New Contributors

    Full Changelog: https://github.com/rtCamp/action-slack-notify/compare/v2...v2.3.1

    Commits
    • c337377 Update action image version to v2.3.2
    • 1134e51 Merge pull request #207 from L0RD-ZER0/master
    • 2e9d8e4 Update the way text is set
    • 3154c16 Merge pull request #206 from rtCamp/dependabot/docker/golang-f6392ff
    • 083cc1d Bump golang from e0ea2a1 to f6392ff
    • 65e6fc1 Update action image version to v2.3.1
    • dbbd015 Merge pull request #198 from rtCamp/dependabot/docker/golang-e0ea2a1
    • 9cf45d7 Merge pull request #199 from rtCamp/dependabot/docker/alpine-beefdbd8a1da6d29...
    • 17200f4 Bump alpine from 0a4eaa0 to beefdbd
    • e01e65e Bump golang from fe8f9c7 to e0ea2a1
    • Additional commits viewable in compare view

    Updates `golangci/golangci-lint-action` from 6.1.0 to 6.1.1
    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v6.1.1

    What's Changed

    Changes

    Documentation

    Dependencies

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.1.0...v6.1.1

    Commits
    • 971e284 build(deps-dev): bump the dev-dependencies group with 3 updates (#1108)
    • bbe7eb5 build(deps): bump @​types/node from 22.5.5 to 22.7.4 in the dependencies group...
    • ebae5ce build(deps-dev): bump the dev-dependencies group with 3 updates (#1105)
    • 06c3f3a build(deps): bump @​types/node from 22.5.4 to 22.5.5 in the dependencies group...
    • 56689d8 build(deps-dev): bump the dev-dependencies group with 3 updates (#1103)
    • c7bab6f fix: clean go install output (#1102)
    • 33f56cc build(deps-dev): bump the dev-dependencies group with 3 updates (#1099)
    • e954224 build(deps): bump @​types/node from 22.5.2 to 22.5.4 in the dependencies group...
    • 68de804 build(deps): bump @​types/node from 22.5.1 to 22.5.2 in the dependencies group...
    • 22a3756 build(deps-dev): bump the dev-dependencies group with 2 updates (#1097)
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/boilerplate.yaml | 2 +- .github/workflows/deploy.yaml | 8 ++++---- .github/workflows/donotsubmit.yaml | 2 +- .github/workflows/go-test.yaml | 4 ++-- .github/workflows/style.yaml | 18 +++++++++--------- .github/workflows/terraform.yaml | 2 +- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 83cdb19..20911eb 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Find yamls id: get_yamls diff --git a/.github/workflows/boilerplate.yaml b/.github/workflows/boilerplate.yaml index a333eb9..29717db 100644 --- a/.github/workflows/boilerplate.yaml +++ b/.github/workflows/boilerplate.yaml @@ -35,7 +35,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: chainguard-dev/actions/boilerplate@main with: diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 705dd00..2db70c1 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -22,13 +22,13 @@ jobs: id-token: write # federates with GCP steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v3 - - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: './go.mod' check-latest: true - - uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5 + - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 id: auth with: token_format: 'access_token' @@ -55,7 +55,7 @@ jobs: terraform apply -auto-approve - - uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0 + - uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 # v2.3.2 if: ${{ failure() }} env: SLACK_ICON: http://github.com/chainguard-dev.png?size=48 diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index bdf729a..02d09a8 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Do Not Submit uses: chainguard-dev/actions/donotsubmit@main diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 1587dc1..5dbb2ad 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -17,10 +17,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code onto GOPATH - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 210cf8c..97433a2 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -18,10 +18,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: './go.mod' check-latest: true @@ -35,10 +35,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: './go.mod' check-latest: true @@ -50,16 +50,16 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: './go.mod' check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v3.7.1 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v3.7.1 with: version: v1.61 @@ -69,10 +69,10 @@ jobs: steps: - name: Check out code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 5b8199f..04c66de 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -20,7 +20,7 @@ jobs: - ./iac steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_version: 1.9 From fa09a3d44680f1de61fede632cf0cb0edae04946 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:02:18 +0100 Subject: [PATCH 020/194] Bump chainguard-dev/common/infra from 0.6.85 to 0.6.92 in /iac in the all group across 1 directory (#568) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.85 to 0.6.92
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.92

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.91...v0.6.92

    v0.6.91

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.90...v0.6.91

    v0.6.90

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.89...v0.6.90

    v0.6.89

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.88...v0.6.89

    v0.6.88

    What's Changed

    ... (truncated)

    Commits
    • 8e8e388 fix dashboard, causing missing required displayName error (#609)
    • 1a622a9 default launch stage now that vpc access is GA (#608)
    • 96af9cc Add new dashboard module that removes defaulted values that generates no-op d...
    • 060b154 build(deps): bump the gomod group across 1 directory with 2 updates (#605)
    • c89a4ff build(deps): bump the actions group across 1 directory with 2 updates (#606)
    • b3a40b5 build(deps): bump chainguard.dev/sdk from 0.1.27 to 0.1.28 in the gomod group...
    • d92dd9b build(deps): bump cloud.google.com/go/storage from 1.44.0 to 1.45.0 in the go...
    • feca306 github-bots: optionally use a pre-defined service account email (#598)
    • 7de9003 build(deps): bump the gomod group with 3 updates (#597)
    • 5f9c1ce build(deps): bump the gomod group with 3 updates (#596)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.85&new-version=0.6.92)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 2925aa2..0d7343e 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.85" + version = "0.6.92" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.85" + version = "0.6.92" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 7f8de9b..9a54805 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.85" + version = "0.6.92" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 47b7e00..6724a61 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.85" + version = "0.6.92" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index a610999..caba324 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.85" + version = "0.6.92" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.85" + version = "0.6.92" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.85" + version = "0.6.92" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 4a17d6a..4d8779a 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.85" + version = "0.6.92" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.85" + version = "0.6.92" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index fd3f572..3b4ce8d 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.85" + version = "0.6.92" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.85" + version = "0.6.92" project_id = var.project_id name = "${var.name}-webhook" From 9976f975424de18a4c22d35b150aa66ceee37ce4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:09:09 +0100 Subject: [PATCH 021/194] Bump chainguard-dev/common/infra from 0.6.85 to 0.6.92 in /iac/bootstrap in the all group across 1 directory (#569) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac/bootstrap directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.85 to 0.6.92
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.92

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.91...v0.6.92

    v0.6.91

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.90...v0.6.91

    v0.6.90

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.89...v0.6.90

    v0.6.89

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.88...v0.6.89

    v0.6.88

    What's Changed

    ... (truncated)

    Commits
    • 8e8e388 fix dashboard, causing missing required displayName error (#609)
    • 1a622a9 default launch stage now that vpc access is GA (#608)
    • 96af9cc Add new dashboard module that removes defaulted values that generates no-op d...
    • 060b154 build(deps): bump the gomod group across 1 directory with 2 updates (#605)
    • c89a4ff build(deps): bump the actions group across 1 directory with 2 updates (#606)
    • b3a40b5 build(deps): bump chainguard.dev/sdk from 0.1.27 to 0.1.28 in the gomod group...
    • d92dd9b build(deps): bump cloud.google.com/go/storage from 1.44.0 to 1.45.0 in the go...
    • feca306 github-bots: optionally use a pre-defined service account email (#598)
    • 7de9003 build(deps): bump the gomod group with 3 updates (#597)
    • 5f9c1ce build(deps): bump the gomod group with 3 updates (#596)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.85&new-version=0.6.92)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 69fb376..fd2a724 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.85" + version = "0.6.92" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.85" + version = "0.6.92" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.85" + version = "0.6.92" project_id = var.project_id name = "github-pull-requests" From d4875b7ad9b823e0a612243d96c763629b5bc01e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 09:06:24 +0100 Subject: [PATCH 022/194] Bump chainguard-dev/common/infra from 0.6.92 to 0.6.93 in /modules/app in the all group across 1 directory (#571) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /modules/app directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.92 to 0.6.93
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.93

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.92...v0.6.93

    Commits
    • 93011e1 Add disk usage metric to resource section (#614)
    • 97b27ad Add a scraper to scrape disk usage metrics (#612)
    • 2450811 build(deps): bump cloud.google.com/go/pubsub from 1.45.0 to 1.45.1 in the gom...
    • 9e87499 build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 in the actions group (...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.92&new-version=0.6.93)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 4d8779a..eb4a10e 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.92" + version = "0.6.93" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.92" + version = "0.6.93" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 3b4ce8d..75a9215 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.92" + version = "0.6.93" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.92" + version = "0.6.93" project_id = var.project_id name = "${var.name}-webhook" From e5416e552f9793375468e7404c87019ad7a7deec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 10:15:28 +0100 Subject: [PATCH 023/194] Bump chainguard-dev/common/infra from 0.6.92 to 0.6.93 in /iac in the all group (#573) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.92 to 0.6.93
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.93

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.92...v0.6.93

    Commits
    • 93011e1 Add disk usage metric to resource section (#614)
    • 97b27ad Add a scraper to scrape disk usage metrics (#612)
    • 2450811 build(deps): bump cloud.google.com/go/pubsub from 1.45.0 to 1.45.1 in the gom...
    • 9e87499 build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 in the actions group (...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.92&new-version=0.6.93)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 0d7343e..fc4bb2f 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.92" + version = "0.6.93" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.92" + version = "0.6.93" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 9a54805..936279a 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.92" + version = "0.6.93" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 6724a61..28971d2 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.92" + version = "0.6.93" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index caba324..89d6d63 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.92" + version = "0.6.93" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.92" + version = "0.6.93" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.92" + version = "0.6.93" service_name = var.name project_id = var.project_id From 3a0a7464254d99bcb08f5c40472d23116927439e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 10:37:37 +0100 Subject: [PATCH 024/194] Bump chainguard-dev/common/infra from 0.6.92 to 0.6.93 in /iac/bootstrap in the all group (#574) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.92 to 0.6.93
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.93

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.92...v0.6.93

    Commits
    • 93011e1 Add disk usage metric to resource section (#614)
    • 97b27ad Add a scraper to scrape disk usage metrics (#612)
    • 2450811 build(deps): bump cloud.google.com/go/pubsub from 1.45.0 to 1.45.1 in the gom...
    • 9e87499 build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 in the actions group (...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.92&new-version=0.6.93)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index fd2a724..1f94d6a 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.92" + version = "0.6.93" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.92" + version = "0.6.93" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.92" + version = "0.6.93" project_id = var.project_id name = "github-pull-requests" From 9753e202c31de49369e3e5b91cf8f85399dd3153 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Wed, 30 Oct 2024 10:42:15 +0100 Subject: [PATCH 025/194] add github verify check mark (#572) --- iac/github_verify.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 iac/github_verify.tf diff --git a/iac/github_verify.tf b/iac/github_verify.tf new file mode 100644 index 0000000..13d9d01 --- /dev/null +++ b/iac/github_verify.tf @@ -0,0 +1,11 @@ +resource "google_dns_record_set" "github_verify" { + managed_zone = google_dns_managed_zone.top-level-zone.name + + name = "_gh-octo-sts-o.octo-sts.dev." + type = "TXT" + ttl = 300 + + rrdatas = [ + "\"cc539450df\"", + ] +} From bae5250f1daf30e647a13ab75c20863746ba3e6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Oct 2024 08:44:33 +0100 Subject: [PATCH 026/194] Bump google-github-actions/auth from 2.1.6 to 2.1.7 in the all group (#580) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [google-github-actions/auth](https://github.com/google-github-actions/auth). Updates `google-github-actions/auth` from 2.1.6 to 2.1.7
    Release notes

    Sourced from google-github-actions/auth's releases.

    v2.1.7

    What's Changed

    Full Changelog: https://github.com/google-github-actions/auth/compare/v2.1.6...v2.1.7

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google-github-actions/auth&package-manager=github_actions&previous-version=2.1.6&new-version=2.1.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 2db70c1..011a4fb 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -28,7 +28,7 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 + - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 id: auth with: token_format: 'access_token' From 44672b2267af9a5181fe2bcf5ce7439a889f2e71 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 4 Nov 2024 09:45:10 +0100 Subject: [PATCH 027/194] document current github permissions enabled (#582) --- README.md | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/README.md b/README.md index e96587c..94caea3 100644 --- a/README.md +++ b/README.md @@ -91,3 +91,85 @@ An issue will be created to explain what permissions is being added or removed. Special cases will be discussed in a GitHub issue in https://github.com/octo-sts/app/issues and we might apply more than one change during the quarter. + +### Octo-STS GitHub Permissions + +The following permissions are the currently enabled in octo-Sts and will be available when installing the GitHub APP + +#### Repository Permissions: + + - **Actions**: `Read/Write` + - **Administration** : `Read-only` + - **Attestations**: `No Access` + - **Checks**: `Read/Write` + - **Code Scanning Alerts**: `No Access` + - **Codespaces**: `No Access` + - **Codespaces lifecycle admin**: `No Access` + - **Codespaces metadata**: `No Access` + - **Codespaces secrets**: `No Access` + - **Commit statuses**: `Read/Write` + - **Contents**: `Read/Write` + - **Custom properties**: `No Access` + - **Dependabot alerts**: `No Access` + - **Dependabot secrets**: `No Access` + - **Deployments**: `Read/Write` + - **Discussions**: `Read/Write` + - **Environments**: `No Access` + - **Issues**: `Read/Write` + - **Merge queues**: `No Access` + - **Metadata (Mandatory)**: `Read-only` + - **Packages**: `Read/Write` + - **Pages**: `No Access` + - **Projects**: `Read/Write` + - **Pull requests**: `Read/Write` + - **Repository security advisories**: `No Access` + - **Secret scanning alerts**: `No Access` + - **Secrets**: `No Access` + - **Single file**: `No Access` + - **Variables**: `No Access` + - **Webhooks**: `No Access` + - **Workflows**: `Read/Write` + +#### Organization Permissions: + +- **API Insights**: `No Access` +- **Administration**: `Read-only` +- **Blocking users**: `No Access` +- **Custom organizations roles**: `No Access` +- **Custom properties**: `No Access` +- **Custom repository roles**: `No Access` +- **Events**: `Read-only` +- **GitHub Copilot Business**: `No Access` +- **Knowledge bases**: `No Access` +- **Members**: `Read-only` +- **Organization codespaces**: `No Access` +- **Organization codespaces secrets**: `No Access` +- **Organization codespaces settings**: `No Access` +- **Organization dependabot secrets**: `No Access` +- **Personal access token requests**: `No Access` +- **Personal access tokens**: `No Access` +- **Plan**: `No Access` +- **Projects**: `Read/Write` +- **Secrets**: `No Access` +- **Self-hosted runners**: `No Access` +- **Team discussions**: `No Access` +- **Variables**: `No Access` +- **Webhooks**: `No Access` + +#### Account Permissions: + +- **Block another user**: `No Access` +- **Codespaces user secrets**: `No Access` +- **Copilot Chat**: `No Access` +- **Email addresses**: `No Access` +- **Events**: `No Access` +- **Followers**: `No Access` +- **GPG keys**: `No Access` +- **Gists**: `No Access` +- **Git SSH keys**: `No Access` +- **Interaction limits**: `No Access` +- **Plan**: `No Access` +- **Profile**: `No Access` +- **SSH signing keys**: `No Access` +- **Starring**: `No Access` +- **Watching**: `No Access` From 4477848ae11391d1535419b888c55bbb7437891a Mon Sep 17 00:00:00 2001 From: Dan Luhring Date: Tue, 5 Nov 2024 05:09:14 -0500 Subject: [PATCH 028/194] fix: wording for trust policy not found error (#585) I could not parse what this was saying before. Signed-off-by: Dan Luhring --- pkg/octosts/octosts.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/octosts/octosts.go b/pkg/octosts/octosts.go index 95ad025..3ff83ef 100644 --- a/pkg/octosts/octosts.go +++ b/pkg/octosts/octosts.go @@ -300,7 +300,7 @@ func (s *sts) lookupTrustPolicy(ctx context.Context, install int64, trustPolicyK if err != nil { clog.InfoContextf(ctx, "failed to find trust policy: %v", err) // Don't leak the error to the client. - return status.Errorf(codes.NotFound, "unable to find trust policy found for %q", trustPolicyKey.identity) + return status.Errorf(codes.NotFound, "unable to find trust policy for %q", trustPolicyKey.identity) } raw, err = file.GetContent() From 917e7b1ea7399fb31f2c0ca439078f033acf424e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 12:38:54 +0100 Subject: [PATCH 029/194] Bump chainguard-dev/common/infra from 0.6.93 to 0.6.94 in /modules/app in the all group (#576) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.93 to 0.6.94
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.94

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.93...v0.6.94

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.93&new-version=0.6.94)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index eb4a10e..828cd08 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.93" + version = "0.6.94" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.93" + version = "0.6.94" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 75a9215..0dda189 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.93" + version = "0.6.94" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.93" + version = "0.6.94" project_id = var.project_id name = "${var.name}-webhook" From 9ab55aa5952ea1127f76c56e5088bec80b812d3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 13:05:21 +0100 Subject: [PATCH 030/194] Bump chainguard-dev/common/infra from 0.6.93 to 0.6.94 in /iac/bootstrap in the all group (#577) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.93 to 0.6.94
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.94

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.93...v0.6.94

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.93&new-version=0.6.94)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 1f94d6a..950ebad 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.93" + version = "0.6.94" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.93" + version = "0.6.94" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.93" + version = "0.6.94" project_id = var.project_id name = "github-pull-requests" From 3792e6441cbc9074458eaec23b914d1f98130b80 Mon Sep 17 00:00:00 2001 From: Billy Lynch <1844673+wlynch@users.noreply.github.com> Date: Tue, 5 Nov 2024 11:53:29 -0500 Subject: [PATCH 031/194] Add exchange unit testing. (#588) --- go.mod | 3 +- go.sum | 2 - pkg/octosts/octosts_test.go | 260 ++++++++++++++++++ pkg/octosts/testdata/org/.github/foo.sts.yaml | 9 + .../org/.github/org-delegation.sts.yaml | 9 + pkg/octosts/testdata/org/repo/foo.sts.yaml | 9 + pkg/provider/provider.go | 27 +- 7 files changed, 313 insertions(+), 6 deletions(-) create mode 100644 pkg/octosts/octosts_test.go create mode 100644 pkg/octosts/testdata/org/.github/foo.sts.yaml create mode 100644 pkg/octosts/testdata/org/.github/org-delegation.sts.yaml create mode 100644 pkg/octosts/testdata/org/repo/foo.sts.yaml diff --git a/go.mod b/go.mod index 1f357ee..a3fed21 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,6 @@ require ( github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.24.2 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.2 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/google/go-github/v61 v61.0.0 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -51,7 +50,7 @@ require ( github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.0.4 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect diff --git a/go.sum b/go.sum index 526f4c3..48ecba2 100644 --- a/go.sum +++ b/go.sum @@ -105,8 +105,6 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-github/v61 v61.0.0 h1:VwQCBwhyE9JclCI+22/7mLB1PuU9eowCXKY5pNlu1go= -github.com/google/go-github/v61 v61.0.0/go.mod h1:0WR+KmsWX75G2EbpyGsGmradjo3IiciuI4BmdVCobQY= github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= diff --git a/pkg/octosts/octosts_test.go b/pkg/octosts/octosts_test.go new file mode 100644 index 0000000..22bdf58 --- /dev/null +++ b/pkg/octosts/octosts_test.go @@ -0,0 +1,260 @@ +// Copyright 2024 Chainguard, Inc. +// SPDX-License-Identifier: Apache-2.0 + +package octosts + +import ( + "context" + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/rsa" + "crypto/tls" + "crypto/x509" + "encoding/base64" + "encoding/json" + "encoding/pem" + "fmt" + "io" + "math/big" + "net" + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "strings" + "testing" + "time" + + v1 "chainguard.dev/sdk/proto/platform/oidc/v1" + "github.com/bradleyfalzon/ghinstallation/v2" + "github.com/coreos/go-oidc/v3/oidc" + "github.com/go-jose/go-jose/v4" + josejwt "github.com/go-jose/go-jose/v4/jwt" + jwt "github.com/golang-jwt/jwt/v4" + "github.com/google/go-cmp/cmp" + "github.com/google/go-github/v62/github" + "github.com/octo-sts/app/pkg/provider" + "google.golang.org/grpc/metadata" +) + +type fakeGitHub struct { + mux *http.ServeMux +} + +func newFakeGitHub() *fakeGitHub { + mux := http.NewServeMux() + mux.HandleFunc("/app/installations", func(w http.ResponseWriter, r *http.Request) { + json.NewEncoder(w).Encode([]github.Installation{{ + ID: github.Int64(1234), + Account: &github.User{ + Login: github.String("org"), + }, + }}) + }) + mux.HandleFunc("/app/installations/{appID}/access_tokens", func(w http.ResponseWriter, r *http.Request) { + b, err := io.ReadAll(r.Body) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + json.NewEncoder(w).Encode(github.InstallationToken{ + Token: github.String(base64.StdEncoding.EncodeToString(b)), + ExpiresAt: &github.Timestamp{Time: time.Now().Add(10 * time.Minute)}, + }) + }) + mux.HandleFunc("/repos/{org}/{repo}/contents/.github/chainguard/{identity}", func(w http.ResponseWriter, r *http.Request) { + b, err := os.ReadFile(filepath.Join("testdata", r.PathValue("org"), r.PathValue("repo"), r.PathValue("identity"))) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprintf(io.MultiWriter(w, os.Stdout), "ReadFile failed: %v\n", err) + } + json.NewEncoder(w).Encode(github.RepositoryContent{ + Content: github.String(base64.StdEncoding.EncodeToString(b)), + Type: github.String("file"), + Encoding: github.String("base64"), + }) + }) + mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusNotImplemented) + fmt.Fprintf(io.MultiWriter(w, os.Stdout), "%s %s not implemented\n", r.Method, r.URL.Path) + }) + + return &fakeGitHub{ + mux: mux, + } +} + +func (f *fakeGitHub) ServeHTTP(w http.ResponseWriter, r *http.Request) { + f.mux.ServeHTTP(w, r) +} + +func TestExchange(t *testing.T) { + ctx := context.Background() + atr := newGitHubClient(t, newFakeGitHub()) + + pk, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatalf("cannot generate RSA key %v", err) + } + signer, err := jose.NewSigner(jose.SigningKey{ + Algorithm: jose.RS256, + Key: pk, + }, nil) + if err != nil { + t.Fatalf("jose.NewSigner() = %v", err) + } + + iss := "https://token.actions.githubusercontent.com" + token, err := josejwt.Signed(signer).Claims(josejwt.Claims{ + Subject: "foo", + Issuer: iss, + Audience: josejwt.Audience{"octosts"}, + Expiry: josejwt.NewNumericDate(time.Now().Add(10 * time.Minute)), + }).Serialize() + if err != nil { + t.Fatalf("CompactSerialize failed: %v", err) + } + provider.AddTestKeySetVerifier(t, iss, &oidc.StaticKeySet{ + PublicKeys: []crypto.PublicKey{pk.Public()}, + }) + ctx = metadata.NewIncomingContext(ctx, metadata.MD{"authorization": []string{"Bearer " + token}}) + + sts := &sts{ + atr: atr, + } + for _, tc := range []struct { + name string + req *v1.ExchangeRequest + want *github.InstallationTokenOptions + }{ + { + name: "repo", + req: &v1.ExchangeRequest{ + Identity: "foo", + Scope: "org/repo", + }, + want: &github.InstallationTokenOptions{ + Repositories: []string{"repo"}, + Permissions: &github.InstallationPermissions{ + PullRequests: github.String("write"), + }, + }, + }, + { + name: "org", + req: &v1.ExchangeRequest{ + Identity: "foo", + Scope: "org", + }, + want: &github.InstallationTokenOptions{ + Permissions: &github.InstallationPermissions{ + PullRequests: github.String("write"), + }, + }, + }, + } { + t.Run(tc.name, func(t *testing.T) { + tok, err := sts.Exchange(ctx, tc.req) + if err != nil { + t.Fatalf("Exchange failed: %v", err) + } + + b, err := base64.StdEncoding.DecodeString(tok.Token) + if err != nil { + t.Fatalf("DecodeString failed: %v", err) + } + got := new(github.InstallationTokenOptions) + if err := json.Unmarshal(b, got); err != nil { + t.Fatalf("Unmarshal failed: %v", err) + } + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Error(diff) + } + }) + } +} + +func newGitHubClient(t *testing.T, h http.Handler) *ghinstallation.AppsTransport { + t.Helper() + + tlsConfig, err := generateTLS(&x509.Certificate{ + SerialNumber: big.NewInt(1), + NotAfter: time.Now().Add(10 * time.Hour), + DNSNames: []string{"localhost"}, + }) + if err != nil { + t.Fatal(err) + } + srv := httptest.NewUnstartedServer(h) + srv.TLS = tlsConfig + srv.StartTLS() + t.Cleanup(srv.Close) + + // Create a custom transport that overrides the Dial funcs - this forces all traffic + // that uses this transport to go through this server, regardless of the URL. + transport := &http.Transport{ + TLSClientConfig: tlsConfig, + DialTLS: func(network, addr string) (net.Conn, error) { + return tls.Dial(network, strings.TrimPrefix(srv.URL, "https://"), tlsConfig) + }, + Dial: func(network, addr string) (net.Conn, error) { + return tls.Dial(network, strings.TrimPrefix(srv.URL, "http://"), tlsConfig) + }, + } + + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatalf("GenerateKey failed: %v", err) + } + ghsigner := ghinstallation.NewRSASigner(jwt.SigningMethodRS256, key) + + atr, err := ghinstallation.NewAppsTransportWithOptions(transport, 1234, ghinstallation.WithSigner(ghsigner)) + if err != nil { + t.Fatalf("NewAppsTransportWithOptions failed: %v", err) + } + atr.BaseURL = srv.URL + + return atr +} + +func generateTLS(tmpl *x509.Certificate) (*tls.Config, error) { + priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + return nil, fmt.Errorf("error generating private key: %w", err) + } + pub := &priv.PublicKey + raw, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, pub, priv) + if err != nil { + return nil, fmt.Errorf("error generating certificate: %w", err) + } + certPEM := pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: raw, + }) + keyBytes, err := x509.MarshalPKCS8PrivateKey(priv) + if err != nil { + return nil, fmt.Errorf("error marshaling key bytes: %w", err) + } + keyPEM := pem.EncodeToMemory(&pem.Block{ + Type: "PRIVATE KEY", + Bytes: keyBytes, + }) + tlsCert, err := tls.X509KeyPair(certPEM, keyPEM) + if err != nil { + return nil, fmt.Errorf("error loading tls certificate: %w", err) + } + pool := x509.NewCertPool() + if !pool.AppendCertsFromPEM(certPEM) { + return nil, fmt.Errorf("error adding cert to pool") + } + + // configuration of the certificate what we want to + return &tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + RootCAs: pool, + InsecureSkipVerify: true, + }, nil +} diff --git a/pkg/octosts/testdata/org/.github/foo.sts.yaml b/pkg/octosts/testdata/org/.github/foo.sts.yaml new file mode 100644 index 0000000..86925c8 --- /dev/null +++ b/pkg/octosts/testdata/org/.github/foo.sts.yaml @@ -0,0 +1,9 @@ +# Copyright 2024 Chainguard, Inc. +# SPDX-License-Identifier: Apache-2.0 + +issuer: https://token.actions.githubusercontent.com +subject: foo +audience: octosts + +permissions: + pull_requests: write diff --git a/pkg/octosts/testdata/org/.github/org-delegation.sts.yaml b/pkg/octosts/testdata/org/.github/org-delegation.sts.yaml new file mode 100644 index 0000000..86925c8 --- /dev/null +++ b/pkg/octosts/testdata/org/.github/org-delegation.sts.yaml @@ -0,0 +1,9 @@ +# Copyright 2024 Chainguard, Inc. +# SPDX-License-Identifier: Apache-2.0 + +issuer: https://token.actions.githubusercontent.com +subject: foo +audience: octosts + +permissions: + pull_requests: write diff --git a/pkg/octosts/testdata/org/repo/foo.sts.yaml b/pkg/octosts/testdata/org/repo/foo.sts.yaml new file mode 100644 index 0000000..86925c8 --- /dev/null +++ b/pkg/octosts/testdata/org/repo/foo.sts.yaml @@ -0,0 +1,9 @@ +# Copyright 2024 Chainguard, Inc. +# SPDX-License-Identifier: Apache-2.0 + +issuer: https://token.actions.githubusercontent.com +subject: foo +audience: octosts + +permissions: + pull_requests: write diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index 2c15a51..bf9229d 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -7,6 +7,7 @@ import ( "context" "fmt" "net/http" + "testing" "github.com/chainguard-dev/clog" "github.com/chainguard-dev/terraform-infra-common/pkg/httpmetrics" @@ -24,10 +25,14 @@ const MaximumResponseSize = 100 * 1024 // 100KiB var ( // providers is an LRU cache of recently used providers. - providers, _ = lru.New2Q[string, *oidc.Provider](100) + providers, _ = lru.New2Q[string, VerifierProvider](100) ) -func Get(ctx context.Context, issuer string) (provider *oidc.Provider, err error) { +type VerifierProvider interface { + Verifier(config *oidc.Config) *oidc.IDTokenVerifier +} + +func Get(ctx context.Context, issuer string) (provider VerifierProvider, err error) { // Return any verifiers that we have already constructed // to avoid paying for discovery again. if v, ok := providers.Get(issuer); ok { @@ -51,3 +56,21 @@ func Get(ctx context.Context, issuer string) (provider *oidc.Provider, err error return provider, nil } + +type keysetProvider struct { + issuer string + keySet oidc.KeySet +} + +func (s *keysetProvider) Verifier(config *oidc.Config) *oidc.IDTokenVerifier { + return oidc.NewVerifier(s.issuer, s.keySet, config) +} + +// AddTestKeySetVerifier adds a test key set verifier to the provider cachef or the issuer. +// This is primarily intended for testing - the static key set is not verified against the upstream issuer. +func AddTestKeySetVerifier(t *testing.T, issuer string, keySet oidc.KeySet) { + providers.Add(issuer, &keysetProvider{ + issuer: issuer, + keySet: keySet, + }) +} From 99e1863714a7d5d252b8ab781a9fe8e6040e5dc8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 18:11:13 +0100 Subject: [PATCH 032/194] Bump chainguard-dev/common/infra from 0.6.93 to 0.6.94 in /iac in the all group (#578) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.93 to 0.6.94
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.94

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.93...v0.6.94

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.93&new-version=0.6.94)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index fc4bb2f..8be831f 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.93" + version = "0.6.94" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.93" + version = "0.6.94" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 936279a..ef727f8 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.93" + version = "0.6.94" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 28971d2..ddee2b4 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.93" + version = "0.6.94" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 89d6d63..4b20bb8 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.93" + version = "0.6.94" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.93" + version = "0.6.94" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.93" + version = "0.6.94" service_name = var.name project_id = var.project_id From 708c8ea28d49cf0860f0a6aefe1a3ffe24e9eab1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 14:26:46 +0100 Subject: [PATCH 033/194] Bump chainguard-dev/common/infra from 0.6.94 to 0.6.95 in /iac in the all group (#590) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.94 to 0.6.95
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.95

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.94...v0.6.95

    Commits
    • e90ed56 support for adding labels (#618)
    • 3e83403 build(deps): bump the gomod group with 3 updates (#617)
    • 439a827 build(deps): bump cloud.google.com/go/bigquery from 1.63.1 to 1.64.0 in the g...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.94&new-version=0.6.95)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 8be831f..453a3c8 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.94" + version = "0.6.95" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.94" + version = "0.6.95" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index ef727f8..57cd1ac 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.94" + version = "0.6.95" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index ddee2b4..0366fb9 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.94" + version = "0.6.95" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 4b20bb8..87a976e 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.94" + version = "0.6.95" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.94" + version = "0.6.95" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.94" + version = "0.6.95" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 828cd08..84c7800 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.94" + version = "0.6.95" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.94" + version = "0.6.95" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 0dda189..d856cfa 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.94" + version = "0.6.95" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.94" + version = "0.6.95" project_id = var.project_id name = "${var.name}-webhook" From 37f1b934403f5673b7532830ec80703a17fc463b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 14:39:25 +0100 Subject: [PATCH 034/194] Bump chainguard-dev/common/infra from 0.6.94 to 0.6.95 in /iac/bootstrap in the all group (#592) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.94 to 0.6.95
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.95

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.94...v0.6.95

    Commits
    • e90ed56 support for adding labels (#618)
    • 3e83403 build(deps): bump the gomod group with 3 updates (#617)
    • 439a827 build(deps): bump cloud.google.com/go/bigquery from 1.63.1 to 1.64.0 in the g...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.94&new-version=0.6.95)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 950ebad..ecb4f0c 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.94" + version = "0.6.95" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.94" + version = "0.6.95" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.94" + version = "0.6.95" project_id = var.project_id name = "github-pull-requests" From 52e06965ebf8fe56e9f9e51bc97f25576cc92a51 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 7 Nov 2024 15:07:13 +0100 Subject: [PATCH 035/194] ignore sts policy validation if the file is removed (#589) see error https://github.com/wolfi-dev/os/runs/32586390503 --- .github/workflows/boilerplate.yaml | 1 + .../api/v3/repos/foo/bar/compare/9876...4321 | 282 ++++++++++++++++++ .../.github/chainguard/test2.sts.yaml | 18 ++ pkg/webhook/webhook.go | 16 +- pkg/webhook/webhook_test.go | 106 +++++++ 5 files changed, 419 insertions(+), 4 deletions(-) create mode 100644 pkg/webhook/testdata/api/v3/repos/foo/bar/compare/9876...4321 create mode 100644 pkg/webhook/testdata/api/v3/repos/foo/bar/contents/.github/chainguard/test2.sts.yaml diff --git a/.github/workflows/boilerplate.yaml b/.github/workflows/boilerplate.yaml index 29717db..272501d 100644 --- a/.github/workflows/boilerplate.yaml +++ b/.github/workflows/boilerplate.yaml @@ -41,3 +41,4 @@ jobs: with: extension: ${{ matrix.extension }} language: ${{ matrix.language }} + exclude: pkg/webhook/testdata diff --git a/pkg/webhook/testdata/api/v3/repos/foo/bar/compare/9876...4321 b/pkg/webhook/testdata/api/v3/repos/foo/bar/compare/9876...4321 new file mode 100644 index 0000000..2e139d0 --- /dev/null +++ b/pkg/webhook/testdata/api/v3/repos/foo/bar/compare/9876...4321 @@ -0,0 +1,282 @@ +{ + "url": "https://api.github.com/repos/honk/honk/compare/d8cae53e2e6cfc3ae8411895252dbc5137a84e11...f7d76624a7495b6d769bb533d996cb25765dd71e", + "html_url": "https://github.com/honk/honk/compare/d8cae53e2e6cfc3ae8411895252dbc5137a84e11...f7d76624a7495b6d769bb533d996cb25765dd71e", + "permalink_url": "https://github.com/honk/honk/compare/xoxo-dev:d8cae53...xoxo-dev:f7d7892", + "diff_url": "https://github.com/honk/honk/compare/d8cae53e2e6cfc3ae8411895252dbc5137a84e11...f7d76624a7495b6d769bb533d996cb25765dd71e.diff", + "patch_url": "https://github.com/honk/honk/compare/d8cae53e2e6cfc3ae8411895252dbc5137a84e11...f7d76624a7495b6d769bb533d996cb25765dd71e.patch", + "base_commit": { + "sha": "d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "node_id": "C_kwDOH9LtsNoAKGQ4Y2FlNTNlMmU2Y2ZjM2FlODQxMTg5NTI1MmRiYzUxMzdhODRlMTY", + "commit": { + "author": { + "name": "octo-sts[bot]", + "email": "157150467+octo-sts[bot]@users.noreply.github.com", + "date": "2024-11-06T09:03:51Z" + }, + "committer": { + "name": "GitHub", + "email": "noreply@github.com", + "date": "2024-11-06T09:03:51Z" + }, + "message": "blablabla\n\n

    \n\n

    \n\nSigned-off-by: xoxox-bot <11111+xoxox-bot@users.noreply.github.com>\nCo-authored-by: xoxo-bot <11111+xoxo-bot@users.noreply.github.com>", + "tree": { + "sha": "e9a224606353911107336ddddc680637178581f", + "url": "https://api.github.com/repos/honk/honk/git/trees/e9a224606ddd11107336fc782c680637178581f" + }, + "url": "https://api.github.com/repos/honk/honk/git/commits/d8cae53e2dddd252dbc5137a84e11", + "comment_count": 0, + "verification": { + "verified": true, + "reason": "valid", + "signature": "-----BEGIN PGP SIGNATURE-----\n\nwsFcBAABCAAQBQJnKzD3C2pPNeTlF7q90w4\nj+oNtflsezIpkias33x8q02PNu6plJDcEkwS0jYJcqbBqAgY/wJQrw6Aa/JCaxVPGDtz1QxljFd\nWrLmM232X8mUznr4gDMKXUmS55rwYuUEqbGxZgxAivGOqk9V45mrwlSmA2EVF2gu\ng7gKp0BWr56N3IwbIpOXsnJQYnJFgg30I6epKRXZqAYRVje9RqYSzVAMxhCy6w0q\n3tzc1mO6UrE0TgLlpagt/3iriSOBxK42SCzOzfMFzFrAatJPQpmgbrYlQeuo5brU\npZoUz45JxId/omUaFuRlyjqU8XE4qDoXw8RSu9E61i9lX3zaWjX554i6tOEjGrdV\n+RnFAu5ql6t0afmo1PsFOqdxQd1uo2Y6qIoWnwcLXVdWmvIFucuKoWK0hiNhGeVa\ntRJcuyWEuI23/XC7PfCavIripsv5M763eRKdMw/8WjcnLu+URK4UkDtB1sUVLegM\nVwaOdEowOr7maq5rcCptJNorKDr7Y/mO5fmbW6wmL34tBlaIH3XWBS8zzrxTDjF7\np80k+Kh95clu59xp4JSrsffUErdruGc\nnkDsrei9+otXYtCK2rgL\n=utVh\n-----END PGP SIGNATURE-----\n", + "payload": "tree e9a224606353911107336fc782c680637178581f\nparent a11cd51fed27f10f1f01dbee91c00f58896e9e39\nauthor octo-sts[bot] <157150467+octo-sts[bot]@users.noreply.github.com> 2222 +0000\ncommitter GitHub 222 +0000\n\n\n

    \n\n

    \n\nSigned-off-by: xoxo-bot <1111+xoxox-bot@users.noreply.github.com>\nCo-authored-by: xoxo-bot <1111+xoxo-bot@users.noreply.github.com>" + } + }, + "url": "https://api.github.com/repos/honk/honk/commits/d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "html_url": "https://github.com/honk/honk/commit/d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "comments_url": "https://api.github.com/repos/honk/honk/commits/d8cae53e2e6cfc3ae8411895252dbc5137a84e11/comments", + "author": { + "login": "octo-sts[bot]", + "id": 22222, + "node_id": "BOT_kgDOCV3tAw", + "avatar_url": "https://avatars.githubusercontent.com/in/8ddd23?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-sts%5Bbot%5D", + "html_url": "https://github.com/apps/octo-sts", + "followers_url": "https://api.github.com/users/octo-sts%5Bbot%5D/followers", + "following_url": "https://api.github.com/users/octo-sts%5Bbot%5D/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-sts%5Bbot%5D/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-sts%5Bbot%5D/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-sts%5Bbot%5D/subscriptions", + "organizations_url": "https://api.github.com/users/octo-sts%5Bbot%5D/orgs", + "repos_url": "https://api.github.com/users/octo-sts%5Bbot%5D/repos", + "events_url": "https://api.github.com/users/octo-sts%5Bbot%5D/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-sts%5Bbot%5D/received_events", + "type": "Bot", + "user_view_type": "public", + "site_admin": false + }, + "committer": { + "login": "web-flow", + "id": 19864447, + "node_id": "MDQ6VXNlcjE5ODY0NDQ3", + "avatar_url": "https://avatars.githubusercontent.com/u/19864447?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/web-flow", + "html_url": "https://github.com/web-flow", + "followers_url": "https://api.github.com/users/web-flow/followers", + "following_url": "https://api.github.com/users/web-flow/following{/other_user}", + "gists_url": "https://api.github.com/users/web-flow/gists{/gist_id}", + "starred_url": "https://api.github.com/users/web-flow/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/web-flow/subscriptions", + "organizations_url": "https://api.github.com/users/web-flow/orgs", + "repos_url": "https://api.github.com/users/web-flow/repos", + "events_url": "https://api.github.com/users/web-flow/events{/privacy}", + "received_events_url": "https://api.github.com/users/web-flow/received_events", + "type": "User", + "user_view_type": "public", + "site_admin": false + }, + "parents": [ + { + "sha": "a11cd51fed27f10f1f01dbee91c00f58896e9e39", + "url": "https://api.github.com/repos/honk/honk/commits/a11cd51fed27f10f1f01dbee91c00f58896e9e39", + "html_url": "https://github.com/honk/honk/commit/a11cd51fed27f10f1f01dbee91c00f58896e9e39" + } + ] + }, + "merge_base_commit": { + "sha": "d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "node_id": "C_kwDOH9LtsNoAKGQ4Y2FlNTNlMmU2Y2ZjM2FlODQxMTg5NTI1MmRiYzUxMzdhODRlMTY", + "commit": { + "author": { + "name": "octo-sts[bot]", + "email": "d333s+octo-sts[bot]@users.noreply.github.com", + "date": "2024-11-06T09:03:51Z" + }, + "committer": { + "name": "GitHub", + "email": "noreply@github.com", + "date": "2024-11-06T09:03:51Z" + }, + "message": "blablabla p align=\"center\">\n\n

    \n\nSigned-off-by: xoxo-bot <1111+xoxo-bot@users.noreply.github.com>\nCo-authored-by: xoxo-bot <1111+xoxo-bot@users.noreply.github.com>", + "tree": { + "sha": "e9a2246063539111sss80637178581f", + "url": "https://api.github.com/repos/honk/honk/git/trees/e9a224606353911107336fc782c680637178581f" + }, + "url": "https://api.github.com/repos/honk/honk/git/commits/d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "comment_count": 0, + "verification": { + "verified": true, + "reason": "valid", + "signature": "-----BEGIN PGP SIGNATURE-----\n\nwsFcBAABCAAQBPNeTlF7q90w4\nj+oNtflsezIpkias33x8q02PNu6K7wgNMMjEceiSK3YZCFfxeYLFkNufACNaWr4+\n7p4j2Ijbj8anTUeoplJDcEkwS0jYJcqbBqAgY/wJQrw6Aa/JCaxVPGDtz1QxljFd\nWrLmM232X8mUznr4gDMKXUmS55rwYuUEqbGxZgxAivGOqk9V45mrwlSmA2EVF2gu\ng7gKp0BWr56N3IwbIpOXsnJQYnJFgg30I6epKRXZqAYRVje9RqYSzVAMxhCy6w0q\n3tzc1mO6UrE0TgLlpagt/3iriSOBxK42SCzOzfMFzFrAatJPQpmgbrYlQeuo5brU\npZoUz45JxId/omUaFuRlyjqU8XE4qDoXw8RSu9E61i9lX3zaWjX554i6tOEjGrdV\n+RnFAu5ql6t0a6qIoWnwcLXVdWmvIFucuKoWK0hiNhGeVa\ntRJcuyWEuI23/XC7PfCavIripsv5M763eRKdMw/8WjcnLu+URK4UkDtB1sUVLegM\nVwaOdEowOr7maq5rcCptJNorKDr7Y/mO5fmbW6wmL34tBlaIH3XWBS8zzrxTDjF7\np80k+KxRiJju/4pvUWBpn2AVCuPp5u9aNycrwJDh95clu59xp4JSrsffUErdruGc\nnkDsrei9+otXYtCK2rgL\n=utVh\n-----END PGP SIGNATURE-----\n", + "payload": "tree e9a224606353911107336fc782c680637178581f\nparent a11cd51fed27f10f1f01dbee91c00f58896e9e39\nauthor octo-sts[bot] <1111+octo-sts[bot]@users.noreply.github.com> 333 +0000\ncommitter GitHub 33333 +0000\n\nblablabal\n\n

