Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go-minor group across 3 directories with 8 updates #1513

Closed
wants to merge 1 commit into from
Closed

Bump the go-minor group across 3 directories with 8 updates #1513

wants to merge 1 commit into from
+88 −88

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 27, 2025
edited
Loading

Bumps the go-minor group with 7 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2 1.32.8 1.34.0
github.com/aws/aws-sdk-go-v2/config 1.28.10 1.29.2
github.com/aws/aws-sdk-go-v2/service/s3 1.72.2 1.74.1
github.com/cyphar/filepath-securejoin 0.3.5 0.4.0
github.com/fluxcd/pkg/apis/event 0.13.0 0.15.0
google.golang.org/grpc 1.69.4 1.70.0
sigs.k8s.io/controller-runtime 0.19.4 0.20.1

Bumps the go-minor group with 1 update in the /api directory: sigs.k8s.io/controller-runtime.
Bumps the go-minor group with 2 updates in the /tfctl directory: sigs.k8s.io/controller-runtime and sigs.k8s.io/kustomize/kyaml.

Updates github.com/aws/aws-sdk-go-v2 from 1.32.8 to 1.34.0

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.28.10 to 1.29.2

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.72.2 to 1.74.1

Commits

Updates github.com/cyphar/filepath-securejoin from 0.3.5 to 0.4.0

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.4.0

This release primarily includes a few minor breaking changes to make the MkdirAll and SecureJoin interfaces more robust against accidental misuse.

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

Thanks to the following contributors for helping make this release possible:

Signed-off-by: Aleksa Sarai [email protected]

v0.3.6

This release lowers the minimum Go version to Go 1.18 as well as some library dependencies, in order to make it easier for folks that need to backport patches using the new filepath-securejoin API onto branches

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.4.0] - 2025-01-13

Breaking

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

[0.3.6] - 2024-12-17

Compatibility

  • The minimum Go version requirement for filepath-securejoin is now Go 1.18 (we use generics internally).

    For reference, [email protected] somewhat-arbitrarily bumped the Go version requirement to 1.21.

    While we did make some use of Go 1.21 stdlib features (and in principle Go versions <= 1.21 are no longer even supported by upstream anymore), some downstreams have complained that the version bump has meant that they have to do workarounds when backporting fixes that use the new filepath-securejoin API onto old branches. This is not an ideal situation, but since using this library is probably better for most downstreams than a hand-rolled

... (truncated)

Commits
  • 9a17e6b VERSION: release v0.4.0
  • e410d4a merge #44 into cyphar/filepath-securejoin:main
  • ea4e5b6 gha: add GOARCH=386 build check
  • 0c2fbe6 mkdirall: switch to os.FileMode argument
  • f3a512c merge #43 into cyphar/filepath-securejoin:main
  • bc750ad join: return an error if root is unclean path
  • 1be4136 gha: always check for latest Go release
  • b498783 merge #38 into cyphar/filepath-securejoin:main
  • 682d3ad VERSION: back to development
  • 200008e VERSION: release v0.3.6
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.13.0 to 0.15.0

Commits
  • cc785fa Merge pull request #686 from fluxcd/k8s-1.28
  • 1d7d31b all: Group github.com/fluxcd/cli-utils imports
  • 09ba5d8 runtime: Add pprof.GetHandlers to help setup the metrics server
  • 768085d runtime: Update sigs.k8s.io/controller-runtime to v0.16.3
  • 2e007cb ssa: Update Kubernetes to v1.28.4
  • e7686cf kustomize: Update Kustomize to v5.2.1
  • 3be575d oci: Update sigs.k8s.io/controller-runtime to v0.16.3
  • 7f72436 helmtestserver: Update Helm to v3.13.2
  • fe543f5 git: Update golang.org/x/crypto to v0.15.0
  • 129adfd apis: Update Kubernetes to v1.28
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.69.4 to 1.70.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.70.0

Behavior Changes

  • client: reject service configs containing an invalid retryPolicy in accordance with gRFCs A21 and A6. (#7905)
    • Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.

New Features

  • xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable GRPC_EXPERIMENTAL_XDS_FALLBACK to false. (#7949)
  • experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (#7980)
    • These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.