    \n\n

    \n\nSigned-off-by: xoxo-bot <121097084+xoxo-bot@users.noreply.github.com>\nCo-authored-by: xoxo-bot <121097084+xoxo-bot@users.noreply.github.com>" + } + }, + "url": "https://api.github.com/repos/honk/honk/commits/d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "html_url": "https://github.com/honk/honk/commit/d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "comments_url": "https://api.github.com/repos/honk/honk/commits/d8cae53e2e6cfc3ae8411895252dbc5137a84e11/comments", + "author": { + "login": "octo-sts[bot]", + "id": 157150467, + "node_id": "BOT_kgDOCV3tAw", + "avatar_url": "https://avatars.githubusercontent.com/in/801323?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-sts%5Bbot%5D", + "html_url": "https://github.com/apps/octo-sts", + "followers_url": "https://api.github.com/users/octo-sts%5Bbot%5D/followers", + "following_url": "https://api.github.com/users/octo-sts%5Bbot%5D/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-sts%5Bbot%5D/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-sts%5Bbot%5D/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-sts%5Bbot%5D/subscriptions", + "organizations_url": "https://api.github.com/users/octo-sts%5Bbot%5D/orgs", + "repos_url": "https://api.github.com/users/octo-sts%5Bbot%5D/repos", + "events_url": "https://api.github.com/users/octo-sts%5Bbot%5D/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-sts%5Bbot%5D/received_events", + "type": "Bot", + "user_view_type": "public", + "site_admin": false + }, + "committer": { + "login": "web-flow", + "id": 19864447, + "node_id": "MDQ6VXNlcjE5ODY0NDQ3", + "avatar_url": "https://avatars.githubusercontent.com/u/19864447?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/web-flow", + "html_url": "https://github.com/web-flow", + "followers_url": "https://api.github.com/users/web-flow/followers", + "following_url": "https://api.github.com/users/web-flow/following{/other_user}", + "gists_url": "https://api.github.com/users/web-flow/gists{/gist_id}", + "starred_url": "https://api.github.com/users/web-flow/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/web-flow/subscriptions", + "organizations_url": "https://api.github.com/users/web-flow/orgs", + "repos_url": "https://api.github.com/users/web-flow/repos", + "events_url": "https://api.github.com/users/web-flow/events{/privacy}", + "received_events_url": "https://api.github.com/users/web-flow/received_events", + "type": "User", + "user_view_type": "public", + "site_admin": false + }, + "parents": [ + { + "sha": "a11cd51fed27f10f1f01dbee91c00f58896e9e39", + "url": "https://api.github.com/repos/honk/honk/commits/a11cd51fed27f10f1f01dbee91c00f58896e9e39", + "html_url": "https://github.com/honk/honk/commit/a11cd51fed27f10f1f01dbee91c00f58896e9e39" + } + ] + }, + "status": "ahead", + "ahead_by": 1, + "behind_by": 0, + "total_commits": 1, + "commits": [ + { + "sha": "f7d76624a7495b6d769bb533d996cb25765dd71e", + "node_id": "C_kwDOH9LtsNoAKGY3ZDc4OTI0YTc0OTViNmQ3NjliYjUzM2Q5OTZjYjI1NzY1ZGQ3MWU", + "commit": { + "author": { + "name": "Honk", + "email": "Honk@example.dev", + "date": "2024-11-06T09:48:39Z" + }, + "committer": { + "name": "GitHub", + "email": "noreply@github.com", + "date": "2024-11-06T09:48:39Z" + }, + "message": "honk\n\n", + "tree": { + "sha": "43af49a6af0801dc11c691117b999c283a40c2a0", + "url": "https://api.github.com/repos/honk/honk/git/trees/43af49a6af0801dc11c691117b999c283a40c2a0" + }, + "url": "https://api.github.com/repos/honk/honk/git/commits/f7d76624a7495b6d769bb533d996cb25765dd71e", + "comment_count": 0, + "verification": { + "verified": true, + "reason": "valid", + "signature": "-----BEGIN PGP SIGNATURE-----\n\nwsFcBAABCcBa/0lHm7p1\n7wtlxN8vYyK1KgN1tbjopR03QIusJSgtGlh9oe3iwvJgGat7m1eYVNgxwrGRFxKr\n5yxmGPR0D8z7uf7IaNWKRCRQyJdyDjvPX6RPJQT/8H+5YpMqBUu3RsKX7ppBeGIn\nCf7pWMlI5qtj8RslKiZr0+L7SkFxy1lTAvXKGrVDmz1Vp0/8ajnQUu1o/F2wgzBz\n4iNNq/UFoLZFyRVmoion9wILbXu7MXHn5txohqdsqz+pe4fw9o6W04prBVfw0JRL\n+fYPz0eeGtlx1YkD8mOjtQBm1y1RjhqBCrowhZl/G/ZYfdy/reA79JLQvP3qpoQF\nYXEczpCHDg+x+LbsKxRSXgfATo1zkW3EMahVkgtXrTTwiDD8FoXJFg3wS7MNYexa\nyIQxGdXCw6NKHZCz9hZq8NIupk7qhHUlArKwp2sNzB3W2MC+S/G8DmQ9fq7AHtRG\nvHQAXTS2X+h4fjdLE7yUILJT6lHoVl8+TC9X89MA76Ac43KhyOgnKxti/IPaN9yT\nxxBmjrHsKcP3T2wAcW6gtnW6iSsgfmNxwkARSraok+4ceRTbMPVSz9NZVKDWQH0T\nRrYZgM3xWteUAYgLqcUBbU/qf9xy03AwvSBwt9HH5WLsHpYGP9dT1Pq66PzrMiss\nlfurgdW5v/V0CFRgWArP\n=gMvu\n-----END PGP SIGNATURE-----\n", + "payload": "tree 43af49a6af0801dc11c691117b999c283a40c2a0\nparent d8cae53e2e6cfc3ae8411895252dbc5137a84e11\nauthor Honk 3333 +0000\ncommitter GitHub 3333 +0000\n\nhonk message (#3333)\n\nSigned-off-by: Honk " + } + }, + "url": "https://api.github.com/repos/honk/honk/commits/f7d76624a7495b6d769bb533d996cb25765dd71e", + "html_url": "https://github.com/honk/honk/commit/f7d76624a7495b6d769bb533d996cb25765dd71e", + "comments_url": "https://api.github.com/repos/honk/honk/commits/f7d76624a7495b6d769bb533d996cb25765dd71e/comments", + "author": { + "login": "honk", + "id": 11111, + "node_id": "MDQ6VXNlcjE0NTcxODA=", + "avatar_url": "https://avatars.githubusercontent.com/u/222?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/honk", + "html_url": "https://github.com/honk", + "followers_url": "https://api.github.com/users/honk/followers", + "following_url": "https://api.github.com/users/honk/following{/other_user}", + "gists_url": "https://api.github.com/users/honk/gists{/gist_id}", + "starred_url": "https://api.github.com/users/honk/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/honk/subscriptions", + "organizations_url": "https://api.github.com/users/honk/orgs", + "repos_url": "https://api.github.com/users/honk/repos", + "events_url": "https://api.github.com/users/honk/events{/privacy}", + "received_events_url": "https://api.github.com/users/honk/received_events", + "type": "User", + "user_view_type": "public", + "site_admin": false + }, + "committer": { + "login": "web-flow", + "id": 19864447, + "node_id": "MDQ6VXNlcjE5ODY0NDQ3", + "avatar_url": "https://avatars.githubusercontent.com/u/19864447?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/web-flow", + "html_url": "https://github.com/web-flow", + "followers_url": "https://api.github.com/users/web-flow/followers", + "following_url": "https://api.github.com/users/web-flow/following{/other_user}", + "gists_url": "https://api.github.com/users/web-flow/gists{/gist_id}", + "starred_url": "https://api.github.com/users/web-flow/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/web-flow/subscriptions", + "organizations_url": "https://api.github.com/users/web-flow/orgs", + "repos_url": "https://api.github.com/users/web-flow/repos", + "events_url": "https://api.github.com/users/web-flow/events{/privacy}", + "received_events_url": "https://api.github.com/users/web-flow/received_events", + "type": "User", + "user_view_type": "public", + "site_admin": false + }, + "parents": [ + { + "sha": "d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "url": "https://api.github.com/repos/honk/honk/commits/d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "html_url": "https://github.com/honk/honk/commit/d8cae53e2e6cfc3ae8411895252dbc5137a84e11" + } + ] + } + ], + "files": [ + { + "sha": "a3b28c5604db0beb3c2263ca4f6a7784f1c35dad", + "filename": ".github/chainguard/test2.sts.yaml", + "status": "added", + "additions": 9, + "deletions": 0, + "changes": 9, + "blob_url": "https://github.com/honk/honk/blob/f7d76624a7495b6d769bb533d996cb25765dd71e/.github%2Fchainguard%2Ftest2.sts.yaml", + "raw_url": "https://github.com/honk/honk/raw/f7d76624a7495b6d769bb533d996cb25765dd71e/.github%2Fchainguard%2Ftest2.sts.yaml", + "contents_url": "https://api.github.com/repos/honk/honk/contents/.github%2Fchainguard%2Ftest2.sts.yaml?ref=f7d76624a7495b6d769bb533d996cb25765dd71e", + "patch": "@@ -0,0 +1,9 @@\n+issuer: https://accounts.google.com\n+\n+# cdcds: @cd\n+subject: \"ddddd\"\n+\n+permissions:\n+ contents: read\n+ pull_requests: write" + }, + { + "sha": "a68218715fb54742a65eea31e0e39958f5a374da", + "filename": ".github/chainguard/removed-example.sts.yaml", + "status": "removed", + "additions": 0, + "deletions": 9, + "changes": 9, + "blob_url": "https://github.com/honk/honk/blob/d8cae53e2e6cfc3ae8411895252dbc5137a84e11/.github%2Fchainguard%2Flifecycle-gpt.sts.yaml", + "raw_url": "https://github.com/honk/honk/raw/d8cae53e2e6cfc3ae8411895252dbc5137a84e11/.github%2Fchainguard%2Flifecycle-gpt.sts.yaml", + "contents_url": "https://api.github.com/repos/honk/honk/contents/.github%2Fchainguard%2Flifecycle-gpt.sts.yaml?ref=d8cae53e2e6cfc3ae8411895252dbc5137a84e11", + "patch": "@@ -1,9 +0,0 @@\n-issuer:" + } + ] +} \ No newline at end of file diff --git a/pkg/webhook/testdata/api/v3/repos/foo/bar/contents/.github/chainguard/test2.sts.yaml b/pkg/webhook/testdata/api/v3/repos/foo/bar/contents/.github/chainguard/test2.sts.yaml new file mode 100644 index 0000000..b811efa --- /dev/null +++ b/pkg/webhook/testdata/api/v3/repos/foo/bar/contents/.github/chainguard/test2.sts.yaml @@ -0,0 +1,18 @@ +{ + "name": "test2.sts.yaml", + "path": ".github/chainguard/test2.sts.yaml", + "sha": "9f4890d268e2ad02d4171e131018597a7651f61e", + "size": 284, + "url": "https://api.github.com/repos/octo-sts/app/contents/.github/chainguard/test2.sts.yaml?ref=main", + "html_url": "https://github.com/octo-sts/app/blob/main/.github/chainguard/test2.sts.yaml", + "git_url": "https://api.github.com/repos/octo-sts/app/git/blobs/9f4890d268e2ad02d4171e131018597a7651f61e", + "download_url": "https://raw.githubusercontent.com/octo-sts/app/main/.github/chainguard/test2.sts.yaml", + "type": "file", + "content": "IyBDb3B5cmlnaHQgMjAyNCBDaGFpbmd1YXJkLCBJbmMuCiMgU1BEWC1MaWNl\nbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKCmlzc3VlcjogaHR0cHM6Ly90\nb2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbQpzdWJqZWN0OiBy\nZXBvOm9jdG8tc3RzL2FwcDpwdWxsX3JlcXVlc3QKY2xhaW1fcGF0dGVybjoK\nICB3b3JrZmxvd19yZWY6IG9jdG8tc3RzL2FwcC8uZ2l0aHViL3dvcmtmbG93\ncy92ZXJpZnktcHJvZC55YW1sQC4qCgpwZXJtaXNzaW9uczoKICBwdWxsX3Jl\ncXVlc3RzOiB3cml0ZQo=\n", + "encoding": "base64", + "_links": { + "self": "https://api.github.com/repos/octo-sts/app/contents/.github/chainguard/test2.sts.yaml?ref=main", + "git": "https://api.github.com/repos/octo-sts/app/git/blobs/9f4890d268e2ad02d4171e131018597a7651f61e", + "html": "https://github.com/octo-sts/app/blob/main/.github/chainguard/test2.sts.yaml" + } +} diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index 35fd952..aaa09b5 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -248,7 +248,9 @@ func (e *Validator) handlePush(ctx context.Context, event *github.PushEvent) (*g var files []string for _, file := range resp.Files { if ok, err := filepath.Match(".github/chainguard/*.sts.yaml", file.GetFilename()); err == nil && ok { - files = append(files, file.GetFilename()) + if file.GetStatus() != "removed" { + files = append(files, file.GetFilename()) + } } } if len(files) == 0 { @@ -299,7 +301,9 @@ func (e *Validator) handlePullRequest(ctx context.Context, pr *github.PullReques } for _, file := range resp { if ok, err := filepath.Match(".github/chainguard/*.sts.yaml", file.GetFilename()); err == nil && ok { - files = append(files, file.GetFilename()) + if file.GetStatus() != "removed" { + files = append(files, file.GetFilename()) + } } } if len(files) == 0 { @@ -367,7 +371,9 @@ func (e *Validator) handleCheckSuite(ctx context.Context, cs checkSuite) (*githu } for _, file := range resp.Files { if ok, err := filepath.Match(".github/chainguard/*.sts.yaml", file.GetFilename()); err == nil && ok { - files = append(files, file.GetFilename()) + if file.GetStatus() != "removed" { + files = append(files, file.GetFilename()) + } } } } @@ -379,7 +385,9 @@ func (e *Validator) handleCheckSuite(ctx context.Context, cs checkSuite) (*githu } for _, file := range resp { if ok, err := filepath.Match(".github/chainguard/*.sts.yaml", file.GetFilename()); err == nil && ok { - files = append(files, file.GetFilename()) + if file.GetStatus() != "removed" { + files = append(files, file.GetFilename()) + } } } } diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go index 040311c..d69a1d4 100644 --- a/pkg/webhook/webhook_test.go +++ b/pkg/webhook/webhook_test.go @@ -234,3 +234,109 @@ func TestWebhookOK(t *testing.T) { t.Fatalf("unexpected check run (-want +got):\n%s", diff) } } + +func TestWebhookDeletedSTS(t *testing.T) { + // CheckRuns will be collected here. + got := []*github.CreateCheckRunOptions{} + + mux := http.NewServeMux() + mux.HandleFunc("POST /api/v3/repos/foo/bar/check-runs", func(w http.ResponseWriter, r *http.Request) { + opt := new(github.CreateCheckRunOptions) + if err := json.NewDecoder(r.Body).Decode(opt); err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + got = append(got, opt) + }) + mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + path := filepath.Join("testdata", r.URL.Path) + f, err := os.Open(path) + if err != nil { + clog.FromContext(r.Context()).Errorf("%s not found", path) + http.Error(w, err.Error(), http.StatusNotFound) + return + } + defer f.Close() + if _, err := io.Copy(w, f); err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + }) + gh := httptest.NewServer(mux) + defer gh.Close() + + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatal(err) + } + tr := ghinstallation.NewAppsTransportFromPrivateKey(gh.Client().Transport, 1234, key) + if err != nil { + t.Fatal(err) + } + tr.BaseURL = gh.URL + + secret := []byte("hunter2") + v := &Validator{ + Transport: tr, + WebhookSecret: [][]byte{secret}, + } + srv := httptest.NewServer(v) + defer srv.Close() + + body, err := json.Marshal(github.PushEvent{ + Installation: &github.Installation{ + ID: github.Int64(1111), + }, + Organization: &github.Organization{ + Login: github.String("foo"), + }, + Repo: &github.PushEventRepository{ + Owner: &github.User{ + Login: github.String("foo"), + }, + Name: github.String("bar"), + }, + Before: github.String("9876"), + After: github.String("4321"), + }) + if err != nil { + t.Fatal(err) + } + req, err := http.NewRequest(http.MethodPost, srv.URL, bytes.NewBuffer(body)) + if err != nil { + t.Fatal(err) + } + req.Header.Set("X-Hub-Signature", signature(secret, body)) + req.Header.Set("X-GitHub-Event", "push") + req.Header.Set("Content-Type", "application/json") + resp, err := srv.Client().Do(req.WithContext(slogtest.Context(t))) + if err != nil { + t.Fatal(err) + } + if resp.StatusCode != 200 { + out, _ := httputil.DumpResponse(resp, true) + t.Fatalf("expected %d, got\n%s", 200, string(out)) + } + + if len(got) != 1 { + t.Fatalf("expected 1 check run, got %d", len(got)) + } + + want := []*github.CreateCheckRunOptions{{ + Name: "Trust Policy Validation", + HeadSHA: "4321", + ExternalID: github.String("4321"), + Status: github.String("completed"), + Conclusion: github.String("success"), + // Use time from the response to ignore it. + StartedAt: &github.Timestamp{Time: got[0].StartedAt.Time}, + CompletedAt: &github.Timestamp{Time: got[0].CompletedAt.Time}, + Output: &github.CheckRunOutput{ + Title: github.String("Valid trust policy."), + Summary: github.String(""), + }, + }} + if diff := cmp.Diff(want, got); diff != "" { + t.Fatalf("unexpected check run (-want +got):\n%s", diff) + } +} From 2ae925c5f07cc3a0c7bfe2ac0e24534783445ed8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 09:20:42 +0100 Subject: [PATCH 036/194] Bump chainguard-dev/common/infra from 0.6.95 to 0.6.96 in /iac/bootstrap in the all group (#595) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.95 to 0.6.96
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.96

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.95...v0.6.96

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.95&new-version=0.6.96)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index ecb4f0c..b8359fd 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.95" + version = "0.6.96" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.95" + version = "0.6.96" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.95" + version = "0.6.96" project_id = var.project_id name = "github-pull-requests" From 77f59f613388fc544f4461ba5fae21e48261e1bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 09:21:05 +0100 Subject: [PATCH 037/194] Bump chainguard-dev/common/infra from 0.6.95 to 0.6.96 in /iac in the all group (#596) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.95 to 0.6.96
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.96

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.95...v0.6.96

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.95&new-version=0.6.96)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 453a3c8..934b9f6 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.95" + version = "0.6.96" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.95" + version = "0.6.96" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 57cd1ac..1768501 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.95" + version = "0.6.96" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 0366fb9..d2a428b 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.95" + version = "0.6.96" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 87a976e..f05aebc 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.95" + version = "0.6.96" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.95" + version = "0.6.96" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.95" + version = "0.6.96" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 84c7800..25e3071 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.95" + version = "0.6.96" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.95" + version = "0.6.96" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index d856cfa..451ac5a 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.95" + version = "0.6.96" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.95" + version = "0.6.96" project_id = var.project_id name = "${var.name}-webhook" From ca70180fdfbba28aadac3324e342dc1a346a73dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 01:56:52 +0100 Subject: [PATCH 038/194] Bump chainguard-dev/common/infra from 0.6.96 to 0.6.97 in /iac/bootstrap in the all group (#602) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.96 to 0.6.97
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.97

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.96...v0.6.97

    Commits
    • 11acf08 require squad for cloud run services/jobs, and allow alerting based on squad ...
    • cd7e21d build(deps): bump chainguard.dev/go-grpc-kit from 0.17.6 to 0.17.7 in the gom...
    • 2c14aab build(deps): bump the gomod group across 1 directory with 12 updates (#621)
    • f97480f alerts: include documentation and links in alert (#622)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.96&new-version=0.6.97)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index b8359fd..d734ed4 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.96" + version = "0.6.97" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.96" + version = "0.6.97" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.96" + version = "0.6.97" project_id = var.project_id name = "github-pull-requests" From 20131337de0d3ca1a1af5d33c8c60fd28b05b825 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 01:57:40 +0100 Subject: [PATCH 039/194] Bump chainguard-dev/common/infra from 0.6.96 to 0.6.97 in /modules/app in the all group (#601) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.96 to 0.6.97
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.97

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.96...v0.6.97

    Commits
    • 11acf08 require squad for cloud run services/jobs, and allow alerting based on squad ...
    • cd7e21d build(deps): bump chainguard.dev/go-grpc-kit from 0.17.6 to 0.17.7 in the gom...
    • 2c14aab build(deps): bump the gomod group across 1 directory with 12 updates (#621)
    • f97480f alerts: include documentation and links in alert (#622)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.96&new-version=0.6.97)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 25e3071..ea1552e 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.96" + version = "0.6.97" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.96" + version = "0.6.97" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 451ac5a..284da03 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.96" + version = "0.6.97" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.96" + version = "0.6.97" project_id = var.project_id name = "${var.name}-webhook" From 8202c1ba2ff017888251e5de2a549cb629204917 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 02:10:32 +0100 Subject: [PATCH 040/194] Bump chainguard-dev/common/infra from 0.6.96 to 0.6.98 in /iac in the all group across 1 directory (#606) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.96 to 0.6.98
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.98

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.97...v0.6.98

    v0.6.97

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.96...v0.6.97

    Commits
    • b2e995e make squad not required for core infra modules (#625)
    • 11acf08 require squad for cloud run services/jobs, and allow alerting based on squad ...
    • cd7e21d build(deps): bump chainguard.dev/go-grpc-kit from 0.17.6 to 0.17.7 in the gom...
    • 2c14aab build(deps): bump the gomod group across 1 directory with 12 updates (#621)
    • f97480f alerts: include documentation and links in alert (#622)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.96&new-version=0.6.98)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 934b9f6..c2e8ed2 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.96" + version = "0.6.98" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.96" + version = "0.6.98" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 1768501..9d2e7a4 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.96" + version = "0.6.98" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index d2a428b..2ce23e3 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.96" + version = "0.6.98" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index f05aebc..88a41d1 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.96" + version = "0.6.98" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.96" + version = "0.6.98" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.96" + version = "0.6.98" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index ea1552e..14fa051 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.97" + version = "0.6.98" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.97" + version = "0.6.98" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 284da03..8acc58f 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.97" + version = "0.6.98" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.97" + version = "0.6.98" project_id = var.project_id name = "${var.name}-webhook" From 4541c6936e4a7645ba3c342daa04bb255c096f4d Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Wed, 20 Nov 2024 14:32:08 +0100 Subject: [PATCH 041/194] set require_squad to false (#607) --- iac/github_verify.tf | 6 +++--- modules/app/main.tf | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/iac/github_verify.tf b/iac/github_verify.tf index 13d9d01..3c60919 100644 --- a/iac/github_verify.tf +++ b/iac/github_verify.tf @@ -1,9 +1,9 @@ resource "google_dns_record_set" "github_verify" { managed_zone = google_dns_managed_zone.top-level-zone.name - name = "_gh-octo-sts-o.octo-sts.dev." - type = "TXT" - ttl = 300 + name = "_gh-octo-sts-o.octo-sts.dev." + type = "TXT" + ttl = 300 rrdatas = [ "\"cc539450df\"", diff --git a/modules/app/main.tf b/modules/app/main.tf index 14fa051..8fc616e 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -73,9 +73,10 @@ module "this" { source = "chainguard-dev/common/infra//modules/regional-service" version = "0.6.98" - project_id = var.project_id - name = var.name - regions = var.regions + project_id = var.project_id + name = var.name + regions = var.regions + require_squad = false deletion_protection = var.deletion_protection From 62fa63180f9296bbe3539b4c867b43d39ebe0de8 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Wed, 20 Nov 2024 14:46:38 +0100 Subject: [PATCH 042/194] add require_squad and set to false (#616) --- modules/app/webhook.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 8acc58f..a1580f2 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -22,9 +22,10 @@ module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" version = "0.6.98" - project_id = var.project_id - name = "${var.name}-webhook" - regions = var.regions + project_id = var.project_id + name = "${var.name}-webhook" + regions = var.regions + require_squad = false deletion_protection = var.deletion_protection From 8d720604d18eefb4e22ee78a9a8047c377ae0bf5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:53:03 +0100 Subject: [PATCH 043/194] Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#604) Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.5.0 to 4.5.1.
    Release notes

    Sourced from github.com/golang-jwt/jwt/v4's releases.

    v4.5.1

    Security

    Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

    This issue was documented in https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r and fixed in this release.

    Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

    What's Changed

    Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/golang-jwt/jwt/v4&package-manager=go_modules&previous-version=4.5.0&new-version=4.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/octo-sts/app/network/alerts).
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index a3fed21..1a53721 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/chainguard-dev/terraform-infra-common v0.6.85 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 - github.com/golang-jwt/jwt/v4 v4.5.0 + github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v62 v62.0.0 github.com/hashicorp/go-multierror v1.1.1 diff --git a/go.sum b/go.sum index 48ecba2..3ead85e 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,9 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= From ca6a77f3ca0aa66ed6e84dd10c8cd1c0c36a1fbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:58:15 +0100 Subject: [PATCH 044/194] Bump chainguard-dev/common/infra from 0.6.98 to 0.6.100 in /modules/app in the all group across 1 directory (#614) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /modules/app directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.98 to 0.6.100
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.100

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.99...v0.6.100

    v0.6.99

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.98...v0.6.99

    Commits
    • c2c542e build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 in the ac...
    • 2139019 build(deps): bump google.golang.org/api from 0.206.0 to 0.207.0 in the gomod ...
    • 875bd18 dont create squad alert when cant filter by squad (#633)
    • 88ddce4 github sdk: add helper functions to get github releases from a tag and file c...
    • efcc3b8 build(deps): bump the gomod group with 2 updates (#629)
    • f6ed5ab alerting: dont create metrics for squad alerts (#628)
    • 5d96ab7 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in the gom...
    • 7a988e7 add support for pubsub channel in alerting module (#626)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.98&new-version=0.6.100)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 8fc616e..7652806 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.98" + version = "0.6.100" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.98" + version = "0.6.100" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index a1580f2..d2266cb 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.98" + version = "0.6.100" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.98" + version = "0.6.100" project_id = var.project_id name = "${var.name}-webhook" From c1ffe31e746c83babf8161e9d4deb7c734a2362f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:16:16 +0100 Subject: [PATCH 045/194] Bump chainguard-dev/common/infra from 0.6.98 to 0.6.100 in /iac in the all group across 1 directory (#615) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.98 to 0.6.100
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.100

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.99...v0.6.100

    v0.6.99

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.98...v0.6.99

    Commits
    • c2c542e build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 in the ac...
    • 2139019 build(deps): bump google.golang.org/api from 0.206.0 to 0.207.0 in the gomod ...
    • 875bd18 dont create squad alert when cant filter by squad (#633)
    • 88ddce4 github sdk: add helper functions to get github releases from a tag and file c...
    • efcc3b8 build(deps): bump the gomod group with 2 updates (#629)
    • f6ed5ab alerting: dont create metrics for squad alerts (#628)
    • 5d96ab7 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in the gom...
    • 7a988e7 add support for pubsub channel in alerting module (#626)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.98&new-version=0.6.100)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index c2e8ed2..c011384 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.98" + version = "0.6.100" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.98" + version = "0.6.100" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 9d2e7a4..c8a3011 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.98" + version = "0.6.100" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 2ce23e3..3fc5da6 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.98" + version = "0.6.100" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 88a41d1..755d7de 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.98" + version = "0.6.100" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.98" + version = "0.6.100" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.98" + version = "0.6.100" service_name = var.name project_id = var.project_id From 43f06968735c22798241af71ed822c6c18b7a47b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:26:20 +0100 Subject: [PATCH 046/194] Bump chainguard-dev/common/infra from 0.6.97 to 0.6.100 in /iac/bootstrap in the all group across 1 directory (#618) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac/bootstrap directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.97 to 0.6.100
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.100

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.99...v0.6.100

    v0.6.99

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.98...v0.6.99

    v0.6.98

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.97...v0.6.98

    Commits
    • c2c542e build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 in the ac...
    • 2139019 build(deps): bump google.golang.org/api from 0.206.0 to 0.207.0 in the gomod ...
    • 875bd18 dont create squad alert when cant filter by squad (#633)
    • 88ddce4 github sdk: add helper functions to get github releases from a tag and file c...
    • efcc3b8 build(deps): bump the gomod group with 2 updates (#629)
    • f6ed5ab alerting: dont create metrics for squad alerts (#628)
    • 5d96ab7 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in the gom...
    • 7a988e7 add support for pubsub channel in alerting module (#626)
    • b2e995e make squad not required for core infra modules (#625)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.97&new-version=0.6.100)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index d734ed4..30b3944 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.97" + version = "0.6.100" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.97" + version = "0.6.100" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.97" + version = "0.6.100" project_id = var.project_id name = "github-pull-requests" From 31078a9229161d06f94a8abf937f82dde143bb99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 10:26:55 -0500 Subject: [PATCH 047/194] Bump the all group across 1 directory with 9 updates (#617) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [chainguard.dev/go-grpc-kit](https://github.com/chainguard-dev/go-grpc-kit) | `0.17.6` | `0.17.7` | | [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk) | `0.1.25` | `0.1.28` | | [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) | `1.20.0` | `1.20.1` | | [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) | `1.14.1` | `1.14.2` | | [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common) | `0.6.85` | `0.6.100` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.31.1` | `0.31.2` | Updates `chainguard.dev/go-grpc-kit` from 0.17.6 to 0.17.7
    Release notes

    Sourced from chainguard.dev/go-grpc-kit's releases.

    v0.17.7

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/go-grpc-kit/compare/v0.17.6...v0.17.7

    Commits
    • 29048d3 Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.22.0 to 2.23.0 in the g...
    • ff48b36 Bump actions/checkout from 4.2.1 to 4.2.2 (#322)
    • 16f9f29 Bump actions/setup-go from 5.0.2 to 5.1.0 (#323)
    • 4dc7d9f Bump actions/cache from 4.1.1 to 4.1.2 (#324)
    • 7c40fce Bump actions/setup-go from 5.0.1 to 5.0.2 (#289)
    • 1784358 Bump github.com/prometheus/client_golang in the prom group (#321)
    • da8ed9a Bump actions/cache from 4.1.0 to 4.1.1 (#319)
    • 7a8b4d9 Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#318)
    • 541e424 Bump golang.org/x/net from 0.29.0 to 0.30.0 in the golang-org-x group (#316)
    • dcdfdf3 Bump reviewdog/action-actionlint from 1.55.0 to 1.57.0 (#312)
    • Additional commits viewable in compare view

    Updates `chainguard.dev/sdk` from 0.1.25 to 0.1.28
    Release notes

    Sourced from chainguard.dev/sdk's releases.

    v0.1.28

    Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.27...v0.1.28

    v0.1.27

    No release notes provided.

    v0.1.26

    Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.25...v0.1.26

    Commits
    • e0011f8 Merge pull request #64 from chainguard-dev/create-pull-request/patch
    • 2c60333 Export 39a6127b29109de6c2e0558a2be06c538d465770
    • 2252287 Export 3d6ec1e62933baa18cb4bcf59f67f07f3b095eb7
    • aecf219 Export a11256305cff2af2df5cda3c2f169cb0986a1ff6
    • f54ceef Merge pull request #63 from chainguard-dev/create-pull-request/patch
    • 1c0a6bc Export 5de4701d8e2d6aa1c30143821a2908e5dc992721
    • ee5c6fa Export 1dfe1b41b65fb7952e2a02f57fe3b47c005d7a83
    • b35d818 Export 247e164adccd096e837a72af6d1a6de1211e7e84
    • 826ee60 Export a495c26f7533f688f74a107613846117d7d2c33d
    • 3f51298 Export c0f75e6c4205b1360c63a441e3827b40956106bf
    • Additional commits viewable in compare view

    Updates `cloud.google.com/go/kms` from 1.20.0 to 1.20.1
    Changelog

    Sourced from cloud.google.com/go/kms's changelog.

    Changes

    1.35.0 (2024-10-23)

    Features

    • documentai: Add RESOURCE_EXHAUSTED to retryable status codes for ProcessDocument method (6e69d2e)
    • documentai: Added an url for issue reporting and api short name (6e69d2e)
    • documentai: Updated the exponential backoff settings for the Document AI ProcessDocument and BatchProcessDocuments methods (6e69d2e)

    Bug Fixes

    • documentai: Update google.golang.org/api to v0.203.0 (8bb87d5)
    • documentai: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (8bb87d5)

    1.34.0 (2024-09-12)

    Features

    • documentai: Add API fields for the descriptions of entity type and property in the document schema (2d5a9f9)

    Bug Fixes

    • documentai: Bump dependencies (2ddeb15)

    1.33.0 (2024-08-20)

    Features

    • documentai: Add support for Go 1.23 iterators (84461c0)

    1.32.0 (2024-08-08)

    Features

    • documentai: A new field gen_ai_model_info is added to message .google.cloud.documentai.v1.ProcessorVersion (649c075)
    • documentai: A new field imageless_mode is added to message .google.cloud.documentai.v1.ProcessRequest (649c075)

    Bug Fixes

    • documentai: Update google.golang.org/api to v0.191.0 (5b32644)

    ... (truncated)

    Commits

    Updates `cloud.google.com/go/secretmanager` from 1.14.1 to 1.14.2
    Release notes

    Sourced from cloud.google.com/go/secretmanager's releases.

    servicecontrol: v1.14.2

    1.14.2 (2024-10-23)

    Bug Fixes

    • servicecontrol: Update google.golang.org/api to v0.203.0 (8bb87d5)
    • servicecontrol: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (2b8ca4b)

    secretmanager: v1.14.2

    1.14.2 (2024-10-23)

    Bug Fixes

    • secretmanager: Update google.golang.org/api to v0.203.0 (8bb87d5)
    • secretmanager: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (2b8ca4b)

    oslogin: v1.14.2

    1.14.2 (2024-10-23)

    Bug Fixes

    • oslogin: Update google.golang.org/api to v0.203.0 (8bb87d5)
    • oslogin: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (8bb87d5)
    Commits

    Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.85 to 0.6.100
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.100

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.99...v0.6.100

    v0.6.99

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.98...v0.6.99

    v0.6.98

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.97...v0.6.98

    v0.6.97

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.96...v0.6.97

    v0.6.96

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.95...v0.6.96

    v0.6.95

    What's Changed

    ... (truncated)

    Commits
    • c2c542e build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 in the ac...
    • 2139019 build(deps): bump google.golang.org/api from 0.206.0 to 0.207.0 in the gomod ...
    • 875bd18 dont create squad alert when cant filter by squad (#633)
    • 88ddce4 github sdk: add helper functions to get github releases from a tag and file c...
    • efcc3b8 build(deps): bump the gomod group with 2 updates (#629)
    • f6ed5ab alerting: dont create metrics for squad alerts (#628)
    • 5d96ab7 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in the gom...
    • 7a988e7 add support for pubsub channel in alerting module (#626)
    • b2e995e make squad not required for core infra modules (#625)
    • 11acf08 require squad for cloud run services/jobs, and allow alerting based on squad ...
    • Additional commits viewable in compare view

    Updates `golang.org/x/oauth2` from 0.23.0 to 0.24.0
    Commits

    Updates `google.golang.org/api` from 0.199.0 to 0.207.0
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.207.0

    0.207.0 (2024-11-19)

    Features

    v0.206.0

    0.206.0 (2024-11-14)

    Features

    v0.205.0

    0.205.0 (2024-11-06)

    Features

    v0.204.0

    0.204.0 (2024-10-31)

    Features

    ... (truncated)

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.207.0 (2024-11-19)

    Features

    0.206.0 (2024-11-14)

    Features

    0.205.0 (2024-11-06)

    Features

    0.204.0 (2024-10-31)

    Features

    Bug Fixes

    ... (truncated)

    Commits

    Updates `google.golang.org/grpc` from 1.67.0 to 1.68.0
    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.68.0

    Known Issues

    • The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. This bug has been present since the introduction of NewClient. A fix is expected to be a part of grpc-go v1.69. (#7556)

    Behavior Changes

    • stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environment variable, rather than parsing from bootstrap file (#7740)
    • orca (experimental): if using an ORCA listener, it must now be registered only on a READY SubConn, and the listener will automatically be stopped when the connection is lost. (#7663)
    • client: ClientConn.Close() now closes transports simultaneously and waits for transports to be closed before returning. (#7666)
    • credentials: TLS credentials created via NewTLS that use tls.Config.GetConfigForClient will now have CipherSuites, supported TLS versions and ALPN configured automatically. These were previously only set for configs not using the GetConfigForClient option. (#7709)

    Bug Fixes

    • transport: prevent deadlock in client transport shutdown when writing the GOAWAY frame hangs. (#7662)
    • mem: reuse buffers more accurately by using slice capacity instead of length (#7702)
    • status: Fix regression caused by #6919 in status.Details() causing it to return a wrapped type when getting proto messages generated with protoc-gen-go < v1. (#7724)

    Dependencies

    • Bump minimum supported Go version to go1.22.7. (#7624)

    Release 1.67.1

    Bug Fixes

    • transport: Fix a bug causing stream failures due to miscalculation of the flow control window in both clients and servers. (#7667)
    • xds/server: Fix xDS Server memory leak. (#7681)
    Commits
    • acba4d3 Change version to 1.68.0 (#7743)
    • 5363dca credentials: Apply defaults to TLS configs provided through GetConfigForClien...
    • 056dc64 status: Fix status incompatibility introduced by #6919 and move non-regenerat...
    • b79fb61 mem: use slice capacity instead of length, to determine whether to pool buffe...
    • 54841ef stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environme...
    • ad81c20 pickfirstleaf: minor simplification to reconcileSubConnsLocked method (#7731)
    • b850ea5 transport : wait for goroutines to exit before transport closes (#7666)
    • 00b9e14 pickfirst: New pick first policy for dualstack (#7498)
    • 18a4eac testutils: add couple of log statements to the restartable listener type (#7716)
    • fdc2ec2 xdsclient: deflake TestADS_ResourcesAreRequestedAfterStreamRestart (#7720)
    • Additional commits viewable in compare view

    Updates `k8s.io/apimachinery` from 0.31.1 to 0.31.2
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- go.mod | 93 ++++++++++++++------------- go.sum | 200 ++++++++++++++++++++++++++++++--------------------------- 2 files changed, 155 insertions(+), 138 deletions(-) diff --git a/go.mod b/go.mod index 1a53721..cfc8278 100644 --- a/go.mod +++ b/go.mod @@ -1,15 +1,15 @@ module github.com/octo-sts/app -go 1.23.1 +go 1.23.3 require ( - chainguard.dev/go-grpc-kit v0.17.6 - chainguard.dev/sdk v0.1.25 - cloud.google.com/go/kms v1.20.0 - cloud.google.com/go/secretmanager v1.14.1 + chainguard.dev/go-grpc-kit v0.17.7 + chainguard.dev/sdk v0.1.28 + cloud.google.com/go/kms v1.20.1 + cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f - github.com/chainguard-dev/terraform-infra-common v0.6.85 + github.com/chainguard-dev/terraform-infra-common v0.6.100 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -18,34 +18,39 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 - golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.199.0 - google.golang.org/grpc v1.67.0 - k8s.io/apimachinery v0.31.1 + golang.org/x/oauth2 v0.24.0 + google.golang.org/api v0.207.0 + google.golang.org/grpc v1.68.0 + k8s.io/apimachinery v0.31.2 sigs.k8s.io/yaml v1.4.0 ) require ( - cloud.google.com/go v0.115.1 // indirect - cloud.google.com/go/longrunning v0.6.1 // indirect - cloud.google.com/go/trace v1.11.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.24.2 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.2 // indirect + cloud.google.com/go v0.116.0 // indirect + cloud.google.com/go/longrunning v0.6.2 // indirect + cloud.google.com/go/trace v1.11.2 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/ebitengine/purego v0.8.1 // indirect + github.com/go-ole/go-ole v1.2.6 // indirect + github.com/klauspost/compress v1.17.11 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/sethvargo/go-envconfig v1.1.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.30.0 // indirect + github.com/shirou/gopsutil/v4 v4.24.10 // indirect + github.com/yusufpapurcu/wmi v1.2.4 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) require ( - cloud.google.com/go/auth v0.9.5 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect + cloud.google.com/go/auth v0.10.2 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect - cloud.google.com/go/iam v1.2.1 // indirect + cloud.google.com/go/iam v1.2.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -58,40 +63,40 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect - github.com/googleapis/gax-go/v2 v2.13.0 // indirect + github.com/googleapis/gax-go/v2 v2.14.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/prometheus/client_golang v1.20.4 // indirect + github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.57.0 // indirect + github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/stretchr/testify v1.9.0 go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect - go.opentelemetry.io/otel v1.30.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.30.0 // indirect - go.opentelemetry.io/otel/metric v1.30.0 // indirect - go.opentelemetry.io/otel/sdk v1.30.0 // indirect - go.opentelemetry.io/otel/trace v1.30.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect + go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect + go.opentelemetry.io/otel/metric v1.32.0 // indirect + go.opentelemetry.io/otel/sdk v1.32.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.27.0 // indirect - golang.org/x/net v0.29.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/text v0.18.0 // indirect - golang.org/x/time v0.6.0 // indirect - google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/protobuf v1.34.2 // indirect + golang.org/x/crypto v0.29.0 // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/sync v0.9.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/text v0.20.0 // indirect + golang.org/x/time v0.8.0 // indirect + google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/protobuf v1.35.2 // indirect ) diff --git a/go.sum b/go.sum index 3ead85e..81cd679 100644 --- a/go.sum +++ b/go.sum @@ -1,39 +1,39 @@ -chainguard.dev/go-grpc-kit v0.17.6 h1:lwIs9LmSnm8jwrH1QmigCwMP6MYkIBENq/0xGduYZss= -chainguard.dev/go-grpc-kit v0.17.6/go.mod h1:ZNaXn2KEO++2u2WveHs65krYiHmAEGjYLeEtfaQaOWU= -chainguard.dev/sdk v0.1.25 h1:C+FeoJCt4AeMMlWw6+vu5CIcNeYJgooPse6UMLcZzik= -chainguard.dev/sdk v0.1.25/go.mod h1:k88fQlFggN176oyRjg7c1ICpEAbDJOlTcZe+BBHk+70= +chainguard.dev/go-grpc-kit v0.17.7 h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg= +chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw= +chainguard.dev/sdk v0.1.28 h1:xLQv0JxiGhqVKOL059DmTReTjrKFhUsP5U1W6cgr+jQ= +chainguard.dev/sdk v0.1.28/go.mod h1:9EvGI9GY5UPDbZ5AhGbMO8865ixNu36afQYCZ5M95NM= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= -cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw= -cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= -cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= -cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= +cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= +cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= +cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= +cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= +cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= -cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= -cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= -cloud.google.com/go/kms v1.20.0 h1:uKUvjGqbBlI96xGE669hcVnEMw1Px/Mvfa62dhM5UrY= -cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM= -cloud.google.com/go/logging v1.11.0 h1:v3ktVzXMV7CwHq1MBF65wcqLMA7i+z3YxbUsoK7mOKs= -cloud.google.com/go/logging v1.11.0/go.mod h1:5LDiJC/RxTt+fHc1LAt20R9TKiUTReDg6RuuFOZ67+A= -cloud.google.com/go/longrunning v0.6.1 h1:lOLTFxYpr8hcRtcwWir5ITh1PAKUD/sG2lKrTSYjyMc= -cloud.google.com/go/longrunning v0.6.1/go.mod h1:nHISoOZpBcmlwbJmiVk5oDRz0qG/ZxPynEGs1iZ79s0= -cloud.google.com/go/monitoring v1.21.0 h1:EMc0tB+d3lUewT2NzKC/hr8cSR9WsUieVywzIHetGro= -cloud.google.com/go/monitoring v1.21.0/go.mod h1:tuJ+KNDdJbetSsbSGTqnaBvbauS5kr3Q/koy3Up6r+4= -cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= -cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= -cloud.google.com/go/trace v1.11.0 h1:UHX6cOJm45Zw/KIbqHe4kII8PupLt/V5tscZUkeiJVI= -cloud.google.com/go/trace v1.11.0/go.mod h1:Aiemdi52635dBR7o3zuc9lLjXo3BwGaChEjCa3tJNmM= +cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= +cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/kms v1.20.1 h1:og29Wv59uf2FVaZlesaiDAqHFzHaoUyHI3HYp9VUHVg= +cloud.google.com/go/kms v1.20.1/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc= +cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= +cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= +cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= +cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= +cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= +cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= +cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8= +cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw= +cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= +cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 h1:pB2F2JKCj1Znmp2rwxxt1J0Fg0wezTMgWYk5Mpbi1kg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1/go.mod h1:itPGVDKf9cC/ov4MdvJ2QZ0khw4bfoo9jzwTJlaxy2k= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.24.2 h1:B7ox5J7nwey9FPxobwU1wugDKgVqtFvwZRDS0YbM+tY= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.24.2/go.mod h1:VWMJ2cFLtnygvsntQ8JUNQ/VxoZiVd8ewsmyeKSK3k8= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.2 h1:ffI2ensdT33alWXmBDi/7cvCV7K3o7TF5oE44g8tiN0= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.2/go.mod h1:pNP/L2wDlaQnQlFvkDKGSruDoYRpmAxB6drgsskfYwg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.2 h1:th/AQTVtV5u0WVQln/ks+jxhkZ433MeOevmka55fkeg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.2/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0 h1:4PoDbd/9/06IpwLGxSfvfNoEr9urvfkrN6mmJangGCg= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0/go.mod h1:EycllQ1gupHbjqbcmfCr/H6FKSGSmEUONJ2ivb86qeY= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f h1:xRgn6phdh0RY1neJcftPVEcmb2AbvMvPZF44bFkxi+0= github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.85 h1:xS8ouruBFlSVSw0vg5fCOFImC1xXa7On4si5ju/DF6A= -github.com/chainguard-dev/terraform-infra-common v0.6.85/go.mod h1:NtmmvcJIqFHYjaXO8KaTgcK3p45mHuZXW8CL3abrUJY= +github.com/chainguard-dev/terraform-infra-common v0.6.100 h1:LNdpzASPcHXgKYjM0IAGMi0azok/AnF1o2nCxXbvZXo= +github.com/chainguard-dev/terraform-infra-common v0.6.100/go.mod h1:Oi+gEv+SkxIBrsRKkNznDT0Es9d6ln5zN7C7c1FCcWs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -59,6 +59,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE= +github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -74,6 +76,8 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= +github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= @@ -118,14 +122,14 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= -github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= -github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= +github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= +github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99/go.mod h1:3bDW6wMZJB7tiONtC/1Xpicra6Wp5GgbTbQWCbI5fkc= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -139,8 +143,8 @@ github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dv github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -164,24 +168,28 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw= +github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= -github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= +github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= +github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/sethvargo/go-envconfig v1.1.0 h1:cWZiJxeTm7AlCvzGXrEXaSTCNgip5oJepekh/BOQuog= github.com/sethvargo/go-envconfig v1.1.0/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= +github.com/shirou/gopsutil/v4 v4.24.10 h1:7VOzPtfw/5YDU+jLEoBwXwxJbQetULywoSV4RYY7HkM= +github.com/shirou/gopsutil/v4 v4.24.10/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -200,28 +208,30 @@ github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6Kllzaw github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= +github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/detectors/gcp v1.30.0 h1:GF+YVnUeJwOy+Ag2cTEpVZq+r2Tnci42FIiNwA2gjME= -go.opentelemetry.io/contrib/detectors/gcp v1.30.0/go.mod h1:p5Av42vWKPezk67MQwLYZwlo/z6xLnN/upaIyQNWBGg= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= -go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= -go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 h1:lsInsfvhVIfOI6qHVyysXMNDnjO9Npvl7tlDPJFBVd4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0/go.mod h1:KQsVNh4OjgjTG0G6EiNi1jVpnaeeKsKMRwbLN+f1+8M= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 h1:nSiV3s7wiCam610XcLbYOmMfJxB9gO4uK3Xgv5gmTgg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0/go.mod h1:hKn/e/Nmd19/x1gvIHwtOwVWM+VhuITSWip3JUDghj0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.30.0 h1:umZgi92IyxfXd/l4kaDhnKgY8rnN/cZcF1LKc6I8OQ8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.30.0/go.mod h1:4lVs6obhSVRb1EW5FhOuBTyiQhtRtAnnva9vD3yRfq8= -go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= -go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= -go.opentelemetry.io/otel/sdk v1.30.0 h1:cHdik6irO49R5IysVhdn8oaiR9m8XluDaJAs4DfOrYE= -go.opentelemetry.io/otel/sdk v1.30.0/go.mod h1:p14X4Ok8S+sygzblytT1nqG98QG2KYKv++HE0LY/mhg= -go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= -go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= +go.opentelemetry.io/contrib/detectors/gcp v1.32.0 h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8= +go.opentelemetry.io/contrib/detectors/gcp v1.32.0/go.mod h1:TVqo0Sda4Cv8gCIixd7LuLwW4EylumVWfhjZJjDD4DU= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= +go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= +go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -237,8 +247,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -256,32 +266,34 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -296,20 +308,20 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs= -google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28= +google.golang.org/api v0.207.0 h1:Fvt6IGCYjf7YLcQ+GCegeAI2QSQCfIWhRkmrMPj3JRM= +google.golang.org/api v0.207.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= @@ -317,8 +329,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= -google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -328,8 +340,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -343,7 +355,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= -k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= +k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From b8f43500aa20c600511ebb05f7dbe5584f94023f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 09:59:54 +0100 Subject: [PATCH 048/194] Bump the all group with 3 updates (#623) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 3 updates: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common), [google.golang.org/api](https://github.com/googleapis/google-api-go-client) and [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.100 to 0.6.102
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.102

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.101...v0.6.102

    v0.6.101

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.100...v0.6.101

    Commits

    Updates `google.golang.org/api` from 0.207.0 to 0.208.0
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.208.0

    0.208.0 (2024-11-20)

    Features

    • all: Auto-regenerate discovery clients (#2881) (44435a9)
    • gensupport: Per-chunk transfer timeout configs (09fa125)
    • gensupport: Per-chunk transfer timeout configs (#2865) (09fa125)
    Changelog

    Sourced from google.golang.org/api's changelog.

    0.208.0 (2024-11-20)

    Features

    • all: Auto-regenerate discovery clients (#2881) (44435a9)
    • gensupport: Per-chunk transfer timeout configs (09fa125)
    • gensupport: Per-chunk transfer timeout configs (#2865) (09fa125)
    Commits

    Updates `k8s.io/apimachinery` from 0.31.2 to 0.31.3
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index cfc8278..2ef0d06 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f - github.com/chainguard-dev/terraform-infra-common v0.6.100 + github.com/chainguard-dev/terraform-infra-common v0.6.102 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -19,9 +19,9 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.207.0 + google.golang.org/api v0.208.0 google.golang.org/grpc v1.68.0 - k8s.io/apimachinery v0.31.2 + k8s.io/apimachinery v0.31.3 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 81cd679..5befe99 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f h1:xRgn6phdh0RY1neJcftPVEcmb2AbvMvPZF44bFkxi+0= github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.100 h1:LNdpzASPcHXgKYjM0IAGMi0azok/AnF1o2nCxXbvZXo= -github.com/chainguard-dev/terraform-infra-common v0.6.100/go.mod h1:Oi+gEv+SkxIBrsRKkNznDT0Es9d6ln5zN7C7c1FCcWs= +github.com/chainguard-dev/terraform-infra-common v0.6.102 h1:03MDNLf0iwHVaGb4PbeDersvV/RR5YPuGCe7ztd2EO0= +github.com/chainguard-dev/terraform-infra-common v0.6.102/go.mod h1:GM2JXJrE49BcYAtqlY6m4iBoLr2I917vM8aRK2YTApU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -308,8 +308,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.207.0 h1:Fvt6IGCYjf7YLcQ+GCegeAI2QSQCfIWhRkmrMPj3JRM= -google.golang.org/api v0.207.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= +google.golang.org/api v0.208.0 h1:8Y62MUGRviQnnP9/41/bYAGySPKAN9iwzV96ZvhwyVE= +google.golang.org/api v0.208.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -355,7 +355,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= -k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= +k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From e2aa5a4010e40ff3668c6dfa1fe57874cd684dbb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:43:30 +0100 Subject: [PATCH 049/194] Bump chainguard-dev/common/infra from 0.6.100 to 0.6.102 in /modules/app in the all group (#620) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.100 to 0.6.102
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.102

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.101...v0.6.102

    v0.6.101

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.100...v0.6.101

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.100&new-version=0.6.102)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 7652806..92f403b 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.100" + version = "0.6.102" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.100" + version = "0.6.102" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index d2266cb..1f451a2 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.100" + version = "0.6.102" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.100" + version = "0.6.102" project_id = var.project_id name = "${var.name}-webhook" From 01c665a850dce92fca23902992e868ce52578ec0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 09:59:41 +0100 Subject: [PATCH 050/194] Bump chainguard-dev/common/infra from 0.6.102 to 0.6.103 in /modules/app in the all group (#624) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.102 to 0.6.103
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.103

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.102...v0.6.103

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.102&new-version=0.6.103)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 92f403b..8582d33 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.102" + version = "0.6.103" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.102" + version = "0.6.103" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 1f451a2..7f774da 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.102" + version = "0.6.103" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.102" + version = "0.6.103" project_id = var.project_id name = "${var.name}-webhook" From 0845945a3e2b29fe7e0536ac822f7e241b491c3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:04:45 +0100 Subject: [PATCH 051/194] Bump the all group across 1 directory with 2 updates (#629) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the / directory: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.102 to 0.6.104
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.104

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.103...v0.6.104

    v0.6.103

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.102...v0.6.103

    Commits
    • def5676 rollforward Revert "disable rate squad alerts (#637)" (#640)
    • 0f15916 build(deps): bump google.golang.org/api from 0.208.0 to 0.209.0 in the gomod ...
    • 755cf74 otel: actually processor attributes (#638)
    • See full diff in compare view

    Updates `google.golang.org/api` from 0.208.0 to 0.209.0
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.209.0

    0.209.0 (2024-11-21)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.209.0 (2024-11-21)

    Features

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 2ef0d06..ee49f28 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f - github.com/chainguard-dev/terraform-infra-common v0.6.102 + github.com/chainguard-dev/terraform-infra-common v0.6.104 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.208.0 + google.golang.org/api v0.209.0 google.golang.org/grpc v1.68.0 k8s.io/apimachinery v0.31.3 sigs.k8s.io/yaml v1.4.0 diff --git a/go.sum b/go.sum index 5befe99..6180531 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f h1:xRgn6phdh0RY1neJcftPVEcmb2AbvMvPZF44bFkxi+0= github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.102 h1:03MDNLf0iwHVaGb4PbeDersvV/RR5YPuGCe7ztd2EO0= -github.com/chainguard-dev/terraform-infra-common v0.6.102/go.mod h1:GM2JXJrE49BcYAtqlY6m4iBoLr2I917vM8aRK2YTApU= +github.com/chainguard-dev/terraform-infra-common v0.6.104 h1:FKy/oiGo57Vwxendz2BZpJyP6PoR/k4s9Imtla5Kp8k= +github.com/chainguard-dev/terraform-infra-common v0.6.104/go.mod h1:vu5CsjYZTcHraUXI797avhpgkBUTCOqEyCrkJAPGC9U= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -308,8 +308,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.208.0 h1:8Y62MUGRviQnnP9/41/bYAGySPKAN9iwzV96ZvhwyVE= -google.golang.org/api v0.208.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= +google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w= +google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= From 9f447cdee44bfee7e7250c49cd1d6091bdbdc7a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:20:39 +0100 Subject: [PATCH 052/194] Bump chainguard-dev/common/infra from 0.6.100 to 0.6.103 in /iac/bootstrap in the all group across 1 directory (#627) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac/bootstrap directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.100 to 0.6.103
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.103

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.102...v0.6.103

    v0.6.102

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.101...v0.6.102

    v0.6.101

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.100...v0.6.101

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.100&new-version=0.6.103)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 30b3944..3da02c7 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.100" + version = "0.6.103" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.100" + version = "0.6.103" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.100" + version = "0.6.103" project_id = var.project_id name = "github-pull-requests" From 0cdf322c3d725183273b11a54b411e7a42e11996 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:20:53 +0100 Subject: [PATCH 053/194] Bump chainguard-dev/common/infra from 0.6.100 to 0.6.103 in /iac in the all group across 1 directory (#628) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.100 to 0.6.103
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.103

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.102...v0.6.103

    v0.6.102

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.101...v0.6.102

    v0.6.101

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.100...v0.6.101

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.100&new-version=0.6.103)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index c011384..4213365 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.100" + version = "0.6.103" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.100" + version = "0.6.103" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index c8a3011..a82b8ce 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.100" + version = "0.6.103" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 3fc5da6..1e727d2 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.100" + version = "0.6.103" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 755d7de..37118b8 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.100" + version = "0.6.103" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.100" + version = "0.6.103" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.100" + version = "0.6.103" service_name = var.name project_id = var.project_id From 11b9cb33acb2fb9ece9e4adb485953cf1ef30006 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 20:46:56 +0000 Subject: [PATCH 054/194] Bump chainguard-dev/common/infra from 0.6.103 to 0.6.104 in /iac in the all group (#630) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.103 to 0.6.104
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.104

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.103...v0.6.104

    Commits
    • def5676 rollforward Revert "disable rate squad alerts (#637)" (#640)
    • 0f15916 build(deps): bump google.golang.org/api from 0.208.0 to 0.209.0 in the gomod ...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.103&new-version=0.6.104)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 4213365..0565087 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.103" + version = "0.6.104" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.103" + version = "0.6.104" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index a82b8ce..d898dba 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.103" + version = "0.6.104" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 1e727d2..21cd79e 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.103" + version = "0.6.104" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 37118b8..ccc2620 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.103" + version = "0.6.104" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.103" + version = "0.6.104" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.103" + version = "0.6.104" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 8582d33..a2b828c 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.103" + version = "0.6.104" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.103" + version = "0.6.104" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 7f774da..7caaf13 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.103" + version = "0.6.104" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.103" + version = "0.6.104" project_id = var.project_id name = "${var.name}-webhook" From 848997d97cb677f6b63f1fb447c29422a1f39eed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 12:47:21 -0800 Subject: [PATCH 055/194] Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.11.0 to 2.12.0 (#619) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.11.0 to 2.12.0.
    Release notes

    Sourced from github.com/bradleyfalzon/ghinstallation/v2's releases.

    v2.12.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/bradleyfalzon/ghinstallation/compare/v2.11.0...v2.12.0

    Commits
    • f5c03cd Bump the actions group across 1 directory with 2 updates
    • 568f250 Bumped github.com/golang-jwt/jwt/v4 due to security CVE-2024-51744
    • e55c642 Update go-github to v66
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/bradleyfalzon/ghinstallation/v2&package-manager=go_modules&previous-version=2.11.0&new-version=2.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- go.mod | 4 ++-- go.sum | 9 ++++----- pkg/octosts/octosts.go | 2 +- pkg/octosts/octosts_test.go | 5 +++-- pkg/octosts/trust_policy.go | 2 +- pkg/prober/prober.go | 5 +++-- pkg/webhook/webhook.go | 5 +++-- pkg/webhook/webhook_test.go | 2 +- 8 files changed, 18 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index ee49f28..3fd3cdb 100644 --- a/go.mod +++ b/go.mod @@ -7,14 +7,14 @@ require ( chainguard.dev/sdk v0.1.28 cloud.google.com/go/kms v1.20.1 cloud.google.com/go/secretmanager v1.14.2 - github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f github.com/chainguard-dev/terraform-infra-common v0.6.104 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.6.0 - github.com/google/go-github/v62 v62.0.0 + github.com/google/go-github/v66 v66.0.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 diff --git a/go.sum b/go.sum index 6180531..f0c559b 100644 --- a/go.sum +++ b/go.sum @@ -38,8 +38,8 @@ github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 h1:R9d0v+iobRHSaE4wKUnXFiZp53AL4ED5MzgEMwGTZag= -github.com/bradleyfalzon/ghinstallation/v2 v2.11.0/go.mod h1:0LWKQwOHewXO/1acI6TtyE0Xc4ObDb2rFN7eHBAG71M= +github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 h1:k8oVjGhZel2qmCUsYwSE34jPNT9DL2wCBOtugsHv26g= +github.com/bradleyfalzon/ghinstallation/v2 v2.12.0/go.mod h1:V4gJcNyAftH0rXpRp1SUVUuh+ACxOH1xOk/ZzkRHltg= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -80,7 +80,6 @@ github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -110,8 +109,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= -github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= +github.com/google/go-github/v66 v66.0.0 h1:ADJsaXj9UotwdgK8/iFZtv7MLc8E8WBl62WLd/D/9+M= +github.com/google/go-github/v66 v66.0.0/go.mod h1:+4SO9Zkuyf8ytMj0csN1NR/5OTR+MfqPp8P8dVlcvY4= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= diff --git a/pkg/octosts/octosts.go b/pkg/octosts/octosts.go index 3ff83ef..af064fe 100644 --- a/pkg/octosts/octosts.go +++ b/pkg/octosts/octosts.go @@ -19,7 +19,7 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" cloudevents "github.com/cloudevents/sdk-go/v2" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v66/github" lru "github.com/hashicorp/golang-lru/v2" expirablelru "github.com/hashicorp/golang-lru/v2/expirable" diff --git a/pkg/octosts/octosts_test.go b/pkg/octosts/octosts_test.go index 22bdf58..7a9bdbd 100644 --- a/pkg/octosts/octosts_test.go +++ b/pkg/octosts/octosts_test.go @@ -34,9 +34,10 @@ import ( josejwt "github.com/go-jose/go-jose/v4/jwt" jwt "github.com/golang-jwt/jwt/v4" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v62/github" - "github.com/octo-sts/app/pkg/provider" + "github.com/google/go-github/v66/github" "google.golang.org/grpc/metadata" + + "github.com/octo-sts/app/pkg/provider" ) type fakeGitHub struct { diff --git a/pkg/octosts/trust_policy.go b/pkg/octosts/trust_policy.go index 133c982..f8bf4a6 100644 --- a/pkg/octosts/trust_policy.go +++ b/pkg/octosts/trust_policy.go @@ -10,7 +10,7 @@ import ( "slices" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v66/github" ) type TrustPolicy struct { diff --git a/pkg/prober/prober.go b/pkg/prober/prober.go index 5dd31e6..b603e27 100644 --- a/pkg/prober/prober.go +++ b/pkg/prober/prober.go @@ -11,11 +11,12 @@ import ( "chainguard.dev/sdk/sts" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v66/github" "github.com/kelseyhightower/envconfig" - "github.com/octo-sts/app/pkg/octosts" "golang.org/x/oauth2" "google.golang.org/api/idtoken" + + "github.com/octo-sts/app/pkg/octosts" ) type envConfig struct { diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index aaa09b5..dfd1278 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -17,11 +17,12 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v66/github" "github.com/hashicorp/go-multierror" - "github.com/octo-sts/app/pkg/octosts" "k8s.io/apimachinery/pkg/util/sets" "sigs.k8s.io/yaml" + + "github.com/octo-sts/app/pkg/octosts" ) const ( diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go index d69a1d4..cef8161 100644 --- a/pkg/webhook/webhook_test.go +++ b/pkg/webhook/webhook_test.go @@ -24,7 +24,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/chainguard-dev/clog/slogtest" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v66/github" ) func TestValidatePolicy(t *testing.T) { From c848ad0e58449331dfd667939a14e74f6382f192 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 13:25:33 -0800 Subject: [PATCH 056/194] Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#631) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0.
    Release notes

    Sourced from github.com/stretchr/testify's releases.

    v1.10.0

    What's Changed

    Functional Changes

    Fixes

    Documantation, Build & CI

    New Contributors

    ... (truncated)

    Commits
    • 89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
    • 07bac60 Merge pull request #1667 from sikehish/flaky
    • 716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
    • 118fb83 NotSame should fail if args are not pointers #1661 (#1664)
    • 7d99b2b attempt 2
    • 05f87c0 more similar
    • ea7129e better fmt
    • a1b9c9e Merge pull request #1663 from ybrustin/master
    • 8302de9 Merge branch 'master' into master
    • 89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.9.0&new-version=1.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3fd3cdb..7713a2c 100644 --- a/go.mod +++ b/go.mod @@ -75,7 +75,7 @@ require ( github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.10.0 go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect diff --git a/go.sum b/go.sum index f0c559b..34106ea 100644 --- a/go.sum +++ b/go.sum @@ -201,8 +201,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From 1b6520967aa14767e6a1994c37ee96f47ebf6703 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 13:26:07 -0800 Subject: [PATCH 057/194] Bump github.com/chainguard-dev/clog from 1.5.1-0.20240811185937-4c523ae4593f to 1.5.1 (#632) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [github.com/chainguard-dev/clog](https://github.com/chainguard-dev/clog) from 1.5.1-0.20240811185937-4c523ae4593f to 1.5.1.
    Release notes

    Sourced from github.com/chainguard-dev/clog's releases.

    v1.5.1

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/clog/compare/v1.5.0...v1.5.1

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/clog&package-manager=go_modules&previous-version=1.5.1-0.20240811185937-4c523ae4593f&new-version=1.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7713a2c..33774a0 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( cloud.google.com/go/kms v1.20.1 cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 - github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f + github.com/chainguard-dev/clog v1.5.1 github.com/chainguard-dev/terraform-infra-common v0.6.104 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 diff --git a/go.sum b/go.sum index 34106ea..215755a 100644 --- a/go.sum +++ b/go.sum @@ -45,8 +45,8 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f h1:xRgn6phdh0RY1neJcftPVEcmb2AbvMvPZF44bFkxi+0= -github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= +github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= +github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= github.com/chainguard-dev/terraform-infra-common v0.6.104 h1:FKy/oiGo57Vwxendz2BZpJyP6PoR/k4s9Imtla5Kp8k= github.com/chainguard-dev/terraform-infra-common v0.6.104/go.mod h1:vu5CsjYZTcHraUXI797avhpgkBUTCOqEyCrkJAPGC9U= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= From 4ea8e19d6096282f01d452cfde5e5462a5dec1e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 13:26:29 -0800 Subject: [PATCH 058/194] Bump chainguard-dev/common/infra from 0.6.103 to 0.6.104 in /iac/bootstrap in the all group (#633) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.103 to 0.6.104
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.104

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.103...v0.6.104

    Commits
    • def5676 rollforward Revert "disable rate squad alerts (#637)" (#640)
    • 0f15916 build(deps): bump google.golang.org/api from 0.208.0 to 0.209.0 in the gomod ...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.103&new-version=0.6.104)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 3da02c7..1403d93 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.103" + version = "0.6.104" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.103" + version = "0.6.104" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.103" + version = "0.6.104" project_id = var.project_id name = "github-pull-requests" From f2eb517d81e76aba97e2f9c961cd9467d930814b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 12:33:27 -0800 Subject: [PATCH 059/194] Bump chainguard-dev/common/infra from 0.6.104 to 0.6.105 in /modules/app in the all group (#635) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.104 to 0.6.105
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.105

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.104...v0.6.105

    Commits
    • f5d0763 github-bots/sdk: function to list files in a directory for a given ref (#642)
    • 12c1aa0 build(deps): bump github.com/chainguard-dev/clog from 1.5.1-0.20240811185937-...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.104&new-version=0.6.105)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index a2b828c..425f8c5 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.104" + version = "0.6.105" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.104" + version = "0.6.105" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 7caaf13..f87842f 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.104" + version = "0.6.105" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.104" + version = "0.6.105" project_id = var.project_id name = "${var.name}-webhook" From 2de5173c0171236c093d0e45275684a9e916271b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 08:52:29 +0100 Subject: [PATCH 060/194] Bump chainguard-dev/common/infra from 0.6.104 to 0.6.105 in /iac in the all group (#637) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.104 to 0.6.105
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.105

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.104...v0.6.105

    Commits
    • f5d0763 github-bots/sdk: function to list files in a directory for a given ref (#642)
    • 12c1aa0 build(deps): bump github.com/chainguard-dev/clog from 1.5.1-0.20240811185937-...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.104&new-version=0.6.105)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 0565087..b6bc52f 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.104" + version = "0.6.105" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.104" + version = "0.6.105" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index d898dba..d4072e2 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.104" + version = "0.6.105" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 21cd79e..609772c 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.104" + version = "0.6.105" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index ccc2620..cc5994f 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.104" + version = "0.6.105" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.104" + version = "0.6.105" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.104" + version = "0.6.105" service_name = var.name project_id = var.project_id From 58e8c9f912db6847a2275352415b101c64d3422d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 09:01:34 +0100 Subject: [PATCH 061/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.104 to 0.6.105 in the all group (#636) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.104 to 0.6.105
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.105

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.104...v0.6.105

    Commits
    • f5d0763 github-bots/sdk: function to list files in a directory for a given ref (#642)
    • 12c1aa0 build(deps): bump github.com/chainguard-dev/clog from 1.5.1-0.20240811185937-...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.104&new-version=0.6.105)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 33774a0..ceb424c 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.104 + github.com/chainguard-dev/terraform-infra-common v0.6.105 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index 215755a..321c4a3 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.104 h1:FKy/oiGo57Vwxendz2BZpJyP6PoR/k4s9Imtla5Kp8k= -github.com/chainguard-dev/terraform-infra-common v0.6.104/go.mod h1:vu5CsjYZTcHraUXI797avhpgkBUTCOqEyCrkJAPGC9U= +github.com/chainguard-dev/terraform-infra-common v0.6.105 h1:082fgLkgF6G4gXDJtWjimhhc1tbe4PbUDhMKP1doBso= +github.com/chainguard-dev/terraform-infra-common v0.6.105/go.mod h1:DM9365JC8QWFyrXvAJeKvVXzxCeVs/CvGcub3JD8btI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From fafe7879225fc5354a9c38d77356b8b692575822 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 09:02:05 +0100 Subject: [PATCH 062/194] Bump chainguard-dev/common/infra from 0.6.104 to 0.6.105 in /iac/bootstrap in the all group (#634) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.104 to 0.6.105
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.105

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.104...v0.6.105

    Commits
    • f5d0763 github-bots/sdk: function to list files in a directory for a given ref (#642)
    • 12c1aa0 build(deps): bump github.com/chainguard-dev/clog from 1.5.1-0.20240811185937-...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.104&new-version=0.6.105)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 1403d93..29114ad 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.104" + version = "0.6.105" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.104" + version = "0.6.105" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.104" + version = "0.6.105" project_id = var.project_id name = "github-pull-requests" From 2a16ec4e982a07d55d49bf27b46fff1c74d0d71e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 17:09:21 +0100 Subject: [PATCH 063/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.105 to 0.6.106 in the all group (#638) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.105 to 0.6.106
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.106

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.105...v0.6.106

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.105&new-version=0.6.106)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ceb424c..dce7c40 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.105 + github.com/chainguard-dev/terraform-infra-common v0.6.106 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index 321c4a3..1fd2866 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.105 h1:082fgLkgF6G4gXDJtWjimhhc1tbe4PbUDhMKP1doBso= -github.com/chainguard-dev/terraform-infra-common v0.6.105/go.mod h1:DM9365JC8QWFyrXvAJeKvVXzxCeVs/CvGcub3JD8btI= +github.com/chainguard-dev/terraform-infra-common v0.6.106 h1:RatEsRDhQiHD2K8wBose6C713SKxkQzUVxXnFlE2psE= +github.com/chainguard-dev/terraform-infra-common v0.6.106/go.mod h1:DM9365JC8QWFyrXvAJeKvVXzxCeVs/CvGcub3JD8btI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From 350c2688d280b95dd5a0d8350b3d6426f024ad45 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 22:30:24 +0100 Subject: [PATCH 064/194] Bump chainguard-dev/common/infra from 0.6.105 to 0.6.106 in /iac in the all group (#639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.105 to 0.6.106
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.106

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.105...v0.6.106

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.105&new-version=0.6.106)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index b6bc52f..ce9d7e2 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.105" + version = "0.6.106" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.105" + version = "0.6.106" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index d4072e2..7492c85 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.105" + version = "0.6.106" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 609772c..fa1213b 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.105" + version = "0.6.106" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index cc5994f..1e7b29a 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.105" + version = "0.6.106" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.105" + version = "0.6.106" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.105" + version = "0.6.106" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 425f8c5..5f0c860 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.105" + version = "0.6.106" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.105" + version = "0.6.106" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index f87842f..b7023f2 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.105" + version = "0.6.106" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.105" + version = "0.6.106" project_id = var.project_id name = "${var.name}-webhook" From 42555ec6892b492040a929ac73210d0c0b96d321 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 22:59:40 +0100 Subject: [PATCH 065/194] Bump chainguard-dev/common/infra from 0.6.105 to 0.6.106 in /iac/bootstrap in the all group (#641) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.105 to 0.6.106
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.106

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.105...v0.6.106

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.105&new-version=0.6.106)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 29114ad..548551e 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.105" + version = "0.6.106" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.105" + version = "0.6.106" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.105" + version = "0.6.106" project_id = var.project_id name = "github-pull-requests" From 255165aecea6177942d64f6b804fe1336a68ba4c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 21:31:52 +0100 Subject: [PATCH 066/194] Bump the all group with 2 updates (#642) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) and [reviewdog/action-misspell](https://github.com/reviewdog/action-misspell). Updates `reviewdog/action-actionlint` from 1.57.0 to 1.59.0
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.59.0

    v1.59.0: PR #146 - chore(deps): update actionlint to 1.7.4

    Release v1.58.0

    v1.58.0: PR #147 - Add fail_level and deduplicate fail_on_error

    Commits
    • 053c5cf bump v1.59.0
    • 6f4af2f Merge branch 'main' into releases/v1
    • 8256770 Merge pull request #146 from reviewdog/depup/actionlint
    • d1992cd bump v1.58.0
    • 3d5dd35 Merge branch 'main' into releases/v1
    • a6d11f2 Merge pull request #147 from reviewdog/add_fail_level
    • 9543997 Add fail_level and deduplicate fail_on_error
    • 180da70 chore(deps): update actionlint to 1.7.4
    • See full diff in compare view

    Updates `reviewdog/action-misspell` from 1.23.0 to 1.25.0
    Release notes

    Sourced from reviewdog/action-misspell's releases.

    Release v1.25.0

    What's Changed

    Full Changelog: https://github.com/reviewdog/action-misspell/compare/v1.24.0...v1.25.0

    Release v1.24.0

    What's Changed

    Full Changelog: https://github.com/reviewdog/action-misspell/compare/v1.23.0...v1.24.0

    Commits
    • 6dbb2a0 Merge pull request #75 from reviewdog/add_fail_level
    • c60dcb0 Add line break
    • bb00978 Merge branch 'master' into add_fail_level
    • 8bc2cae Merge pull request #74 from reviewdog/depup/reviewdog
    • 9a8c4db Add fail_level and deduplicate fail_on_error
    • fcb6dfd chore(deps): update reviewdog to 0.20.2
    • See full diff in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/style.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 20911eb..e3afa5b 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@7eeec1dd160c2301eb28e1568721837d084558ad # v1.57.0 + uses: reviewdog/action-actionlint@053c5cf55eed0ced1367cdc5e658df41db3a0cce # v1.59.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 97433a2..8fa2426 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -89,7 +89,7 @@ jobs: github_token: ${{ secrets.github_token }} fail_on_error: true - - uses: reviewdog/action-misspell@ef8b22c1cca06c8d306fc6be302c3dab0f6ca12f # v1.23.0 + - uses: reviewdog/action-misspell@6dbb2a0a90daef8df58aa6301645b59cc3253733 # v1.25.0 if: ${{ always() }} with: github_token: ${{ secrets.github_token }} From 4a37cd3c38d1f15144b2c824a21f2bdf42621a9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:44:45 +0100 Subject: [PATCH 067/194] Bump the all group with 2 updates (#643) Bumps the all group with 2 updates: [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `cloud.google.com/go/kms` from 1.20.1 to 1.20.2
    Release notes

    Sourced from cloud.google.com/go/kms's releases.

    kms: v1.20.2

    1.20.2 (2024-12-04)

    Documentation

    • kms: A comment for enum CryptoKeyVersionAlgorithm is changed (8dedb87)
    Commits
    • 63b704e chore: release main (#11176)
    • 481f97b chore(main): release auth 0.12.0 (#11187)
    • 191a664 feat(dialogflow): make TrainingPhrase name field output-only (#11217)
    • a7db927 fix(storage): add backoff to gRPC write retries (#11200)
    • 364b639 feat(bigquery): expose IsCaseInsensitive for dataset metadata (#11216)
    • d3de944 feat(managedkafka): A new field satisfies_pzi is added to message `.google....
    • d93c2d9 feat(bigquery): support IAM conditions in datasets (#11123)
    • ab75177 chore(main): release pubsub 1.45.2 (#11102)
    • f843d50 fix(pubsub): only init batch span if trace enabled (#11193)
    • 8dedb87 docs(batch): Rephrase reservation field doc (#11180)
    • Additional commits viewable in compare view

    Updates `google.golang.org/grpc` from 1.68.0 to 1.68.1
    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.68.1

    Bug Fixes

    • credentials/alts: avoid SRV and TXT lookups for handshaker service to work around hangs caused by buggy versions of systemd-resolved. (#7861)

    Dependencies

    • Relax minimum Go version requirement from go1.22.7 to go1.22. (#7831)
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index dce7c40..5e28104 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.3 require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.28 - cloud.google.com/go/kms v1.20.1 + cloud.google.com/go/kms v1.20.2 cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 @@ -20,7 +20,7 @@ require ( github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 google.golang.org/api v0.209.0 - google.golang.org/grpc v1.68.0 + google.golang.org/grpc v1.68.1 k8s.io/apimachinery v0.31.3 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 1fd2866..5c038a8 100644 --- a/go.sum +++ b/go.sum @@ -13,8 +13,8 @@ cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixA cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/kms v1.20.1 h1:og29Wv59uf2FVaZlesaiDAqHFzHaoUyHI3HYp9VUHVg= -cloud.google.com/go/kms v1.20.1/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc= +cloud.google.com/go/kms v1.20.2 h1:NGTHOxAyhDVUGVU5KngeyGScrg2D39X76Aphe6NC7S0= +cloud.google.com/go/kms v1.20.2/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= @@ -328,8 +328,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= -google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= +google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= +google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 36fdd4330fcfa9e3b3e6d39334ee346def649dea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:01:14 -0500 Subject: [PATCH 068/194] Bump the all group with 2 updates (#645) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) and [reviewdog/action-misspell](https://github.com/reviewdog/action-misspell). Updates `reviewdog/action-actionlint` from 1.59.0 to 1.60.0
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.60.0

    v1.60.0: PR #148 - chore(deps): update reviewdog to 0.20.3

    Commits

    Updates `reviewdog/action-misspell` from 1.25.0 to 1.26.1
    Release notes

    Sourced from reviewdog/action-misspell's releases.

    Release v1.26.1

    What's Changed

    Full Changelog: https://github.com/reviewdog/action-misspell/compare/v1.26.0...v1.26.1

    Release v1.26.0

    What's Changed

    Full Changelog: https://github.com/reviewdog/action-misspell/compare/v1.25.0...v1.26.0

    Commits
    • 18ffb61 Merge pull request #73 from reviewdog/renovate/peter-evans-create-pull-reques...
    • b277a94 Merge pull request #76 from reviewdog/depup/reviewdog
    • 364a050 chore(deps): update reviewdog to 0.20.3
    • 65e0ad4 chore(deps): update peter-evans/create-pull-request action to v7
    • See full diff in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/style.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index e3afa5b..b97576b 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@053c5cf55eed0ced1367cdc5e658df41db3a0cce # v1.59.0 + uses: reviewdog/action-actionlint@08ef4afa963243489a457cca426f705ce4e0d1a5 # v1.60.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 8fa2426..2391347 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -89,7 +89,7 @@ jobs: github_token: ${{ secrets.github_token }} fail_on_error: true - - uses: reviewdog/action-misspell@6dbb2a0a90daef8df58aa6301645b59cc3253733 # v1.25.0 + - uses: reviewdog/action-misspell@18ffb61effb93b47e332f185216be7e49592e7e1 # v1.26.1 if: ${{ always() }} with: github_token: ${{ secrets.github_token }} From 414bad2825d6e474a315fd6f82b7d9bbd450527b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 04:53:53 +0100 Subject: [PATCH 069/194] Bump google.golang.org/api from 0.209.0 to 0.210.0 (#644) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.209.0 to 0.210.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.210.0

    0.210.0 (2024-12-04)

    Features

    Bug Fixes

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.210.0 (2024-12-04)

    Features

    Bug Fixes

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.209.0&new-version=0.210.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 5e28104..59e7ba3 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.209.0 + google.golang.org/api v0.210.0 google.golang.org/grpc v1.68.1 k8s.io/apimachinery v0.31.3 sigs.k8s.io/yaml v1.4.0 @@ -47,8 +47,8 @@ require ( ) require ( - cloud.google.com/go/auth v0.10.2 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect + cloud.google.com/go/auth v0.11.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.2 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -95,8 +95,8 @@ require ( golang.org/x/sys v0.27.0 // indirect golang.org/x/text v0.20.0 // indirect golang.org/x/time v0.8.0 // indirect - google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/protobuf v1.35.2 // indirect ) diff --git a/go.sum b/go.sum index 5c038a8..45b8662 100644 --- a/go.sum +++ b/go.sum @@ -5,10 +5,10 @@ chainguard.dev/sdk v0.1.28/go.mod h1:9EvGI9GY5UPDbZ5AhGbMO8865ixNu36afQYCZ5M95NM cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= -cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= -cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= -cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= +cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA= +cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= +cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= @@ -307,20 +307,20 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w= -google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= +google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk= +google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= +google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= +google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 85f467f21aca86c21d46a096c18ff9a43905d129 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 22:20:11 +0100 Subject: [PATCH 070/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.106 to 0.6.107 in the all group (#646) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.106 to 0.6.107
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.107

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.106...v0.6.107

    Commits
    • 0544748 build(deps): bump the gomod group with 3 updates (#651)
    • f05ad69 build(deps): bump the actions group with 3 updates (#650)
    • 3a17098 build(deps): bump the gomod group with 3 updates (#649)
    • 3a6c9c7 build(deps): bump the actions group with 3 updates (#647)
    • a117e72 build(deps): bump cloud.google.com/go/pubsub from 1.45.1 to 1.45.2 in the gom...
    • 0f2b6fd add gke module (#540)
    • e16b7a9 build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.10 to 4.24.11 in th...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.106&new-version=0.6.107)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 28 ++++++++++++++-------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 59e7ba3..0c7d977 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.106 + github.com/chainguard-dev/terraform-infra-common v0.6.107 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -40,7 +40,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/sethvargo/go-envconfig v1.1.0 // indirect - github.com/shirou/gopsutil/v4 v4.24.10 // indirect + github.com/shirou/gopsutil/v4 v4.24.11 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect @@ -89,11 +89,11 @@ require ( go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.29.0 // indirect - golang.org/x/net v0.31.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/text v0.20.0 // indirect + golang.org/x/crypto v0.30.0 // indirect + golang.org/x/net v0.32.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect diff --git a/go.sum b/go.sum index 45b8662..d9fc86b 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.106 h1:RatEsRDhQiHD2K8wBose6C713SKxkQzUVxXnFlE2psE= -github.com/chainguard-dev/terraform-infra-common v0.6.106/go.mod h1:DM9365JC8QWFyrXvAJeKvVXzxCeVs/CvGcub3JD8btI= +github.com/chainguard-dev/terraform-infra-common v0.6.107 h1:6lyvoVjBSnphC7D1QV0fv8xAC/1MBZTL4p7Z/5eQZ70= +github.com/chainguard-dev/terraform-infra-common v0.6.107/go.mod h1:Nvz65Eps64T+NqN9zL2v+VEWfRZae3m4HYdTDRhuZYw= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -187,8 +187,8 @@ github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/sethvargo/go-envconfig v1.1.0 h1:cWZiJxeTm7AlCvzGXrEXaSTCNgip5oJepekh/BOQuog= github.com/sethvargo/go-envconfig v1.1.0/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= -github.com/shirou/gopsutil/v4 v4.24.10 h1:7VOzPtfw/5YDU+jLEoBwXwxJbQetULywoSV4RYY7HkM= -github.com/shirou/gopsutil/v4 v4.24.10/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= +github.com/shirou/gopsutil/v4 v4.24.11 h1:WaU9xqGFKvFfsUv94SXcUPD7rCkU0vr/asVdQOBZNj8= +github.com/shirou/gopsutil/v4 v4.24.11/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -246,8 +246,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= +golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -265,8 +265,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -275,8 +275,8 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -285,12 +285,12 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From d1e665bf3aca0c9b461730d501d04318a70a9051 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 22:20:32 +0100 Subject: [PATCH 071/194] Bump chainguard-dev/common/infra from 0.6.106 to 0.6.107 in /modules/app in the all group (#649) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.106 to 0.6.107
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.107

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.106...v0.6.107

    Commits
    • 0544748 build(deps): bump the gomod group with 3 updates (#651)
    • f05ad69 build(deps): bump the actions group with 3 updates (#650)
    • 3a17098 build(deps): bump the gomod group with 3 updates (#649)
    • 3a6c9c7 build(deps): bump the actions group with 3 updates (#647)
    • a117e72 build(deps): bump cloud.google.com/go/pubsub from 1.45.1 to 1.45.2 in the gom...
    • 0f2b6fd add gke module (#540)
    • e16b7a9 build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.10 to 4.24.11 in th...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.106&new-version=0.6.107)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 5f0c860..4a1605c 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.106" + version = "0.6.107" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.106" + version = "0.6.107" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index b7023f2..5ef9263 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.106" + version = "0.6.107" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.106" + version = "0.6.107" project_id = var.project_id name = "${var.name}-webhook" From 555e778622ee7300a91c5be623f1155ad277abc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 22:26:18 +0100 Subject: [PATCH 072/194] Bump chainguard-dev/common/infra from 0.6.106 to 0.6.107 in /iac in the all group (#648) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.106 to 0.6.107
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.107

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.106...v0.6.107

    Commits
    • 0544748 build(deps): bump the gomod group with 3 updates (#651)
    • f05ad69 build(deps): bump the actions group with 3 updates (#650)
    • 3a17098 build(deps): bump the gomod group with 3 updates (#649)
    • 3a6c9c7 build(deps): bump the actions group with 3 updates (#647)
    • a117e72 build(deps): bump cloud.google.com/go/pubsub from 1.45.1 to 1.45.2 in the gom...
    • 0f2b6fd add gke module (#540)
    • e16b7a9 build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.10 to 4.24.11 in th...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.106&new-version=0.6.107)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index ce9d7e2..e4ff96a 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.106" + version = "0.6.107" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.106" + version = "0.6.107" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 7492c85..13c4b2a 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.106" + version = "0.6.107" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index fa1213b..2533f3d 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.106" + version = "0.6.107" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 1e7b29a..ec77a55 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.106" + version = "0.6.107" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.106" + version = "0.6.107" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.106" + version = "0.6.107" service_name = var.name project_id = var.project_id From 680ba9fbe9340fadc1c42611c008543e529b5f61 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 22:31:49 +0100 Subject: [PATCH 073/194] Bump chainguard-dev/common/infra from 0.6.106 to 0.6.107 in /iac/bootstrap in the all group (#647) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.106 to 0.6.107
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.107

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.106...v0.6.107

    Commits
    • 0544748 build(deps): bump the gomod group with 3 updates (#651)
    • f05ad69 build(deps): bump the actions group with 3 updates (#650)
    • 3a17098 build(deps): bump the gomod group with 3 updates (#649)
    • 3a6c9c7 build(deps): bump the actions group with 3 updates (#647)
    • a117e72 build(deps): bump cloud.google.com/go/pubsub from 1.45.1 to 1.45.2 in the gom...
    • 0f2b6fd add gke module (#540)
    • e16b7a9 build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.10 to 4.24.11 in th...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.106&new-version=0.6.107)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 548551e..5a2b202 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.106" + version = "0.6.107" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.106" + version = "0.6.107" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.106" + version = "0.6.107" project_id = var.project_id name = "github-pull-requests" From 064d6ed3ba4261a1192fd9e1094ce4171a4da440 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 12:23:02 -0800 Subject: [PATCH 074/194] Bump chainguard-dev/common/infra from 0.6.107 to 0.6.108 in /iac/bootstrap in the all group (#650) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.107 to 0.6.108
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.108

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.107...v0.6.108

    Commits
    • eb19a12 add toggle to only create global only (#652)
    • 36b19ce build(deps): bump cloud.google.com/go/storage from 1.47.0 to 1.48.0 in the go...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.107&new-version=0.6.108)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 5a2b202..3a9c5bf 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.107" + version = "0.6.108" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.107" + version = "0.6.108" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.107" + version = "0.6.108" project_id = var.project_id name = "github-pull-requests" From 2027558cb578fc1c877b25ad67edcea6f1be65ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 12:40:51 -0800 Subject: [PATCH 075/194] Bump google.golang.org/api from 0.210.0 to 0.211.0 (#652) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.210.0 to 0.211.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.211.0

    0.211.0 (2024-12-10)

    Features

    • all: Auto-regenerate discovery clients (#2897) (a7a9149)
    • all: Auto-regenerate discovery clients (#2899) (587a11d)
    • all: Auto-regenerate discovery clients (#2902) (d4cb90f)
    • all: Auto-regenerate discovery clients (#2903) (6528fb2)
    • all: Auto-regenerate discovery clients (#2905) (f37ece7)
    • all: Auto-regenerate discovery clients (#2906) (91960b1)
    • transport: Remove deprecated EXPERIMENTAL OpenCensus trace context propagation (#2901) (2b3363e)

    Bug Fixes

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.211.0 (2024-12-10)

    Features

    • all: Auto-regenerate discovery clients (#2897) (a7a9149)
    • all: Auto-regenerate discovery clients (#2899) (587a11d)
    • all: Auto-regenerate discovery clients (#2902) (d4cb90f)
    • all: Auto-regenerate discovery clients (#2903) (6528fb2)
    • all: Auto-regenerate discovery clients (#2905) (f37ece7)
    • all: Auto-regenerate discovery clients (#2906) (91960b1)
    • transport: Remove deprecated EXPERIMENTAL OpenCensus trace context propagation (#2901) (2b3363e)

    Bug Fixes

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.210.0&new-version=0.211.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 ++++------ go.sum | 47 ++++++++--------------------------------------- 2 files changed, 12 insertions(+), 45 deletions(-) diff --git a/go.mod b/go.mod index 0c7d977..5bfbff1 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.210.0 + google.golang.org/api v0.211.0 google.golang.org/grpc v1.68.1 k8s.io/apimachinery v0.31.3 sigs.k8s.io/yaml v1.4.0 @@ -47,7 +47,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.11.0 // indirect + cloud.google.com/go/auth v0.12.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.2 // indirect @@ -58,7 +58,6 @@ require ( github.com/go-jose/go-jose/v4 v4.0.4 github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect @@ -76,7 +75,6 @@ require ( github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/stretchr/testify v1.10.0 - go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect go.opentelemetry.io/otel v1.32.0 // indirect @@ -96,7 +94,7 @@ require ( golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect google.golang.org/protobuf v1.35.2 // indirect ) diff --git a/go.sum b/go.sum index d9fc86b..c05dff9 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ chainguard.dev/sdk v0.1.28/go.mod h1:9EvGI9GY5UPDbZ5AhGbMO8865ixNu36afQYCZ5M95NM cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA= -cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4= +cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= @@ -83,29 +83,16 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -116,7 +103,6 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= @@ -192,15 +178,10 @@ github.com/shirou/gopsutil/v4 v4.24.11/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0v github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= @@ -264,7 +245,6 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -307,38 +287,27 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk= -google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs= +google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg= +google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From ca91c59d1fde441bfd155564e2aa6c04815850d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 13:33:05 -0800 Subject: [PATCH 076/194] Bump chainguard-dev/common/infra from 0.6.107 to 0.6.108 in /modules/app in the all group (#654) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.107 to 0.6.108
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.108

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.107...v0.6.108

    Commits
    • eb19a12 add toggle to only create global only (#652)
    • 36b19ce build(deps): bump cloud.google.com/go/storage from 1.47.0 to 1.48.0 in the go...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.107&new-version=0.6.108)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 4a1605c..4bbb49a 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.107" + version = "0.6.108" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.107" + version = "0.6.108" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 5ef9263..c0bf929 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.107" + version = "0.6.108" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.107" + version = "0.6.108" project_id = var.project_id name = "${var.name}-webhook" From 0eef8b19ba6d7e7d8982be02dbb452e85dfc0fb3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 14:05:49 -0800 Subject: [PATCH 077/194] Bump chainguard-dev/common/infra from 0.6.107 to 0.6.108 in /iac in the all group (#653) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.107 to 0.6.108
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.108

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.107...v0.6.108

    Commits
    • eb19a12 add toggle to only create global only (#652)
    • 36b19ce build(deps): bump cloud.google.com/go/storage from 1.47.0 to 1.48.0 in the go...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.107&new-version=0.6.108)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index e4ff96a..a458d33 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.107" + version = "0.6.108" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.107" + version = "0.6.108" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 13c4b2a..fa26a2d 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.107" + version = "0.6.108" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 2533f3d..e3ad729 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.107" + version = "0.6.108" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index ec77a55..1be4d45 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.107" + version = "0.6.108" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.107" + version = "0.6.108" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.107" + version = "0.6.108" service_name = var.name project_id = var.project_id From 5b21746a9483a14a5efb2fb4b372512e70a66032 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 14:06:14 -0800 Subject: [PATCH 078/194] Bump the all group with 2 updates (#651) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk) and [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard.dev/sdk` from 0.1.28 to 0.1.29
    Release notes

    Sourced from chainguard.dev/sdk's releases.

    v0.1.29

    Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.28...v0.1.29

    Commits
    • 5328081 Merge pull request #68 from chainguard-dev/create-pull-request/patch
    • fb8ec2e Export 80b044281f60b79b85c37af7d3b7b4c8d13cfec8
    • c6ec2b9 Export b623800bfb7336f49789836f5bf4cbccd4eb9df4
    • 9bfdb1e Export 4c6636a0a28bcc3b74f56caa5d0f4308c38c0e94
    • 7f48f8d Export 2d582e74761b74ef75b3d3f97dbfdd9993d76670
    • adbcee3 Export 05cfacc15b6c368221ea3372fed95c64ecbeb99d
    • 3229dbc Export 4f35f8f293ed35bee3adb252552f948596494a41
    • 6a3ded7 Export 853620c69591edf0aa7a95f08aa5ef5cac5351e8
    • 9c4c732 Export 43888bfbfd9dfd84dd9bac0bd104f05abc00fc55
    • 7edd31a Export c815b3dae6134ce70806e8e04b5414a2e2cd5142
    • Additional commits viewable in compare view

    Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.107 to 0.6.108
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.108

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.107...v0.6.108

    Commits
    • eb19a12 add toggle to only create global only (#652)
    • 36b19ce build(deps): bump cloud.google.com/go/storage from 1.47.0 to 1.48.0 in the go...
    • See full diff in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 5bfbff1..2a77da8 100644 --- a/go.mod +++ b/go.mod @@ -4,12 +4,12 @@ go 1.23.3 require ( chainguard.dev/go-grpc-kit v0.17.7 - chainguard.dev/sdk v0.1.28 + chainguard.dev/sdk v0.1.29 cloud.google.com/go/kms v1.20.2 cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.107 + github.com/chainguard-dev/terraform-infra-common v0.6.108 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -65,7 +65,7 @@ require ( github.com/googleapis/gax-go/v2 v2.14.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect diff --git a/go.sum b/go.sum index c05dff9..98dbb75 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ chainguard.dev/go-grpc-kit v0.17.7 h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg= chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw= -chainguard.dev/sdk v0.1.28 h1:xLQv0JxiGhqVKOL059DmTReTjrKFhUsP5U1W6cgr+jQ= -chainguard.dev/sdk v0.1.28/go.mod h1:9EvGI9GY5UPDbZ5AhGbMO8865ixNu36afQYCZ5M95NM= +chainguard.dev/sdk v0.1.29 h1:GNcCw5NoyvylhlUbVD8JMmrPaeYyrshaHHjEWnvcCGI= +chainguard.dev/sdk v0.1.29/go.mod h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.107 h1:6lyvoVjBSnphC7D1QV0fv8xAC/1MBZTL4p7Z/5eQZ70= -github.com/chainguard-dev/terraform-infra-common v0.6.107/go.mod h1:Nvz65Eps64T+NqN9zL2v+VEWfRZae3m4HYdTDRhuZYw= +github.com/chainguard-dev/terraform-infra-common v0.6.108 h1:Wa1FUoX63j1veMONyOeE7/wbZV5/4CLtGt9vNO9vzZg= +github.com/chainguard-dev/terraform-infra-common v0.6.108/go.mod h1:YrZpm/0H+eeAUnSYUc/SMlnYkWDBmSLHCjLwIpxqMUY= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -113,8 +113,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDa github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99/go.mod h1:3bDW6wMZJB7tiONtC/1Xpicra6Wp5GgbTbQWCbI5fkc= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= From 626ed054bef0bfd83a96bdf9043e24412df3e463 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 12:20:39 -0800 Subject: [PATCH 079/194] Bump k8s.io/apimachinery from 0.31.3 to 0.31.4 in the all group (#655) Bumps the all group with 1 update: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `k8s.io/apimachinery` from 0.31.3 to 0.31.4
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=k8s.io/apimachinery&package-manager=go_modules&previous-version=0.31.3&new-version=0.31.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2a77da8..4bdaa4c 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( golang.org/x/oauth2 v0.24.0 google.golang.org/api v0.211.0 google.golang.org/grpc v1.68.1 - k8s.io/apimachinery v0.31.3 + k8s.io/apimachinery v0.31.4 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 98dbb75..9e9b503 100644 --- a/go.sum +++ b/go.sum @@ -323,7 +323,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.4 h1:8xjE2C4CzhYVm9DGf60yohpNUh5AEBnPxCryPBECmlM= +k8s.io/apimachinery v0.31.4/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 2a19942d0397ec48cf45e2ee917712e7a4f14f9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 12:27:19 -0800 Subject: [PATCH 080/194] Bump actions/setup-go from 5.1.0 to 5.2.0 in the all group (#656) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5.1.0 to 5.2.0
    Release notes

    Sourced from actions/setup-go's releases.

    v5.2.0

    What's Changed

    • Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in actions/setup-go#496

    New Contributors

    Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.2.0

    Commits
    • 3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.1.0&new-version=5.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy.yaml | 2 +- .github/workflows/go-test.yaml | 2 +- .github/workflows/style.yaml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 011a4fb..7ae32a4 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -23,7 +23,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 5dbb2ad..7b3cb06 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 2391347..ce6cb6c 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: './go.mod' check-latest: true @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: './go.mod' check-latest: true @@ -53,7 +53,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: './go.mod' check-latest: true @@ -72,7 +72,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: './go.mod' check-latest: true From 32862639ef9609b34011c0ad2cfdc9e1344c4481 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 17:24:08 -0800 Subject: [PATCH 081/194] Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#657) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.30.0 to 0.31.0.
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.30.0&new-version=0.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/octo-sts/app/network/alerts).
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4bdaa4c..5c7d82a 100644 --- a/go.mod +++ b/go.mod @@ -87,7 +87,7 @@ require ( go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.30.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/net v0.32.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect diff --git a/go.sum b/go.sum index 9e9b503..65ae81d 100644 --- a/go.sum +++ b/go.sum @@ -227,8 +227,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= From 09e689371943693efbfb3e2d72589a2d321ef9f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:21:41 -0800 Subject: [PATCH 082/194] Bump google.golang.org/grpc from 1.68.1 to 1.69.0 (#660) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.68.1 to 1.69.0.
    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.69.0

    Known Issues

    • The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (#7556)

    New Features

    • stats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (#7874)
    • xdsclient: add support to fallback to lower priority servers when higher priority ones are down (#7701)
    • dns: Add support for link local IPv6 addresses (#7889)
    • The new experimental pickfirst LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in RFC-8305 section 4, to attempt connections to multiple backends concurrently. The experimental pickfirst policy can be enabled by setting the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to true. (#7725, #7742)
    • balancer/pickfirst: Emit metrics from the pick_first load balancing policy (#7839)
    • grpc: export MethodHandler, which is the type of an already-exported field in MethodDesc (#7796)

    Bug Fixes

    • credentials/google: set scope for application default credentials (#7887)
    • xds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (#7851, #7853)
    • examples: fix the debugging example, which was broken by a recent change (#7833)

    Behavior Changes

    • client: update retry attempt backoff to apply jitter per updates to gRFC A6. (#7869)
    • balancer/weightedroundrobin: use the pick_first LB policy to manage connections (#7826)

    API Changes

    • balancer: An internal method is added to the balancer.SubConn interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (#7840)

    Performance Improvements

    • mem: implement a ReadAll() method for more efficient io.Reader consumption (#7653)
    • mem: use slice capacity instead of length to determine whether to pool buffers or directly allocate them (#7702)

    Documentation

    • examples/csm_observability: Add xDS Credentials and switch server to be xDS enabled (#7875)
    Commits
    • 317271b pickfirst: Register a health listener when used as a leaf policy (#7832)
    • 5565631 balancer/pickfirst: replace grpc.Dial with grpc.NewClient in tests (#7879)
    • 634497b test: Split import paths for generated message and service code (#7891)
    • 78aa51b pickfirst: Stop test servers without closing listeners (#7872)
    • 00272e8 dns: Support link local IPv6 addresses (#7889)
    • 17d08f7 scripts/gen-deps: filter out grpc modules (#7890)
    • ab189b0 examples/features/csm_observability: Add xDS Credentials (#7875)
    • 3ce87dd credentials/google: Add cloud-platform scope for ADC (#7887)
    • 3c0586a stats/opentelemetry: Cleanup OpenTelemetry API's before stabilization (#7874)
    • 4c07bca stream: add jitter to retry backoff in accordance with gRFC A6 (#7869)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.68.1&new-version=1.69.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5c7d82a..ab70439 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 google.golang.org/api v0.211.0 - google.golang.org/grpc v1.68.1 + google.golang.org/grpc v1.69.0 k8s.io/apimachinery v0.31.4 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 65ae81d..5e9cb5e 100644 --- a/go.sum +++ b/go.sum @@ -210,6 +210,8 @@ go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZk go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= @@ -306,8 +308,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= -google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= +google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= +google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 86e4f764b5e724dd995498f2926b338542e94667 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:22:16 -0800 Subject: [PATCH 083/194] Bump chainguard-dev/common/infra from 0.6.108 to 0.6.109 in /iac in the all group (#663) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.108 to 0.6.109
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.109

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.108...v0.6.109

    Commits
    • 6af84ce github-events: Add multisecret support to trampoline webhook. (#656)
    • cb40064 Check SDK: support in_progress checks (#664)
    • d0a5519 support multiple notification channels for each type (#658)
    • a4ef3ae build(deps): bump the gomod group with 4 updates (#654)
    • 5d896a8 github-events: Add installation, hook ID, and headers to event messages. (#655)
    • b9cd767 Update for go and golangci (#663)
    • 6192fe9 check sdk: return {Create,Update}CheckRunOptions (#662)
    • 885e96d remove unused github-bots samples (#661)
    • 0861513 sdk/check: helper methods for GitHub CheckRun API (#660)
    • 201e53a build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 in the go_modules...
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.108&new-version=0.6.109)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index a458d33..2ba9428 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.108" + version = "0.6.109" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.108" + version = "0.6.109" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index fa26a2d..25fc957 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.108" + version = "0.6.109" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index e3ad729..fbe32cd 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.108" + version = "0.6.109" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 1be4d45..fe05713 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.108" + version = "0.6.109" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.108" + version = "0.6.109" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.108" + version = "0.6.109" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 4bbb49a..64bc088 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.108" + version = "0.6.109" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.108" + version = "0.6.109" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index c0bf929..8133fe8 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.108" + version = "0.6.109" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.108" + version = "0.6.109" project_id = var.project_id name = "${var.name}-webhook" From 986382777eafd3fe55ce5c15aad3cd0562121392 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:22:34 -0800 Subject: [PATCH 084/194] Bump chainguard-dev/common/infra from 0.6.108 to 0.6.109 in /modules/app in the all group (#662) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.108 to 0.6.109
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.109

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.108...v0.6.109

    Commits
    • 6af84ce github-events: Add multisecret support to trampoline webhook. (#656)
    • cb40064 Check SDK: support in_progress checks (#664)
    • d0a5519 support multiple notification channels for each type (#658)
    • a4ef3ae build(deps): bump the gomod group with 4 updates (#654)
    • 5d896a8 github-events: Add installation, hook ID, and headers to event messages. (#655)
    • b9cd767 Update for go and golangci (#663)
    • 6192fe9 check sdk: return {Create,Update}CheckRunOptions (#662)
    • 885e96d remove unused github-bots samples (#661)
    • 0861513 sdk/check: helper methods for GitHub CheckRun API (#660)
    • 201e53a build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 in the go_modules...
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.108&new-version=0.6.109)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From b0992102371a9732c374d0154bb9b8308c88f44d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:22:51 -0800 Subject: [PATCH 085/194] Bump chainguard-dev/common/infra from 0.6.108 to 0.6.109 in /iac/bootstrap in the all group (#661) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.108 to 0.6.109
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.109

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.108...v0.6.109

    Commits
    • 6af84ce github-events: Add multisecret support to trampoline webhook. (#656)
    • cb40064 Check SDK: support in_progress checks (#664)
    • d0a5519 support multiple notification channels for each type (#658)
    • a4ef3ae build(deps): bump the gomod group with 4 updates (#654)
    • 5d896a8 github-events: Add installation, hook ID, and headers to event messages. (#655)
    • b9cd767 Update for go and golangci (#663)
    • 6192fe9 check sdk: return {Create,Update}CheckRunOptions (#662)
    • 885e96d remove unused github-bots samples (#661)
    • 0861513 sdk/check: helper methods for GitHub CheckRun API (#660)
    • 201e53a build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 in the go_modules...
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.108&new-version=0.6.109)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 3a9c5bf..da1bf8a 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.108" + version = "0.6.109" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.108" + version = "0.6.109" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.108" + version = "0.6.109" project_id = var.project_id name = "github-pull-requests" From 9996830fc24e51fdf85815f3550d4f32740bcf34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 21:25:28 +0000 Subject: [PATCH 086/194] Bump k8s.io/apimachinery from 0.31.4 to 0.32.0 (#659) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.31.4 to 0.32.0.
    Commits
    • 59e9003 Merge remote-tracking branch 'origin/master' into release-1.32
    • 639247c Drop use of winreadlinkvolume godebug option
    • 220d7c3 Merge remote-tracking branch 'origin/master' into release-1.32
    • c199d3b Revert to go1.22 windows filesystem stdlib behavior
    • 16af2ff implement unsafe deletion, and wire it
    • 6ff8305 api: run codegen
    • ca9b8b2 api: add a new field to meta/v1 DeleteOptions
    • d941d9f Merge pull request #128503 from benluddy/cbor-codecs-featuregate
    • 3b4250f Wire serving codecs to CBOR feature gate.
    • daaad09 Merge pull request #128501 from benluddy/watch-cbor-seq
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=k8s.io/apimachinery&package-manager=go_modules&previous-version=0.31.4&new-version=0.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ab70439..bdf21ff 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( golang.org/x/oauth2 v0.24.0 google.golang.org/api v0.211.0 google.golang.org/grpc v1.69.0 - k8s.io/apimachinery v0.31.4 + k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 5e9cb5e..8bced55 100644 --- a/go.sum +++ b/go.sum @@ -325,7 +325,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.31.4 h1:8xjE2C4CzhYVm9DGf60yohpNUh5AEBnPxCryPBECmlM= -k8s.io/apimachinery v0.31.4/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From d00ad95344a188ecc9ad883a20b92079bf33b103 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:26:43 -0800 Subject: [PATCH 087/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.108 to 0.6.109 in the all group (#658) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.108 to 0.6.109
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.109

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.108...v0.6.109

    Commits
    • 6af84ce github-events: Add multisecret support to trampoline webhook. (#656)
    • cb40064 Check SDK: support in_progress checks (#664)
    • d0a5519 support multiple notification channels for each type (#658)
    • a4ef3ae build(deps): bump the gomod group with 4 updates (#654)
    • 5d896a8 github-events: Add installation, hook ID, and headers to event messages. (#655)
    • b9cd767 Update for go and golangci (#663)
    • 6192fe9 check sdk: return {Create,Update}CheckRunOptions (#662)
    • 885e96d remove unused github-bots samples (#661)
    • 0861513 sdk/check: helper methods for GitHub CheckRun API (#660)
    • 201e53a build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 in the go_modules...
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.108&new-version=0.6.109)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- go.mod | 4 ++-- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index bdf21ff..b185861 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/octo-sts/app -go 1.23.3 +go 1.23.4 require ( chainguard.dev/go-grpc-kit v0.17.7 @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.108 + github.com/chainguard-dev/terraform-infra-common v0.6.109 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index 8bced55..928f34f 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.108 h1:Wa1FUoX63j1veMONyOeE7/wbZV5/4CLtGt9vNO9vzZg= -github.com/chainguard-dev/terraform-infra-common v0.6.108/go.mod h1:YrZpm/0H+eeAUnSYUc/SMlnYkWDBmSLHCjLwIpxqMUY= +github.com/chainguard-dev/terraform-infra-common v0.6.109 h1:L+FwxCLegGscudgu2uZW4MsDbPMGbS1imnzCpGts6k0= +github.com/chainguard-dev/terraform-infra-common v0.6.109/go.mod h1:ZnuVv+RXR1inDqwL9FoK9O5bLQm0Wp5YVRaH4QMMg7Y= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From 21e3b62604362c7df4f6b0c666254e7aa6cd2d86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:37:27 -0800 Subject: [PATCH 088/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.108 to 0.6.110 in the all group across 1 directory (#664) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the / directory: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.108 to 0.6.110
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.110

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.109...v0.6.110

    v0.6.109

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.108...v0.6.109

    Commits
    • 7670144 make additional webhook secrets optional (#666)
    • 6af84ce github-events: Add multisecret support to trampoline webhook. (#656)
    • cb40064 Check SDK: support in_progress checks (#664)
    • d0a5519 support multiple notification channels for each type (#658)
    • a4ef3ae build(deps): bump the gomod group with 4 updates (#654)
    • 5d896a8 github-events: Add installation, hook ID, and headers to event messages. (#655)
    • b9cd767 Update for go and golangci (#663)
    • 6192fe9 check sdk: return {Create,Update}CheckRunOptions (#662)
    • 885e96d remove unused github-bots samples (#661)
    • 0861513 sdk/check: helper methods for GitHub CheckRun API (#660)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.108&new-version=0.6.110)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b185861..f42fe4b 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.109 + github.com/chainguard-dev/terraform-infra-common v0.6.110 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index 928f34f..778e111 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.109 h1:L+FwxCLegGscudgu2uZW4MsDbPMGbS1imnzCpGts6k0= -github.com/chainguard-dev/terraform-infra-common v0.6.109/go.mod h1:ZnuVv+RXR1inDqwL9FoK9O5bLQm0Wp5YVRaH4QMMg7Y= +github.com/chainguard-dev/terraform-infra-common v0.6.110 h1:x+4ZFyH4/U+oP8dYfnW0v1CtObapkHFUqd6k2P9SSf4= +github.com/chainguard-dev/terraform-infra-common v0.6.110/go.mod h1:ZnuVv+RXR1inDqwL9FoK9O5bLQm0Wp5YVRaH4QMMg7Y= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From cb28fc6877e57e22e1bcca9a9c0579b73b6ced5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:58:09 -0800 Subject: [PATCH 089/194] Bump chainguard-dev/common/infra from 0.6.109 to 0.6.110 in /modules/app in the all group (#666) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.109 to 0.6.110
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.110

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.109...v0.6.110

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.109&new-version=0.6.110)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 64bc088..0e9fbcc 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.109" + version = "0.6.110" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.109" + version = "0.6.110" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 8133fe8..6fa1b0d 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.109" + version = "0.6.110" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.109" + version = "0.6.110" project_id = var.project_id name = "${var.name}-webhook" From 398e6503bdb15dbaad645105f2e8cc7579bf381a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:58:24 -0800 Subject: [PATCH 090/194] Bump chainguard-dev/common/infra from 0.6.109 to 0.6.110 in /iac/bootstrap in the all group (#667) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.109 to 0.6.110
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.110

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.109...v0.6.110

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.109&new-version=0.6.110)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index da1bf8a..ffc78d4 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.109" + version = "0.6.110" project_id = var.project_id name = "github-pool" @@ -40,7 +40,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.109" + version = "0.6.110" project_id = var.project_id name = "github-identity" @@ -67,7 +67,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.109" + version = "0.6.110" project_id = var.project_id name = "github-pull-requests" From 6fc7f689ffd75cf057acbad3732bea959fa54726 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:58:39 -0800 Subject: [PATCH 091/194] Bump chainguard-dev/common/infra from 0.6.109 to 0.6.110 in /iac in the all group (#665) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.109 to 0.6.110
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.110

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.109...v0.6.110

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.109&new-version=0.6.110)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 2ba9428..55dea1c 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.109" + version = "0.6.110" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.109" + version = "0.6.110" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 25fc957..3825795 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.109" + version = "0.6.110" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index fbe32cd..b172578 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.109" + version = "0.6.110" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index fe05713..8ed198f 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.109" + version = "0.6.110" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.109" + version = "0.6.110" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.109" + version = "0.6.110" service_name = var.name project_id = var.project_id From 0c1cc1785881949f1dcf1e5e3ccd486ff9f1b8a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 14:15:19 -0800 Subject: [PATCH 092/194] Bump google.golang.org/api from 0.211.0 to 0.212.0 (#668) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.211.0 to 0.212.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.212.0

    0.212.0 (2024-12-16)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.212.0 (2024-12-16)

    Features

    Commits
    • 5b935e8 chore(main): release 0.212.0 (#2910)
    • 2884c4e feat: pass through logging in options (#2923)
    • ccc9019 feat: add logging support (#2856)
    • 4fd4833 feat(all): auto-regenerate discovery clients (#2922)
    • ed29945 feat(all): auto-regenerate discovery clients (#2920)
    • 5a3b270 feat(all): auto-regenerate discovery clients (#2919)
    • 735a826 refactor: adapt code to get ready for adding logging (#2914)
    • b46f348 feat(all): auto-regenerate discovery clients (#2916)
    • 4cdb1af chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#2913)
    • e1667c1 chore(deps): bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /internal/koko...
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.211.0&new-version=0.212.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index f42fe4b..e5d3a06 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.211.0 + google.golang.org/api v0.212.0 google.golang.org/grpc v1.69.0 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 @@ -47,9 +47,9 @@ require ( ) require ( - cloud.google.com/go/auth v0.12.1 // indirect + cloud.google.com/go/auth v0.13.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect - cloud.google.com/go/compute/metadata v0.5.2 // indirect + cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.2.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect diff --git a/go.sum b/go.sum index 778e111..41b0358 100644 --- a/go.sum +++ b/go.sum @@ -5,12 +5,12 @@ chainguard.dev/sdk v0.1.29/go.mod h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4= -cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4= +cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= +cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= -cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= -cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= +cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/kms v1.20.2 h1:NGTHOxAyhDVUGVU5KngeyGScrg2D39X76Aphe6NC7S0= @@ -289,8 +289,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg= -google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0= +google.golang.org/api v0.212.0 h1:BcRj3MJfHF3FYD29rk7u9kuu1SyfGqfHcA0hSwKqkHg= +google.golang.org/api v0.212.0/go.mod h1:gICpLlpp12/E8mycRMzgy3SQ9cFh2XnVJ6vJi/kQbvI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= From 96a6bdb166d8cf9052c8522a0d778ea1859ecdd4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:43:53 +0100 Subject: [PATCH 093/194] Bump chainguard-dev/common/infra from 0.6.110 to 0.6.111 in /iac in the all group (#669) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.110 to 0.6.111
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.111

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.110...v0.6.111

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.110&new-version=0.6.111)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 55dea1c..416935c 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.110" + version = "0.6.111" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.110" + version = "0.6.111" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 3825795..309f84d 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.110" + version = "0.6.111" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index b172578..f082ce9 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.110" + version = "0.6.111" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 8ed198f..c1951c4 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.110" + version = "0.6.111" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.110" + version = "0.6.111" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.110" + version = "0.6.111" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 0e9fbcc..1a4f153 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.110" + version = "0.6.111" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.110" + version = "0.6.111" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 6fa1b0d..d18fa3a 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.110" + version = "0.6.111" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.110" + version = "0.6.111" project_id = var.project_id name = "${var.name}-webhook" From cfc0618788690ceba3f4050cb73a56a4a6ddc3b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:49:01 +0100 Subject: [PATCH 094/194] Bump chainguard-dev/common/infra from 0.6.111 to 0.6.112 in /modules/app in the all group across 1 directory (#673) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /modules/app directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.111 to 0.6.112
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.112

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.111...v0.6.112

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.111&new-version=0.6.112)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 1a4f153..8aba58a 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.111" + version = "0.6.112" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.111" + version = "0.6.112" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index d18fa3a..d0267c4 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.111" + version = "0.6.112" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.111" + version = "0.6.112" project_id = var.project_id name = "${var.name}-webhook" From e69b3ad1767648d755500a62fb78657542302643 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:56:49 +0100 Subject: [PATCH 095/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.110 to 0.6.112 in the all group (#672) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.110 to 0.6.112
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.112

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.111...v0.6.112

    v0.6.111

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.110...v0.6.111

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.110&new-version=0.6.112)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e5d3a06..ec60641 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.110 + github.com/chainguard-dev/terraform-infra-common v0.6.112 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index 41b0358..a08f707 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.110 h1:x+4ZFyH4/U+oP8dYfnW0v1CtObapkHFUqd6k2P9SSf4= -github.com/chainguard-dev/terraform-infra-common v0.6.110/go.mod h1:ZnuVv+RXR1inDqwL9FoK9O5bLQm0Wp5YVRaH4QMMg7Y= +github.com/chainguard-dev/terraform-infra-common v0.6.112 h1:fmMJPnGHt/2sRnpuWWkt2lDBi4o03wkJFWRvYmozVTo= +github.com/chainguard-dev/terraform-infra-common v0.6.112/go.mod h1:ZnuVv+RXR1inDqwL9FoK9O5bLQm0Wp5YVRaH4QMMg7Y= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From e207b47c49520803131af7dd153b3e4f3f6432de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 10:37:59 +0100 Subject: [PATCH 096/194] Bump google.golang.org/grpc from 1.69.0 to 1.69.2 in the all group (#676) Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.69.0 to 1.69.2
    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.69.2

    Bug Fixes

    • stats/experimental: add type aliases for symbols (Metrics/etc) that were moved to the stats package (#7929).
    • client: set user-agent string to the correct version.
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.69.0&new-version=1.69.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ec60641..4c2ae87 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 google.golang.org/api v0.212.0 - google.golang.org/grpc v1.69.0 + google.golang.org/grpc v1.69.2 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index a08f707..a8af6ab 100644 --- a/go.sum +++ b/go.sum @@ -308,8 +308,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 6f1d032c77cac47622a5e6d71a5f8492d3411e87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:51:39 +0100 Subject: [PATCH 097/194] Bump chainguard-dev/common/infra from 0.6.111 to 0.6.112 in /iac in the all group (#675) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.111 to 0.6.112
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.112

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.111...v0.6.112

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.111&new-version=0.6.112)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 416935c..d320b88 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.111" + version = "0.6.112" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.111" + version = "0.6.112" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 309f84d..d1a278a 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.111" + version = "0.6.112" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index f082ce9..2093f2e 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.111" + version = "0.6.112" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index c1951c4..9f1b3bb 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.111" + version = "0.6.112" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.111" + version = "0.6.112" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.111" + version = "0.6.112" service_name = var.name project_id = var.project_id From 0fceb9ca96cb5b5ff8a9763bfd5836c7f218526a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 16:15:56 +0100 Subject: [PATCH 098/194] Bump google.golang.org/api from 0.212.0 to 0.213.0 (#677) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.212.0 to 0.213.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.213.0

    0.213.0 (2024-12-17)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.213.0 (2024-12-17)

    Features

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.212.0&new-version=0.213.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 4c2ae87..d3be498 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.212.0 + google.golang.org/api v0.213.0 google.golang.org/grpc v1.69.2 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 @@ -95,6 +95,6 @@ require ( golang.org/x/time v0.8.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect google.golang.org/protobuf v1.35.2 // indirect ) diff --git a/go.sum b/go.sum index a8af6ab..5621e64 100644 --- a/go.sum +++ b/go.sum @@ -289,8 +289,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.212.0 h1:BcRj3MJfHF3FYD29rk7u9kuu1SyfGqfHcA0hSwKqkHg= -google.golang.org/api v0.212.0/go.mod h1:gICpLlpp12/E8mycRMzgy3SQ9cFh2XnVJ6vJi/kQbvI= +google.golang.org/api v0.213.0 h1:KmF6KaDyFqB417T68tMPbVmmwtIXs2VB60OJKIHB0xQ= +google.golang.org/api v0.213.0/go.mod h1:V0T5ZhNUUNpYAlL306gFZPFt5F5D/IeyLoktduYYnvQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -300,8 +300,8 @@ google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 5ad977f023308bbe5e1fcadf13df6cee608bcecb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 12:32:32 -0800 Subject: [PATCH 099/194] Bump cloud.google.com/go/kms from 1.20.2 to 1.20.3 in the all group (#678) Bumps the all group with 1 update: [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/kms` from 1.20.2 to 1.20.3
    Release notes

    Sourced from cloud.google.com/go/kms's releases.

    kms: v1.20.3

    1.20.3 (2024-12-18)

    Documentation

    • kms: Code documentation improvements (4254053)
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cloud.google.com/go/kms&package-manager=go_modules&previous-version=1.20.2&new-version=1.20.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d3be498..85c2ca5 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.4 require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.29 - cloud.google.com/go/kms v1.20.2 + cloud.google.com/go/kms v1.20.3 cloud.google.com/go/secretmanager v1.14.2 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 diff --git a/go.sum b/go.sum index 5621e64..1c4e2b3 100644 --- a/go.sum +++ b/go.sum @@ -13,8 +13,8 @@ cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/kms v1.20.2 h1:NGTHOxAyhDVUGVU5KngeyGScrg2D39X76Aphe6NC7S0= -cloud.google.com/go/kms v1.20.2/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc= +cloud.google.com/go/kms v1.20.3 h1:a61yIN5LN8ozWxOC6tjUx5V5SEzfkS+b69kYMQfzGzE= +cloud.google.com/go/kms v1.20.3/go.mod h1:YvX+xhp2E2Sc3vol5IcRlBhH14Ecl3kegUY/DtH7EWQ= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= From 87662ec2be2fce31286831062a1980dea1906696 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 13:02:04 -0800 Subject: [PATCH 100/194] Bump google.golang.org/api from 0.213.0 to 0.214.0 (#680) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.213.0 to 0.214.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.214.0

    0.214.0 (2024-12-19)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.214.0 (2024-12-19)

    Features

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.213.0&new-version=0.214.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 85c2ca5..27b2523 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.213.0 + google.golang.org/api v0.214.0 google.golang.org/grpc v1.69.2 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 @@ -88,7 +88,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect diff --git a/go.sum b/go.sum index 1c4e2b3..ef7d977 100644 --- a/go.sum +++ b/go.sum @@ -247,8 +247,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -289,8 +289,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.213.0 h1:KmF6KaDyFqB417T68tMPbVmmwtIXs2VB60OJKIHB0xQ= -google.golang.org/api v0.213.0/go.mod h1:V0T5ZhNUUNpYAlL306gFZPFt5F5D/IeyLoktduYYnvQ= +google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= +google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= From 6fc95ccfc93a395c63caa6c86adb03a940eb28c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 14:49:17 +0100 Subject: [PATCH 101/194] Bump chainguard-dev/common/infra from 0.6.110 to 0.6.112 in /iac/bootstrap in the all group across 1 directory (#674) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update in the /iac/bootstrap directory: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.110 to 0.6.112
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.112

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.111...v0.6.112

    v0.6.111

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.110...v0.6.111

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.110&new-version=0.6.112)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- iac/bootstrap/main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index ffc78d4..6c6421f 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,10 +20,11 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.110" + version = "0.6.112" project_id = var.project_id name = "github-pool" + github_org = "octo-sts" notification_channels = local.notification_channels } @@ -40,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.110" + version = "0.6.112" project_id = var.project_id name = "github-identity" @@ -67,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.110" + version = "0.6.112" project_id = var.project_id name = "github-pull-requests" From e7a2669e6307c8f25a1cfe682f74f846a8a2197d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 09:34:45 +0100 Subject: [PATCH 102/194] Bump reviewdog/action-actionlint from 1.60.0 to 1.61.0 in the all group (#681) Bumps the all group with 1 update: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint). Updates `reviewdog/action-actionlint` from 1.60.0 to 1.61.0
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.61.0

    v1.61.0: PR #150 - chore(deps): update actionlint to 1.7.5

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reviewdog/action-actionlint&package-manager=github_actions&previous-version=1.60.0&new-version=1.61.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index b97576b..3cb0adc 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@08ef4afa963243489a457cca426f705ce4e0d1a5 # v1.60.0 + uses: reviewdog/action-actionlint@534eb894142bcf31616e5436cbe4214641c58101 # v1.61.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} From 9963e72c92bd2dd2dbc6f8a1800e673bd0fc7e40 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Jan 2025 08:48:28 +0100 Subject: [PATCH 103/194] Bump the all group with 2 updates (#682) Bumps the all group with 2 updates: [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) and [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/kms` from 1.20.3 to 1.20.4
    Release notes

    Sourced from cloud.google.com/go/kms's releases.

    kms: v1.20.4

    1.20.4 (2025-01-02)

    Bug Fixes

    • kms: Update golang.org/x/net to v0.33.0 (e9b0b69)
    Commits

    Updates `cloud.google.com/go/secretmanager` from 1.14.2 to 1.14.3
    Release notes

    Sourced from cloud.google.com/go/secretmanager's releases.

    language: v1.14.3

    1.14.3 (2025-01-02)

    Bug Fixes

    • language: Update golang.org/x/net to v0.33.0 (e9b0b69)

    metastore: v1.14.3

    1.14.3 (2025-01-02)

    Bug Fixes

    • metastore: Update golang.org/x/net to v0.33.0 (e9b0b69)

    osconfig: v1.14.3

    1.14.3 (2025-01-02)

    Bug Fixes

    • osconfig: Update golang.org/x/net to v0.33.0 (e9b0b69)

    oslogin: v1.14.3

    1.14.3 (2025-01-02)

    Bug Fixes

    • oslogin: Update golang.org/x/net to v0.33.0 (e9b0b69)

    secretmanager: v1.14.3

    1.14.3 (2025-01-02)

    Bug Fixes

    • secretmanager: Update golang.org/x/net to v0.33.0 (e9b0b69)

    servicecontrol: v1.14.3

    1.14.3 (2025-01-02)

    Bug Fixes

    • servicecontrol: Update golang.org/x/net to v0.33.0 (e9b0b69)
    Commits
    • dbd3f0a chore: release main (#10490)
    • 74b07fd chore: run goimports (#10534)
    • 3b9a830 feat(compute/metadata): add sys check for windows OnGCE (#10521)
    • f4cc536 feat(containeranalysis): add GetVulnerabilityOccurrencesSummary RPC (#10533)
    • 8ecc4e9 chore: bump deps (#10529)
    • 11d7272 chore(privilegedaccessmanager): add config to generate apiv1 (#10530)
    • 9e5707a chore(main): release auth/oauth2adapt 0.2.3 (#10523)
    • c3e2618 chore(storage): remove x-goog-api-client header merging from invoke (#10514)
    • fd16a17 feat(bigtable): add column family type to FamilyInfo in TableInfo (#10520)
    • f46b747 feat(aiplatform): enable rest_numeric_enums for aiplatform v1 and v1beta1 (#1...
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 27b2523..51d56ac 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.23.4 require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.29 - cloud.google.com/go/kms v1.20.3 - cloud.google.com/go/secretmanager v1.14.2 + cloud.google.com/go/kms v1.20.4 + cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/chainguard-dev/clog v1.5.1 github.com/chainguard-dev/terraform-infra-common v0.6.112 diff --git a/go.sum b/go.sum index ef7d977..7ea4b60 100644 --- a/go.sum +++ b/go.sum @@ -13,16 +13,16 @@ cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/kms v1.20.3 h1:a61yIN5LN8ozWxOC6tjUx5V5SEzfkS+b69kYMQfzGzE= -cloud.google.com/go/kms v1.20.3/go.mod h1:YvX+xhp2E2Sc3vol5IcRlBhH14Ecl3kegUY/DtH7EWQ= +cloud.google.com/go/kms v1.20.4 h1:CJ0hMpOg1ANN9tx/a/GPJ+Uxudy8k6f3fvGFuTHiE5A= +cloud.google.com/go/kms v1.20.4/go.mod h1:gPLsp1r4FblUgBYPOcvI/bUPpdMg2Jm1ZVKU4tQUfcc= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= -cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8= -cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw= +cloud.google.com/go/secretmanager v1.14.3 h1:XVGHbcXEsbrgi4XHzgK5np81l1eO7O72WOXHhXUemrM= +cloud.google.com/go/secretmanager v1.14.3/go.mod h1:Pwzcfn69Ni9Lrk1/XBzo1H9+MCJwJ6CDCoeoQUsMN+c= cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= From 85a1f3c7ae87d19f592f081b39a8cb06568fd4fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 09:35:38 -0500 Subject: [PATCH 104/194] Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.12.0 to 2.13.0 (#683) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.12.0 to 2.13.0.
    Release notes

    Sourced from github.com/bradleyfalzon/ghinstallation/v2's releases.

    v2.13.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/bradleyfalzon/ghinstallation/compare/v2.12.0...v2.13.0

    Commits
    • e9ad86a Bump actions/setup-go from 5.1.0 to 5.2.0 in the actions group
    • 3c2c4df chore(deps): bump go-github to v68
    • 20d40cc Bump the actions group with 2 updates
    • ba1b659 test/build with go1.23
    • 07f8e29 update go-github to v67
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/bradleyfalzon/ghinstallation/v2&package-manager=go_modules&previous-version=2.12.0&new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- go.mod | 4 +- go.sum | 228 +++++++++++++++++++++++++++++++++++- pkg/octosts/octosts.go | 2 +- pkg/octosts/octosts_test.go | 18 +-- pkg/octosts/trust_policy.go | 2 +- pkg/prober/prober.go | 6 +- pkg/webhook/webhook.go | 12 +- pkg/webhook/webhook_test.go | 50 ++++---- 8 files changed, 271 insertions(+), 51 deletions(-) diff --git a/go.mod b/go.mod index 51d56ac..926bbf3 100644 --- a/go.mod +++ b/go.mod @@ -7,14 +7,14 @@ require ( chainguard.dev/sdk v0.1.29 cloud.google.com/go/kms v1.20.4 cloud.google.com/go/secretmanager v1.14.3 - github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.5.1 github.com/chainguard-dev/terraform-infra-common v0.6.112 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.11.0 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.6.0 - github.com/google/go-github/v66 v66.0.0 + github.com/google/go-github/v68 v68.0.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 diff --git a/go.sum b/go.sum index 7ea4b60..8e75cc8 100644 --- a/go.sum +++ b/go.sum @@ -1,48 +1,177 @@ +cel.dev/expr v0.16.2/go.mod h1:gXngZQMkWJoSbE8mOzehJlXQyubn/Vg0vR9/F3W7iw8= +chainguard.dev/apko v0.20.1/go.mod h1:apcXdkgm/iRLHP4ELxgEWiijpNzA8vNEv5P94sw/z3w= chainguard.dev/go-grpc-kit v0.17.7 h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg= chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw= +chainguard.dev/go-oidctest v0.3.1/go.mod h1:TDN6MPJ6BEzWtorS9/dHzzGiaBpPRnRONv2SE0mqitU= chainguard.dev/sdk v0.1.29 h1:GNcCw5NoyvylhlUbVD8JMmrPaeYyrshaHHjEWnvcCGI= chainguard.dev/sdk v0.1.29/go.mod h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= +cloud.google.com/go/accessapproval v1.8.2/go.mod h1:aEJvHZtpjqstffVwF/2mCXXSQmpskyzvw6zKLvLutZM= +cloud.google.com/go/accesscontextmanager v1.9.2/go.mod h1:T0Sw/PQPyzctnkw1pdmGAKb7XBA84BqQzH0fSU7wzJU= +cloud.google.com/go/aiplatform v1.69.0/go.mod h1:nUsIqzS3khlnWvpjfJbP+2+h+VrFyYsTm7RNCAViiY8= +cloud.google.com/go/analytics v0.25.2/go.mod h1:th0DIunqrhI1ZWVlT3PH2Uw/9ANX8YHfFDEPqf/+7xM= +cloud.google.com/go/apigateway v1.7.2/go.mod h1:+weId+9aR9J6GRwDka7jIUSrKEX60XGcikX7dGU8O7M= +cloud.google.com/go/apigeeconnect v1.7.2/go.mod h1:he/SWi3A63fbyxrxD6jb67ak17QTbWjva1TFbT5w8Kw= +cloud.google.com/go/apigeeregistry v0.9.2/go.mod h1:A5n/DwpG5NaP2fcLYGiFA9QfzpQhPRFNATO1gie8KM8= +cloud.google.com/go/appengine v1.9.2/go.mod h1:bK4dvmMG6b5Tem2JFZcjvHdxco9g6t1pwd3y/1qr+3s= +cloud.google.com/go/area120 v0.9.2/go.mod h1:Ar/KPx51UbrTWGVGgGzFnT7hFYQuk/0VOXkvHdTbQMI= +cloud.google.com/go/artifactregistry v1.16.0/go.mod h1:LunXo4u2rFtvJjrGjO0JS+Gs9Eco2xbZU6JVJ4+T8Sk= +cloud.google.com/go/asset v1.20.3/go.mod h1:797WxTDwdnFAJzbjZ5zc+P5iwqXc13yO9DHhmS6wl+o= +cloud.google.com/go/assuredworkloads v1.12.2/go.mod h1:/WeRr/q+6EQYgnoYrqCVgw7boMoDfjXZZev3iJxs2Iw= cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= +cloud.google.com/go/automl v1.14.2/go.mod h1:mIat+Mf77W30eWQ/vrhjXsXaRh8Qfu4WiymR0hR6Uxk= +cloud.google.com/go/baremetalsolution v1.3.2/go.mod h1:3+wqVRstRREJV/puwaKAH3Pnn7ByreZG2aFRsavnoBQ= +cloud.google.com/go/batch v1.11.2/go.mod h1:ehsVs8Y86Q4K+qhEStxICqQnNqH8cqgpCxx89cmU5h4= +cloud.google.com/go/beyondcorp v1.1.2/go.mod h1:q6YWSkEsSZTU2WDt1qtz6P5yfv79wgktGtNbd0FJTLI= +cloud.google.com/go/bigquery v1.65.0/go.mod h1:9WXejQ9s5YkTW4ryDYzKXBooL78u5+akWGXgJqQkY6A= +cloud.google.com/go/bigtable v1.33.0/go.mod h1:HtpnH4g25VT1pejHRtInlFPnN5sjTxbQlsYBjh9t5l0= +cloud.google.com/go/billing v1.19.2/go.mod h1:AAtih/X2nka5mug6jTAq8jfh1nPye0OjkHbZEZgU59c= +cloud.google.com/go/binaryauthorization v1.9.2/go.mod h1:T4nOcRWi2WX4bjfSRXJkUnpliVIqjP38V88Z10OvEv4= +cloud.google.com/go/certificatemanager v1.9.2/go.mod h1:PqW+fNSav5Xz8bvUnJpATIRo1aaABP4mUg/7XIeAn6c= +cloud.google.com/go/channel v1.19.1/go.mod h1:ungpP46l6XUeuefbA/XWpWWnAY3897CSRPXUbDstwUo= +cloud.google.com/go/cloudbuild v1.19.0/go.mod h1:ZGRqbNMrVGhknIIjwASa6MqoRTOpXIVMSI+Ew5DMPuY= +cloud.google.com/go/clouddms v1.8.2/go.mod h1:pe+JSp12u4mYOkwXpSMouyCCuQHL3a6xvWH2FgOcAt4= +cloud.google.com/go/cloudtasks v1.13.2/go.mod h1:2pyE4Lhm7xY8GqbZKLnYk7eeuh8L0JwAvXx1ecKxYu8= +cloud.google.com/go/compute v1.29.0/go.mod h1:HFlsDurE5DpQZClAGf/cYh+gxssMhBxBovZDYkEn/Og= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= +cloud.google.com/go/contactcenterinsights v1.15.1/go.mod h1:cFGxDVm/OwEVAHbU9UO4xQCtQFn0RZSrSUcF/oJ0Bbs= +cloud.google.com/go/container v1.42.0/go.mod h1:YL6lDgCUi3frIWNIFU9qrmF7/6K1EYrtspmFTyyqJ+k= +cloud.google.com/go/containeranalysis v0.13.2/go.mod h1:AiKvXJkc3HiqkHzVIt6s5M81wk+q7SNffc6ZlkTDgiE= +cloud.google.com/go/datacatalog v1.23.0/go.mod h1:9Wamq8TDfL2680Sav7q3zEhBJSPBrDxJU8WtPJ25dBM= +cloud.google.com/go/dataflow v0.10.2/go.mod h1:+HIb4HJxDCZYuCqDGnBHZEglh5I0edi/mLgVbxDf0Ag= +cloud.google.com/go/dataform v0.10.2/go.mod h1:oZHwMBxG6jGZCVZqqMx+XWXK+dA/ooyYiyeRbUxI15M= +cloud.google.com/go/datafusion v1.8.2/go.mod h1:XernijudKtVG/VEvxtLv08COyVuiYPraSxm+8hd4zXA= +cloud.google.com/go/datalabeling v0.9.2/go.mod h1:8me7cCxwV/mZgYWtRAd3oRVGFD6UyT7hjMi+4GRyPpg= +cloud.google.com/go/dataplex v1.19.2/go.mod h1:vsxxdF5dgk3hX8Ens9m2/pMNhQZklUhSgqTghZtF1v4= +cloud.google.com/go/dataproc/v2 v2.10.0/go.mod h1:HD16lk4rv2zHFhbm8gGOtrRaFohMDr9f0lAUMLmg1PM= +cloud.google.com/go/dataqna v0.9.2/go.mod h1:WCJ7pwD0Mi+4pIzFQ+b2Zqy5DcExycNKHuB+VURPPgs= +cloud.google.com/go/datastore v1.20.0/go.mod h1:uFo3e+aEpRfHgtp5pp0+6M0o147KoPaYNaPAKpfh8Ew= +cloud.google.com/go/datastream v1.11.2/go.mod h1:RnFWa5zwR5SzHxeZGJOlQ4HKBQPcjGfD219Qy0qfh2k= +cloud.google.com/go/deploy v1.25.0/go.mod h1:h9uVCWxSDanXUereI5WR+vlZdbPJ6XGy+gcfC25v5rM= +cloud.google.com/go/dialogflow v1.60.0/go.mod h1:PjsrI+d2FI4BlGThxL0+Rua/g9vLI+2A1KL7s/Vo3pY= +cloud.google.com/go/dlp v1.20.0/go.mod h1:nrGsA3r8s7wh2Ct9FWu69UjBObiLldNyQda2RCHgdaY= +cloud.google.com/go/documentai v1.35.0/go.mod h1:ZotiWUlDE8qXSUqkJsGMQqVmfTMYATwJEYqbPXTR9kk= +cloud.google.com/go/domains v0.10.2/go.mod h1:oL0Wsda9KdJvvGNsykdalHxQv4Ri0yfdDkIi3bzTUwk= +cloud.google.com/go/edgecontainer v1.4.0/go.mod h1:Hxj5saJT8LMREmAI9tbNTaBpW5loYiWFyisCjDhzu88= +cloud.google.com/go/errorreporting v0.3.1/go.mod h1:6xVQXU1UuntfAf+bVkFk6nld41+CPyF2NSPCyXE3Ztk= +cloud.google.com/go/essentialcontacts v1.7.2/go.mod h1:NoCBlOIVteJFJU+HG9dIG/Cc9kt1K9ys9mbOaGPUmPc= +cloud.google.com/go/eventarc v1.15.0/go.mod h1:PAd/pPIZdJtJQFJI1yDEUms1mqohdNuM1BFEVHHlVFg= +cloud.google.com/go/filestore v1.9.2/go.mod h1:I9pM7Hoetq9a7djC1xtmtOeHSUYocna09ZP6x+PG1Xw= +cloud.google.com/go/firestore v1.17.0/go.mod h1:69uPx1papBsY8ZETooc71fOhoKkD70Q1DwMrtKuOT/Y= +cloud.google.com/go/functions v1.19.2/go.mod h1:SBzWwWuaFDLnUyStDAMEysVN1oA5ECLbP3/PfJ9Uk7Y= +cloud.google.com/go/gkebackup v1.6.2/go.mod h1:WsTSWqKJkGan1pkp5dS30oxb+Eaa6cLvxEUxKTUALwk= +cloud.google.com/go/gkeconnect v0.12.0/go.mod h1:zn37LsFiNZxPN4iO7YbUk8l/E14pAJ7KxpoXoxt7Ly0= +cloud.google.com/go/gkehub v0.15.2/go.mod h1:8YziTOpwbM8LM3r9cHaOMy2rNgJHXZCrrmGgcau9zbQ= +cloud.google.com/go/gkemulticloud v1.4.1/go.mod h1:KRvPYcx53bztNwNInrezdfNF+wwUom8Y3FuJBwhvFpQ= +cloud.google.com/go/gsuiteaddons v1.7.2/go.mod h1:GD32J2rN/4APilqZw4JKmwV84+jowYYMkEVwQEYuAWc= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/iap v1.10.2/go.mod h1:cClgtI09VIfazEK6VMJr6bX8KQfuQ/D3xqX+d0wrUlI= +cloud.google.com/go/ids v1.5.2/go.mod h1:P+ccDD96joXlomfonEdCnyrHvE68uLonc7sJBPVM5T0= +cloud.google.com/go/iot v1.8.2/go.mod h1:UDwVXvRD44JIcMZr8pzpF3o4iPsmOO6fmbaIYCAg1ww= cloud.google.com/go/kms v1.20.4 h1:CJ0hMpOg1ANN9tx/a/GPJ+Uxudy8k6f3fvGFuTHiE5A= cloud.google.com/go/kms v1.20.4/go.mod h1:gPLsp1r4FblUgBYPOcvI/bUPpdMg2Jm1ZVKU4tQUfcc= +cloud.google.com/go/language v1.14.2/go.mod h1:dviAbkxT9art+2ioL9AM05t+3Ql6UPfMpwq1cDsF+rg= +cloud.google.com/go/lifesciences v0.10.2/go.mod h1:vXDa34nz0T/ibUNoeHnhqI+Pn0OazUTdxemd0OLkyoY= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= +cloud.google.com/go/managedidentities v1.7.2/go.mod h1:t0WKYzagOoD3FNtJWSWcU8zpWZz2i9cw2sKa9RiPx5I= +cloud.google.com/go/maps v1.15.0/go.mod h1:ZFqZS04ucwFiHSNU8TBYDUr3wYhj5iBFJk24Ibvpf3o= +cloud.google.com/go/mediatranslation v0.9.2/go.mod h1:1xyRoDYN32THzy+QaU62vIMciX0CFexplju9t30XwUc= +cloud.google.com/go/memcache v1.11.2/go.mod h1:jIzHn79b0m5wbkax2SdlW5vNSbpaEk0yWHbeLpMIYZE= +cloud.google.com/go/metastore v1.14.2/go.mod h1:dk4zOBhZIy3TFOQlI8sbOa+ef0FjAcCHEnd8dO2J+LE= cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= +cloud.google.com/go/networkconnectivity v1.15.2/go.mod h1:N1O01bEk5z9bkkWwXLKcN2T53QN49m/pSpjfUvlHDQY= +cloud.google.com/go/networkmanagement v1.16.0/go.mod h1:Yc905R9U5jik5YMt76QWdG5WqzPU4ZsdI/mLnVa62/Q= +cloud.google.com/go/networksecurity v0.10.2/go.mod h1:puU3Gwchd6Y/VTyMkL50GI2RSRMS3KXhcDBY1HSOcck= +cloud.google.com/go/notebooks v1.12.2/go.mod h1:EkLwv8zwr8DUXnvzl944+sRBG+b73HEKzV632YYAGNI= +cloud.google.com/go/optimization v1.7.2/go.mod h1:msYgDIh1SGSfq6/KiWJQ/uxMkWq8LekPyn1LAZ7ifNE= +cloud.google.com/go/orchestration v1.11.1/go.mod h1:RFHf4g88Lbx6oKhwFstYiId2avwb6oswGeAQ7Tjjtfw= +cloud.google.com/go/orgpolicy v1.14.1/go.mod h1:1z08Hsu1mkoH839X7C8JmnrqOkp2IZRSxiDw7W/Xpg4= +cloud.google.com/go/osconfig v1.14.2/go.mod h1:kHtsm0/j8ubyuzGciBsRxFlbWVjc4c7KdrwJw0+g+pQ= +cloud.google.com/go/oslogin v1.14.2/go.mod h1:M7tAefCr6e9LFTrdWRQRrmMeKHbkvc4D9g6tHIjHySA= +cloud.google.com/go/phishingprotection v0.9.2/go.mod h1:mSCiq3tD8fTJAuXq5QBHFKZqMUy8SfWsbUM9NpzJIRQ= +cloud.google.com/go/policytroubleshooter v1.11.2/go.mod h1:1TdeCRv8Qsjcz2qC3wFltg/Mjga4HSpv8Tyr5rzvPsw= +cloud.google.com/go/privatecatalog v0.10.2/go.mod h1:o124dHoxdbO50ImR3T4+x3GRwBSTf4XTn6AatP8MgsQ= +cloud.google.com/go/profiler v0.4.2/go.mod h1:7GcWzs9deJHHdJ5J9V1DzKQ9JoIoTGhezwlLbwkOoCs= +cloud.google.com/go/pubsub v1.45.3/go.mod h1:cGyloK/hXC4at7smAtxFnXprKEFTqmMXNNd9w+bd94Q= +cloud.google.com/go/pubsublite v1.8.2/go.mod h1:4r8GSa9NznExjuLPEJlF1VjOPOpgf3IT6k8x/YgaOPI= +cloud.google.com/go/recaptchaenterprise/v2 v2.19.0/go.mod h1:vnbA2SpVPPwKeoFrCQxR+5a0JFRRytwBBG69Zj9pGfk= +cloud.google.com/go/recommendationengine v0.9.2/go.mod h1:DjGfWZJ68ZF5ZuNgoTVXgajFAG0yLt4CJOpC0aMK3yw= +cloud.google.com/go/recommender v1.13.2/go.mod h1:XJau4M5Re8F4BM+fzF3fqSjxNJuM66fwF68VCy/ngGE= +cloud.google.com/go/redis v1.17.2/go.mod h1:h071xkcTMnJgQnU/zRMOVKNj5J6AttG16RDo+VndoNo= +cloud.google.com/go/resourcemanager v1.10.2/go.mod h1:5f+4zTM/ZOTDm6MmPOp6BQAhR0fi8qFPnvVGSoWszcc= +cloud.google.com/go/resourcesettings v1.8.2/go.mod h1:uEgtPiMA+xuBUM4Exu+ZkNpMYP0BLlYeJbyNHfrc+U0= +cloud.google.com/go/retail v1.19.1/go.mod h1:W48zg0zmt2JMqmJKCuzx0/0XDLtovwzGAeJjmv6VPaE= +cloud.google.com/go/run v1.7.0/go.mod h1:IvJOg2TBb/5a0Qkc6crn5yTy5nkjcgSWQLhgO8QL8PQ= +cloud.google.com/go/scheduler v1.11.2/go.mod h1:GZSv76T+KTssX2I9WukIYQuQRf7jk1WI+LOcIEHUUHk= cloud.google.com/go/secretmanager v1.14.3 h1:XVGHbcXEsbrgi4XHzgK5np81l1eO7O72WOXHhXUemrM= cloud.google.com/go/secretmanager v1.14.3/go.mod h1:Pwzcfn69Ni9Lrk1/XBzo1H9+MCJwJ6CDCoeoQUsMN+c= +cloud.google.com/go/security v1.18.2/go.mod h1:3EwTcYw8554iEtgK8VxAjZaq2unFehcsgFIF9nOvQmU= +cloud.google.com/go/securitycenter v1.35.2/go.mod h1:AVM2V9CJvaWGZRHf3eG+LeSTSissbufD27AVBI91C8s= +cloud.google.com/go/servicedirectory v1.12.2/go.mod h1:F0TJdFjqqotiZRlMXgIOzszaplk4ZAmUV8ovHo08M2U= +cloud.google.com/go/shell v1.8.2/go.mod h1:QQR12T6j/eKvqAQLv6R3ozeoqwJ0euaFSz2qLqG93Bs= +cloud.google.com/go/spanner v1.73.0/go.mod h1:mw98ua5ggQXVWwp83yjwggqEmW9t8rjs9Po1ohcUGW4= +cloud.google.com/go/speech v1.25.2/go.mod h1:KPFirZlLL8SqPaTtG6l+HHIFHPipjbemv4iFg7rTlYs= +cloud.google.com/go/storage v1.48.0/go.mod h1:aFoDYNMAjv67lp+xcuZqjUKv/ctmplzQ3wJgodA7b+M= +cloud.google.com/go/storagetransfer v1.11.2/go.mod h1:FcM29aY4EyZ3yVPmW5SxhqUdhjgPBUOFyy4rqiQbias= +cloud.google.com/go/talent v1.7.2/go.mod h1:k1sqlDgS9gbc0gMTRuRQpX6C6VB7bGUxSPcoTRWJod8= +cloud.google.com/go/texttospeech v1.10.0/go.mod h1:215FpCOyRxxrS7DSb2t7f4ylMz8dXsQg8+Vdup5IhP4= +cloud.google.com/go/tpu v1.7.2/go.mod h1:0Y7dUo2LIbDUx0yQ/vnLC6e18FK6NrDfAhYS9wZ/2vs= cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= +cloud.google.com/go/translate v1.12.2/go.mod h1:jjLVf2SVH2uD+BNM40DYvRRKSsuyKxVvs3YjTW/XSWY= +cloud.google.com/go/video v1.23.2/go.mod h1:rNOr2pPHWeCbW0QsOwJRIe0ZiuwHpHtumK0xbiYB1Ew= +cloud.google.com/go/videointelligence v1.12.2/go.mod h1:8xKGlq0lNVyT8JgTkkCUCpyNJnYYEJVWGdqzv+UcwR8= +cloud.google.com/go/vision/v2 v2.9.2/go.mod h1:WuxjVQdAy4j4WZqY5Rr655EdAgi8B707Vdb5T8c90uo= +cloud.google.com/go/vmmigration v1.8.2/go.mod h1:FBejrsr8ZHmJb949BSOyr3D+/yCp9z9Hk0WtsTiHc1Q= +cloud.google.com/go/vmwareengine v1.3.2/go.mod h1:JsheEadzT0nfXOGkdnwtS1FhFAnj4g8qhi4rKeLi/AU= +cloud.google.com/go/vpcaccess v1.8.2/go.mod h1:4yvYKNjlNjvk/ffgZ0PuEhpzNJb8HybSM1otG2aDxnY= +cloud.google.com/go/webrisk v1.10.2/go.mod h1:c0ODT2+CuKCYjaeHO7b0ni4CUrJ95ScP5UFl9061Qq8= +cloud.google.com/go/websecurityscanner v1.7.2/go.mod h1:728wF9yz2VCErfBaACA5px2XSYHQgkK812NmHcUsDXA= +cloud.google.com/go/workflows v1.13.2/go.mod h1:l5Wj2Eibqba4BsADIRzPLaevLmIuYF2W+wfFBkRG3vU= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1/go.mod h1:jyqM3eLpJ3IbIFDTKVz2rF9T/xWGW0rIriGwnz8l9Tk= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0 h1:4PoDbd/9/06IpwLGxSfvfNoEr9urvfkrN6mmJangGCg= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0/go.mod h1:EycllQ1gupHbjqbcmfCr/H6FKSGSmEUONJ2ivb86qeY= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/apache/arrow/go/v15 v15.0.2/go.mod h1:DGXsR3ajT524njufqf95822i+KTh+yea1jass9YXgjA= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/avvmoto/buf-readerat v0.0.0-20171115124131-a17c8cb89270/go.mod h1:2XtVRGCw/HthOLxU0Qw6o6jSJrcEoOb2OCCl8gQYvGw= +github.com/aws/aws-sdk-go-v2 v1.32.4/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 h1:k8oVjGhZel2qmCUsYwSE34jPNT9DL2wCBOtugsHv26g= -github.com/bradleyfalzon/ghinstallation/v2 v2.12.0/go.mod h1:V4gJcNyAftH0rXpRp1SUVUuh+ACxOH1xOk/ZzkRHltg= +github.com/bits-and-blooms/bitset v1.15.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= +github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 h1:5FhjW93/YLQJDmPdeyMPw7IjAPzqsr+0jHPfrPz0sZI= +github.com/bradleyfalzon/ghinstallation/v2 v2.13.0/go.mod h1:EJ6fgedVEHa2kUyBTTvslJCXJafS/mhJNNKEOCspZXQ= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= @@ -52,25 +181,40 @@ github.com/chainguard-dev/terraform-infra-common v0.6.112/go.mod h1:ZnuVv+RXR1in github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= +github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE= github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= +github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= +github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -78,11 +222,17 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= @@ -91,24 +241,35 @@ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-github/v66 v66.0.0 h1:ADJsaXj9UotwdgK8/iFZtv7MLc8E8WBl62WLd/D/9+M= -github.com/google/go-github/v66 v66.0.0/go.mod h1:+4SO9Zkuyf8ytMj0csN1NR/5OTR+MfqPp8P8dVlcvY4= +github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= +github.com/google/go-github/v61 v61.0.0/go.mod h1:0WR+KmsWX75G2EbpyGsGmradjo3IiciuI4BmdVCobQY= +github.com/google/go-github/v68 v68.0.0 h1:ZW57zeNZiXTdQ16qrDiZ0k6XucrxZ2CGmoTvcCyQG6s= +github.com/google/go-github/v68 v68.0.0/go.mod h1:K9HAUBovM2sLwM408A18h+wd9vqdLOEqTUCbnRIcx68= +github.com/google/go-pkcs11 v0.3.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/wire v0.6.0/go.mod h1:F4QhpQ9EDIdJ1Mbop/NZBRB+5yrR6qg3BnctaoUk6NA= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= +github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= @@ -122,14 +283,21 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= +github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -140,7 +308,12 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -148,8 +321,19 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -169,27 +353,44 @@ github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/ github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sethvargo/go-envconfig v1.1.0 h1:cWZiJxeTm7AlCvzGXrEXaSTCNgip5oJepekh/BOQuog= github.com/sethvargo/go-envconfig v1.1.0/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= github.com/shirou/gopsutil/v4 v4.24.11 h1:WaU9xqGFKvFfsUv94SXcUPD7rCkU0vr/asVdQOBZNj8= github.com/shirou/gopsutil/v4 v4.24.11/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= +github.com/sigstore/sigstore v1.8.10/go.mod h1:BekjqxS5ZtHNJC4u3Q3Stvfx2eyisbW/lUZzmPU2u4A= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= +github.com/snabb/httpreaderat v1.0.1/go.mod h1:lpbGrKDWF37yvRbtRvQsbesS6Ty5c83t8ztannPoMsA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI= +github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= +github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/detectors/gcp v1.32.0 h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8= @@ -226,18 +427,21 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +gocloud.dev v0.40.0/go.mod h1:drz+VyYNBvrMTW0KZiBAYEdl8lbNZx+OQ7oQvdrFmSQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -269,6 +473,7 @@ golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= @@ -285,14 +490,17 @@ golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -300,6 +508,7 @@ google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20241209162323-e6fa225c2576/go.mod h1:qUsLYwbwz5ostUWtuFuXPlHmSJodC5NI/88ZlHj4M1o= google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -310,14 +519,20 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= +google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a/go.mod h1:9i1T9n4ZinTUZGgzENMi8MDDgbGC5mqTS75JAv6xN3A= google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= @@ -327,5 +542,10 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/octosts/octosts.go b/pkg/octosts/octosts.go index af064fe..28004d3 100644 --- a/pkg/octosts/octosts.go +++ b/pkg/octosts/octosts.go @@ -19,7 +19,7 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" cloudevents "github.com/cloudevents/sdk-go/v2" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v66/github" + "github.com/google/go-github/v68/github" lru "github.com/hashicorp/golang-lru/v2" expirablelru "github.com/hashicorp/golang-lru/v2/expirable" diff --git a/pkg/octosts/octosts_test.go b/pkg/octosts/octosts_test.go index 7a9bdbd..4168d4e 100644 --- a/pkg/octosts/octosts_test.go +++ b/pkg/octosts/octosts_test.go @@ -34,7 +34,7 @@ import ( josejwt "github.com/go-jose/go-jose/v4/jwt" jwt "github.com/golang-jwt/jwt/v4" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v66/github" + "github.com/google/go-github/v68/github" "google.golang.org/grpc/metadata" "github.com/octo-sts/app/pkg/provider" @@ -48,9 +48,9 @@ func newFakeGitHub() *fakeGitHub { mux := http.NewServeMux() mux.HandleFunc("/app/installations", func(w http.ResponseWriter, r *http.Request) { json.NewEncoder(w).Encode([]github.Installation{{ - ID: github.Int64(1234), + ID: github.Ptr(int64(1234)), Account: &github.User{ - Login: github.String("org"), + Login: github.Ptr("org"), }, }}) }) @@ -62,7 +62,7 @@ func newFakeGitHub() *fakeGitHub { } json.NewEncoder(w).Encode(github.InstallationToken{ - Token: github.String(base64.StdEncoding.EncodeToString(b)), + Token: github.Ptr(base64.StdEncoding.EncodeToString(b)), ExpiresAt: &github.Timestamp{Time: time.Now().Add(10 * time.Minute)}, }) }) @@ -73,9 +73,9 @@ func newFakeGitHub() *fakeGitHub { fmt.Fprintf(io.MultiWriter(w, os.Stdout), "ReadFile failed: %v\n", err) } json.NewEncoder(w).Encode(github.RepositoryContent{ - Content: github.String(base64.StdEncoding.EncodeToString(b)), - Type: github.String("file"), - Encoding: github.String("base64"), + Content: github.Ptr(base64.StdEncoding.EncodeToString(b)), + Type: github.Ptr("file"), + Encoding: github.Ptr("base64"), }) }) mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { @@ -140,7 +140,7 @@ func TestExchange(t *testing.T) { want: &github.InstallationTokenOptions{ Repositories: []string{"repo"}, Permissions: &github.InstallationPermissions{ - PullRequests: github.String("write"), + PullRequests: github.Ptr("write"), }, }, }, @@ -152,7 +152,7 @@ func TestExchange(t *testing.T) { }, want: &github.InstallationTokenOptions{ Permissions: &github.InstallationPermissions{ - PullRequests: github.String("write"), + PullRequests: github.Ptr("write"), }, }, }, diff --git a/pkg/octosts/trust_policy.go b/pkg/octosts/trust_policy.go index f8bf4a6..a5443f4 100644 --- a/pkg/octosts/trust_policy.go +++ b/pkg/octosts/trust_policy.go @@ -10,7 +10,7 @@ import ( "slices" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v66/github" + "github.com/google/go-github/v68/github" ) type TrustPolicy struct { diff --git a/pkg/prober/prober.go b/pkg/prober/prober.go index b603e27..da013cc 100644 --- a/pkg/prober/prober.go +++ b/pkg/prober/prober.go @@ -11,7 +11,7 @@ import ( "chainguard.dev/sdk/sts" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v66/github" + "github.com/google/go-github/v68/github" "github.com/kelseyhightower/envconfig" "golang.org/x/oauth2" "google.golang.org/api/idtoken" @@ -88,8 +88,8 @@ func Func(ctx context.Context) error { if _, _, err := ghc.Issues.Create(ctx, "octo-sts", "prober", &github.IssueRequest{ - Title: github.String("octo-sts prober was able to create an issue"), - Body: github.String("This should fail!"), + Title: github.Ptr("octo-sts prober was able to create an issue"), + Body: github.Ptr("This should fail!"), }); err == nil { return fmt.Errorf("expected to fail creating an issue") } diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index dfd1278..2563f22 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -17,7 +17,7 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v66/github" + "github.com/google/go-github/v68/github" "github.com/hashicorp/go-multierror" "k8s.io/apimachinery/pkg/util/sets" "sigs.k8s.io/yaml" @@ -150,14 +150,14 @@ func (e *Validator) handleSHA(ctx context.Context, client *github.Client, owner, opts := github.CreateCheckRunOptions{ Name: "Trust Policy Validation", HeadSHA: sha, - ExternalID: github.String(sha), - Status: github.String("completed"), - Conclusion: github.String(conclusion), + ExternalID: github.Ptr(sha), + Status: github.Ptr("completed"), + Conclusion: github.Ptr(conclusion), StartedAt: &github.Timestamp{Time: time.Now()}, CompletedAt: &github.Timestamp{Time: time.Now()}, Output: &github.CheckRunOutput{ - Title: github.String(title), - Summary: github.String(summary), + Title: github.Ptr(title), + Summary: github.Ptr(summary), }, } diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go index cef8161..573dde4 100644 --- a/pkg/webhook/webhook_test.go +++ b/pkg/webhook/webhook_test.go @@ -24,7 +24,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/chainguard-dev/clog/slogtest" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v66/github" + "github.com/google/go-github/v68/github" ) func TestValidatePolicy(t *testing.T) { @@ -91,11 +91,11 @@ func TestOrgFilter(t *testing.T) { t.Run(tc.org, func(t *testing.T) { body, err := json.Marshal(github.PushEvent{ Organization: &github.Organization{ - Login: github.String(tc.org), + Login: github.Ptr(tc.org), }, Repo: &github.PushEventRepository{ Owner: &github.User{ - Login: github.String(tc.org), + Login: github.Ptr(tc.org), }, }, }) @@ -179,19 +179,19 @@ func TestWebhookOK(t *testing.T) { body, err := json.Marshal(github.PushEvent{ Installation: &github.Installation{ - ID: github.Int64(1111), + ID: github.Ptr(int64(1111)), }, Organization: &github.Organization{ - Login: github.String("foo"), + Login: github.Ptr("foo"), }, Repo: &github.PushEventRepository{ Owner: &github.User{ - Login: github.String("foo"), + Login: github.Ptr("foo"), }, - Name: github.String("bar"), + Name: github.Ptr("bar"), }, - Before: github.String("1234"), - After: github.String("5678"), + Before: github.Ptr("1234"), + After: github.Ptr("5678"), }) if err != nil { t.Fatal(err) @@ -219,15 +219,15 @@ func TestWebhookOK(t *testing.T) { want := []*github.CreateCheckRunOptions{{ Name: "Trust Policy Validation", HeadSHA: "5678", - ExternalID: github.String("5678"), - Status: github.String("completed"), - Conclusion: github.String("success"), + ExternalID: github.Ptr("5678"), + Status: github.Ptr("completed"), + Conclusion: github.Ptr("success"), // Use time from the response to ignore it. StartedAt: &github.Timestamp{Time: got[0].StartedAt.Time}, CompletedAt: &github.Timestamp{Time: got[0].CompletedAt.Time}, Output: &github.CheckRunOutput{ - Title: github.String("Valid trust policy."), - Summary: github.String(""), + Title: github.Ptr("Valid trust policy."), + Summary: github.Ptr(""), }, }} if diff := cmp.Diff(want, got); diff != "" { @@ -285,19 +285,19 @@ func TestWebhookDeletedSTS(t *testing.T) { body, err := json.Marshal(github.PushEvent{ Installation: &github.Installation{ - ID: github.Int64(1111), + ID: github.Ptr(int64(1111)), }, Organization: &github.Organization{ - Login: github.String("foo"), + Login: github.Ptr("foo"), }, Repo: &github.PushEventRepository{ Owner: &github.User{ - Login: github.String("foo"), + Login: github.Ptr("foo"), }, - Name: github.String("bar"), + Name: github.Ptr("bar"), }, - Before: github.String("9876"), - After: github.String("4321"), + Before: github.Ptr("9876"), + After: github.Ptr("4321"), }) if err != nil { t.Fatal(err) @@ -325,15 +325,15 @@ func TestWebhookDeletedSTS(t *testing.T) { want := []*github.CreateCheckRunOptions{{ Name: "Trust Policy Validation", HeadSHA: "4321", - ExternalID: github.String("4321"), - Status: github.String("completed"), - Conclusion: github.String("success"), + ExternalID: github.Ptr("4321"), + Status: github.Ptr("completed"), + Conclusion: github.Ptr("success"), // Use time from the response to ignore it. StartedAt: &github.Timestamp{Time: got[0].StartedAt.Time}, CompletedAt: &github.Timestamp{Time: got[0].CompletedAt.Time}, Output: &github.CheckRunOutput{ - Title: github.String("Valid trust policy."), - Summary: github.String(""), + Title: github.Ptr("Valid trust policy."), + Summary: github.Ptr(""), }, }} if diff := cmp.Diff(want, got); diff != "" { From fd85df91339bd4180cefa8cdd124437ff401bb20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 12:30:49 -0800 Subject: [PATCH 105/194] Bump reviewdog/action-actionlint from 1.61.0 to 1.62.0 in the all group (#684) Bumps the all group with 1 update: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint). Updates `reviewdog/action-actionlint` from 1.61.0 to 1.62.0
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.62.0

    v1.62.0: PR #151 - chore(deps): update actionlint to 1.7.6

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reviewdog/action-actionlint&package-manager=github_actions&previous-version=1.61.0&new-version=1.62.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 3cb0adc..bad2518 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@534eb894142bcf31616e5436cbe4214641c58101 # v1.61.0 + uses: reviewdog/action-actionlint@af17f9e3640ac863dbcc515d45f5f35d708d0faf # v1.62.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} From e86a82e81496e5c84d49e683e5e9e053999d7f43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 12:45:02 -0800 Subject: [PATCH 106/194] Bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#685) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.24.0 to 0.25.0.
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.24.0&new-version=0.25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 224 +-------------------------------------------------------- 2 files changed, 3 insertions(+), 223 deletions(-) diff --git a/go.mod b/go.mod index 926bbf3..12667a6 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 - golang.org/x/oauth2 v0.24.0 + golang.org/x/oauth2 v0.25.0 google.golang.org/api v0.214.0 google.golang.org/grpc v1.69.2 k8s.io/apimachinery v0.32.0 diff --git a/go.sum b/go.sum index 8e75cc8..731bc01 100644 --- a/go.sum +++ b/go.sum @@ -1,177 +1,48 @@ -cel.dev/expr v0.16.2/go.mod h1:gXngZQMkWJoSbE8mOzehJlXQyubn/Vg0vR9/F3W7iw8= -chainguard.dev/apko v0.20.1/go.mod h1:apcXdkgm/iRLHP4ELxgEWiijpNzA8vNEv5P94sw/z3w= chainguard.dev/go-grpc-kit v0.17.7 h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg= chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw= -chainguard.dev/go-oidctest v0.3.1/go.mod h1:TDN6MPJ6BEzWtorS9/dHzzGiaBpPRnRONv2SE0mqitU= chainguard.dev/sdk v0.1.29 h1:GNcCw5NoyvylhlUbVD8JMmrPaeYyrshaHHjEWnvcCGI= chainguard.dev/sdk v0.1.29/go.mod h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/accessapproval v1.8.2/go.mod h1:aEJvHZtpjqstffVwF/2mCXXSQmpskyzvw6zKLvLutZM= -cloud.google.com/go/accesscontextmanager v1.9.2/go.mod h1:T0Sw/PQPyzctnkw1pdmGAKb7XBA84BqQzH0fSU7wzJU= -cloud.google.com/go/aiplatform v1.69.0/go.mod h1:nUsIqzS3khlnWvpjfJbP+2+h+VrFyYsTm7RNCAViiY8= -cloud.google.com/go/analytics v0.25.2/go.mod h1:th0DIunqrhI1ZWVlT3PH2Uw/9ANX8YHfFDEPqf/+7xM= -cloud.google.com/go/apigateway v1.7.2/go.mod h1:+weId+9aR9J6GRwDka7jIUSrKEX60XGcikX7dGU8O7M= -cloud.google.com/go/apigeeconnect v1.7.2/go.mod h1:he/SWi3A63fbyxrxD6jb67ak17QTbWjva1TFbT5w8Kw= -cloud.google.com/go/apigeeregistry v0.9.2/go.mod h1:A5n/DwpG5NaP2fcLYGiFA9QfzpQhPRFNATO1gie8KM8= -cloud.google.com/go/appengine v1.9.2/go.mod h1:bK4dvmMG6b5Tem2JFZcjvHdxco9g6t1pwd3y/1qr+3s= -cloud.google.com/go/area120 v0.9.2/go.mod h1:Ar/KPx51UbrTWGVGgGzFnT7hFYQuk/0VOXkvHdTbQMI= -cloud.google.com/go/artifactregistry v1.16.0/go.mod h1:LunXo4u2rFtvJjrGjO0JS+Gs9Eco2xbZU6JVJ4+T8Sk= -cloud.google.com/go/asset v1.20.3/go.mod h1:797WxTDwdnFAJzbjZ5zc+P5iwqXc13yO9DHhmS6wl+o= -cloud.google.com/go/assuredworkloads v1.12.2/go.mod h1:/WeRr/q+6EQYgnoYrqCVgw7boMoDfjXZZev3iJxs2Iw= cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= -cloud.google.com/go/automl v1.14.2/go.mod h1:mIat+Mf77W30eWQ/vrhjXsXaRh8Qfu4WiymR0hR6Uxk= -cloud.google.com/go/baremetalsolution v1.3.2/go.mod h1:3+wqVRstRREJV/puwaKAH3Pnn7ByreZG2aFRsavnoBQ= -cloud.google.com/go/batch v1.11.2/go.mod h1:ehsVs8Y86Q4K+qhEStxICqQnNqH8cqgpCxx89cmU5h4= -cloud.google.com/go/beyondcorp v1.1.2/go.mod h1:q6YWSkEsSZTU2WDt1qtz6P5yfv79wgktGtNbd0FJTLI= -cloud.google.com/go/bigquery v1.65.0/go.mod h1:9WXejQ9s5YkTW4ryDYzKXBooL78u5+akWGXgJqQkY6A= -cloud.google.com/go/bigtable v1.33.0/go.mod h1:HtpnH4g25VT1pejHRtInlFPnN5sjTxbQlsYBjh9t5l0= -cloud.google.com/go/billing v1.19.2/go.mod h1:AAtih/X2nka5mug6jTAq8jfh1nPye0OjkHbZEZgU59c= -cloud.google.com/go/binaryauthorization v1.9.2/go.mod h1:T4nOcRWi2WX4bjfSRXJkUnpliVIqjP38V88Z10OvEv4= -cloud.google.com/go/certificatemanager v1.9.2/go.mod h1:PqW+fNSav5Xz8bvUnJpATIRo1aaABP4mUg/7XIeAn6c= -cloud.google.com/go/channel v1.19.1/go.mod h1:ungpP46l6XUeuefbA/XWpWWnAY3897CSRPXUbDstwUo= -cloud.google.com/go/cloudbuild v1.19.0/go.mod h1:ZGRqbNMrVGhknIIjwASa6MqoRTOpXIVMSI+Ew5DMPuY= -cloud.google.com/go/clouddms v1.8.2/go.mod h1:pe+JSp12u4mYOkwXpSMouyCCuQHL3a6xvWH2FgOcAt4= -cloud.google.com/go/cloudtasks v1.13.2/go.mod h1:2pyE4Lhm7xY8GqbZKLnYk7eeuh8L0JwAvXx1ecKxYu8= -cloud.google.com/go/compute v1.29.0/go.mod h1:HFlsDurE5DpQZClAGf/cYh+gxssMhBxBovZDYkEn/Og= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= -cloud.google.com/go/contactcenterinsights v1.15.1/go.mod h1:cFGxDVm/OwEVAHbU9UO4xQCtQFn0RZSrSUcF/oJ0Bbs= -cloud.google.com/go/container v1.42.0/go.mod h1:YL6lDgCUi3frIWNIFU9qrmF7/6K1EYrtspmFTyyqJ+k= -cloud.google.com/go/containeranalysis v0.13.2/go.mod h1:AiKvXJkc3HiqkHzVIt6s5M81wk+q7SNffc6ZlkTDgiE= -cloud.google.com/go/datacatalog v1.23.0/go.mod h1:9Wamq8TDfL2680Sav7q3zEhBJSPBrDxJU8WtPJ25dBM= -cloud.google.com/go/dataflow v0.10.2/go.mod h1:+HIb4HJxDCZYuCqDGnBHZEglh5I0edi/mLgVbxDf0Ag= -cloud.google.com/go/dataform v0.10.2/go.mod h1:oZHwMBxG6jGZCVZqqMx+XWXK+dA/ooyYiyeRbUxI15M= -cloud.google.com/go/datafusion v1.8.2/go.mod h1:XernijudKtVG/VEvxtLv08COyVuiYPraSxm+8hd4zXA= -cloud.google.com/go/datalabeling v0.9.2/go.mod h1:8me7cCxwV/mZgYWtRAd3oRVGFD6UyT7hjMi+4GRyPpg= -cloud.google.com/go/dataplex v1.19.2/go.mod h1:vsxxdF5dgk3hX8Ens9m2/pMNhQZklUhSgqTghZtF1v4= -cloud.google.com/go/dataproc/v2 v2.10.0/go.mod h1:HD16lk4rv2zHFhbm8gGOtrRaFohMDr9f0lAUMLmg1PM= -cloud.google.com/go/dataqna v0.9.2/go.mod h1:WCJ7pwD0Mi+4pIzFQ+b2Zqy5DcExycNKHuB+VURPPgs= -cloud.google.com/go/datastore v1.20.0/go.mod h1:uFo3e+aEpRfHgtp5pp0+6M0o147KoPaYNaPAKpfh8Ew= -cloud.google.com/go/datastream v1.11.2/go.mod h1:RnFWa5zwR5SzHxeZGJOlQ4HKBQPcjGfD219Qy0qfh2k= -cloud.google.com/go/deploy v1.25.0/go.mod h1:h9uVCWxSDanXUereI5WR+vlZdbPJ6XGy+gcfC25v5rM= -cloud.google.com/go/dialogflow v1.60.0/go.mod h1:PjsrI+d2FI4BlGThxL0+Rua/g9vLI+2A1KL7s/Vo3pY= -cloud.google.com/go/dlp v1.20.0/go.mod h1:nrGsA3r8s7wh2Ct9FWu69UjBObiLldNyQda2RCHgdaY= -cloud.google.com/go/documentai v1.35.0/go.mod h1:ZotiWUlDE8qXSUqkJsGMQqVmfTMYATwJEYqbPXTR9kk= -cloud.google.com/go/domains v0.10.2/go.mod h1:oL0Wsda9KdJvvGNsykdalHxQv4Ri0yfdDkIi3bzTUwk= -cloud.google.com/go/edgecontainer v1.4.0/go.mod h1:Hxj5saJT8LMREmAI9tbNTaBpW5loYiWFyisCjDhzu88= -cloud.google.com/go/errorreporting v0.3.1/go.mod h1:6xVQXU1UuntfAf+bVkFk6nld41+CPyF2NSPCyXE3Ztk= -cloud.google.com/go/essentialcontacts v1.7.2/go.mod h1:NoCBlOIVteJFJU+HG9dIG/Cc9kt1K9ys9mbOaGPUmPc= -cloud.google.com/go/eventarc v1.15.0/go.mod h1:PAd/pPIZdJtJQFJI1yDEUms1mqohdNuM1BFEVHHlVFg= -cloud.google.com/go/filestore v1.9.2/go.mod h1:I9pM7Hoetq9a7djC1xtmtOeHSUYocna09ZP6x+PG1Xw= -cloud.google.com/go/firestore v1.17.0/go.mod h1:69uPx1papBsY8ZETooc71fOhoKkD70Q1DwMrtKuOT/Y= -cloud.google.com/go/functions v1.19.2/go.mod h1:SBzWwWuaFDLnUyStDAMEysVN1oA5ECLbP3/PfJ9Uk7Y= -cloud.google.com/go/gkebackup v1.6.2/go.mod h1:WsTSWqKJkGan1pkp5dS30oxb+Eaa6cLvxEUxKTUALwk= -cloud.google.com/go/gkeconnect v0.12.0/go.mod h1:zn37LsFiNZxPN4iO7YbUk8l/E14pAJ7KxpoXoxt7Ly0= -cloud.google.com/go/gkehub v0.15.2/go.mod h1:8YziTOpwbM8LM3r9cHaOMy2rNgJHXZCrrmGgcau9zbQ= -cloud.google.com/go/gkemulticloud v1.4.1/go.mod h1:KRvPYcx53bztNwNInrezdfNF+wwUom8Y3FuJBwhvFpQ= -cloud.google.com/go/gsuiteaddons v1.7.2/go.mod h1:GD32J2rN/4APilqZw4JKmwV84+jowYYMkEVwQEYuAWc= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/iap v1.10.2/go.mod h1:cClgtI09VIfazEK6VMJr6bX8KQfuQ/D3xqX+d0wrUlI= -cloud.google.com/go/ids v1.5.2/go.mod h1:P+ccDD96joXlomfonEdCnyrHvE68uLonc7sJBPVM5T0= -cloud.google.com/go/iot v1.8.2/go.mod h1:UDwVXvRD44JIcMZr8pzpF3o4iPsmOO6fmbaIYCAg1ww= cloud.google.com/go/kms v1.20.4 h1:CJ0hMpOg1ANN9tx/a/GPJ+Uxudy8k6f3fvGFuTHiE5A= cloud.google.com/go/kms v1.20.4/go.mod h1:gPLsp1r4FblUgBYPOcvI/bUPpdMg2Jm1ZVKU4tQUfcc= -cloud.google.com/go/language v1.14.2/go.mod h1:dviAbkxT9art+2ioL9AM05t+3Ql6UPfMpwq1cDsF+rg= -cloud.google.com/go/lifesciences v0.10.2/go.mod h1:vXDa34nz0T/ibUNoeHnhqI+Pn0OazUTdxemd0OLkyoY= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= -cloud.google.com/go/managedidentities v1.7.2/go.mod h1:t0WKYzagOoD3FNtJWSWcU8zpWZz2i9cw2sKa9RiPx5I= -cloud.google.com/go/maps v1.15.0/go.mod h1:ZFqZS04ucwFiHSNU8TBYDUr3wYhj5iBFJk24Ibvpf3o= -cloud.google.com/go/mediatranslation v0.9.2/go.mod h1:1xyRoDYN32THzy+QaU62vIMciX0CFexplju9t30XwUc= -cloud.google.com/go/memcache v1.11.2/go.mod h1:jIzHn79b0m5wbkax2SdlW5vNSbpaEk0yWHbeLpMIYZE= -cloud.google.com/go/metastore v1.14.2/go.mod h1:dk4zOBhZIy3TFOQlI8sbOa+ef0FjAcCHEnd8dO2J+LE= cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= -cloud.google.com/go/networkconnectivity v1.15.2/go.mod h1:N1O01bEk5z9bkkWwXLKcN2T53QN49m/pSpjfUvlHDQY= -cloud.google.com/go/networkmanagement v1.16.0/go.mod h1:Yc905R9U5jik5YMt76QWdG5WqzPU4ZsdI/mLnVa62/Q= -cloud.google.com/go/networksecurity v0.10.2/go.mod h1:puU3Gwchd6Y/VTyMkL50GI2RSRMS3KXhcDBY1HSOcck= -cloud.google.com/go/notebooks v1.12.2/go.mod h1:EkLwv8zwr8DUXnvzl944+sRBG+b73HEKzV632YYAGNI= -cloud.google.com/go/optimization v1.7.2/go.mod h1:msYgDIh1SGSfq6/KiWJQ/uxMkWq8LekPyn1LAZ7ifNE= -cloud.google.com/go/orchestration v1.11.1/go.mod h1:RFHf4g88Lbx6oKhwFstYiId2avwb6oswGeAQ7Tjjtfw= -cloud.google.com/go/orgpolicy v1.14.1/go.mod h1:1z08Hsu1mkoH839X7C8JmnrqOkp2IZRSxiDw7W/Xpg4= -cloud.google.com/go/osconfig v1.14.2/go.mod h1:kHtsm0/j8ubyuzGciBsRxFlbWVjc4c7KdrwJw0+g+pQ= -cloud.google.com/go/oslogin v1.14.2/go.mod h1:M7tAefCr6e9LFTrdWRQRrmMeKHbkvc4D9g6tHIjHySA= -cloud.google.com/go/phishingprotection v0.9.2/go.mod h1:mSCiq3tD8fTJAuXq5QBHFKZqMUy8SfWsbUM9NpzJIRQ= -cloud.google.com/go/policytroubleshooter v1.11.2/go.mod h1:1TdeCRv8Qsjcz2qC3wFltg/Mjga4HSpv8Tyr5rzvPsw= -cloud.google.com/go/privatecatalog v0.10.2/go.mod h1:o124dHoxdbO50ImR3T4+x3GRwBSTf4XTn6AatP8MgsQ= -cloud.google.com/go/profiler v0.4.2/go.mod h1:7GcWzs9deJHHdJ5J9V1DzKQ9JoIoTGhezwlLbwkOoCs= -cloud.google.com/go/pubsub v1.45.3/go.mod h1:cGyloK/hXC4at7smAtxFnXprKEFTqmMXNNd9w+bd94Q= -cloud.google.com/go/pubsublite v1.8.2/go.mod h1:4r8GSa9NznExjuLPEJlF1VjOPOpgf3IT6k8x/YgaOPI= -cloud.google.com/go/recaptchaenterprise/v2 v2.19.0/go.mod h1:vnbA2SpVPPwKeoFrCQxR+5a0JFRRytwBBG69Zj9pGfk= -cloud.google.com/go/recommendationengine v0.9.2/go.mod h1:DjGfWZJ68ZF5ZuNgoTVXgajFAG0yLt4CJOpC0aMK3yw= -cloud.google.com/go/recommender v1.13.2/go.mod h1:XJau4M5Re8F4BM+fzF3fqSjxNJuM66fwF68VCy/ngGE= -cloud.google.com/go/redis v1.17.2/go.mod h1:h071xkcTMnJgQnU/zRMOVKNj5J6AttG16RDo+VndoNo= -cloud.google.com/go/resourcemanager v1.10.2/go.mod h1:5f+4zTM/ZOTDm6MmPOp6BQAhR0fi8qFPnvVGSoWszcc= -cloud.google.com/go/resourcesettings v1.8.2/go.mod h1:uEgtPiMA+xuBUM4Exu+ZkNpMYP0BLlYeJbyNHfrc+U0= -cloud.google.com/go/retail v1.19.1/go.mod h1:W48zg0zmt2JMqmJKCuzx0/0XDLtovwzGAeJjmv6VPaE= -cloud.google.com/go/run v1.7.0/go.mod h1:IvJOg2TBb/5a0Qkc6crn5yTy5nkjcgSWQLhgO8QL8PQ= -cloud.google.com/go/scheduler v1.11.2/go.mod h1:GZSv76T+KTssX2I9WukIYQuQRf7jk1WI+LOcIEHUUHk= cloud.google.com/go/secretmanager v1.14.3 h1:XVGHbcXEsbrgi4XHzgK5np81l1eO7O72WOXHhXUemrM= cloud.google.com/go/secretmanager v1.14.3/go.mod h1:Pwzcfn69Ni9Lrk1/XBzo1H9+MCJwJ6CDCoeoQUsMN+c= -cloud.google.com/go/security v1.18.2/go.mod h1:3EwTcYw8554iEtgK8VxAjZaq2unFehcsgFIF9nOvQmU= -cloud.google.com/go/securitycenter v1.35.2/go.mod h1:AVM2V9CJvaWGZRHf3eG+LeSTSissbufD27AVBI91C8s= -cloud.google.com/go/servicedirectory v1.12.2/go.mod h1:F0TJdFjqqotiZRlMXgIOzszaplk4ZAmUV8ovHo08M2U= -cloud.google.com/go/shell v1.8.2/go.mod h1:QQR12T6j/eKvqAQLv6R3ozeoqwJ0euaFSz2qLqG93Bs= -cloud.google.com/go/spanner v1.73.0/go.mod h1:mw98ua5ggQXVWwp83yjwggqEmW9t8rjs9Po1ohcUGW4= -cloud.google.com/go/speech v1.25.2/go.mod h1:KPFirZlLL8SqPaTtG6l+HHIFHPipjbemv4iFg7rTlYs= -cloud.google.com/go/storage v1.48.0/go.mod h1:aFoDYNMAjv67lp+xcuZqjUKv/ctmplzQ3wJgodA7b+M= -cloud.google.com/go/storagetransfer v1.11.2/go.mod h1:FcM29aY4EyZ3yVPmW5SxhqUdhjgPBUOFyy4rqiQbias= -cloud.google.com/go/talent v1.7.2/go.mod h1:k1sqlDgS9gbc0gMTRuRQpX6C6VB7bGUxSPcoTRWJod8= -cloud.google.com/go/texttospeech v1.10.0/go.mod h1:215FpCOyRxxrS7DSb2t7f4ylMz8dXsQg8+Vdup5IhP4= -cloud.google.com/go/tpu v1.7.2/go.mod h1:0Y7dUo2LIbDUx0yQ/vnLC6e18FK6NrDfAhYS9wZ/2vs= cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= -cloud.google.com/go/translate v1.12.2/go.mod h1:jjLVf2SVH2uD+BNM40DYvRRKSsuyKxVvs3YjTW/XSWY= -cloud.google.com/go/video v1.23.2/go.mod h1:rNOr2pPHWeCbW0QsOwJRIe0ZiuwHpHtumK0xbiYB1Ew= -cloud.google.com/go/videointelligence v1.12.2/go.mod h1:8xKGlq0lNVyT8JgTkkCUCpyNJnYYEJVWGdqzv+UcwR8= -cloud.google.com/go/vision/v2 v2.9.2/go.mod h1:WuxjVQdAy4j4WZqY5Rr655EdAgi8B707Vdb5T8c90uo= -cloud.google.com/go/vmmigration v1.8.2/go.mod h1:FBejrsr8ZHmJb949BSOyr3D+/yCp9z9Hk0WtsTiHc1Q= -cloud.google.com/go/vmwareengine v1.3.2/go.mod h1:JsheEadzT0nfXOGkdnwtS1FhFAnj4g8qhi4rKeLi/AU= -cloud.google.com/go/vpcaccess v1.8.2/go.mod h1:4yvYKNjlNjvk/ffgZ0PuEhpzNJb8HybSM1otG2aDxnY= -cloud.google.com/go/webrisk v1.10.2/go.mod h1:c0ODT2+CuKCYjaeHO7b0ni4CUrJ95ScP5UFl9061Qq8= -cloud.google.com/go/websecurityscanner v1.7.2/go.mod h1:728wF9yz2VCErfBaACA5px2XSYHQgkK812NmHcUsDXA= -cloud.google.com/go/workflows v1.13.2/go.mod h1:l5Wj2Eibqba4BsADIRzPLaevLmIuYF2W+wfFBkRG3vU= -dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1/go.mod h1:jyqM3eLpJ3IbIFDTKVz2rF9T/xWGW0rIriGwnz8l9Tk= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0 h1:4PoDbd/9/06IpwLGxSfvfNoEr9urvfkrN6mmJangGCg= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0/go.mod h1:EycllQ1gupHbjqbcmfCr/H6FKSGSmEUONJ2ivb86qeY= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI= -github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= -github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= -github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apache/arrow/go/v15 v15.0.2/go.mod h1:DGXsR3ajT524njufqf95822i+KTh+yea1jass9YXgjA= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/avvmoto/buf-readerat v0.0.0-20171115124131-a17c8cb89270/go.mod h1:2XtVRGCw/HthOLxU0Qw6o6jSJrcEoOb2OCCl8gQYvGw= -github.com/aws/aws-sdk-go-v2 v1.32.4/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= -github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= -github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bits-and-blooms/bitset v1.15.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 h1:5FhjW93/YLQJDmPdeyMPw7IjAPzqsr+0jHPfrPz0sZI= github.com/bradleyfalzon/ghinstallation/v2 v2.13.0/go.mod h1:EJ6fgedVEHa2kUyBTTvslJCXJafS/mhJNNKEOCspZXQ= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= @@ -181,40 +52,25 @@ github.com/chainguard-dev/terraform-infra-common v0.6.112/go.mod h1:ZnuVv+RXR1in github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= -github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= -github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE= github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= -github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= -github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -222,17 +78,11 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= @@ -241,35 +91,24 @@ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= -github.com/google/go-github/v61 v61.0.0/go.mod h1:0WR+KmsWX75G2EbpyGsGmradjo3IiciuI4BmdVCobQY= github.com/google/go-github/v68 v68.0.0 h1:ZW57zeNZiXTdQ16qrDiZ0k6XucrxZ2CGmoTvcCyQG6s= github.com/google/go-github/v68 v68.0.0/go.mod h1:K9HAUBovM2sLwM408A18h+wd9vqdLOEqTUCbnRIcx68= -github.com/google/go-pkcs11 v0.3.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/wire v0.6.0/go.mod h1:F4QhpQ9EDIdJ1Mbop/NZBRB+5yrR6qg3BnctaoUk6NA= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= -github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= @@ -283,21 +122,14 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= -github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -308,12 +140,7 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -321,19 +148,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= -github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -353,44 +169,27 @@ github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/ github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sethvargo/go-envconfig v1.1.0 h1:cWZiJxeTm7AlCvzGXrEXaSTCNgip5oJepekh/BOQuog= github.com/sethvargo/go-envconfig v1.1.0/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= github.com/shirou/gopsutil/v4 v4.24.11 h1:WaU9xqGFKvFfsUv94SXcUPD7rCkU0vr/asVdQOBZNj8= github.com/shirou/gopsutil/v4 v4.24.11/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= -github.com/sigstore/sigstore v1.8.10/go.mod h1:BekjqxS5ZtHNJC4u3Q3Stvfx2eyisbW/lUZzmPU2u4A= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= -github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= -github.com/snabb/httpreaderat v1.0.1/go.mod h1:lpbGrKDWF37yvRbtRvQsbesS6Ty5c83t8ztannPoMsA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI= -github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= -github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/detectors/gcp v1.32.0 h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8= @@ -427,21 +226,18 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -gocloud.dev v0.40.0/go.mod h1:drz+VyYNBvrMTW0KZiBAYEdl8lbNZx+OQ7oQvdrFmSQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -454,8 +250,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -473,7 +269,6 @@ golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= @@ -490,17 +285,14 @@ golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -508,7 +300,6 @@ google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20241209162323-e6fa225c2576/go.mod h1:qUsLYwbwz5ostUWtuFuXPlHmSJodC5NI/88ZlHj4M1o= google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -519,20 +310,14 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= -google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a/go.mod h1:9i1T9n4ZinTUZGgzENMi8MDDgbGC5mqTS75JAv6xN3A= google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= @@ -542,10 +327,5 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= -k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 5e767ac04d49396dd1c9e0fd5f533e70bfe4850a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 12:48:40 -0800 Subject: [PATCH 107/194] Bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 (#686) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.11.0 to 3.12.0.
    Release notes

    Sourced from github.com/coreos/go-oidc/v3's releases.

    v3.12.0

    What's Changed

    Full Changelog: https://github.com/coreos/go-oidc/compare/v3.11.0...v3.12.0

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/coreos/go-oidc/v3&package-manager=go_modules&previous-version=3.11.0&new-version=3.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 12667a6..0d51cdf 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/chainguard-dev/clog v1.5.1 github.com/chainguard-dev/terraform-infra-common v0.6.112 github.com/cloudevents/sdk-go/v2 v2.15.2 - github.com/coreos/go-oidc/v3 v3.11.0 + github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v68 v68.0.0 diff --git a/go.sum b/go.sum index 731bc01..f8b8884 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= -github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= +github.com/coreos/go-oidc/v3 v3.12.0 h1:sJk+8G2qq94rDI6ehZ71Bol3oUHy63qNYmkiSjrc/Jo= +github.com/coreos/go-oidc/v3 v3.12.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= From 697eb1af5c69c7324ae9d032734b8134bd9470ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 13:04:35 -0800 Subject: [PATCH 108/194] Bump google.golang.org/api from 0.214.0 to 0.215.0 (#687) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.214.0 to 0.215.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.215.0

    0.215.0 (2025-01-01)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.215.0 (2025-01-01)

    Features

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.214.0&new-version=0.215.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 0d51cdf..b7c799c 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.25.0 - google.golang.org/api v0.214.0 + google.golang.org/api v0.215.0 google.golang.org/grpc v1.69.2 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 @@ -62,7 +62,7 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect - github.com/googleapis/gax-go/v2 v2.14.0 // indirect + github.com/googleapis/gax-go/v2 v2.14.1 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect @@ -94,7 +94,7 @@ require ( golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/protobuf v1.35.2 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect + google.golang.org/protobuf v1.36.1 // indirect ) diff --git a/go.sum b/go.sum index f8b8884..5c4685c 100644 --- a/go.sum +++ b/go.sum @@ -107,8 +107,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= -github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= -github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= +github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= +github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= @@ -289,8 +289,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= -google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= +google.golang.org/api v0.215.0 h1:jdYF4qnyczlEz2ReWIsosNLDuzXyvFHJtI5gcr0J7t0= +google.golang.org/api v0.215.0/go.mod h1:fta3CVtuJYOEdugLNWm6WodzOS8KdFckABwN4I40hzY= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -298,10 +298,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= -google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 h1:TqExAhdPaB60Ux47Cn0oLV07rGnxZzIsaRhQaqS666A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= @@ -310,8 +310,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 79da6ac0261a87204cfcf8b173566142f6f7c9df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 12:57:21 -0800 Subject: [PATCH 109/194] Bump the all group with 2 updates (#690) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) and [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `cloud.google.com/go/kms` from 1.20.4 to 1.20.5
    Release notes

    Sourced from cloud.google.com/go/kms's releases.

    kms: v1.20.5

    1.20.5 (2025-01-08)

    Documentation

    • kms: Modify enum comment (2e4feb9)
    Commits

    Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.112 to 0.6.113
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.113

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.112...v0.6.113

    Commits
    • fc44575 github-bot sdk: add search content of filename in repository (#681)
    • 1655bad alerts to catch 4xx type errors (#676)
    • 3122474 build(deps): bump the gomod group with 4 updates (#684)
    • cd3a12e github-bots: add new botName field to AddComment signature so it works like S...
    • 2474153 build(deps): bump the gomod group with 2 updates (#682)
    • 97fc44f build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.11 to 4.24.12 in th...
    • 2d41ffd build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 in the go...
    • 11a9ae5 build(deps): bump the gomod group with 2 updates (#678)
    • e153831 build(deps): bump google.golang.org/api from 0.213.0 to 0.214.0 in the gomod ...
    • d61aeab instrument server metrics for trampoline (#675)
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 33 +++++++++++++++-------------- go.sum | 66 ++++++++++++++++++++++++++++++---------------------------- 2 files changed, 51 insertions(+), 48 deletions(-) diff --git a/go.mod b/go.mod index b7c799c..efd84dd 100644 --- a/go.mod +++ b/go.mod @@ -5,11 +5,11 @@ go 1.23.4 require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.29 - cloud.google.com/go/kms v1.20.4 + cloud.google.com/go/kms v1.20.5 cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.112 + github.com/chainguard-dev/terraform-infra-common v0.6.113 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -40,9 +40,10 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/sethvargo/go-envconfig v1.1.0 // indirect - github.com/shirou/gopsutil/v4 v4.24.11 // indirect + github.com/shirou/gopsutil/v4 v4.24.12 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -76,23 +77,23 @@ require ( github.com/prometheus/procfs v0.15.1 // indirect github.com/stretchr/testify v1.10.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect - go.opentelemetry.io/otel v1.32.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect - go.opentelemetry.io/otel/metric v1.32.0 // indirect - go.opentelemetry.io/otel/sdk v1.32.0 // indirect - go.opentelemetry.io/otel/trace v1.32.0 // indirect - go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/sdk v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect + go.opentelemetry.io/proto/otlp v1.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.31.0 // indirect - golang.org/x/net v0.33.0 // indirect + golang.org/x/crypto v0.32.0 // indirect + golang.org/x/net v0.34.0 // indirect golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.28.0 // indirect + golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.8.0 // indirect + golang.org/x/time v0.9.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect diff --git a/go.sum b/go.sum index 5c4685c..7993bd6 100644 --- a/go.sum +++ b/go.sum @@ -13,8 +13,8 @@ cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/kms v1.20.4 h1:CJ0hMpOg1ANN9tx/a/GPJ+Uxudy8k6f3fvGFuTHiE5A= -cloud.google.com/go/kms v1.20.4/go.mod h1:gPLsp1r4FblUgBYPOcvI/bUPpdMg2Jm1ZVKU4tQUfcc= +cloud.google.com/go/kms v1.20.5 h1:aQQ8esAIVZ1atdJRxihhdxGQ64/zEbJoJnCz/ydSmKg= +cloud.google.com/go/kms v1.20.5/go.mod h1:C5A8M1sv2YWYy1AE6iSrnddSG9lRGdJq5XEdBy28Lmw= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.112 h1:fmMJPnGHt/2sRnpuWWkt2lDBi4o03wkJFWRvYmozVTo= -github.com/chainguard-dev/terraform-infra-common v0.6.112/go.mod h1:ZnuVv+RXR1inDqwL9FoK9O5bLQm0Wp5YVRaH4QMMg7Y= +github.com/chainguard-dev/terraform-infra-common v0.6.113 h1:i8Voo+OtzuzH7e0FWAXitA351N4WBwhfyNGveimSah8= +github.com/chainguard-dev/terraform-infra-common v0.6.113/go.mod h1:lMJMKf/XnHzqqci9WyJJV/CE+xrG/KN3V3uxoyhDIDY= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -173,8 +173,8 @@ github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/sethvargo/go-envconfig v1.1.0 h1:cWZiJxeTm7AlCvzGXrEXaSTCNgip5oJepekh/BOQuog= github.com/sethvargo/go-envconfig v1.1.0/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= -github.com/shirou/gopsutil/v4 v4.24.11 h1:WaU9xqGFKvFfsUv94SXcUPD7rCkU0vr/asVdQOBZNj8= -github.com/shirou/gopsutil/v4 v4.24.11/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8= +github.com/shirou/gopsutil/v4 v4.24.12 h1:qvePBOk20e0IKA1QXrIIU+jmk+zEiYVVx06WjBRlZo4= +github.com/shirou/gopsutil/v4 v4.24.12/go.mod h1:DCtMPAad2XceTeIAbGyVfycbYQNBGk2P8cvDi7/VN9o= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -192,30 +192,32 @@ github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/detectors/gcp v1.32.0 h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8= -go.opentelemetry.io/contrib/detectors/gcp v1.32.0/go.mod h1:TVqo0Sda4Cv8gCIixd7LuLwW4EylumVWfhjZJjDD4DU= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4= +go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= -go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= -go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI= -go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= -go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= -go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= -go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= +go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= -go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= -go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= -go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -229,8 +231,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -247,8 +249,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -267,14 +269,14 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From 04cae2bf37c2618c202261027b75fb41f41d4bf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 12:58:19 -0800 Subject: [PATCH 110/194] Bump google.golang.org/api from 0.215.0 to 0.216.0 (#691) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.215.0 to 0.216.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.216.0

    0.216.0 (2025-01-09)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.216.0 (2025-01-09)

    Features

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.215.0&new-version=0.216.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index efd84dd..5cec09b 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.25.0 - google.golang.org/api v0.215.0 + google.golang.org/api v0.216.0 google.golang.org/grpc v1.69.2 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 @@ -96,6 +96,6 @@ require ( golang.org/x/time v0.9.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect google.golang.org/protobuf v1.36.1 // indirect ) diff --git a/go.sum b/go.sum index 7993bd6..21707ce 100644 --- a/go.sum +++ b/go.sum @@ -291,8 +291,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.215.0 h1:jdYF4qnyczlEz2ReWIsosNLDuzXyvFHJtI5gcr0J7t0= -google.golang.org/api v0.215.0/go.mod h1:fta3CVtuJYOEdugLNWm6WodzOS8KdFckABwN4I40hzY= +google.golang.org/api v0.216.0 h1:xnEHy+xWFrtYInWPy8OdGFsyIfWJjtVnO39g7pz2BFY= +google.golang.org/api v0.216.0/go.mod h1:K9wzQMvWi47Z9IU7OgdOofvZuw75Ge3PPITImZR/UyI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -302,8 +302,8 @@ google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 h1:TqExAhdPaB60Ux47Cn0oLV07rGnxZzIsaRhQaqS666A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 0924c395977152c6c6a322923785c37c5c847f24 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 09:03:18 +0100 Subject: [PATCH 111/194] Bump chainguard-dev/common/infra from 0.6.112 to 0.6.113 in /iac in the all group (#688) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.112 to 0.6.113
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.113

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.112...v0.6.113

    Commits
    • fc44575 github-bot sdk: add search content of filename in repository (#681)
    • 1655bad alerts to catch 4xx type errors (#676)
    • 3122474 build(deps): bump the gomod group with 4 updates (#684)
    • cd3a12e github-bots: add new botName field to AddComment signature so it works like S...
    • 2474153 build(deps): bump the gomod group with 2 updates (#682)
    • 97fc44f build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.11 to 4.24.12 in th...
    • 2d41ffd build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 in the go...
    • 11a9ae5 build(deps): bump the gomod group with 2 updates (#678)
    • e153831 build(deps): bump google.golang.org/api from 0.213.0 to 0.214.0 in the gomod ...
    • d61aeab instrument server metrics for trampoline (#675)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.112&new-version=0.6.113)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index d320b88..b17c345 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.112" + version = "0.6.113" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.112" + version = "0.6.113" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index d1a278a..1753679 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.112" + version = "0.6.113" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 2093f2e..9b61150 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.112" + version = "0.6.113" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 9f1b3bb..2e13218 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.112" + version = "0.6.113" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.112" + version = "0.6.113" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.112" + version = "0.6.113" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 8aba58a..aa07cb6 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.112" + version = "0.6.113" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.112" + version = "0.6.113" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index d0267c4..14aca37 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.112" + version = "0.6.113" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.112" + version = "0.6.113" project_id = var.project_id name = "${var.name}-webhook" From cef8cb3a5edf5f1e8229ac528a94b3ffb4f91038 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 09:03:32 +0100 Subject: [PATCH 112/194] Bump chainguard-dev/common/infra from 0.6.112 to 0.6.113 in /modules/app in the all group (#692) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.112 to 0.6.113
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.113

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.112...v0.6.113

    Commits
    • fc44575 github-bot sdk: add search content of filename in repository (#681)
    • 1655bad alerts to catch 4xx type errors (#676)
    • 3122474 build(deps): bump the gomod group with 4 updates (#684)
    • cd3a12e github-bots: add new botName field to AddComment signature so it works like S...
    • 2474153 build(deps): bump the gomod group with 2 updates (#682)
    • 97fc44f build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.11 to 4.24.12 in th...
    • 2d41ffd build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 in the go...
    • 11a9ae5 build(deps): bump the gomod group with 2 updates (#678)
    • e153831 build(deps): bump google.golang.org/api from 0.213.0 to 0.214.0 in the gomod ...
    • d61aeab instrument server metrics for trampoline (#675)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.112&new-version=0.6.113)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 222fb8574e297197e1922547dcf95c52fcbcf51b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 09:27:12 +0100 Subject: [PATCH 113/194] Bump chainguard-dev/common/infra from 0.6.112 to 0.6.113 in /iac/bootstrap in the all group (#689) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.112 to 0.6.113
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.113

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.112...v0.6.113

    Commits
    • fc44575 github-bot sdk: add search content of filename in repository (#681)
    • 1655bad alerts to catch 4xx type errors (#676)
    • 3122474 build(deps): bump the gomod group with 4 updates (#684)
    • cd3a12e github-bots: add new botName field to AddComment signature so it works like S...
    • 2474153 build(deps): bump the gomod group with 2 updates (#682)
    • 97fc44f build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.11 to 4.24.12 in th...
    • 2d41ffd build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 in the go...
    • 11a9ae5 build(deps): bump the gomod group with 2 updates (#678)
    • e153831 build(deps): bump google.golang.org/api from 0.213.0 to 0.214.0 in the gomod ...
    • d61aeab instrument server metrics for trampoline (#675)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.112&new-version=0.6.113)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 6c6421f..325ca41 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.112" + version = "0.6.113" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.112" + version = "0.6.113" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.112" + version = "0.6.113" project_id = var.project_id name = "github-pull-requests" From 5c25afcc592f6ebad56a13d4637dc277c088e51e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 12:50:59 -0800 Subject: [PATCH 114/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.113 to 0.6.114 in the all group (#693) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.113 to 0.6.114
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.114

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.113...v0.6.114

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.113&new-version=0.6.114)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 5cec09b..da9198e 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.113 + github.com/chainguard-dev/terraform-infra-common v0.6.114 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -97,5 +97,5 @@ require ( google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect - google.golang.org/protobuf v1.36.1 // indirect + google.golang.org/protobuf v1.36.2 // indirect ) diff --git a/go.sum b/go.sum index 21707ce..837ca67 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.113 h1:i8Voo+OtzuzH7e0FWAXitA351N4WBwhfyNGveimSah8= -github.com/chainguard-dev/terraform-infra-common v0.6.113/go.mod h1:lMJMKf/XnHzqqci9WyJJV/CE+xrG/KN3V3uxoyhDIDY= +github.com/chainguard-dev/terraform-infra-common v0.6.114 h1:0LFR4ThSm3mc9YdDazA/9PoRrSkhYWJ+lyizD9ZAT0Q= +github.com/chainguard-dev/terraform-infra-common v0.6.114/go.mod h1:KOFvtebW2RIVSutyp+ZprWhmlsbjRFvUH8CQ+xcukMw= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -312,8 +312,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= -google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= +google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 316961572fb0ae7e51b01a3cc38d38ac7c0fc137 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 12:51:17 -0800 Subject: [PATCH 115/194] Bump chainguard-dev/common/infra from 0.6.113 to 0.6.114 in /iac/bootstrap in the all group (#694) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.113 to 0.6.114
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.114

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.113...v0.6.114

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.113&new-version=0.6.114)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 325ca41..fa317d9 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.113" + version = "0.6.114" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.113" + version = "0.6.114" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.113" + version = "0.6.114" project_id = var.project_id name = "github-pull-requests" From c22c01d7b5828f40fe4a7ba24140bff417abc77d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 20:52:03 +0000 Subject: [PATCH 116/194] Bump chainguard-dev/common/infra from 0.6.113 to 0.6.114 in /modules/app in the all group (#695) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.113 to 0.6.114
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.114

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.113...v0.6.114

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.113&new-version=0.6.114)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index aa07cb6..7757db8 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.113" + version = "0.6.114" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.113" + version = "0.6.114" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 14aca37..ed15fa2 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.113" + version = "0.6.114" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.113" + version = "0.6.114" project_id = var.project_id name = "${var.name}-webhook" From d737cdb02f86cb724f5d5efd4ad969f09b70b928 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 09:23:36 +0100 Subject: [PATCH 117/194] Bump chainguard-dev/common/infra from 0.6.113 to 0.6.114 in /iac in the all group (#696) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.113 to 0.6.114
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.114

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.113...v0.6.114

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.113&new-version=0.6.114)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index b17c345..048272c 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.113" + version = "0.6.114" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.113" + version = "0.6.114" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 1753679..5939f95 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.113" + version = "0.6.114" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 9b61150..17bb027 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.113" + version = "0.6.114" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 2e13218..4e5ae30 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.113" + version = "0.6.114" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.113" + version = "0.6.114" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.113" + version = "0.6.114" service_name = var.name project_id = var.project_id From 4061c5dc9f6da4c138dffb52362c26ff25304408 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 20:23:27 +0000 Subject: [PATCH 118/194] Bump google.golang.org/grpc from 1.69.2 to 1.69.4 in the all group (#697) Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.69.2 to 1.69.4
    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.69.4

    Bug Fixes

    • rbac: fix support for :path header matchers, which would previously never successfully match (#7965).

    Documentation

    • examples/features/csm_observability: update example client and server to use the helloworld service instead of echo service (#7945).

    Release 1.69.3 was accidentally tagged on the master branch and will be deleted. Please update to 1.69.4 instead.

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.69.2&new-version=1.69.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index da9198e..263ac41 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.25.0 google.golang.org/api v0.216.0 - google.golang.org/grpc v1.69.2 + google.golang.org/grpc v1.69.4 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 837ca67..8f49e85 100644 --- a/go.sum +++ b/go.sum @@ -310,8 +310,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= -google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A= +google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From f510f352433a945c0c3398a5019c4f7d778af9e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Jan 2025 10:59:51 +0100 Subject: [PATCH 119/194] Bump reviewdog/action-actionlint from 1.62.0 to 1.63.0 in the all group (#698) Bumps the all group with 1 update: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint). Updates `reviewdog/action-actionlint` from 1.62.0 to 1.63.0
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.63.0

    v1.63.0: PR #153 - Parse the severity if the output is from shellcheck

    Commits
    • f3dcc52 bump v1.63.0
    • 7133125 Merge branch 'main' into releases/v1
    • 9be0e56 Merge pull request #153 from reviewdog/massongit-patch-2
    • c8034a3 Parse the severity if the output is from shellcheck
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reviewdog/action-actionlint&package-manager=github_actions&previous-version=1.62.0&new-version=1.63.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index bad2518..584099d 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@af17f9e3640ac863dbcc515d45f5f35d708d0faf # v1.62.0 + uses: reviewdog/action-actionlint@f3dcc52bc6039e5d736486952379dce3e869e8a2 # v1.63.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} From 0a8bb3d6c7f2004eedde9383ec58ddbb80856052 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 12:22:48 -0800 Subject: [PATCH 120/194] Bump chainguard-dev/common/infra from 0.6.114 to 0.6.115 in /iac in the all group (#699) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.114 to 0.6.115
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.115

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.114...v0.6.115

    Commits
    • 4c02885 build(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4 in the gomod g...
    • 576a3dd github-events: Add GITHUB_ORGANIZATIONS_FILTER (#690)
    • 33b4f50 github-events: Add WEBHOOK_ID and REQUESTED_ONLY_WEBHOOK_ID filters (#689)
    • f18f1dc github-bots: Add direct GitHub App authentication to bot sdk. (#688)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.114&new-version=0.6.115)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 048272c..73dcd2e 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.114" + version = "0.6.115" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.114" + version = "0.6.115" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 5939f95..51f2407 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.114" + version = "0.6.115" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 17bb027..1466837 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.114" + version = "0.6.115" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 4e5ae30..9bb8747 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.114" + version = "0.6.115" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.114" + version = "0.6.115" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.114" + version = "0.6.115" service_name = var.name project_id = var.project_id diff --git a/modules/app/main.tf b/modules/app/main.tf index 7757db8..68e6673 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.114" + version = "0.6.115" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.114" + version = "0.6.115" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index ed15fa2..991a82e 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.114" + version = "0.6.115" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.114" + version = "0.6.115" project_id = var.project_id name = "${var.name}-webhook" From 405316f181640812fbf982594905997fa4dd947a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 13:41:37 -0800 Subject: [PATCH 121/194] Bump google.golang.org/api from 0.216.0 to 0.217.0 (#702) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.216.0 to 0.217.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.217.0

    0.217.0 (2025-01-15)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.217.0 (2025-01-15)

    Features

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.216.0&new-version=0.217.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 263ac41..5ab3ffb 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.25.0 - google.golang.org/api v0.216.0 + google.golang.org/api v0.217.0 google.golang.org/grpc v1.69.4 k8s.io/apimachinery v0.32.0 sigs.k8s.io/yaml v1.4.0 @@ -48,8 +48,8 @@ require ( ) require ( - cloud.google.com/go/auth v0.13.0 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect + cloud.google.com/go/auth v0.14.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.2.2 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -60,7 +60,7 @@ require ( github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/s2a-go v0.1.8 // indirect + github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/googleapis/gax-go/v2 v2.14.1 // indirect @@ -96,6 +96,6 @@ require ( golang.org/x/time v0.9.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect google.golang.org/protobuf v1.36.2 // indirect ) diff --git a/go.sum b/go.sum index 8f49e85..a0b7093 100644 --- a/go.sum +++ b/go.sum @@ -5,10 +5,10 @@ chainguard.dev/sdk v0.1.29/go.mod h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= -cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= -cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= -cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= +cloud.google.com/go/auth v0.14.0 h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM= +cloud.google.com/go/auth v0.14.0/go.mod h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A= +cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= +cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= @@ -101,8 +101,8 @@ github.com/google/go-github/v68 v68.0.0/go.mod h1:K9HAUBovM2sLwM408A18h+wd9vqdLO github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= -github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= +github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= +github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= @@ -291,8 +291,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.216.0 h1:xnEHy+xWFrtYInWPy8OdGFsyIfWJjtVnO39g7pz2BFY= -google.golang.org/api v0.216.0/go.mod h1:K9wzQMvWi47Z9IU7OgdOofvZuw75Ge3PPITImZR/UyI= +google.golang.org/api v0.217.0 h1:GYrUtD289o4zl1AhiTZL0jvQGa2RDLyC+kX1N/lfGOU= +google.golang.org/api v0.217.0/go.mod h1:qMc2E8cBAbQlRypBTBWHklNJlaZZJBwDv81B1Iu8oSI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -302,8 +302,8 @@ google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 875feb1e3146e4fc4641348a87d5b33468616976 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 13:41:58 -0800 Subject: [PATCH 122/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.114 to 0.6.115 in the all group (#701) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.114 to 0.6.115
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.115

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.114...v0.6.115

    Commits
    • 4c02885 build(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4 in the gomod g...
    • 576a3dd github-events: Add GITHUB_ORGANIZATIONS_FILTER (#690)
    • 33b4f50 github-events: Add WEBHOOK_ID and REQUESTED_ONLY_WEBHOOK_ID filters (#689)
    • f18f1dc github-bots: Add direct GitHub App authentication to bot sdk. (#688)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.114&new-version=0.6.115)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5ab3ffb..e2c12ca 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.114 + github.com/chainguard-dev/terraform-infra-common v0.6.115 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index a0b7093..e515ad0 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.114 h1:0LFR4ThSm3mc9YdDazA/9PoRrSkhYWJ+lyizD9ZAT0Q= -github.com/chainguard-dev/terraform-infra-common v0.6.114/go.mod h1:KOFvtebW2RIVSutyp+ZprWhmlsbjRFvUH8CQ+xcukMw= +github.com/chainguard-dev/terraform-infra-common v0.6.115 h1:pk3h/nNUD8qC3Nw3eWn81+9L718cvB7iPwPfJ9WufXM= +github.com/chainguard-dev/terraform-infra-common v0.6.115/go.mod h1:He3VNV5MDB4cXJKu7tfwK1gQZxRUwlkoh+uQqzOjYEA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From d642b497103ce83ec86c8bf69644c52f109d3783 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 13:42:19 -0800 Subject: [PATCH 123/194] Bump chainguard-dev/common/infra from 0.6.114 to 0.6.115 in /iac/bootstrap in the all group (#700) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.114 to 0.6.115
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.115

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.114...v0.6.115

    Commits
    • 4c02885 build(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4 in the gomod g...
    • 576a3dd github-events: Add GITHUB_ORGANIZATIONS_FILTER (#690)
    • 33b4f50 github-events: Add WEBHOOK_ID and REQUESTED_ONLY_WEBHOOK_ID filters (#689)
    • f18f1dc github-bots: Add direct GitHub App authentication to bot sdk. (#688)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.114&new-version=0.6.115)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index fa317d9..060ee65 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.114" + version = "0.6.115" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.114" + version = "0.6.115" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.114" + version = "0.6.115" project_id = var.project_id name = "github-pull-requests" From 57cfb7da2a2d506b33f1a0f6a57e834ca44bfd70 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 16 Jan 2025 18:23:32 +0100 Subject: [PATCH 124/194] add new field to the bq schema (#703) ``` "message": "Error while reading data, error message: JSON parsing error in row starting at position 9604: No such field: trust_policy.claim_pattern.aud. File: xxxx", ``` --- iac/sts_exchange.schema.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/iac/sts_exchange.schema.json b/iac/sts_exchange.schema.json index 3c31775..05c0f28 100644 --- a/iac/sts_exchange.schema.json +++ b/iac/sts_exchange.schema.json @@ -102,6 +102,11 @@ "name": "base_ref", "type": "STRING", "mode": "NULLABLE" + }, + { + "name": "aud", + "type": "STRING", + "mode": "NULLABLE" } ] }, From 7f4c848af1fa391bd431b02ed9b2494cd26c0ffc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Jan 2025 20:56:38 +0000 Subject: [PATCH 125/194] Bump k8s.io/apimachinery from 0.32.0 to 0.32.1 in the all group (#704) Bumps the all group with 1 update: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `k8s.io/apimachinery` from 0.32.0 to 0.32.1
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=k8s.io/apimachinery&package-manager=go_modules&previous-version=0.32.0&new-version=0.32.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e2c12ca..fec5404 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( golang.org/x/oauth2 v0.25.0 google.golang.org/api v0.217.0 google.golang.org/grpc v1.69.4 - k8s.io/apimachinery v0.32.0 + k8s.io/apimachinery v0.32.1 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index e515ad0..02105eb 100644 --- a/go.sum +++ b/go.sum @@ -327,7 +327,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= -k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 5e55eef59c82fab4795a93dec2286ba5e18a6f07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Jan 2025 13:06:20 -0800 Subject: [PATCH 126/194] Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 in the all group (#705) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 6.1.1 to 6.2.0
    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v6.2.0

    What's Changed

    Changes

    Documentation

    Dependencies

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.1.1...v6.2.0

    Commits
    • ec5d184 feat: support linux arm64 public preview (#1144)
    • a0297a1 build(deps-dev): bump the dev-dependencies group with 3 updates (#1143)
    • 58eda26 build(deps): bump @​types/node from 22.10.2 to 22.10.5 in the dependencies gro...
    • 44c2434 build(deps-dev): bump the dev-dependencies group with 2 updates (#1141)
    • 2f13b80 build(deps-dev): bump the dev-dependencies group with 2 updates (#1139)
    • 1ac3686 build(deps-dev): bump the dev-dependencies group with 2 updates (#1138)
    • 9937fdf build(deps): bump @​types/node from 22.10.1 to 22.10.2 in the dependencies gro...
    • cb60b26 build(deps-dev): bump the dev-dependencies group with 2 updates (#1136)
    • 774c35b build(deps): bump @​actions/cache from 3.3.0 to 4.0.0 in the dependencies grou...
    • 7ce5487 build(deps-dev): bump the dev-dependencies group with 3 updates (#1134)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.1.1&new-version=6.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/style.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index ce6cb6c..f847dcb 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -59,7 +59,7 @@ jobs: check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v3.7.1 + uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v3.7.1 with: version: v1.61 From 2155dab6766abce28aa2a9de7dd24ce44c63125d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 09:13:40 +0100 Subject: [PATCH 127/194] Bump reviewdog/action-actionlint from 1.63.0 to 1.64.1 in the all group (#706) Bumps the all group with 1 update: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint). Updates `reviewdog/action-actionlint` from 1.63.0 to 1.64.1
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.64.1

    v1.64.1: PR #145 - chore(deps): update python docker tag to v3.13

    Release v1.64.0

    v1.64.0: PR #154 - chore(deps): update actionlint to 1.7.7

    Commits
    • abd5374 bump v1.64.1
    • e9db0f8 Merge branch 'main' into releases/v1
    • fafbcd6 Merge pull request #145 from reviewdog/renovate/python-3.x
    • 213735e chore(deps): update python docker tag to v3.13
    • e6e4176 Merge pull request #139 from reviewdog/renovate/peter-evans-create-pull-reque...
    • e2fe8c7 bump v1.64.0
    • c48e61c Merge branch 'main' into releases/v1
    • 59fdf5a Merge pull request #154 from reviewdog/depup/actionlint
    • 387813a chore(deps): update actionlint to 1.7.7
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reviewdog/action-actionlint&package-manager=github_actions&previous-version=1.63.0&new-version=1.64.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 584099d..efcb286 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@f3dcc52bc6039e5d736486952379dce3e869e8a2 # v1.63.0 + uses: reviewdog/action-actionlint@abd537417cf4991e1ba8e21a67b1119f4f53b8e0 # v1.64.1 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} From 42df77e7a6583f538c758f565da0da89ae9f5dc0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:15:12 +0100 Subject: [PATCH 128/194] Bump actions/setup-go from 5.2.0 to 5.3.0 in the all group (#708) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5.2.0 to 5.3.0
    Release notes

    Sourced from actions/setup-go's releases.

    v5.3.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.3.0

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.2.0&new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy.yaml | 2 +- .github/workflows/go-test.yaml | 2 +- .github/workflows/style.yaml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 7ae32a4..50f977f 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -23,7 +23,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 7b3cb06..6d74de1 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index f847dcb..7459c31 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: './go.mod' check-latest: true @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: './go.mod' check-latest: true @@ -53,7 +53,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: './go.mod' check-latest: true @@ -72,7 +72,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: './go.mod' check-latest: true From f698ab547dd1392240e6a46e172ca2f6d310a46a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:15:32 +0100 Subject: [PATCH 129/194] Bump chainguard.dev/sdk from 0.1.29 to 0.1.30 in the all group (#707) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk). Updates `chainguard.dev/sdk` from 0.1.29 to 0.1.30
    Release notes

    Sourced from chainguard.dev/sdk's releases.

    v0.1.30

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.29...v0.1.30

    Commits
    • 2cf3fd0 Bump the go_modules group across 1 directory with 2 updates (#148)
    • c62e529 Bump the go_modules group across 1 directory with 2 updates
    • ff70f32 Merge pull request #71 from chainguard-dev/create-pull-request/patch
    • b6d47cd Export 96b6f9770d86bbe8e2833084bf16051c9687db5e
    • 46e27f8 Merge pull request #70 from chainguard-dev/create-pull-request/patch
    • 457e8e5 Export 04f1ece5147a255e1363ae1d7d81f612a4f88cf3
    • e270c35 Export 9852b2f7eef4ec398140c6fabc1f52027393b134
    • af841eb Export 16958c75f66faf7250707f0254db7a303152f441
    • 03e97c4 Export c83a4165e3d2eb2740cc3c55c19df3bc1141f74d
    • fddc692 Merge pull request #69 from chainguard-dev/create-pull-request/patch
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard.dev/sdk&package-manager=go_modules&previous-version=0.1.29&new-version=0.1.30)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fec5404..6036cb1 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.23.4 require ( chainguard.dev/go-grpc-kit v0.17.7 - chainguard.dev/sdk v0.1.29 + chainguard.dev/sdk v0.1.30 cloud.google.com/go/kms v1.20.5 cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 diff --git a/go.sum b/go.sum index 02105eb..f10a8ea 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ chainguard.dev/go-grpc-kit v0.17.7 h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg= chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw= -chainguard.dev/sdk v0.1.29 h1:GNcCw5NoyvylhlUbVD8JMmrPaeYyrshaHHjEWnvcCGI= -chainguard.dev/sdk v0.1.29/go.mod h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA= +chainguard.dev/sdk v0.1.30 h1:W/r8YIBO1/04CTeOtHzEKq/DQjGiIIoAJl1wYoQmtOs= +chainguard.dev/sdk v0.1.30/go.mod h1:ew0gL7NgboqBF2LfLwL3GpZjz+r9G9ItD4aFmy//R8U= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= From 0b98ce495136c0668e5f9bcacd5f1bfb1d84b3d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 14:31:08 -0800 Subject: [PATCH 130/194] Bump google.golang.org/api from 0.217.0 to 0.218.0 (#709) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.217.0 to 0.218.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.218.0

    0.218.0 (2025-01-22)

    Features

    Bug Fixes

    • internal/gensupport: Close resp body only on discarding resp (resumableupload) (#2966) (840d496)
    Changelog

    Sourced from google.golang.org/api's changelog.

    0.218.0 (2025-01-22)

    Features

    Bug Fixes

    • internal/gensupport: Close resp body only on discarding resp (resumableupload) (#2966) (840d496)
    Commits
    • c7c83f0 chore(main): release 0.218.0 (#2965)
    • 840d496 fix(internal/gensupport): close resp body only on discarding resp (resumableu...
    • b0536b1 chore(all): update all (#2971)
    • 0d0bcdf feat(all): auto-regenerate discovery clients (#2974)
    • e143e5c feat(all): auto-regenerate discovery clients (#2973)
    • 0f4ee9d feat(all): auto-regenerate discovery clients (#2972)
    • 607d371 feat(all): auto-regenerate discovery clients (#2970)
    • a8aed4d feat(all): auto-regenerate discovery clients (#2969)
    • a978c49 feat(all): auto-regenerate discovery clients (#2967)
    • 9e749c4 feat: add error helper that does not read the response body (#2964)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.217.0&new-version=0.218.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 6036cb1..efc9f69 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.25.0 - google.golang.org/api v0.217.0 + google.golang.org/api v0.218.0 google.golang.org/grpc v1.69.4 k8s.io/apimachinery v0.32.1 sigs.k8s.io/yaml v1.4.0 @@ -96,6 +96,6 @@ require ( golang.org/x/time v0.9.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect - google.golang.org/protobuf v1.36.2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect + google.golang.org/protobuf v1.36.3 // indirect ) diff --git a/go.sum b/go.sum index f10a8ea..874edb1 100644 --- a/go.sum +++ b/go.sum @@ -291,8 +291,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.217.0 h1:GYrUtD289o4zl1AhiTZL0jvQGa2RDLyC+kX1N/lfGOU= -google.golang.org/api v0.217.0/go.mod h1:qMc2E8cBAbQlRypBTBWHklNJlaZZJBwDv81B1Iu8oSI= +google.golang.org/api v0.218.0 h1:x6JCjEWeZ9PFCRe9z0FBrNwj7pB7DOAqT35N+IPnAUA= +google.golang.org/api v0.218.0/go.mod h1:5VGHBAkxrA/8EFjLVEYmMUJ8/8+gWWQ3s4cFH0FxG2M= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -302,8 +302,8 @@ google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= @@ -312,8 +312,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A= google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= -google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU= +google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 526d35ff8a43b558e298ceca278364eb645d7c94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 12:36:18 -0800 Subject: [PATCH 131/194] Bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#712) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.69.4 to 1.70.0.
    Release notes

    Sourced from google.golang.org/grpc's releases.

    Release 1.70.0

    Behavior Changes

    • client: reject service configs containing an invalid retryPolicy in accordance with gRFCs A21 and A6. (#7905)
      • Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.

    New Features

    • xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable GRPC_EXPERIMENTAL_XDS_FALLBACK to false. (#7949)
    • experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (#7980)
      • These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.

    Bug Fixes

    • xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (#8011)

    Performance

    • server: for unary requests, free raw request message data as soon as parsing is finished instead of waiting until the method handler returns. (#7998)

    Documentation

    • examples/features/gracefulstop: add example to demonstrate server graceful stop. (#7865)
    Commits
    • 98a0092 Change version to 1.70.0 (#7984)
    • bf380de Cherrypick #7998, #8011, #8010 into 1.70.x (#8028)
    • 54b3eb9 experimental/credentials: Add credentials that don't enforce ALPN (#7980) (#8...
    • 62b9185 clustetresolver: Copy endpoints.Addresses slice from DNS updates to avoid dat...
    • 724f450 examples/features/csm_observability: use helloworld client and server instead...
    • e8d5feb rbac: add method name to :path in headers (#7965)
    • e912015 cleanup: Fix usages of non-constant format strings (#7959)
    • 681334a cleanup: replace dial with newclient (#7943)
    • 063d352 internal/resolver: introduce a new resolver to handle target URI and proxy ad...
    • 10c7e13 outlierdetection: Support health listener for ejection updates (#7908)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.69.4&new-version=1.70.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index efc9f69..cb0fc82 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.25.0 google.golang.org/api v0.218.0 - google.golang.org/grpc v1.69.4 + google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.1 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 874edb1..0c4fbcf 100644 --- a/go.sum +++ b/go.sum @@ -212,8 +212,8 @@ go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5W go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= -go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= -go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= +go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= @@ -310,8 +310,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A= -google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= +google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU= google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 5e8a660c4c99823b29e3457771d6baf3f3cacfdc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 12:38:54 -0800 Subject: [PATCH 132/194] Bump chainguard-dev/common/infra from 0.6.115 to 0.6.116 in /modules/app in the all group (#713) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.115 to 0.6.116
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.116

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.115...v0.6.116

    Commits
    • e7a01b6 Disable NAT for GKE module (#699)
    • 3bdfa81 regional-[go-]service: Add custom probe config (#697)
    • 393f899 github-events: Add tf vars for webhook id env vars (#691)
    • 82a0f9f build(deps): bump the gomod group with 2 updates (#696)
    • 939ef76 build(deps): bump the gomod group across 1 directory with 6 updates (#695)
    • 36a122b build(deps): bump the gomod group with 2 updates (#693)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.115&new-version=0.6.116)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 68e6673..50730dc 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.115" + version = "0.6.116" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.115" + version = "0.6.116" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 991a82e..d3ec2e9 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.115" + version = "0.6.116" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.115" + version = "0.6.116" project_id = var.project_id name = "${var.name}-webhook" From f9bbc12909df61a19c163eb83f51be3a25904d67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 12:39:16 -0800 Subject: [PATCH 133/194] Bump chainguard-dev/common/infra from 0.6.115 to 0.6.116 in /iac in the all group (#710) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.115 to 0.6.116
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.116

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.115...v0.6.116

    Commits
    • e7a01b6 Disable NAT for GKE module (#699)
    • 3bdfa81 regional-[go-]service: Add custom probe config (#697)
    • 393f899 github-events: Add tf vars for webhook id env vars (#691)
    • 82a0f9f build(deps): bump the gomod group with 2 updates (#696)
    • 939ef76 build(deps): bump the gomod group across 1 directory with 6 updates (#695)
    • 36a122b build(deps): bump the gomod group with 2 updates (#693)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.115&new-version=0.6.116)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 73dcd2e..ba593bf 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.115" + version = "0.6.116" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.115" + version = "0.6.116" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 51f2407..0766b0d 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.115" + version = "0.6.116" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 1466837..c4fc8f7 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.115" + version = "0.6.116" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 9bb8747..3f08e6d 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.115" + version = "0.6.116" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.115" + version = "0.6.116" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.115" + version = "0.6.116" service_name = var.name project_id = var.project_id From c806f4c8503f03a0d12fb681902119a207c24873 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 08:48:26 +0100 Subject: [PATCH 134/194] Bump chainguard-dev/common/infra from 0.6.115 to 0.6.116 in /iac/bootstrap in the all group (#714) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.115 to 0.6.116
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.116

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.115...v0.6.116

    Commits
    • e7a01b6 Disable NAT for GKE module (#699)
    • 3bdfa81 regional-[go-]service: Add custom probe config (#697)
    • 393f899 github-events: Add tf vars for webhook id env vars (#691)
    • 82a0f9f build(deps): bump the gomod group with 2 updates (#696)
    • 939ef76 build(deps): bump the gomod group across 1 directory with 6 updates (#695)
    • 36a122b build(deps): bump the gomod group with 2 updates (#693)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.115&new-version=0.6.116)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 060ee65..b485042 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.115" + version = "0.6.116" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.115" + version = "0.6.116" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.115" + version = "0.6.116" project_id = var.project_id name = "github-pull-requests" From 74bd2fc840c8c9daabbc94cf84a4710d6d0f176c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 08:48:45 +0100 Subject: [PATCH 135/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.115 to 0.6.116 in the all group (#711) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.115 to 0.6.116
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.116

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.115...v0.6.116

    Commits
    • e7a01b6 Disable NAT for GKE module (#699)
    • 3bdfa81 regional-[go-]service: Add custom probe config (#697)
    • 393f899 github-events: Add tf vars for webhook id env vars (#691)
    • 82a0f9f build(deps): bump the gomod group with 2 updates (#696)
    • 939ef76 build(deps): bump the gomod group across 1 directory with 6 updates (#695)
    • 36a122b build(deps): bump the gomod group with 2 updates (#693)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.115&new-version=0.6.116)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 28 ++++++++++++++-------------- go.sum | 56 ++++++++++++++++++++++++++++---------------------------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/go.mod b/go.mod index cb0fc82..ab25c7f 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.5.1 - github.com/chainguard-dev/terraform-infra-common v0.6.115 + github.com/chainguard-dev/terraform-infra-common v0.6.116 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -26,7 +26,7 @@ require ( ) require ( - cloud.google.com/go v0.116.0 // indirect + cloud.google.com/go v0.118.0 // indirect cloud.google.com/go/longrunning v0.6.2 // indirect cloud.google.com/go/trace v1.11.2 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect @@ -43,7 +43,7 @@ require ( github.com/shirou/gopsutil/v4 v4.24.12 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -51,7 +51,7 @@ require ( cloud.google.com/go/auth v0.14.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/iam v1.2.2 // indirect + cloud.google.com/go/iam v1.3.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -66,7 +66,7 @@ require ( github.com/googleapis/gax-go/v2 v2.14.1 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -77,15 +77,15 @@ require ( github.com/prometheus/procfs v0.15.1 // indirect github.com/stretchr/testify v1.10.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect - go.opentelemetry.io/otel v1.33.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect + go.opentelemetry.io/otel v1.34.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 // indirect - go.opentelemetry.io/otel/metric v1.33.0 // indirect - go.opentelemetry.io/otel/sdk v1.33.0 // indirect - go.opentelemetry.io/otel/trace v1.33.0 // indirect - go.opentelemetry.io/proto/otlp v1.4.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect + go.opentelemetry.io/otel/metric v1.34.0 // indirect + go.opentelemetry.io/otel/sdk v1.34.0 // indirect + go.opentelemetry.io/otel/trace v1.34.0 // indirect + go.opentelemetry.io/proto/otlp v1.5.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.32.0 // indirect @@ -95,7 +95,7 @@ require ( golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.9.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect google.golang.org/protobuf v1.36.3 // indirect ) diff --git a/go.sum b/go.sum index 0c4fbcf..3d7b768 100644 --- a/go.sum +++ b/go.sum @@ -3,16 +3,16 @@ chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3 chainguard.dev/sdk v0.1.30 h1:W/r8YIBO1/04CTeOtHzEKq/DQjGiIIoAJl1wYoQmtOs= chainguard.dev/sdk v0.1.30/go.mod h1:ew0gL7NgboqBF2LfLwL3GpZjz+r9G9ItD4aFmy//R8U= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= -cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= +cloud.google.com/go v0.118.0 h1:tvZe1mgqRxpiVa3XlIGMiPcEUbP1gNXELgD4y/IXmeQ= +cloud.google.com/go v0.118.0/go.mod h1:zIt2pkedt/mo+DQjcT4/L3NDxzHPR29j5HcclNH+9PM= cloud.google.com/go/auth v0.14.0 h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM= cloud.google.com/go/auth v0.14.0/go.mod h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A= cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= -cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= -cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/iam v1.3.1 h1:KFf8SaT71yYq+sQtRISn90Gyhyf4X8RGgeAVC8XGf3E= +cloud.google.com/go/iam v1.3.1/go.mod h1:3wMtuyT4NcbnYNPLMBzYRFiEfjKfJlLVLrisE7bwm34= cloud.google.com/go/kms v1.20.5 h1:aQQ8esAIVZ1atdJRxihhdxGQ64/zEbJoJnCz/ydSmKg= cloud.google.com/go/kms v1.20.5/go.mod h1:C5A8M1sv2YWYy1AE6iSrnddSG9lRGdJq5XEdBy28Lmw= cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.115 h1:pk3h/nNUD8qC3Nw3eWn81+9L718cvB7iPwPfJ9WufXM= -github.com/chainguard-dev/terraform-infra-common v0.6.115/go.mod h1:He3VNV5MDB4cXJKu7tfwK1gQZxRUwlkoh+uQqzOjYEA= +github.com/chainguard-dev/terraform-infra-common v0.6.116 h1:Hm9kHu3tVOb0ySJps4oUrQh8dkSqQjNQelcFCUYH6rE= +github.com/chainguard-dev/terraform-infra-common v0.6.116/go.mod h1:0NI9ZN9UPw1LcVUS7Ha5plM+h+yvgagXHoDufZLvFB0= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -113,8 +113,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDa github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99/go.mod h1:3bDW6wMZJB7tiONtC/1Xpicra6Wp5GgbTbQWCbI5fkc= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -194,30 +194,30 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4= -go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI= +go.opentelemetry.io/contrib/detectors/gcp v1.34.0 h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao= +go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= -go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= -go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= +go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= +go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0= -go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= -go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= -go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= -go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 h1:BEj3SPM81McUZHYjRS5pEgNgnmzGJ5tRpU5krWnV8Bs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0/go.mod h1:9cKLGBDzI/F3NoHLQGm4ZrYdIHsvGt6ej6hUowxY0J4= +go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= +go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= +go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= +go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= -go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= -go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= -go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= -go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= +go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= +go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= +go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= +go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -300,8 +300,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA= +google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o= google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI= google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 68915a3b5780b4814a300ce7f7b470dc250e7f8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:54:47 -0800 Subject: [PATCH 136/194] Bump chainguard.dev/sdk from 0.1.30 to 0.1.31 in the all group (#715) Bumps the all group with 1 update: [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk). Updates `chainguard.dev/sdk` from 0.1.30 to 0.1.31
    Release notes

    Sourced from chainguard.dev/sdk's releases.

    v0.1.31

    Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.29...v0.1.31

    Commits
    • eb09044 Merge pull request #76 from chainguard-dev/create-pull-request/patch
    • 14b9817 Export 6f981a1b1c0b4d9953f00e4014d62f69a81ce1cc
    • 85dc793 Export 0d2717a59e5dac4a9a25c05fcf1a007531e7708b
    • 046aa9e Export a5562a52c021f65f9dea28455f533ca733e0c4e2
    • e4ff424 Export 4bdd847c9c637edc26a6d92519cfb8891e13296e
    • 060dacf Export 032055af5b90ba322d70b2875352269b8ec09913
    • f11e191 Export f01567243c9c21d292137407c3082e9e4b0c174b
    • bf3c589 Merge pull request #75 from chainguard-dev/create-pull-request/patch
    • bf73afa Export 7d4efb93c47add4da8022d646a125c7654c857d3
    • 0e0645e Export 14d74f678f8e6a004c9ea752e1c56079e0841d1b
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard.dev/sdk&package-manager=go_modules&previous-version=0.1.30&new-version=0.1.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ab25c7f..a9277d6 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.23.4 require ( chainguard.dev/go-grpc-kit v0.17.7 - chainguard.dev/sdk v0.1.30 + chainguard.dev/sdk v0.1.31 cloud.google.com/go/kms v1.20.5 cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 diff --git a/go.sum b/go.sum index 3d7b768..bf4aab3 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ chainguard.dev/go-grpc-kit v0.17.7 h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg= chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw= -chainguard.dev/sdk v0.1.30 h1:W/r8YIBO1/04CTeOtHzEKq/DQjGiIIoAJl1wYoQmtOs= -chainguard.dev/sdk v0.1.30/go.mod h1:ew0gL7NgboqBF2LfLwL3GpZjz+r9G9ItD4aFmy//R8U= +chainguard.dev/sdk v0.1.31 h1:Blvpa0Ji/tC1VVV8/l8UyQe022LoRxZLfgasyFE1EhQ= +chainguard.dev/sdk v0.1.31/go.mod h1:/zqikqbDCBAAlhIDuBl8V4bR9nmB1qLEIn2w9FxzNwI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.118.0 h1:tvZe1mgqRxpiVa3XlIGMiPcEUbP1gNXELgD4y/IXmeQ= cloud.google.com/go v0.118.0/go.mod h1:zIt2pkedt/mo+DQjcT4/L3NDxzHPR29j5HcclNH+9PM= From d1a1e33a9172af4921e8f92decad8a0072824705 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:57:47 -0800 Subject: [PATCH 137/194] Bump github.com/chainguard-dev/clog from 1.5.1 to 1.6.0 (#716) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [github.com/chainguard-dev/clog](https://github.com/chainguard-dev/clog) from 1.5.1 to 1.6.0.
    Release notes

    Sourced from github.com/chainguard-dev/clog's releases.

    v1.6.0

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/clog/compare/v1.5.1...v1.6.0

    Commits
    • 7b8abfe Wrap context-aware handlers + values around loggers by default. (#31)
    • 71baa29 gcp: avoid type assertion panic (#29)
    • 67ba3d0 Bump actions/setup-go from 5.1.0 to 5.2.0 (#30)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/clog&package-manager=go_modules&previous-version=1.5.1&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a9277d6..25597ff 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( cloud.google.com/go/kms v1.20.5 cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 - github.com/chainguard-dev/clog v1.5.1 + github.com/chainguard-dev/clog v1.6.0 github.com/chainguard-dev/terraform-infra-common v0.6.116 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 diff --git a/go.sum b/go.sum index bf4aab3..d6e8431 100644 --- a/go.sum +++ b/go.sum @@ -45,8 +45,8 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ= -github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= +github.com/chainguard-dev/clog v1.6.0 h1:fMjO82wByifo8D2iFBrEryc99XBXyLO6A6cwcxhfeko= +github.com/chainguard-dev/clog v1.6.0/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= github.com/chainguard-dev/terraform-infra-common v0.6.116 h1:Hm9kHu3tVOb0ySJps4oUrQh8dkSqQjNQelcFCUYH6rE= github.com/chainguard-dev/terraform-infra-common v0.6.116/go.mod h1:0NI9ZN9UPw1LcVUS7Ha5plM+h+yvgagXHoDufZLvFB0= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= From 9f24b4a2d541def3ca70ff6786bf620da9316d8f Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Tue, 28 Jan 2025 18:29:33 +0100 Subject: [PATCH 138/194] update list of active permissions (#717) xref: https://github.com/octo-sts/app/issues/679 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 94caea3..20da71b 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ The following permissions are the currently enabled in octo-Sts and will be avai - **Administration** : `Read-only` - **Attestations**: `No Access` - **Checks**: `Read/Write` - - **Code Scanning Alerts**: `No Access` + - **Code Scanning Alerts**: `Read/Write` - **Codespaces**: `No Access` - **Codespaces lifecycle admin**: `No Access` - **Codespaces metadata**: `No Access` @@ -114,7 +114,7 @@ The following permissions are the currently enabled in octo-Sts and will be avai - **Dependabot secrets**: `No Access` - **Deployments**: `Read/Write` - **Discussions**: `Read/Write` - - **Environments**: `No Access` + - **Environments**: `Read/Write` - **Issues**: `Read/Write` - **Merge queues**: `No Access` - **Metadata (Mandatory)**: `Read-only` From ad00660e5de1e2976ff8ac74751ee1d73bcc99da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 12:24:55 -0800 Subject: [PATCH 139/194] Bump chainguard-dev/common/infra from 0.6.116 to 0.6.117 in /iac/bootstrap in the all group (#720) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.116 to 0.6.117
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.117

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.116...v0.6.117

    Commits
    • 49ccf2d gke: pass extra variables to module (#705)
    • 378af43 build(deps): bump the gomod group with 2 updates (#704)
    • 2ea6baf add team/squad labels to dlq topic (#703)
    • efe4db6 build(deps): bump the gomod group across 1 directory with 4 updates (#702)
    • 66bd1f0 build(deps): bump the gomod group across 1 directory with 3 updates (#700)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.116&new-version=0.6.117)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index b485042..088d5b5 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.116" + version = "0.6.117" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.116" + version = "0.6.117" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.116" + version = "0.6.117" project_id = var.project_id name = "github-pull-requests" From d61df280de5c8c03b8157d34558f7fe7ed789eef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 12:55:48 -0800 Subject: [PATCH 140/194] Bump chainguard-dev/common/infra from 0.6.116 to 0.6.117 in /iac in the all group (#722) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.116 to 0.6.117
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.117

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.116...v0.6.117

    Commits
    • 49ccf2d gke: pass extra variables to module (#705)
    • 378af43 build(deps): bump the gomod group with 2 updates (#704)
    • 2ea6baf add team/squad labels to dlq topic (#703)
    • efe4db6 build(deps): bump the gomod group across 1 directory with 4 updates (#702)
    • 66bd1f0 build(deps): bump the gomod group across 1 directory with 3 updates (#700)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.116&new-version=0.6.117)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index ba593bf..4b8b0cf 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.116" + version = "0.6.117" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.116" + version = "0.6.117" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 0766b0d..708a5af 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.116" + version = "0.6.117" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index c4fc8f7..808aca9 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.116" + version = "0.6.117" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 3f08e6d..18b20d5 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.116" + version = "0.6.117" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.116" + version = "0.6.117" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.116" + version = "0.6.117" service_name = var.name project_id = var.project_id From 95d9847f4d6a499c4c918886f0aef90b98e482df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:18:44 -0800 Subject: [PATCH 141/194] Bump chainguard-dev/common/infra from 0.6.116 to 0.6.117 in /modules/app in the all group (#721) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.116 to 0.6.117
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.117

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.116...v0.6.117

    Commits
    • 49ccf2d gke: pass extra variables to module (#705)
    • 378af43 build(deps): bump the gomod group with 2 updates (#704)
    • 2ea6baf add team/squad labels to dlq topic (#703)
    • efe4db6 build(deps): bump the gomod group across 1 directory with 4 updates (#702)
    • 66bd1f0 build(deps): bump the gomod group across 1 directory with 3 updates (#700)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.116&new-version=0.6.117)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 50730dc..5809dd9 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.116" + version = "0.6.117" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.116" + version = "0.6.117" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index d3ec2e9..d37a297 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.116" + version = "0.6.117" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.116" + version = "0.6.117" project_id = var.project_id name = "${var.name}-webhook" From e1ac5c7eb26395744db3393b815afea7bdcd7937 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:19:05 -0800 Subject: [PATCH 142/194] Bump the all group across 1 directory with 3 updates (#723) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates in the / directory: [github.com/chainguard-dev/clog](https://github.com/chainguard-dev/clog) and [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/clog` from 1.6.0 to 1.6.1
    Release notes

    Sourced from github.com/chainguard-dev/clog's releases.

    v1.6.1

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/clog/compare/v1.6.0...v1.6.1

    Commits

    Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.116 to 0.6.117
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.117

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.116...v0.6.117

    Commits
    • 49ccf2d gke: pass extra variables to module (#705)
    • 378af43 build(deps): bump the gomod group with 2 updates (#704)
    • 2ea6baf add team/squad labels to dlq topic (#703)
    • efe4db6 build(deps): bump the gomod group across 1 directory with 4 updates (#702)
    • 66bd1f0 build(deps): bump the gomod group across 1 directory with 3 updates (#700)
    • See full diff in compare view

    Updates `google.golang.org/api` from 0.218.0 to 0.219.0
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.219.0

    0.219.0 (2025-01-28)

    Features

    Documentation

    • option: Add warning about externally-provided credentials (#2978) (45c3513)
    Changelog

    Sourced from google.golang.org/api's changelog.

    0.219.0 (2025-01-28)

    Features

    Documentation

    • option: Add warning about externally-provided credentials (#2978) (45c3513)
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 20 ++++++++++---------- go.sum | 52 ++++++++++++++++++++++++++-------------------------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/go.mod b/go.mod index 25597ff..c9f74b4 100644 --- a/go.mod +++ b/go.mod @@ -8,8 +8,8 @@ require ( cloud.google.com/go/kms v1.20.5 cloud.google.com/go/secretmanager v1.14.3 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 - github.com/chainguard-dev/clog v1.6.0 - github.com/chainguard-dev/terraform-infra-common v0.6.116 + github.com/chainguard-dev/clog v1.6.1 + github.com/chainguard-dev/terraform-infra-common v0.6.117 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.25.0 - google.golang.org/api v0.218.0 + google.golang.org/api v0.219.0 google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.1 sigs.k8s.io/yaml v1.4.0 @@ -27,11 +27,11 @@ require ( require ( cloud.google.com/go v0.118.0 // indirect - cloud.google.com/go/longrunning v0.6.2 // indirect - cloud.google.com/go/trace v1.11.2 // indirect + cloud.google.com/go/longrunning v0.6.4 // indirect + cloud.google.com/go/trace v1.11.3 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.26.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/ebitengine/purego v0.8.1 // indirect github.com/go-ole/go-ole v1.2.6 // indirect @@ -94,8 +94,8 @@ require ( golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.9.0 // indirect - google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect - google.golang.org/protobuf v1.36.3 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 // indirect + google.golang.org/protobuf v1.36.4 // indirect ) diff --git a/go.sum b/go.sum index d6e8431..9da3ba3 100644 --- a/go.sum +++ b/go.sum @@ -15,25 +15,25 @@ cloud.google.com/go/iam v1.3.1 h1:KFf8SaT71yYq+sQtRISn90Gyhyf4X8RGgeAVC8XGf3E= cloud.google.com/go/iam v1.3.1/go.mod h1:3wMtuyT4NcbnYNPLMBzYRFiEfjKfJlLVLrisE7bwm34= cloud.google.com/go/kms v1.20.5 h1:aQQ8esAIVZ1atdJRxihhdxGQ64/zEbJoJnCz/ydSmKg= cloud.google.com/go/kms v1.20.5/go.mod h1:C5A8M1sv2YWYy1AE6iSrnddSG9lRGdJq5XEdBy28Lmw= -cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= -cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= -cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= -cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= -cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= -cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= +cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= +cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= +cloud.google.com/go/longrunning v0.6.4 h1:3tyw9rO3E2XVXzSApn1gyEEnH2K9SynNQjMlBi3uHLg= +cloud.google.com/go/longrunning v0.6.4/go.mod h1:ttZpLCe6e7EXvn9OxpBRx7kZEB0efv8yBO6YnVMfhJs= +cloud.google.com/go/monitoring v1.22.1 h1:KQbnAC4IAH+5x3iWuPZT5iN9VXqKMzzOgqcYB6fqPDE= +cloud.google.com/go/monitoring v1.22.1/go.mod h1:AuZZXAoN0WWWfsSvET1Cpc4/1D8LXq8KRDU87fMS6XY= cloud.google.com/go/secretmanager v1.14.3 h1:XVGHbcXEsbrgi4XHzgK5np81l1eO7O72WOXHhXUemrM= cloud.google.com/go/secretmanager v1.14.3/go.mod h1:Pwzcfn69Ni9Lrk1/XBzo1H9+MCJwJ6CDCoeoQUsMN+c= -cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= -cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= +cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE= +cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0 h1:4PoDbd/9/06IpwLGxSfvfNoEr9urvfkrN6mmJangGCg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.25.0/go.mod h1:EycllQ1gupHbjqbcmfCr/H6FKSGSmEUONJ2ivb86qeY= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.26.0 h1:hlbfyLDl7kZnOrQ5yPRftT9OTQxpfpBfOqmf3y1uc2E= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.26.0/go.mod h1:ZZIZpUVreFujtCcXiAawLr9ex/FWz8uwAAzmFunV5dE= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.50.0 h1:nNMpRpnkWDAaqcpxMJvxa/Ud98gjbYwayJY4/9bdjiU= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.50.0/go.mod h1:SZiPHWGOOk3bl8tkevxkoiwPgsIl6CwrWcbwjfHZpdM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 h1:ig/FpDD2JofP/NExKQUbn7uOSZzJAQqogfqluZK4ed4= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -45,10 +45,10 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chainguard-dev/clog v1.6.0 h1:fMjO82wByifo8D2iFBrEryc99XBXyLO6A6cwcxhfeko= -github.com/chainguard-dev/clog v1.6.0/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.116 h1:Hm9kHu3tVOb0ySJps4oUrQh8dkSqQjNQelcFCUYH6rE= -github.com/chainguard-dev/terraform-infra-common v0.6.116/go.mod h1:0NI9ZN9UPw1LcVUS7Ha5plM+h+yvgagXHoDufZLvFB0= +github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= +github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= +github.com/chainguard-dev/terraform-infra-common v0.6.117 h1:GnFn7KtlocflP/FhAYIWFkhqC0BMcpcfrlDHReDmNDE= +github.com/chainguard-dev/terraform-infra-common v0.6.117/go.mod h1:5ONS5LSHpaTD0o1kA5kxZWhp/7AvZgkDM1MvJIa+nWk= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -291,19 +291,19 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.218.0 h1:x6JCjEWeZ9PFCRe9z0FBrNwj7pB7DOAqT35N+IPnAUA= -google.golang.org/api v0.218.0/go.mod h1:5VGHBAkxrA/8EFjLVEYmMUJ8/8+gWWQ3s4cFH0FxG2M= +google.golang.org/api v0.219.0 h1:nnKIvxKs/06jWawp2liznTBnMRQBEPpGo7I+oEypTX0= +google.golang.org/api v0.219.0/go.mod h1:K6OmjGm+NtLrIkHxv1U3a0qIf/0JOvAHd5O/6AoyKYE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= +google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422 h1:6GUHKGv2huWOHKmDXLMNE94q3fBDlEHI+oTRIZSebK0= +google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422/go.mod h1:1NPAxoesyw/SgLPqaUp9u1f9PWCLAk/jVmhx7gJZStg= google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA= google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 h1:91mG8dNTpkC0uChJUQ9zCiRqx3GEEFOWaRZ0mI6Oj2I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= @@ -312,8 +312,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= -google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU= -google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= +google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 067f53f385184145643809b4b1562aca8412ed0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 20:29:30 +0000 Subject: [PATCH 143/194] Bump cloud.google.com/go/secretmanager from 1.14.3 to 1.14.4 in the all group (#724) Bumps the all group with 1 update: [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/secretmanager` from 1.14.3 to 1.14.4
    Release notes

    Sourced from cloud.google.com/go/secretmanager's releases.

    secretmanager: v1.14.4

    1.14.4 (2025-01-30)

    Documentation

    • secretmanager: Fix link in Markdown comments (aa54375)
    • secretmanager: Updated comment for customer_managed_encryption in message .google.cloud.secretmanager.v1.Secret (aa54375)
    • secretmanager: Updated comment for customer_managed_encryption in message .google.cloud.secretmanager.v1.SecretVersion (aa54375)
    • secretmanager: Updated comment for name in message .google.cloud.secretmanager.v1.Topic (aa54375)
    • secretmanager: Updated comment for Replication (aa54375)
    • secretmanager: Updated comment for scheduled_destroy_time in message .google.cloud.secretmanager.v1.SecretVersion (aa54375)
    Commits
    • b1c9263 chore: release main (#10004)
    • a03bd0e chore(spanner): update Spanner owner to harshachinta (#10060)
    • 7e8600a chore(all): update deps (#10058)
    • daea9d1 chore(deps): ignore go.opentelemetry.io/contrib/detectors/gcp (#10077)
    • 59457a3 feat(shopping): new shopping.merchant.conversions client (#10076)
    • e82cc5f feat(streetview): new client(s) (#10075)
    • 7656129 feat(aiplatform): A new value TPU_V5_LITEPOD is added to enum `AcceleratorT...
    • f537fdd chore: generate streetview publish client (#10072)
    • 1d757c6 docs(batch): Update description on allowed_locations in LocationPolicy field ...
    • bb47185 chore(spanner): temporarily skip spanner tests (#10071)
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cloud.google.com/go/secretmanager&package-manager=go_modules&previous-version=1.14.3&new-version=1.14.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index c9f74b4..b7504e2 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.31 cloud.google.com/go/kms v1.20.5 - cloud.google.com/go/secretmanager v1.14.3 + cloud.google.com/go/secretmanager v1.14.4 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 github.com/chainguard-dev/terraform-infra-common v0.6.117 @@ -76,7 +76,7 @@ require ( github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/stretchr/testify v1.10.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect go.opentelemetry.io/otel v1.34.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect @@ -94,8 +94,8 @@ require ( golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.9.0 // indirect - google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect + google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 // indirect google.golang.org/protobuf v1.36.4 // indirect ) diff --git a/go.sum b/go.sum index 9da3ba3..c70d906 100644 --- a/go.sum +++ b/go.sum @@ -19,10 +19,10 @@ cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXH cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= cloud.google.com/go/longrunning v0.6.4 h1:3tyw9rO3E2XVXzSApn1gyEEnH2K9SynNQjMlBi3uHLg= cloud.google.com/go/longrunning v0.6.4/go.mod h1:ttZpLCe6e7EXvn9OxpBRx7kZEB0efv8yBO6YnVMfhJs= -cloud.google.com/go/monitoring v1.22.1 h1:KQbnAC4IAH+5x3iWuPZT5iN9VXqKMzzOgqcYB6fqPDE= -cloud.google.com/go/monitoring v1.22.1/go.mod h1:AuZZXAoN0WWWfsSvET1Cpc4/1D8LXq8KRDU87fMS6XY= -cloud.google.com/go/secretmanager v1.14.3 h1:XVGHbcXEsbrgi4XHzgK5np81l1eO7O72WOXHhXUemrM= -cloud.google.com/go/secretmanager v1.14.3/go.mod h1:Pwzcfn69Ni9Lrk1/XBzo1H9+MCJwJ6CDCoeoQUsMN+c= +cloud.google.com/go/monitoring v1.23.0 h1:M3nXww2gn9oZ/qWN2bZ35CjolnVHM3qnSbu6srCPgjk= +cloud.google.com/go/monitoring v1.23.0/go.mod h1:034NnlQPDzrQ64G2Gavhl0LUHZs9H3rRmhtnp7jiJgg= +cloud.google.com/go/secretmanager v1.14.4 h1:SMWQMsUcACsdIuVhIBAw+QfKY4Xseiaa8qDnunjmhcM= +cloud.google.com/go/secretmanager v1.14.4/go.mod h1:pjwFw8+A6B4AcWrVXruLfz1QykkpMr8T/VT+zXB91iw= cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE= cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -196,8 +196,8 @@ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJyS go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/detectors/gcp v1.34.0 h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao= go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= @@ -298,10 +298,10 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422 h1:6GUHKGv2huWOHKmDXLMNE94q3fBDlEHI+oTRIZSebK0= -google.golang.org/genproto v0.0.0-20250106144421-5f5ef82da422/go.mod h1:1NPAxoesyw/SgLPqaUp9u1f9PWCLAk/jVmhx7gJZStg= -google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA= -google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o= +google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxqK7T6XGugGbHIRl5Q7q3BssH6xk4s= +google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= +google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 h1:5iw9XJTD4thFidQmFVvx0wi4g5yOHk76rNRUxz1ZG5g= +google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47/go.mod h1:AfA77qWLcidQWywD0YgqfpJzf50w2VjzBml3TybHeJU= google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 h1:91mG8dNTpkC0uChJUQ9zCiRqx3GEEFOWaRZ0mI6Oj2I= google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 61e0f7bcd4abde163a029ed41062acd07dd35512 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 18:16:12 +0100 Subject: [PATCH 144/194] Bump chainguard-dev/common/infra from 0.6.117 to 0.6.118 in /iac in the all group (#726) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.117 to 0.6.118
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.118

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.117...v0.6.118

    Commits
    • 490dc20 build(deps): bump cloud.google.com/go/pubsub from 1.45.3 to 1.46.0 in the gom...
    • 2e8e585 make dlq alerts route to teams (#706)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.117&new-version=0.6.118)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 4b8b0cf..eb2e6cc 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.117" + version = "0.6.118" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.117" + version = "0.6.118" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 708a5af..0955e24 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.117" + version = "0.6.118" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 808aca9..94251c4 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.117" + version = "0.6.118" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 18b20d5..96f2bd7 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.117" + version = "0.6.118" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.117" + version = "0.6.118" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.117" + version = "0.6.118" service_name = var.name project_id = var.project_id From 722eea41999d3fa78e68ed3052c12c56deacbc32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 18:16:26 +0100 Subject: [PATCH 145/194] Bump chainguard-dev/common/infra from 0.6.117 to 0.6.118 in /iac/bootstrap in the all group (#725) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.117 to 0.6.118
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.118

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.117...v0.6.118

    Commits
    • 490dc20 build(deps): bump cloud.google.com/go/pubsub from 1.45.3 to 1.46.0 in the gom...
    • 2e8e585 make dlq alerts route to teams (#706)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.117&new-version=0.6.118)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 088d5b5..36fda62 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.117" + version = "0.6.118" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.117" + version = "0.6.118" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.117" + version = "0.6.118" project_id = var.project_id name = "github-pull-requests" From e28691ee25ba83a5b23e1c729fd41cb23768646f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 18:16:40 +0100 Subject: [PATCH 146/194] Bump chainguard-dev/common/infra from 0.6.117 to 0.6.118 in /modules/app in the all group (#727) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.117 to 0.6.118
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.118

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.117...v0.6.118

    Commits
    • 490dc20 build(deps): bump cloud.google.com/go/pubsub from 1.45.3 to 1.46.0 in the gom...
    • 2e8e585 make dlq alerts route to teams (#706)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.117&new-version=0.6.118)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 5809dd9..ce8d6ad 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.117" + version = "0.6.118" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.117" + version = "0.6.118" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index d37a297..e473abf 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.117" + version = "0.6.118" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.117" + version = "0.6.118" project_id = var.project_id name = "${var.name}-webhook" From 92227351fc2ad7e20babed84c67c50090a21793b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Feb 2025 18:17:00 +0100 Subject: [PATCH 147/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.117 to 0.6.118 in the all group (#728) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.117 to 0.6.118
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.118

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.117...v0.6.118

    Commits
    • 490dc20 build(deps): bump cloud.google.com/go/pubsub from 1.45.3 to 1.46.0 in the gom...
    • 2e8e585 make dlq alerts route to teams (#706)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.117&new-version=0.6.118)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b7504e2..ba97599 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.4 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.117 + github.com/chainguard-dev/terraform-infra-common v0.6.118 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index c70d906..9f16662 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.117 h1:GnFn7KtlocflP/FhAYIWFkhqC0BMcpcfrlDHReDmNDE= -github.com/chainguard-dev/terraform-infra-common v0.6.117/go.mod h1:5ONS5LSHpaTD0o1kA5kxZWhp/7AvZgkDM1MvJIa+nWk= +github.com/chainguard-dev/terraform-infra-common v0.6.118 h1:uTV1B/zXMMdq2bWrFzphpxkH9A1dy7NbBzy0kGkctPk= +github.com/chainguard-dev/terraform-infra-common v0.6.118/go.mod h1:k2hUJYjXKh8pgc7ArPAtBrAdvKpoFVO843n/Yq6BFKo= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From fe8fbc298ee2561ec08df917703e80b403377b8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 12:55:22 -0800 Subject: [PATCH 148/194] Bump google-github-actions/auth from 2.1.7 to 2.1.8 in the all group (#729) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [google-github-actions/auth](https://github.com/google-github-actions/auth). Updates `google-github-actions/auth` from 2.1.7 to 2.1.8
    Release notes

    Sourced from google-github-actions/auth's releases.

    v2.1.8

    What's Changed

    New Contributors

    Full Changelog: https://github.com/google-github-actions/auth/compare/v2...v2.1.8

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google-github-actions/auth&package-manager=github_actions&previous-version=2.1.7&new-version=2.1.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 50f977f..99a089c 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -28,7 +28,7 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 + - uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8 id: auth with: token_format: 'access_token' From af799103631fcb5793b0b8b711f9c1509bb7b32c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 12:20:04 -0800 Subject: [PATCH 149/194] Bump chainguard-dev/common/infra from 0.6.118 to 0.6.119 in /iac in the all group (#730) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.118 to 0.6.119
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.119

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.118...v0.6.119

    Commits
    • 86c0622 make uptime alert duration configurable (#710)
    • d81ca92 build(deps): bump the gomod group with 2 updates (#709)
    • 0b70cd5 github sdk: add withClient options so we can override the default client, use...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.118&new-version=0.6.119)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index eb2e6cc..4d81b6b 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.118" + version = "0.6.119" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.118" + version = "0.6.119" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 0955e24..0da4cea 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.118" + version = "0.6.119" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 94251c4..d6690ec 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.118" + version = "0.6.119" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 96f2bd7..bffa8bc 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.118" + version = "0.6.119" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.118" + version = "0.6.119" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.118" + version = "0.6.119" service_name = var.name project_id = var.project_id From 0d29987ec5dab3ba9c18531e4e6cb4dd4425051e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 12:20:24 -0800 Subject: [PATCH 150/194] Bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 in the all group (#731) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 6.2.0 to 6.3.0
    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v6.3.0

    What's Changed

    Changes

    Documentation

    Dependencies

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.2.0...v6.3.0

    Commits
    • e60da84 chore: update branch references
    • 1dd93d0 chore: use new assets file (#1154)
    • 5421a11 build(deps): bump @​types/node from 22.10.10 to 22.13.0 in the dependencies gr...
    • 260e8ce build(deps-dev): bump the dev-dependencies group with 2 updates (#1152)
    • 9665fb5 build(deps): bump undici from 5.28.4 to 5.28.5 (#1150)
    • 6253074 build(deps): bump @​types/node from 22.10.7 to 22.10.10 in the dependencies gr...
    • f71f362 build(deps-dev): bump the dev-dependencies group with 2 updates (#1148)
    • 7ec71f6 build(deps): bump the dependencies group with 2 updates (#1147)
    • 60c0fc4 build(deps-dev): bump the dev-dependencies group with 4 updates (#1146)
    • a7b658d docs: update README options version from required to optional (#1145)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.2.0&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/style.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 7459c31..ffed8b1 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -59,7 +59,7 @@ jobs: check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v3.7.1 + uses: golangci/golangci-lint-action@e60da84bfae8c7920a47be973d75e15710aa8bd7 # v3.7.1 with: version: v1.61 From 00f4e9585056bdfbe7fde85e2d0c300cdf88bf20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 12:34:14 -0800 Subject: [PATCH 151/194] Bump chainguard-dev/common/infra from 0.6.118 to 0.6.119 in /iac/bootstrap in the all group (#732) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.118 to 0.6.119
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.119

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.118...v0.6.119

    Commits
    • 86c0622 make uptime alert duration configurable (#710)
    • d81ca92 build(deps): bump the gomod group with 2 updates (#709)
    • 0b70cd5 github sdk: add withClient options so we can override the default client, use...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.118&new-version=0.6.119)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 36fda62..a6b92fe 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.118" + version = "0.6.119" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.118" + version = "0.6.119" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.118" + version = "0.6.119" project_id = var.project_id name = "github-pull-requests" From cef88cc79b8795b2f6f360df75dfd6e28ad3d671 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 13:16:30 -0800 Subject: [PATCH 152/194] Bump chainguard-dev/common/infra from 0.6.118 to 0.6.119 in /modules/app in the all group (#735) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.118 to 0.6.119
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.119

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.118...v0.6.119

    Commits
    • 86c0622 make uptime alert duration configurable (#710)
    • d81ca92 build(deps): bump the gomod group with 2 updates (#709)
    • 0b70cd5 github sdk: add withClient options so we can override the default client, use...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.118&new-version=0.6.119)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index ce8d6ad..21a94f1 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.118" + version = "0.6.119" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.118" + version = "0.6.119" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index e473abf..f878e87 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.118" + version = "0.6.119" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.118" + version = "0.6.119" project_id = var.project_id name = "${var.name}-webhook" From 8cad1d50cbfea2f3d1142963f36ffaa49691cb9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 13:16:56 -0800 Subject: [PATCH 153/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.118 to 0.6.119 in the all group (#733) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.118 to 0.6.119
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.119

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.118...v0.6.119

    Commits
    • 86c0622 make uptime alert duration configurable (#710)
    • d81ca92 build(deps): bump the gomod group with 2 updates (#709)
    • 0b70cd5 github sdk: add withClient options so we can override the default client, use...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.118&new-version=0.6.119)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 20 ++++++++------------ 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index ba97599..8d0ea0d 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.4 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.118 + github.com/chainguard-dev/terraform-infra-common v0.6.119 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -26,21 +26,21 @@ require ( ) require ( - cloud.google.com/go v0.118.0 // indirect + cloud.google.com/go v0.118.1 // indirect cloud.google.com/go/longrunning v0.6.4 // indirect cloud.google.com/go/trace v1.11.3 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.26.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/ebitengine/purego v0.8.1 // indirect + github.com/ebitengine/purego v0.8.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/klauspost/compress v1.17.11 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/sethvargo/go-envconfig v1.1.0 // indirect - github.com/shirou/gopsutil/v4 v4.24.12 // indirect + github.com/shirou/gopsutil/v4 v4.25.1 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect diff --git a/go.sum b/go.sum index 9f16662..7623540 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,8 @@ chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3 chainguard.dev/sdk v0.1.31 h1:Blvpa0Ji/tC1VVV8/l8UyQe022LoRxZLfgasyFE1EhQ= chainguard.dev/sdk v0.1.31/go.mod h1:/zqikqbDCBAAlhIDuBl8V4bR9nmB1qLEIn2w9FxzNwI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.118.0 h1:tvZe1mgqRxpiVa3XlIGMiPcEUbP1gNXELgD4y/IXmeQ= -cloud.google.com/go v0.118.0/go.mod h1:zIt2pkedt/mo+DQjcT4/L3NDxzHPR29j5HcclNH+9PM= +cloud.google.com/go v0.118.1 h1:b8RATMcrK9A4BH0rj8yQupPXp+aP+cJ0l6H7V9osV1E= +cloud.google.com/go v0.118.1/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M= cloud.google.com/go/auth v0.14.0 h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM= cloud.google.com/go/auth v0.14.0/go.mod h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A= cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.118 h1:uTV1B/zXMMdq2bWrFzphpxkH9A1dy7NbBzy0kGkctPk= -github.com/chainguard-dev/terraform-infra-common v0.6.118/go.mod h1:k2hUJYjXKh8pgc7ArPAtBrAdvKpoFVO843n/Yq6BFKo= +github.com/chainguard-dev/terraform-infra-common v0.6.119 h1:EHKT2B48EPo9lTT58/JRC/3G2i5ynFQ3Cy9baj0nwO8= +github.com/chainguard-dev/terraform-infra-common v0.6.119/go.mod h1:FxIqeMmF4M/g8mP9SOMq+9pniCMLyCz2mTNGwT4mSMw= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -59,8 +59,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE= -github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= +github.com/ebitengine/purego v0.8.2 h1:jPPGWs2sZ1UgOSgD2bClL0MJIqu58nOmIcBuXr62z1I= +github.com/ebitengine/purego v0.8.2/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -83,8 +83,6 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -173,8 +171,8 @@ github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/sethvargo/go-envconfig v1.1.0 h1:cWZiJxeTm7AlCvzGXrEXaSTCNgip5oJepekh/BOQuog= github.com/sethvargo/go-envconfig v1.1.0/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= -github.com/shirou/gopsutil/v4 v4.24.12 h1:qvePBOk20e0IKA1QXrIIU+jmk+zEiYVVx06WjBRlZo4= -github.com/shirou/gopsutil/v4 v4.24.12/go.mod h1:DCtMPAad2XceTeIAbGyVfycbYQNBGk2P8cvDi7/VN9o= +github.com/shirou/gopsutil/v4 v4.25.1 h1:QSWkTc+fu9LTAWfkZwZ6j8MSUk4A2LV7rbH0ZqmLjXs= +github.com/shirou/gopsutil/v4 v4.25.1/go.mod h1:RoUCUpndaJFtT+2zsZzzmhvbfGoDCJ7nFXKJf8GqJbI= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -190,8 +188,6 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= -go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/detectors/gcp v1.34.0 h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao= From fce5a1343addcfb9b980a22a45cd11edd4fc8ddf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 13:17:58 -0800 Subject: [PATCH 154/194] Bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#734) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.25.0 to 0.26.0.
    Commits
    • b9c813b google: add warning about externally-provided credentials
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.25.0&new-version=0.26.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8d0ea0d..17b3e66 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 - golang.org/x/oauth2 v0.25.0 + golang.org/x/oauth2 v0.26.0 google.golang.org/api v0.219.0 google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.1 diff --git a/go.sum b/go.sum index 7623540..26470e2 100644 --- a/go.sum +++ b/go.sum @@ -248,8 +248,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= -golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE= +golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From c2bf27f0e528e8b5380dcdee50e07896a4992ab1 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Wed, 5 Feb 2025 19:14:12 -0800 Subject: [PATCH 155/194] Leverage GRPC errors in CheckToken. (#737) Jason noticed that we'd serve 5xx for some 4xx cases and it looks as though they come from `CheckToken` which doesn't leverage GRPC's structured errors. Signed-off-by: Matt Moore --- pkg/octosts/trust_policy.go | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/pkg/octosts/trust_policy.go b/pkg/octosts/trust_policy.go index a5443f4..a24d630 100644 --- a/pkg/octosts/trust_policy.go +++ b/pkg/octosts/trust_policy.go @@ -11,6 +11,8 @@ import ( "github.com/coreos/go-oidc/v3/oidc" "github.com/google/go-github/v68/github" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" ) type TrustPolicy struct { @@ -110,41 +112,41 @@ func (tp *TrustPolicy) CheckToken(token *oidc.IDToken, domain string) (Actor, er Claims: make([]Claim, 0, len(tp.claimPattern)), } if !tp.isCompiled { - return act, errors.New("trust policy: not compiled") + return act, status.Errorf(codes.Internal, "trust policy: not compiled") } // Check the issuer. switch { case tp.issuerPattern != nil: if !tp.issuerPattern.MatchString(token.Issuer) { - return act, fmt.Errorf("trust policy: issuer_pattern %q did not match %q", token.Issuer, tp.IssuerPattern) + return act, status.Errorf(codes.PermissionDenied, "trust policy: issuer_pattern %q did not match %q", token.Issuer, tp.IssuerPattern) } case tp.Issuer != "": if token.Issuer != tp.Issuer { - return act, fmt.Errorf("trust policy: issuer %q did not match %q", token.Issuer, tp.Issuer) + return act, status.Errorf(codes.PermissionDenied, "trust policy: issuer %q did not match %q", token.Issuer, tp.Issuer) } default: // Shouldn't be possible for compiled policies (defense in depth). - return act, fmt.Errorf("trust policy: no issuer or issuer_pattern set") + return act, status.Errorf(codes.Internal, "trust policy: no issuer or issuer_pattern set") } // Check the subject. switch { case tp.subjectPattern != nil: if !tp.subjectPattern.MatchString(token.Subject) { - return act, fmt.Errorf("trust policy: subject_pattern %q did not match %q", token.Subject, tp.SubjectPattern) + return act, status.Errorf(codes.PermissionDenied, "trust policy: subject_pattern %q did not match %q", token.Subject, tp.SubjectPattern) } case tp.Subject != "": if token.Subject != tp.Subject { - return act, fmt.Errorf("trust policy: subject %q did not match %q", token.Subject, tp.Subject) + return act, status.Errorf(codes.PermissionDenied, "trust policy: subject %q did not match %q", token.Subject, tp.Subject) } default: // Shouldn't be possible for compiled policies (defense in depth). - return act, fmt.Errorf("trust policy: no subject or subject_pattern set") + return act, status.Errorf(codes.Internal, "trust policy: no subject or subject_pattern set") } // Check the audience. @@ -159,18 +161,18 @@ func (tp *TrustPolicy) CheckToken(token *oidc.IDToken, domain string) (Actor, er } } if !found { - return act, fmt.Errorf("trust policy: audience_pattern %q did not match any of %q", tp.AudiencePattern, token.Audience) + return act, status.Errorf(codes.PermissionDenied, "trust policy: audience_pattern %q did not match any of %q", tp.AudiencePattern, token.Audience) } case tp.Audience != "": if !slices.Contains(token.Audience, tp.Audience) { - return act, fmt.Errorf("trust policy: audience %q did not match any of %q", tp.Audience, token.Audience) + return act, status.Errorf(codes.PermissionDenied, "trust policy: audience %q did not match any of %q", tp.Audience, token.Audience) } default: // If `audience` or `audience_pattern` is not provided, we fall back to the domain. if !slices.Contains(token.Audience, domain) { - return act, fmt.Errorf("trust policy: audience %q did not match any of %q", domain, token.Audience) + return act, status.Errorf(codes.PermissionDenied, "trust policy: audience %q did not match any of %q", domain, token.Audience) } } @@ -183,7 +185,7 @@ func (tp *TrustPolicy) CheckToken(token *oidc.IDToken, domain string) (Actor, er for k, v := range tp.claimPattern { raw, ok := customClaims[k] if !ok { - return act, fmt.Errorf("trust policy: expected claim %q not found in token", k) + return act, status.Errorf(codes.PermissionDenied, "trust policy: expected claim %q not found in token", k) } // Convert bool claims into a string @@ -196,14 +198,14 @@ func (tp *TrustPolicy) CheckToken(token *oidc.IDToken, domain string) (Actor, er } val, ok := raw.(string) if !ok { - return act, fmt.Errorf("trust policy: expected claim %q not a string", k) + return act, status.Errorf(codes.PermissionDenied, "trust policy: expected claim %q not a string", k) } act.Claims = append(act.Claims, Claim{ Name: k, Value: val, }) if !v.MatchString(val) { - return act, fmt.Errorf("trust policy: claim %q did not match %q", k, v) + return act, status.Errorf(codes.PermissionDenied, "trust policy: claim %q did not match %q", k, v) } } } From 54003fcd5bf2aab4aabf20bb2f4fa81868dd9b99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:05:22 -0800 Subject: [PATCH 156/194] Bump the all group with 2 updates (#744) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.119 to 0.6.120
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.120

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.119...v0.6.120

    Commits

    Updates `google.golang.org/api` from 0.219.0 to 0.220.0
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.220.0

    0.220.0 (2025-02-05)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.220.0 (2025-02-05)

    Features

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 32 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 17b3e66..a38663d 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.4 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.119 + github.com/chainguard-dev/terraform-infra-common v0.6.120 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.26.0 - google.golang.org/api v0.219.0 + google.golang.org/api v0.220.0 google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.1 sigs.k8s.io/yaml v1.4.0 @@ -48,7 +48,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.14.0 // indirect + cloud.google.com/go/auth v0.14.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.3.1 // indirect @@ -90,12 +90,12 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.32.0 // indirect golang.org/x/net v0.34.0 // indirect - golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.29.0 // indirect + golang.org/x/sync v0.11.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.9.0 // indirect + golang.org/x/time v0.10.0 // indirect google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 // indirect google.golang.org/protobuf v1.36.4 // indirect ) diff --git a/go.sum b/go.sum index 26470e2..331cf92 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ chainguard.dev/sdk v0.1.31/go.mod h1:/zqikqbDCBAAlhIDuBl8V4bR9nmB1qLEIn2w9FxzNwI cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.118.1 h1:b8RATMcrK9A4BH0rj8yQupPXp+aP+cJ0l6H7V9osV1E= cloud.google.com/go v0.118.1/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M= -cloud.google.com/go/auth v0.14.0 h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM= -cloud.google.com/go/auth v0.14.0/go.mod h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A= +cloud.google.com/go/auth v0.14.1 h1:AwoJbzUdxA/whv1qj3TLKwh3XX5sikny2fc40wUl+h0= +cloud.google.com/go/auth v0.14.1/go.mod h1:4JHUxlGXisL0AW8kXPtUF6ztuOksyfUQNFjfsOCXkPM= cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.119 h1:EHKT2B48EPo9lTT58/JRC/3G2i5ynFQ3Cy9baj0nwO8= -github.com/chainguard-dev/terraform-infra-common v0.6.119/go.mod h1:FxIqeMmF4M/g8mP9SOMq+9pniCMLyCz2mTNGwT4mSMw= +github.com/chainguard-dev/terraform-infra-common v0.6.120 h1:yq4OaVumYIXrFnpHuufJfihxGE5SaAa2vXrW2R3qv90= +github.com/chainguard-dev/terraform-infra-common v0.6.120/go.mod h1:qFBPte/d6IZZUD4yYO1thk+V/x/R7mMcnLTbKh6Upw0= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -255,8 +255,8 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -265,14 +265,14 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= -golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= +golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -287,8 +287,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.219.0 h1:nnKIvxKs/06jWawp2liznTBnMRQBEPpGo7I+oEypTX0= -google.golang.org/api v0.219.0/go.mod h1:K6OmjGm+NtLrIkHxv1U3a0qIf/0JOvAHd5O/6AoyKYE= +google.golang.org/api v0.220.0 h1:3oMI4gdBgB72WFVwE1nerDD8W3HUOS4kypK6rRLbGns= +google.golang.org/api v0.220.0/go.mod h1:26ZAlY6aN/8WgpCzjPNy18QpYaz7Zgg1h0qe1GkZEmY= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -296,10 +296,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxqK7T6XGugGbHIRl5Q7q3BssH6xk4s= google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= -google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47 h1:5iw9XJTD4thFidQmFVvx0wi4g5yOHk76rNRUxz1ZG5g= -google.golang.org/genproto/googleapis/api v0.0.0-20250124145028-65684f501c47/go.mod h1:AfA77qWLcidQWywD0YgqfpJzf50w2VjzBml3TybHeJU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 h1:91mG8dNTpkC0uChJUQ9zCiRqx3GEEFOWaRZ0mI6Oj2I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= +google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287 h1:A2ni10G3UlplFrWdCDJTl7D7mJ7GSRm37S+PDimaKRw= +google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 h1:J1H9f+LEdWAfHcez/4cvaVBox7cOYT+IU6rgqj5x++8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 089d4fd4961aa6c480e4fc8493a749c53f966468 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:05:43 -0800 Subject: [PATCH 157/194] Bump chainguard-dev/common/infra from 0.6.119 to 0.6.120 in /modules/app in the all group (#741) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.119 to 0.6.120
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.120

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.119...v0.6.120

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.119&new-version=0.6.120)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 21a94f1..08cb6e6 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.119" + version = "0.6.120" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.119" + version = "0.6.120" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index f878e87..df7627d 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.119" + version = "0.6.120" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.119" + version = "0.6.120" project_id = var.project_id name = "${var.name}-webhook" From 587e4a18682fab21c9e65973d1e33b61e1b658bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:05:57 -0800 Subject: [PATCH 158/194] Bump chainguard-dev/common/infra from 0.6.119 to 0.6.120 in /iac/bootstrap in the all group (#742) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.119 to 0.6.120
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.120

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.119...v0.6.120

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.119&new-version=0.6.120)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index a6b92fe..74aaf31 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.119" + version = "0.6.120" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.119" + version = "0.6.120" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.119" + version = "0.6.120" project_id = var.project_id name = "github-pull-requests" From 93570a46c448f2b739ffc21cf834dea38b50a9be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:06:22 -0800 Subject: [PATCH 159/194] Bump chainguard-dev/common/infra from 0.6.119 to 0.6.120 in /iac in the all group (#743) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.119 to 0.6.120
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.120

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.119...v0.6.120

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.119&new-version=0.6.120)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 4d81b6b..efc37a1 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.119" + version = "0.6.120" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.119" + version = "0.6.120" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 0da4cea..3311ed0 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.119" + version = "0.6.120" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index d6690ec..6aeb90d 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.119" + version = "0.6.120" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index bffa8bc..730887a 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.119" + version = "0.6.120" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.119" + version = "0.6.120" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.119" + version = "0.6.120" service_name = var.name project_id = var.project_id From cde4869abe7d41437d62e6528188c74500a1e248 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Feb 2025 12:28:13 -0800 Subject: [PATCH 160/194] Bump chainguard-dev/common/infra from 0.6.120 to 0.6.121 in /iac/bootstrap in the all group (#747) Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.120 to 0.6.121
    Commits
    • 83fff68 fix: panic with inner client (#714)
    • 31462d4 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 in the gom...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.120&new-version=0.6.121)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 74aaf31..7604774 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.120" + version = "0.6.121" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.120" + version = "0.6.121" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.120" + version = "0.6.121" project_id = var.project_id name = "github-pull-requests" From a23ab0b966525ee784cf21e87c4607602c5d1d1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Feb 2025 15:41:53 +0100 Subject: [PATCH 161/194] Bump chainguard-dev/common/infra from 0.6.120 to 0.6.121 in /iac in the all group (#746) Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.120 to 0.6.121
    Commits
    • 83fff68 fix: panic with inner client (#714)
    • 31462d4 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 in the gom...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.120&new-version=0.6.121)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index efc37a1..3bff215 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.120" + version = "0.6.121" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.120" + version = "0.6.121" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 3311ed0..639aa95 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.120" + version = "0.6.121" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 6aeb90d..f4cf8d7 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.120" + version = "0.6.121" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 730887a..49605ab 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.120" + version = "0.6.121" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.120" + version = "0.6.121" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.120" + version = "0.6.121" service_name = var.name project_id = var.project_id From 8269e1328bf3abf59d00d719ec5c99649f964962 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Feb 2025 15:42:11 +0100 Subject: [PATCH 162/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.120 to 0.6.121 in the all group (#749) Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.120 to 0.6.121
    Commits
    • 83fff68 fix: panic with inner client (#714)
    • 31462d4 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 in the gom...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.120&new-version=0.6.121)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index a38663d..5ade013 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.4 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.120 + github.com/chainguard-dev/terraform-infra-common v0.6.121 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -97,5 +97,5 @@ require ( google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 // indirect - google.golang.org/protobuf v1.36.4 // indirect + google.golang.org/protobuf v1.36.5 // indirect ) diff --git a/go.sum b/go.sum index 331cf92..dfb4bea 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.120 h1:yq4OaVumYIXrFnpHuufJfihxGE5SaAa2vXrW2R3qv90= -github.com/chainguard-dev/terraform-infra-common v0.6.120/go.mod h1:qFBPte/d6IZZUD4yYO1thk+V/x/R7mMcnLTbKh6Upw0= +github.com/chainguard-dev/terraform-infra-common v0.6.121 h1:jtVuvyXx8mvQ1+s2Euih5rxD597BcIni4XwX/BIK1gY= +github.com/chainguard-dev/terraform-infra-common v0.6.121/go.mod h1:KNZnc10HBRPsVMGqTqQiSya7UgVdfg3qAusmPMz5sKk= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -308,8 +308,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= -google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= -google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 3f4d37adce6a8c2d9126c9e190f584bccc9df297 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Feb 2025 15:42:26 +0100 Subject: [PATCH 163/194] Bump chainguard-dev/common/infra from 0.6.120 to 0.6.121 in /modules/app in the all group (#748) Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.120 to 0.6.121
    Commits
    • 83fff68 fix: panic with inner client (#714)
    • 31462d4 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 in the gom...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.120&new-version=0.6.121)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 08cb6e6..a2f1ffe 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.120" + version = "0.6.121" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.120" + version = "0.6.121" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index df7627d..83d3216 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.120" + version = "0.6.121" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.120" + version = "0.6.121" project_id = var.project_id name = "${var.name}-webhook" From 26a8fa14a49e0144fbdc623cf50dcaa783140a7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 14:12:54 -0600 Subject: [PATCH 164/194] Bump chainguard-dev/common/infra from 0.6.121 to 0.6.122 in /iac in the all group (#750) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.121 to 0.6.122
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.122

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.121...v0.6.122

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.121&new-version=0.6.122)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 3bff215..3a32822 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.121" + version = "0.6.122" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.121" + version = "0.6.122" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 639aa95..02f478a 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.121" + version = "0.6.122" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index f4cf8d7..f7da580 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.121" + version = "0.6.122" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 49605ab..e76fb86 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.121" + version = "0.6.122" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.121" + version = "0.6.122" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.121" + version = "0.6.122" service_name = var.name project_id = var.project_id From c883e0dff1547ec513e9e0c1dc279409114fad55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 14:40:58 -0600 Subject: [PATCH 165/194] Bump golangci/golangci-lint-action from 6.3.0 to 6.3.2 in the all group (#751) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 6.3.0 to 6.3.2
    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v6.3.2

    What's Changed

    Changes

    Dependencies

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.3.1...v6.3.2

    v6.3.1

    What's Changed

    Changes

    Dependencies

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.3.0...v6.3.1

    Commits
    • 051d919 6.3.2
    • b85ce4f fix: path patch (#1162)
    • d9c1296 build(deps-dev): bump prettier from 3.4.2 to 3.5.0 in the dev-dependencies gr...
    • db1c463 docs: move dev information into contribution guide
    • 697ae3d docs: information about releases
    • 2e78893 6.3.1
    • aa1e094 chore: update golangci-lint versions (#1159)
    • 3e6beaf fix: restrict patched version to v1 (#1158)
    • 1cc4e00 build(deps): bump @​types/node from 22.13.0 to 22.13.1 in the dependencies gro...
    • bbe109d build(deps-dev): bump the dev-dependencies group with 2 updates (#1155)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.3.0&new-version=6.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/style.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index ffed8b1..a75b46c 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -59,7 +59,7 @@ jobs: check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@e60da84bfae8c7920a47be973d75e15710aa8bd7 # v3.7.1 + uses: golangci/golangci-lint-action@051d91933864810ecd5e2ea2cfd98f6a5bca5347 # v3.7.1 with: version: v1.61 From 65f7875b35bdd3f3642f6e1ef394e951384f500d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 14:53:37 -0600 Subject: [PATCH 166/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.121 to 0.6.122 in the all group (#752) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.121 to 0.6.122
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.122

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.121...v0.6.122

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.121&new-version=0.6.122)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5ade013..b463e87 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.4 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.121 + github.com/chainguard-dev/terraform-infra-common v0.6.122 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 diff --git a/go.sum b/go.sum index dfb4bea..1c2c4a0 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.121 h1:jtVuvyXx8mvQ1+s2Euih5rxD597BcIni4XwX/BIK1gY= -github.com/chainguard-dev/terraform-infra-common v0.6.121/go.mod h1:KNZnc10HBRPsVMGqTqQiSya7UgVdfg3qAusmPMz5sKk= +github.com/chainguard-dev/terraform-infra-common v0.6.122 h1:HkFO/Xp20YMlYloC22xdVcybbP+TWpLVCyxhWNahDao= +github.com/chainguard-dev/terraform-infra-common v0.6.122/go.mod h1:KNZnc10HBRPsVMGqTqQiSya7UgVdfg3qAusmPMz5sKk= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= From 6ebb563b457f1614539beec287a260a75e40d90b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 14:53:54 -0600 Subject: [PATCH 167/194] Bump chainguard-dev/common/infra from 0.6.121 to 0.6.122 in /modules/app in the all group (#754) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.121 to 0.6.122
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.122

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.121...v0.6.122

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.121&new-version=0.6.122)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index a2f1ffe..5328008 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.121" + version = "0.6.122" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.121" + version = "0.6.122" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 83d3216..a867456 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.121" + version = "0.6.122" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.121" + version = "0.6.122" project_id = var.project_id name = "${var.name}-webhook" From 22999cf46451a603fdedc51de6456e4e9ae64d39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 14:54:12 -0600 Subject: [PATCH 168/194] Bump chainguard-dev/common/infra from 0.6.121 to 0.6.122 in /iac/bootstrap in the all group (#753) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.121 to 0.6.122
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.122

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.121...v0.6.122

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.121&new-version=0.6.122)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 7604774..ece67d3 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.121" + version = "0.6.122" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.121" + version = "0.6.122" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.121" + version = "0.6.122" project_id = var.project_id name = "github-pull-requests" From 6eb001811e307e1bcc7bdf659fa18b06e98668c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Feb 2025 21:43:18 +0100 Subject: [PATCH 169/194] Bump google.golang.org/api from 0.220.0 to 0.221.0 (#756) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.220.0 to 0.221.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.221.0

    0.221.0 (2025-02-12)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.221.0 (2025-02-12)

    Features

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.220.0&new-version=0.221.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index b463e87..1579d72 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.26.0 - google.golang.org/api v0.220.0 + google.golang.org/api v0.221.0 google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.1 sigs.k8s.io/yaml v1.4.0 @@ -88,14 +88,14 @@ require ( go.opentelemetry.io/proto/otlp v1.5.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.32.0 // indirect - golang.org/x/net v0.34.0 // indirect + golang.org/x/crypto v0.33.0 // indirect + golang.org/x/net v0.35.0 // indirect golang.org/x/sync v0.11.0 // indirect golang.org/x/sys v0.30.0 // indirect - golang.org/x/text v0.21.0 // indirect + golang.org/x/text v0.22.0 // indirect golang.org/x/time v0.10.0 // indirect google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect google.golang.org/protobuf v1.36.5 // indirect ) diff --git a/go.sum b/go.sum index 1c2c4a0..26e9bb5 100644 --- a/go.sum +++ b/go.sum @@ -227,8 +227,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= -golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -245,8 +245,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= -golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE= golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -269,8 +269,8 @@ golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -287,8 +287,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.220.0 h1:3oMI4gdBgB72WFVwE1nerDD8W3HUOS4kypK6rRLbGns= -google.golang.org/api v0.220.0/go.mod h1:26ZAlY6aN/8WgpCzjPNy18QpYaz7Zgg1h0qe1GkZEmY= +google.golang.org/api v0.221.0 h1:qzaJfLhDsbMeFee8zBRdt/Nc+xmOuafD/dbdgGfutOU= +google.golang.org/api v0.221.0/go.mod h1:7sOU2+TL4TxUTdbi0gWgAIg7tH5qBXxoyhtL+9x3biQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -298,8 +298,8 @@ google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxq google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287 h1:A2ni10G3UlplFrWdCDJTl7D7mJ7GSRm37S+PDimaKRw= google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 h1:J1H9f+LEdWAfHcez/4cvaVBox7cOYT+IU6rgqj5x++8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 h1:2duwAxN2+k0xLNpjnHTXoMUgnv6VPSp5fiqTuwSxjmI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From f7d53717b0de28e35bba1d31c5e837aaefbb0651 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Feb 2025 21:47:40 +0100 Subject: [PATCH 170/194] Bump cloud.google.com/go/secretmanager from 1.14.4 to 1.14.5 in the all group (#755) Bumps the all group with 1 update: [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/secretmanager` from 1.14.4 to 1.14.5
    Release notes

    Sourced from cloud.google.com/go/secretmanager's releases.

    secretmanager: v1.14.5

    1.14.5 (2025-02-12)

    Bug Fixes

    • secretmanager: Upgrade Go gRPC Protobuf generation (90140b1)
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cloud.google.com/go/secretmanager&package-manager=go_modules&previous-version=1.14.4&new-version=1.14.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 1579d72..0421fd7 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.31 cloud.google.com/go/kms v1.20.5 - cloud.google.com/go/secretmanager v1.14.4 + cloud.google.com/go/secretmanager v1.14.5 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 github.com/chainguard-dev/terraform-infra-common v0.6.122 @@ -95,7 +95,7 @@ require ( golang.org/x/text v0.22.0 // indirect golang.org/x/time v0.10.0 // indirect google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect google.golang.org/protobuf v1.36.5 // indirect ) diff --git a/go.sum b/go.sum index 26e9bb5..a826d5b 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ cloud.google.com/go/longrunning v0.6.4 h1:3tyw9rO3E2XVXzSApn1gyEEnH2K9SynNQjMlBi cloud.google.com/go/longrunning v0.6.4/go.mod h1:ttZpLCe6e7EXvn9OxpBRx7kZEB0efv8yBO6YnVMfhJs= cloud.google.com/go/monitoring v1.23.0 h1:M3nXww2gn9oZ/qWN2bZ35CjolnVHM3qnSbu6srCPgjk= cloud.google.com/go/monitoring v1.23.0/go.mod h1:034NnlQPDzrQ64G2Gavhl0LUHZs9H3rRmhtnp7jiJgg= -cloud.google.com/go/secretmanager v1.14.4 h1:SMWQMsUcACsdIuVhIBAw+QfKY4Xseiaa8qDnunjmhcM= -cloud.google.com/go/secretmanager v1.14.4/go.mod h1:pjwFw8+A6B4AcWrVXruLfz1QykkpMr8T/VT+zXB91iw= +cloud.google.com/go/secretmanager v1.14.5 h1:W++V0EL9iL6T2+ec24Dm++bIti0tI6Gx6sCosDBters= +cloud.google.com/go/secretmanager v1.14.5/go.mod h1:GXznZF3qqPZDGZQqETZwZqHw4R6KCaYVvcGiRBA+aqY= cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE= cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -296,8 +296,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxqK7T6XGugGbHIRl5Q7q3BssH6xk4s= google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= -google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287 h1:A2ni10G3UlplFrWdCDJTl7D7mJ7GSRm37S+PDimaKRw= -google.golang.org/genproto/googleapis/api v0.0.0-20250127172529-29210b9bc287/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4= +google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6 h1:L9JNMl/plZH9wmzQUHleO/ZZDSN+9Gh41wPczNy+5Fk= +google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4= google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 h1:2duwAxN2+k0xLNpjnHTXoMUgnv6VPSp5fiqTuwSxjmI= google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 75b438d8cc387b92815fbeb7a7c5a0de818e9ecd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Feb 2025 14:34:41 -0600 Subject: [PATCH 171/194] Bump golangci/golangci-lint-action from 6.3.2 to 6.3.3 in the all group (#758) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 6.3.2 to 6.3.3
    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v6.3.3

    What's Changed

    Changes

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.3.2...v6.3.3

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.3.2&new-version=6.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/style.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index a75b46c..eb97632 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -59,7 +59,7 @@ jobs: check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@051d91933864810ecd5e2ea2cfd98f6a5bca5347 # v3.7.1 + uses: golangci/golangci-lint-action@e0ebdd245eea59746bb0b28ea6a9871d3e35fbc9 # v3.7.1 with: version: v1.61 From 4fb22167bb0cf698cb7b0332b43de4bda1f74de3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Feb 2025 14:45:26 -0600 Subject: [PATCH 172/194] Bump chainguard-dev/common/infra from 0.6.122 to 0.6.123 in /iac in the all group (#760) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.122 to 0.6.123
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.123

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.122...v0.6.123

    Commits
    • 84788e3 build(deps): bump github.com/sethvargo/go-envconfig from 1.1.0 to 1.1.1 in th...
    • b1e612c change to prober alert to align with probe period (#718)
    • 8b1ccd0 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 in the gomod group (...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.122&new-version=0.6.123)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index 3a32822..bd34622 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.122" + version = "0.6.123" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.122" + version = "0.6.123" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 02f478a..8d7a72d 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.122" + version = "0.6.123" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index f7da580..8cba5a0 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.122" + version = "0.6.123" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index e76fb86..d7be0d7 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.122" + version = "0.6.123" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.122" + version = "0.6.123" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.122" + version = "0.6.123" service_name = var.name project_id = var.project_id From 449e95373131dc8a3fb21d704e9f0173f61f0fd0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Feb 2025 14:46:09 -0600 Subject: [PATCH 173/194] Bump chainguard-dev/common/infra from 0.6.122 to 0.6.123 in /modules/app in the all group (#759) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.122 to 0.6.123
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.123

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.122...v0.6.123

    Commits
    • 84788e3 build(deps): bump github.com/sethvargo/go-envconfig from 1.1.0 to 1.1.1 in th...
    • b1e612c change to prober alert to align with probe period (#718)
    • 8b1ccd0 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 in the gomod group (...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.122&new-version=0.6.123)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 5328008..e8357e6 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.122" + version = "0.6.123" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.122" + version = "0.6.123" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index a867456..2a6857d 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.122" + version = "0.6.123" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.122" + version = "0.6.123" project_id = var.project_id name = "${var.name}-webhook" From e9d0cb921db37f441af875373f387487ffaee237 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Feb 2025 14:48:09 -0600 Subject: [PATCH 174/194] Bump the all group with 2 updates (#757) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common) and [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.122 to 0.6.123
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.123

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.122...v0.6.123

    Commits
    • 84788e3 build(deps): bump github.com/sethvargo/go-envconfig from 1.1.0 to 1.1.1 in th...
    • b1e612c change to prober alert to align with probe period (#718)
    • 8b1ccd0 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 in the gomod group (...
    • See full diff in compare view

    Updates `k8s.io/apimachinery` from 0.32.1 to 0.32.2
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 0421fd7..8a56a25 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.5 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.122 + github.com/chainguard-dev/terraform-infra-common v0.6.123 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -21,7 +21,7 @@ require ( golang.org/x/oauth2 v0.26.0 google.golang.org/api v0.221.0 google.golang.org/grpc v1.70.0 - k8s.io/apimachinery v0.32.1 + k8s.io/apimachinery v0.32.2 sigs.k8s.io/yaml v1.4.0 ) @@ -39,7 +39,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect - github.com/sethvargo/go-envconfig v1.1.0 // indirect + github.com/sethvargo/go-envconfig v1.1.1 // indirect github.com/shirou/gopsutil/v4 v4.25.1 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect diff --git a/go.sum b/go.sum index a826d5b..4a3448f 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.122 h1:HkFO/Xp20YMlYloC22xdVcybbP+TWpLVCyxhWNahDao= -github.com/chainguard-dev/terraform-infra-common v0.6.122/go.mod h1:KNZnc10HBRPsVMGqTqQiSya7UgVdfg3qAusmPMz5sKk= +github.com/chainguard-dev/terraform-infra-common v0.6.123 h1:/FjfK6v3A9PThBVCGwGpnMcNZsLWg/e2EuwG9a/uFvI= +github.com/chainguard-dev/terraform-infra-common v0.6.123/go.mod h1:HtkeMpC4mgZVv+qiOLQO5ncaKNXqHswM80nZH0Uo9iQ= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -169,8 +169,8 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= -github.com/sethvargo/go-envconfig v1.1.0 h1:cWZiJxeTm7AlCvzGXrEXaSTCNgip5oJepekh/BOQuog= -github.com/sethvargo/go-envconfig v1.1.0/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= +github.com/sethvargo/go-envconfig v1.1.1 h1:JDu8Q9baIzJf47NPkzhIB6aLYL0vQ+pPypoYrejS9QY= +github.com/sethvargo/go-envconfig v1.1.1/go.mod h1:JLd0KFWQYzyENqnEPWWZ49i4vzZo/6nRidxI8YvGiHw= github.com/shirou/gopsutil/v4 v4.25.1 h1:QSWkTc+fu9LTAWfkZwZ6j8MSUk4A2LV7rbH0ZqmLjXs= github.com/shirou/gopsutil/v4 v4.25.1/go.mod h1:RoUCUpndaJFtT+2zsZzzmhvbfGoDCJ7nFXKJf8GqJbI= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= @@ -323,7 +323,7 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= -k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From fe8364db261fe051dba28c092b17afdbbc4db32c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Feb 2025 20:59:56 +0000 Subject: [PATCH 175/194] Bump chainguard-dev/common/infra from 0.6.122 to 0.6.123 in /iac/bootstrap in the all group (#761) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.122 to 0.6.123
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.123

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.122...v0.6.123

    Commits
    • 84788e3 build(deps): bump github.com/sethvargo/go-envconfig from 1.1.0 to 1.1.1 in th...
    • b1e612c change to prober alert to align with probe period (#718)
    • 8b1ccd0 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 in the gomod group (...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.122&new-version=0.6.123)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index ece67d3..1bfb310 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.122" + version = "0.6.123" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.122" + version = "0.6.123" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.122" + version = "0.6.123" project_id = var.project_id name = "github-pull-requests" From f9c9f356711af3f0404e43aa56460fc8b23a53ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Feb 2025 09:15:26 +0100 Subject: [PATCH 176/194] Bump the all group with 2 updates (#762) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `reviewdog/action-actionlint` from 1.64.1 to 1.65.0
    Release notes

    Sourced from reviewdog/action-actionlint's releases.

    Release v1.65.0

    v1.65.0: PR #155 - feat: add arm support

    Commits

    Updates `golangci/golangci-lint-action` from 6.3.3 to 6.5.0
    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v6.5.0

    What's Changed

    Changes

    Dependencies

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.4.1...v6.5.0

    v6.4.1

    What's Changed

    Changes

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.4.0...v6.4.1

    v6.4.0

    What's Changed

    Changes

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.3.3...v6.4.0

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/actionlint.yaml | 2 +- .github/workflows/style.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index efcb286..7759516 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,6 +24,6 @@ jobs: echo "files=${yamls}" >> "$GITHUB_OUTPUT" - name: Action lint - uses: reviewdog/action-actionlint@abd537417cf4991e1ba8e21a67b1119f4f53b8e0 # v1.64.1 + uses: reviewdog/action-actionlint@db58217885f9a6570da9c71be4e40ec33fe44a1f # v1.65.0 with: actionlint_flags: ${{ steps.get_yamls.outputs.files }} diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index eb97632..43b1d13 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -59,7 +59,7 @@ jobs: check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@e0ebdd245eea59746bb0b28ea6a9871d3e35fbc9 # v3.7.1 + uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v3.7.1 with: version: v1.61 From b7086b98d4e3319b20aa9b7dce1b266b3360b094 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Feb 2025 20:42:44 +0000 Subject: [PATCH 177/194] Bump google.golang.org/api from 0.221.0 to 0.222.0 (#763) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.221.0 to 0.222.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.222.0

    0.222.0 (2025-02-18)

    Features

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.222.0 (2025-02-18)

    Features

    Commits
    • a627cda chore(main): release 0.222.0 (#3015)
    • 8a616df chore(all): update all to 5a70512 (#3020)
    • 28b0491 feat(all): auto-regenerate discovery clients (#3022)
    • 24ae542 feat(all): auto-regenerate discovery clients (#3021)
    • f6aa2a4 feat(all): auto-regenerate discovery clients (#3019)
    • 769817f feat(all): auto-regenerate discovery clients (#3018)
    • 2aaef90 test(support/bundler): increase context timeout to avoid occasional test fail...
    • 8169e72 feat(all): auto-regenerate discovery clients (#3016)
    • 27cb014 feat(all): auto-regenerate discovery clients (#3014)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.221.0&new-version=0.222.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 8a56a25..b070266 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.26.0 - google.golang.org/api v0.221.0 + google.golang.org/api v0.222.0 google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.2 sigs.k8s.io/yaml v1.4.0 @@ -96,6 +96,6 @@ require ( golang.org/x/time v0.10.0 // indirect google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b // indirect google.golang.org/protobuf v1.36.5 // indirect ) diff --git a/go.sum b/go.sum index 4a3448f..43b838f 100644 --- a/go.sum +++ b/go.sum @@ -287,8 +287,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.221.0 h1:qzaJfLhDsbMeFee8zBRdt/Nc+xmOuafD/dbdgGfutOU= -google.golang.org/api v0.221.0/go.mod h1:7sOU2+TL4TxUTdbi0gWgAIg7tH5qBXxoyhtL+9x3biQ= +google.golang.org/api v0.222.0 h1:Aiewy7BKLCuq6cUCeOUrsAlzjXPqBkEeQ/iwGHVQa/4= +google.golang.org/api v0.222.0/go.mod h1:efZia3nXpWELrwMlN5vyQrD4GmJN1Vw0x68Et3r+a9c= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -298,8 +298,8 @@ google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxq google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6 h1:L9JNMl/plZH9wmzQUHleO/ZZDSN+9Gh41wPczNy+5Fk= google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 h1:2duwAxN2+k0xLNpjnHTXoMUgnv6VPSp5fiqTuwSxjmI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b h1:FQtJ1MxbXoIIrZHZ33M+w5+dAP9o86rgpjoKr/ZmT7k= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 6a6d0db76aa0ae109da202e9b7925bfeb01210fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Feb 2025 12:42:00 -0800 Subject: [PATCH 178/194] Bump cloud.google.com/go/kms from 1.20.5 to 1.21.0 (#764) Bumps [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) from 1.20.5 to 1.21.0.
    Release notes

    Sourced from cloud.google.com/go/kms's releases.

    kms: v1.21.0

    1.21.0 (2025-02-20)

    Features

    • kms: Add a PublicKeyFormat enum to allow specifying the format the public is going to be exported in (c08d347)
    • kms: Support PQC asymmetric signing algorithms ML_DSA_65 and SLH_DSA_SHA2_128s (c08d347)

    dlp: v1.21.0

    1.21.0 (2025-02-20)

    Features

    Documentation

    • dlp: Documentation revisions for data profiles (bd0aec1)

    cloudbuild: v1.21.0

    1.21.0 (2025-02-12)

    Features

    • cloudbuild/apiv1: Add option to enable fetching dependencies (#11589) (e99577b)
    Changelog

    Sourced from cloud.google.com/go/kms's changelog.

    1.21.0 (2023-07-18)

    Features

    • documentai: Removed id field from Document message (4a5651c)

    1.20.0 (2023-06-20)

    Features

    • documentai: Add StyleInfo to document.proto (b726d41)
    • documentai: Add StyleInfo to document.proto (b726d41)

    Bug Fixes

    • documentai: REST query UpdateMask bug (df52820)

    1.19.0 (2023-05-30)

    Features

    • documentai: Update all direct dependencies (b340d03)

    1.18.1 (2023-05-08)

    Bug Fixes

    • documentai: Update grpc to v1.55.0 (1147ce0)

    1.18.0 (2023-03-22)

    Features

    • documentai: Add ImportProcessorVersion in v1beta3 (c967961)

    1.17.0 (2023-03-15)

    Features

    • documentai: Added hints.language_hints field in OcrConfig (#7522) (b2c40c3)

    1.16.0 (2023-02-22)

    ... (truncated)

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cloud.google.com/go/kms&package-manager=go_modules&previous-version=1.20.5&new-version=1.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index b070266..bed8037 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.4 require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.31 - cloud.google.com/go/kms v1.20.5 + cloud.google.com/go/kms v1.21.0 cloud.google.com/go/secretmanager v1.14.5 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/chainguard-dev/clog v1.6.1 @@ -26,7 +26,7 @@ require ( ) require ( - cloud.google.com/go v0.118.1 // indirect + cloud.google.com/go v0.118.2 // indirect cloud.google.com/go/longrunning v0.6.4 // indirect cloud.google.com/go/trace v1.11.3 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect @@ -51,7 +51,7 @@ require ( cloud.google.com/go/auth v0.14.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/iam v1.3.1 // indirect + cloud.google.com/go/iam v1.4.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -95,7 +95,7 @@ require ( golang.org/x/text v0.22.0 // indirect golang.org/x/time v0.10.0 // indirect google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b // indirect google.golang.org/protobuf v1.36.5 // indirect ) diff --git a/go.sum b/go.sum index 43b838f..f6fd44b 100644 --- a/go.sum +++ b/go.sum @@ -3,18 +3,18 @@ chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3 chainguard.dev/sdk v0.1.31 h1:Blvpa0Ji/tC1VVV8/l8UyQe022LoRxZLfgasyFE1EhQ= chainguard.dev/sdk v0.1.31/go.mod h1:/zqikqbDCBAAlhIDuBl8V4bR9nmB1qLEIn2w9FxzNwI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.118.1 h1:b8RATMcrK9A4BH0rj8yQupPXp+aP+cJ0l6H7V9osV1E= -cloud.google.com/go v0.118.1/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M= +cloud.google.com/go v0.118.2 h1:bKXO7RXMFDkniAAvvuMrAPtQ/VHrs9e7J5UT3yrGdTY= +cloud.google.com/go v0.118.2/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M= cloud.google.com/go/auth v0.14.1 h1:AwoJbzUdxA/whv1qj3TLKwh3XX5sikny2fc40wUl+h0= cloud.google.com/go/auth v0.14.1/go.mod h1:4JHUxlGXisL0AW8kXPtUF6ztuOksyfUQNFjfsOCXkPM= cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= -cloud.google.com/go/iam v1.3.1 h1:KFf8SaT71yYq+sQtRISn90Gyhyf4X8RGgeAVC8XGf3E= -cloud.google.com/go/iam v1.3.1/go.mod h1:3wMtuyT4NcbnYNPLMBzYRFiEfjKfJlLVLrisE7bwm34= -cloud.google.com/go/kms v1.20.5 h1:aQQ8esAIVZ1atdJRxihhdxGQ64/zEbJoJnCz/ydSmKg= -cloud.google.com/go/kms v1.20.5/go.mod h1:C5A8M1sv2YWYy1AE6iSrnddSG9lRGdJq5XEdBy28Lmw= +cloud.google.com/go/iam v1.4.0 h1:ZNfy/TYfn2uh/ukvhp783WhnbVluqf/tzOaqVUPlIPA= +cloud.google.com/go/iam v1.4.0/go.mod h1:gMBgqPaERlriaOV0CUl//XUzDhSfXevn4OEUbg6VRs4= +cloud.google.com/go/kms v1.21.0 h1:x3EeWKuYwdlo2HLse/876ZrKjk2L5r7Uexfm8+p6mSI= +cloud.google.com/go/kms v1.21.0/go.mod h1:zoFXMhVVK7lQ3JC9xmhHMoQhnjEDZFoLAr5YMwzBLtk= cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= cloud.google.com/go/longrunning v0.6.4 h1:3tyw9rO3E2XVXzSApn1gyEEnH2K9SynNQjMlBi3uHLg= @@ -296,8 +296,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxqK7T6XGugGbHIRl5Q7q3BssH6xk4s= google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= -google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6 h1:L9JNMl/plZH9wmzQUHleO/ZZDSN+9Gh41wPczNy+5Fk= -google.golang.org/genproto/googleapis/api v0.0.0-20250207221924-e9438ea467c6/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4= +google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 h1:35ZFtrCgaAjF7AFAK0+lRSf+4AyYnWRbH7og13p7rZ4= +google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:W9ynFDP/shebLB1Hl/ESTOap2jHd6pmLXPNZC7SVDbA= google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b h1:FQtJ1MxbXoIIrZHZ33M+w5+dAP9o86rgpjoKr/ZmT7k= google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 18c8e926745186e6976f0e6035da9f462978c738 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Feb 2025 15:14:36 +0100 Subject: [PATCH 179/194] Bump chainguard-dev/common/infra from 0.6.123 to 0.6.124 in /iac in the all group (#769) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.123 to 0.6.124
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.124

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.123...v0.6.124

    Commits
    • d6fea53 github-events: Use organization field for org filter. (#723)
    • 88a658b build(deps): bump the gomod group with 2 updates (#721)
    • 7cfe9a7 build(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 in the gomod ...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.123&new-version=0.6.124)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index bd34622..d9ce7b7 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.123" + version = "0.6.124" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.123" + version = "0.6.124" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 8d7a72d..c992763 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.123" + version = "0.6.124" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 8cba5a0..f1e008e 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.123" + version = "0.6.124" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index d7be0d7..2f1cd17 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.123" + version = "0.6.124" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.123" + version = "0.6.124" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.123" + version = "0.6.124" service_name = var.name project_id = var.project_id From ef1dd2ee594c82716de661f9c33294c8e793065c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Feb 2025 15:14:56 +0100 Subject: [PATCH 180/194] Bump chainguard-dev/common/infra from 0.6.123 to 0.6.124 in /modules/app in the all group (#767) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.123 to 0.6.124
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.124

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.123...v0.6.124

    Commits
    • d6fea53 github-events: Use organization field for org filter. (#723)
    • 88a658b build(deps): bump the gomod group with 2 updates (#721)
    • 7cfe9a7 build(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 in the gomod ...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.123&new-version=0.6.124)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index e8357e6..b1558fe 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.123" + version = "0.6.124" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.123" + version = "0.6.124" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 2a6857d..953d76b 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.123" + version = "0.6.124" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.123" + version = "0.6.124" project_id = var.project_id name = "${var.name}-webhook" From 810df90a5bba086a7d6b5628b360991fb100a235 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Feb 2025 15:15:08 +0100 Subject: [PATCH 181/194] Bump chainguard-dev/common/infra from 0.6.123 to 0.6.124 in /iac/bootstrap in the all group (#768) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.123 to 0.6.124
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.124

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.123...v0.6.124

    Commits
    • d6fea53 github-events: Use organization field for org filter. (#723)
    • 88a658b build(deps): bump the gomod group with 2 updates (#721)
    • 7cfe9a7 build(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 in the gomod ...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.123&new-version=0.6.124)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index 1bfb310..e41d9bf 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.123" + version = "0.6.124" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.123" + version = "0.6.124" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.123" + version = "0.6.124" project_id = var.project_id name = "github-pull-requests" From 43b44ef273a6b00c849b70a516e2b3713e4caae3 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 24 Feb 2025 16:27:36 +0100 Subject: [PATCH 182/194] bump dependencies and upgrade to go1.24 (#770) Signed-off-by: cpanato --- .github/workflows/style.yaml | 2 +- .golangci.yml | 3 +-- go.mod | 6 +++--- go.sum | 8 ++++---- pkg/octosts/octosts.go | 2 +- pkg/octosts/octosts_test.go | 2 +- pkg/octosts/trust_policy.go | 2 +- pkg/prober/prober.go | 2 +- pkg/webhook/webhook.go | 2 +- pkg/webhook/webhook_test.go | 2 +- 10 files changed, 15 insertions(+), 16 deletions(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 43b1d13..a4ee324 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -61,7 +61,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v3.7.1 with: - version: v1.61 + version: v1.64 lint: name: Lint diff --git a/.golangci.yml b/.golangci.yml index d4f9735..7e5bc7b 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -18,9 +18,8 @@ linters: - unconvert - unparam - whitespace -output: - uniq-by-line: false issues: + uniq-by-line: false exclude-rules: - path: _test\.go linters: diff --git a/go.mod b/go.mod index bed8037..c2b9860 100644 --- a/go.mod +++ b/go.mod @@ -1,20 +1,20 @@ module github.com/octo-sts/app -go 1.23.4 +go 1.24 require ( chainguard.dev/go-grpc-kit v0.17.7 chainguard.dev/sdk v0.1.31 cloud.google.com/go/kms v1.21.0 cloud.google.com/go/secretmanager v1.14.5 - github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.14.0 github.com/chainguard-dev/clog v1.6.1 github.com/chainguard-dev/terraform-infra-common v0.6.123 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.6.0 - github.com/google/go-github/v68 v68.0.0 + github.com/google/go-github/v69 v69.0.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 diff --git a/go.sum b/go.sum index f6fd44b..6af2857 100644 --- a/go.sum +++ b/go.sum @@ -38,8 +38,8 @@ github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 h1:5FhjW93/YLQJDmPdeyMPw7IjAPzqsr+0jHPfrPz0sZI= -github.com/bradleyfalzon/ghinstallation/v2 v2.13.0/go.mod h1:EJ6fgedVEHa2kUyBTTvslJCXJafS/mhJNNKEOCspZXQ= +github.com/bradleyfalzon/ghinstallation/v2 v2.14.0 h1:0D4vKCHOvYrDU8u61TnE2JfNT4VRrBLphmxtqazTO+M= +github.com/bradleyfalzon/ghinstallation/v2 v2.14.0/go.mod h1:LOVmdZYVZ8jqdr4n9wWm1ocDiMz9IfMGfRkaYC1a52A= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -94,8 +94,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-github/v68 v68.0.0 h1:ZW57zeNZiXTdQ16qrDiZ0k6XucrxZ2CGmoTvcCyQG6s= -github.com/google/go-github/v68 v68.0.0/go.mod h1:K9HAUBovM2sLwM408A18h+wd9vqdLOEqTUCbnRIcx68= +github.com/google/go-github/v69 v69.0.0 h1:YnFvZ3pEIZF8KHmI8xyQQe3mYACdkhnaTV2hr7CP2/w= +github.com/google/go-github/v69 v69.0.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= diff --git a/pkg/octosts/octosts.go b/pkg/octosts/octosts.go index 28004d3..42d7250 100644 --- a/pkg/octosts/octosts.go +++ b/pkg/octosts/octosts.go @@ -19,7 +19,7 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" cloudevents "github.com/cloudevents/sdk-go/v2" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v68/github" + "github.com/google/go-github/v69/github" lru "github.com/hashicorp/golang-lru/v2" expirablelru "github.com/hashicorp/golang-lru/v2/expirable" diff --git a/pkg/octosts/octosts_test.go b/pkg/octosts/octosts_test.go index 4168d4e..f21418d 100644 --- a/pkg/octosts/octosts_test.go +++ b/pkg/octosts/octosts_test.go @@ -34,7 +34,7 @@ import ( josejwt "github.com/go-jose/go-jose/v4/jwt" jwt "github.com/golang-jwt/jwt/v4" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v68/github" + "github.com/google/go-github/v69/github" "google.golang.org/grpc/metadata" "github.com/octo-sts/app/pkg/provider" diff --git a/pkg/octosts/trust_policy.go b/pkg/octosts/trust_policy.go index a24d630..b9a1061 100644 --- a/pkg/octosts/trust_policy.go +++ b/pkg/octosts/trust_policy.go @@ -10,7 +10,7 @@ import ( "slices" "github.com/coreos/go-oidc/v3/oidc" - "github.com/google/go-github/v68/github" + "github.com/google/go-github/v69/github" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) diff --git a/pkg/prober/prober.go b/pkg/prober/prober.go index da013cc..67505ba 100644 --- a/pkg/prober/prober.go +++ b/pkg/prober/prober.go @@ -11,7 +11,7 @@ import ( "chainguard.dev/sdk/sts" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v68/github" + "github.com/google/go-github/v69/github" "github.com/kelseyhightower/envconfig" "golang.org/x/oauth2" "google.golang.org/api/idtoken" diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index 2563f22..412404e 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -17,7 +17,7 @@ import ( "github.com/bradleyfalzon/ghinstallation/v2" "github.com/chainguard-dev/clog" - "github.com/google/go-github/v68/github" + "github.com/google/go-github/v69/github" "github.com/hashicorp/go-multierror" "k8s.io/apimachinery/pkg/util/sets" "sigs.k8s.io/yaml" diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go index 573dde4..b64afd0 100644 --- a/pkg/webhook/webhook_test.go +++ b/pkg/webhook/webhook_test.go @@ -24,7 +24,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/chainguard-dev/clog/slogtest" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v68/github" + "github.com/google/go-github/v69/github" ) func TestValidatePolicy(t *testing.T) { From 6260dde00b5cd482185a52deef2069d794a1dcc7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 17:44:08 +0100 Subject: [PATCH 183/194] Bump github.com/chainguard-dev/terraform-infra-common from 0.6.123 to 0.6.124 in the all group (#765) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 1 update: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.123 to 0.6.124
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.124

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.123...v0.6.124

    Commits
    • d6fea53 github-events: Use organization field for org filter. (#723)
    • 88a658b build(deps): bump the gomod group with 2 updates (#721)
    • 7cfe9a7 build(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 in the gomod ...
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/chainguard-dev/terraform-infra-common&package-manager=go_modules&previous-version=0.6.123&new-version=0.6.124)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index c2b9860..b22056c 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.5 github.com/bradleyfalzon/ghinstallation/v2 v2.14.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.123 + github.com/chainguard-dev/terraform-infra-common v0.6.124 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -71,9 +71,9 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/prometheus/client_golang v1.20.5 // indirect + github.com/prometheus/client_golang v1.21.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.60.1 // indirect + github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/stretchr/testify v1.10.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect diff --git a/go.sum b/go.sum index 6af2857..7876e37 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.123 h1:/FjfK6v3A9PThBVCGwGpnMcNZsLWg/e2EuwG9a/uFvI= -github.com/chainguard-dev/terraform-infra-common v0.6.123/go.mod h1:HtkeMpC4mgZVv+qiOLQO5ncaKNXqHswM80nZH0Uo9iQ= +github.com/chainguard-dev/terraform-infra-common v0.6.124 h1:I2GsbsMXnm2jzKNvN/jVZR/mVRy2Evigae0onweesv0= +github.com/chainguard-dev/terraform-infra-common v0.6.124/go.mod h1:35IqVfClK+IvpRCQwOScjxmjEObgE3dNYcxMYvTRqT8= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -154,16 +154,16 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= -github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= -github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.21.0 h1:DIsaGmiaBkSangBgMtWdNfxbMNdku5IK6iNhrEqWvdA= +github.com/prometheus/client_golang v1.21.0/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= -github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= +github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= From aec50683db841125489d5a9ea5a85a99f7adcca1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 08:28:55 +0100 Subject: [PATCH 184/194] Bump chainguard-dev/common/infra from 0.6.124 to 0.6.125 in /iac/bootstrap in the all group (#777) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.124 to 0.6.125
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.125

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.124...v0.6.125

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.124&new-version=0.6.125)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index e41d9bf..a413d30 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.124" + version = "0.6.125" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.124" + version = "0.6.125" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.124" + version = "0.6.125" project_id = var.project_id name = "github-pull-requests" From 231b8620b38e0389c8295478e7666e8b69334e05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 08:29:19 +0100 Subject: [PATCH 185/194] Bump chainguard-dev/common/infra from 0.6.124 to 0.6.125 in /modules/app in the all group (#774) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.124 to 0.6.125
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.125

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.124...v0.6.125

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.124&new-version=0.6.125)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index b1558fe..9406143 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.124" + version = "0.6.125" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.124" + version = "0.6.125" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 953d76b..0d97530 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.124" + version = "0.6.125" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.124" + version = "0.6.125" project_id = var.project_id name = "${var.name}-webhook" From 6a6b0633423f78183ae442a82c4a5445c4ccc0e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 08:29:36 +0100 Subject: [PATCH 186/194] Bump chainguard-dev/common/infra from 0.6.124 to 0.6.125 in /iac in the all group (#771) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.124 to 0.6.125
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.125

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.124...v0.6.125

    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.124&new-version=0.6.125)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index d9ce7b7..f9d4527 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.124" + version = "0.6.125" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.124" + version = "0.6.125" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index c992763..3da4b8e 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.124" + version = "0.6.125" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index f1e008e..5450370 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.124" + version = "0.6.125" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 2f1cd17..52921a5 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.124" + version = "0.6.125" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.124" + version = "0.6.125" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.124" + version = "0.6.125" service_name = var.name project_id = var.project_id From 7b0c5bd0564557df59b69443f683f0532008d7f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 08:39:46 +0100 Subject: [PATCH 187/194] Bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 (#776) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.26.0 to 0.27.0.
    Commits
    • 681b4d8 jws: split token into fixed number of parts
    • 3f78298 all: upgrade go directive to at least 1.23.0 [generated]
    • 109dabf endpoints: add links/provider for Discord
    • ac571fa oauth2: fix docs for Config.DeviceAuth
    • 314ee5b endpoints: add patreon endpoint
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.26.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b22056c..ec11417 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 - golang.org/x/oauth2 v0.26.0 + golang.org/x/oauth2 v0.27.0 google.golang.org/api v0.222.0 google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.2 diff --git a/go.sum b/go.sum index 7876e37..a74b1c7 100644 --- a/go.sum +++ b/go.sum @@ -248,8 +248,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE= -golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= +golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 53657a2177fac1052d31dea58ede9c9d4cbf9491 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 08:40:09 +0100 Subject: [PATCH 188/194] Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#773) Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.6.0 to 0.7.0.
    Release notes

    Sourced from github.com/google/go-cmp's releases.

    v0.7.0

    New API:

    • (#367) Support compare functions with SortSlices and SortMaps

    Panic messaging:

    • (#370) Detect proto.Message types when failing to export a field
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-cmp&package-manager=go_modules&previous-version=0.6.0&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ec11417..92883c2 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 - github.com/google/go-cmp v0.6.0 + github.com/google/go-cmp v0.7.0 github.com/google/go-github/v69 v69.0.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 diff --git a/go.sum b/go.sum index a74b1c7..c30ea5a 100644 --- a/go.sum +++ b/go.sum @@ -92,8 +92,8 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-github/v69 v69.0.0 h1:YnFvZ3pEIZF8KHmI8xyQQe3mYACdkhnaTV2hr7CP2/w= github.com/google/go-github/v69 v69.0.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= From f37f09946cb25756806c8771a8e1763dfe91f373 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 08:40:23 +0100 Subject: [PATCH 189/194] Bump the all group with 2 updates (#772) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 2 updates: [github.com/chainguard-dev/terraform-infra-common](https://github.com/chainguard-dev/terraform-infra-common) and [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). Updates `github.com/chainguard-dev/terraform-infra-common` from 0.6.124 to 0.6.125
    Release notes

    Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

    v0.6.125

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.124...v0.6.125

    Commits

    Updates `github.com/go-jose/go-jose/v4` from 4.0.4 to 4.0.5
    Release notes

    Sourced from github.com/go-jose/go-jose/v4's releases.

    v4.0.5

    What's Changed

    Fixes https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78

    Various other dependency updates, small fixes, and documentation updates in the full changelog

    New Contributors

    Full Changelog: https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 92883c2..c118733 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( cloud.google.com/go/secretmanager v1.14.5 github.com/bradleyfalzon/ghinstallation/v2 v2.14.0 github.com/chainguard-dev/clog v1.6.1 - github.com/chainguard-dev/terraform-infra-common v0.6.124 + github.com/chainguard-dev/terraform-infra-common v0.6.125 github.com/cloudevents/sdk-go/v2 v2.15.2 github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 @@ -56,7 +56,7 @@ require ( github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.0.4 + github.com/go-jose/go-jose/v4 v4.0.5 github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/google/go-querystring v1.1.0 // indirect diff --git a/go.sum b/go.sum index c30ea5a..5c9d96a 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU= github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs= -github.com/chainguard-dev/terraform-infra-common v0.6.124 h1:I2GsbsMXnm2jzKNvN/jVZR/mVRy2Evigae0onweesv0= -github.com/chainguard-dev/terraform-infra-common v0.6.124/go.mod h1:35IqVfClK+IvpRCQwOScjxmjEObgE3dNYcxMYvTRqT8= +github.com/chainguard-dev/terraform-infra-common v0.6.125 h1:PrBK/wvg1YvCO5gG5UlGmLj/V5zzhrvBPI5PLLh37Tg= +github.com/chainguard-dev/terraform-infra-common v0.6.125/go.mod h1:lCOsxiG1m3b91lzNbEE5xE4w5oixwBeeESOV7V4mhjk= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc= github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE= @@ -67,8 +67,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= -github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= +github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= From f622d78a737fb8b4469a3f2af104ce7f4a8ccdd5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 10:38:30 +0100 Subject: [PATCH 190/194] Bump github.com/google/go-github/v69 from 69.0.0 to 69.2.0 (#775) Bumps [github.com/google/go-github/v69](https://github.com/google/go-github) from 69.0.0 to 69.2.0.
    Release notes

    Sourced from github.com/google/go-github/v69's releases.

    v69.2.0

    This minor release contains the following changes:

    • Add helper to get runID from Custom Deployment Protection Rule Event (#3476)
    • feat: Add JSON marshal tests for dependabot alerts (#3480)
    • feat: Add sorting list options for secret scanning (#3481)
    • Bump version of go-github to v69.2.0 (#3482)

    v69.1.0

    This minor release contains the following changes:

    • Bump go-github from v68 to v69 in /scrape (#3464)
    • Use a max retry after duration for secondary rate limit if specified (#3438)
    • docs: Clarify ListPullRequestsWithCommit usage (#3465)
    • fix: go 1.22 test breakage (#3459)
    • feat: Add link to bored-engineer/github-conditional-http-transport to conditional requests documentation (#3469)
    • build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 in /tools (#3472)
    • build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 in /scrape (#3470)
    • build(deps): bump github.com/alecthomas/kong from 1.7.0 to 1.8.0 in /tools (#3471)
    • Update workflow and tools to use Go1.24 and 1.23 (#3474)
    • chore: Only use master test runs for status badge (#3475)
    • feat: Add ListProvisionedScimGroupsForEnterprise inside SCIM service (#3467)
    • fix: Add missing query params to AlertListOptions (#3477)
    • Bump version of go-github to v69.1.0 (#3478)
    Commits
    • 0b11dbf Bump version of go-github to v69.2.0 (#3482)
    • e4c974e feat: Add sorting list options for secret scanning (#3481)
    • 81dc7a9 feat: Add JSON marshal tests for dependabot alerts (#3480)
    • 6c46d71 Add helper to get runID from Custom Deployment Protection Rule Event (#3476)
    • f867d00 Bump version of go-github to v69.1.0 (#3478)
    • c4b2cb9 fix: Add missing query params to AlertListOptions (#3477)
    • 77684a4 feat: Add ListProvisionedScimGroupsForEnterprise inside SCIM service (#3467)
    • ce42642 chore: Only use master test runs for status badge (#3475)
    • 26f71a3 Update workflow and tools to use Go1.24 and 1.23 (#3474)
    • 3d4784c build(deps): bump github.com/alecthomas/kong from 1.7.0 to 1.8.0 in /tools (#...
    • Additional commits viewable in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-github/v69&package-manager=go_modules&previous-version=69.0.0&new-version=69.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c118733..962cb58 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/coreos/go-oidc/v3 v3.12.0 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.7.0 - github.com/google/go-github/v69 v69.0.0 + github.com/google/go-github/v69 v69.2.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 diff --git a/go.sum b/go.sum index 5c9d96a..da0fa21 100644 --- a/go.sum +++ b/go.sum @@ -94,8 +94,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github/v69 v69.0.0 h1:YnFvZ3pEIZF8KHmI8xyQQe3mYACdkhnaTV2hr7CP2/w= -github.com/google/go-github/v69 v69.0.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= +github.com/google/go-github/v69 v69.2.0 h1:wR+Wi/fN2zdUx9YxSmYE0ktiX9IAR/BeePzeaUUbEHE= +github.com/google/go-github/v69 v69.2.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= From d0d4c000089edd5e44a603a9ea39ead244bc33c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Feb 2025 11:23:19 +0100 Subject: [PATCH 191/194] Bump google.golang.org/api from 0.222.0 to 0.223.0 (#778) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.222.0 to 0.223.0.
    Release notes

    Sourced from google.golang.org/api's releases.

    v0.223.0

    0.223.0 (2025-02-25)

    Features

    Bug Fixes

    • Copy AllowHardBoundTokens option from old auth to new auth. (#3030) (8cb69d6)
    Changelog

    Sourced from google.golang.org/api's changelog.

    0.223.0 (2025-02-25)

    Features

    Bug Fixes

    • Copy AllowHardBoundTokens option from old auth to new auth. (#3030) (8cb69d6)
    Commits

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.222.0&new-version=0.223.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 962cb58..fd32b7b 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/kelseyhightower/envconfig v1.4.0 golang.org/x/oauth2 v0.27.0 - google.golang.org/api v0.222.0 + google.golang.org/api v0.223.0 google.golang.org/grpc v1.70.0 k8s.io/apimachinery v0.32.2 sigs.k8s.io/yaml v1.4.0 @@ -48,7 +48,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.14.1 // indirect + cloud.google.com/go/auth v0.15.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.4.0 // indirect @@ -76,7 +76,7 @@ require ( github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/stretchr/testify v1.10.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect go.opentelemetry.io/otel v1.34.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect @@ -96,6 +96,6 @@ require ( golang.org/x/time v0.10.0 // indirect google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 // indirect google.golang.org/protobuf v1.36.5 // indirect ) diff --git a/go.sum b/go.sum index da0fa21..d245334 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ chainguard.dev/sdk v0.1.31/go.mod h1:/zqikqbDCBAAlhIDuBl8V4bR9nmB1qLEIn2w9FxzNwI cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.118.2 h1:bKXO7RXMFDkniAAvvuMrAPtQ/VHrs9e7J5UT3yrGdTY= cloud.google.com/go v0.118.2/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M= -cloud.google.com/go/auth v0.14.1 h1:AwoJbzUdxA/whv1qj3TLKwh3XX5sikny2fc40wUl+h0= -cloud.google.com/go/auth v0.14.1/go.mod h1:4JHUxlGXisL0AW8kXPtUF6ztuOksyfUQNFjfsOCXkPM= +cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps= +cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= @@ -192,8 +192,8 @@ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJyS go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/detectors/gcp v1.34.0 h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao= go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= @@ -287,8 +287,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.222.0 h1:Aiewy7BKLCuq6cUCeOUrsAlzjXPqBkEeQ/iwGHVQa/4= -google.golang.org/api v0.222.0/go.mod h1:efZia3nXpWELrwMlN5vyQrD4GmJN1Vw0x68Et3r+a9c= +google.golang.org/api v0.223.0 h1:JUTaWEriXmEy5AhvdMgksGGPEFsYfUKaPEYXd4c3Wvc= +google.golang.org/api v0.223.0/go.mod h1:C+RS7Z+dDwds2b+zoAk5hN/eSfsiCn0UDrYof/M4d2M= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -298,8 +298,8 @@ google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxq google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 h1:35ZFtrCgaAjF7AFAK0+lRSf+4AyYnWRbH7og13p7rZ4= google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:W9ynFDP/shebLB1Hl/ESTOap2jHd6pmLXPNZC7SVDbA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b h1:FQtJ1MxbXoIIrZHZ33M+w5+dAP9o86rgpjoKr/ZmT7k= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 h1:DMTIbak9GhdaSxEjvVzAeNZvyc03I61duqNbnm3SU0M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= From 8e75d77b34ee3b0244dcb86c60d29a8b385b7a6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Feb 2025 12:57:15 -0800 Subject: [PATCH 192/194] Bump chainguard-dev/common/infra from 0.6.125 to 0.6.127 in /modules/app in the all group (#781) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /modules/app with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.125 to 0.6.127
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.127

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.126...v0.6.127

    v0.6.126

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.125...v0.6.126

    Commits
    • 8bf4415 cron: don't parse base_image when importpath="" (#735)
    • b171410 enable cron module to run non-Go images (#734)
    • ad7ae7b build(deps): bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/...
    • 75fe779 cron module to support NFS volumes (#733)
    • 5d0927a build(deps): bump google.golang.org/api from 0.222.0 to 0.223.0 in the gomod ...
    • 4a2e26e build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go...
    • 3c22c48 build(deps): bump the gomod group across 1 directory with 3 updates (#729)
    • 44c3c31 upgrade go to minimum 1.24 (#725)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.125&new-version=0.6.127)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- modules/app/main.tf | 4 ++-- modules/app/webhook.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/app/main.tf b/modules/app/main.tf index 9406143..5d872f1 100644 --- a/modules/app/main.tf +++ b/modules/app/main.tf @@ -60,7 +60,7 @@ module "sts-emits-events" { for_each = var.regions source = "chainguard-dev/common/infra//modules/authorize-private-service" - version = "0.6.125" + version = "0.6.127" project_id = var.project_id region = each.key @@ -71,7 +71,7 @@ module "sts-emits-events" { module "this" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.125" + version = "0.6.127" project_id = var.project_id name = var.name diff --git a/modules/app/webhook.tf b/modules/app/webhook.tf index 0d97530..b500e63 100644 --- a/modules/app/webhook.tf +++ b/modules/app/webhook.tf @@ -7,7 +7,7 @@ resource "random_password" "webhook-secret" { module "webhook-secret" { source = "chainguard-dev/common/infra//modules/configmap" - version = "0.6.125" + version = "0.6.127" project_id = var.project_id name = "${var.name}-webhook-secret" @@ -20,7 +20,7 @@ module "webhook-secret" { module "webhook" { source = "chainguard-dev/common/infra//modules/regional-service" - version = "0.6.125" + version = "0.6.127" project_id = var.project_id name = "${var.name}-webhook" From 3e2594e7732cde2d6fedd621857764ced24ca490 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Feb 2025 12:57:30 -0800 Subject: [PATCH 193/194] Bump chainguard-dev/common/infra from 0.6.125 to 0.6.127 in /iac/bootstrap in the all group (#780) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac/bootstrap with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.125 to 0.6.127
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.127

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.126...v0.6.127

    v0.6.126

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.125...v0.6.126

    Commits
    • 8bf4415 cron: don't parse base_image when importpath="" (#735)
    • b171410 enable cron module to run non-Go images (#734)
    • ad7ae7b build(deps): bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/...
    • 75fe779 cron module to support NFS volumes (#733)
    • 5d0927a build(deps): bump google.golang.org/api from 0.222.0 to 0.223.0 in the gomod ...
    • 4a2e26e build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go...
    • 3c22c48 build(deps): bump the gomod group across 1 directory with 3 updates (#729)
    • 44c3c31 upgrade go to minimum 1.24 (#725)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.125&new-version=0.6.127)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/bootstrap/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/iac/bootstrap/main.tf b/iac/bootstrap/main.tf index a413d30..3c978af 100644 --- a/iac/bootstrap/main.tf +++ b/iac/bootstrap/main.tf @@ -20,7 +20,7 @@ locals { module "github-wif" { source = "chainguard-dev/common/infra//modules/github-wif-provider" - version = "0.6.125" + version = "0.6.127" project_id = var.project_id name = "github-pool" @@ -41,7 +41,7 @@ moved { module "github_identity" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.125" + version = "0.6.127" project_id = var.project_id name = "github-identity" @@ -68,7 +68,7 @@ resource "google_project_iam_member" "github_owner" { module "github_pull_requests" { source = "chainguard-dev/common/infra//modules/github-gsa" - version = "0.6.125" + version = "0.6.127" project_id = var.project_id name = "github-pull-requests" From e16b42144a58809e77b1ed84e2646e2f9cd3b48b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Feb 2025 13:18:15 -0800 Subject: [PATCH 194/194] Bump chainguard-dev/common/infra from 0.6.125 to 0.6.127 in /iac in the all group (#782) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group in /iac with 1 update: [chainguard-dev/common/infra](https://github.com/chainguard-dev/terraform-infra-common). Updates `chainguard-dev/common/infra` from 0.6.125 to 0.6.127
    Release notes

    Sourced from chainguard-dev/common/infra's releases.

    v0.6.127

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.126...v0.6.127

    v0.6.126

    What's Changed

    Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.125...v0.6.126

    Commits
    • 8bf4415 cron: don't parse base_image when importpath="" (#735)
    • b171410 enable cron module to run non-Go images (#734)
    • ad7ae7b build(deps): bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/...
    • 75fe779 cron module to support NFS volumes (#733)
    • 5d0927a build(deps): bump google.golang.org/api from 0.222.0 to 0.223.0 in the gomod ...
    • 4a2e26e build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go...
    • 3c22c48 build(deps): bump the gomod group across 1 directory with 3 updates (#729)
    • 44c3c31 upgrade go to minimum 1.24 (#725)
    • See full diff in compare view

    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chainguard-dev/common/infra&package-manager=terraform&previous-version=0.6.125&new-version=0.6.127)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
    Dependabot commands and options
    You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
    Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- iac/broker.tf | 4 ++-- iac/gclb.tf | 2 +- iac/main.tf | 2 +- iac/prober.tf | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/iac/broker.tf b/iac/broker.tf index f9d4527..6d8a94b 100644 --- a/iac/broker.tf +++ b/iac/broker.tf @@ -1,7 +1,7 @@ // Create the Broker abstraction. module "cloudevent-broker" { source = "chainguard-dev/common/infra//modules/cloudevent-broker" - version = "0.6.125" + version = "0.6.127" name = "octo-sts-broker" project_id = var.project_id @@ -14,7 +14,7 @@ data "google_client_openid_userinfo" "me" {} module "cloudevent-recorder" { source = "chainguard-dev/common/infra//modules/cloudevent-recorder" - version = "0.6.125" + version = "0.6.127" name = "octo-sts-recorder" project_id = var.project_id diff --git a/iac/gclb.tf b/iac/gclb.tf index 3da4b8e..6517d82 100644 --- a/iac/gclb.tf +++ b/iac/gclb.tf @@ -23,7 +23,7 @@ resource "google_dns_managed_zone" "top-level-zone" { // Put the above domain in front of our regional services. module "serverless-gclb" { source = "chainguard-dev/common/infra//modules/serverless-gclb" - version = "0.6.125" + version = "0.6.127" name = var.name project_id = var.project_id diff --git a/iac/main.tf b/iac/main.tf index 5450370..00ca2b8 100644 --- a/iac/main.tf +++ b/iac/main.tf @@ -5,7 +5,7 @@ provider "ko" { repo = "gcr.io/${var.project_id}" } // Create a network with several regional subnets module "networking" { source = "chainguard-dev/common/infra//modules/networking" - version = "0.6.125" + version = "0.6.127" name = var.name project_id = var.project_id diff --git a/iac/prober.tf b/iac/prober.tf index 52921a5..aa7d890 100644 --- a/iac/prober.tf +++ b/iac/prober.tf @@ -5,7 +5,7 @@ resource "google_service_account" "prober" { module "prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.125" + version = "0.6.127" name = "octo-sts-prober" project_id = var.project_id @@ -32,7 +32,7 @@ resource "google_service_account" "negative_prober" { module "negative_prober" { source = "chainguard-dev/common/infra//modules/prober" - version = "0.6.125" + version = "0.6.127" name = "octo-sts-negative-prober" project_id = var.project_id @@ -54,7 +54,7 @@ module "negative_prober" { module "dashboard" { source = "chainguard-dev/common/infra//modules/dashboard/service" - version = "0.6.125" + version = "0.6.127" service_name = var.name project_id = var.project_id