Bug Fixes

  • xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (#8011)

Performance

  • server: for unary requests, free raw request message data as soon as parsing is finished instead of waiting until the method handler returns. (#7998)

Documentation

  • examples/features/gracefulstop: add example to demonstrate server graceful stop. (#7865)
Commits
  • 98a0092 Change version to 1.70.0 (#7984)
  • bf380de Cherrypick #7998, #8011, #8010 into 1.70.x (#8028)
  • 54b3eb9 experimental/credentials: Add credentials that don't enforce ALPN (#7980) (#8...
  • 62b9185 clustetresolver: Copy endpoints.Addresses slice from DNS updates to avoid dat...
  • 724f450 examples/features/csm_observability: use helloworld client and server instead...
  • e8d5feb rbac: add method name to :path in headers (#7965)
  • e912015 cleanup: Fix usages of non-constant format strings (#7959)
  • 681334a cleanup: replace dial with newclient (#7943)
  • 063d352 internal/resolver: introduce a new resolver to handle target URI and proxy ad...
  • 10c7e13 outlierdetection: Support health listener for ejection updates (#7908)
  • Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.0...v0.20.1

v0.20.0

Highlights

  • Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
  • New experimental priority queue feature
    • More details in #3013 and #2374
    • Can be enabled via manager.Options.Controller.UsePriorityQueue
    • Please give it a try and provide feedback in #2374
  • AggregatedDiscovery is automatically used when available (#2901)
  • As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

  • Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
  • logging: Stop deduplicating API warnings by default (#2953)
  • webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
  • webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
  • cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

  • cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
  • cache: Export NewInformer option (#3061)
  • cert-watcher: Add polling (#3020 #3050)
  • controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
  • fake client: Allow adding indexes at runtime (#3021)
  • fake client: Add support for ServiceAccountToken subresource (#2969)
  • restmapper: Use AggregatedDiscovery if available (#2901)
  • util: Add HasOwnerReference func (#2882)
  • webhook: Add custom path option (#2998)

🐛 Bug Fixes

  • controller: Error when source.Start() never returns (#2997 #3006 #3008)
  • fake client: Don't return items on invalid selector (#3022)
  • fake client: Fix TOCTOU races (#2980)
  • fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)

... (truncated)

Commits
  • 626b2f3 Merge pull request #3089 from k8s-infra-cherrypick-robot/cherry-pick-3085-to-...
  • 64cb665 bug: Priorityqueue: Yet another queue_depth metric fix
  • 791b6c9 Merge pull request #3088 from k8s-infra-cherrypick-robot/cherry-pick-3075-to-...
  • 99a4044 🌱 Add debug logging for the state of the priority queue
  • f33705e [release-0.20] 🐛fix(controller): support WaitForSync in custom TypedSyncingSo...
  • 571c31a Merge pull request #3079 from k8s-infra-cherrypick-robot/cherry-pick-3078-to-...
  • 8d66e89 cache: clone maps to prevent data race when concurrently creating caches usin...
  • aa3f342 [release-0.20] 🐛 Check to see if custom source implements fmt.Stringer when l...
  • 8f7e114 Merge pull request #3074 from sbueringer/pr-fix-fake-list
  • 3b23354 fake client: preserve TypeMeta during List call with UnstructuredList
  • Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.0...v0.20.1

v0.20.0

Highlights

  • Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
  • New experimental priority queue feature
    • More details in #3013 and #2374
    • Can be enabled via manager.Options.Controller.UsePriorityQueue
    • Please give it a try and provide feedback in #2374
  • AggregatedDiscovery is automatically used when available (#2901)
  • As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

  • Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
  • logging: Stop deduplicating API warnings by default (#2953)
  • webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
  • webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
  • cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

  • cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
  • cache: Export NewInformer option (#3061)
  • cert-watcher: Add polling (#3020 #3050)
  • controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
  • fake client: Allow adding indexes at runtime (#3021)
  • fake client: Add support for ServiceAccountToken subresource (#2969)
  • restmapper: Use AggregatedDiscovery if available (#2901)
  • util: Add HasOwnerReference func (#2882)
  • webhook: Add custom path option (#2998)

🐛 Bug Fixes

  • controller: Error when source.Start() never returns (#2997 #3006 #3008)
  • fake client: Don't return items on invalid selector (#3022)
  • fake client: Fix TOCTOU races (#2980)
  • fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)

... (truncated)

Commits
  • 626b2f3 Merge pull request #3089 from k8s-infra-cherrypick-robot/cherry-pick-3085-to-...
  • 64cb665 bug: Priorityqueue: Yet another queue_depth metric fix
  • 791b6c9 Merge pull request #3088 from k8s-infra-cherrypick-robot/cherry-pick-3075-to-...
  • 99a4044 🌱 Add debug logging for the state of the priority queue
  • f33705e [release-0.20] 🐛fix(controller): support WaitForSync in custom TypedSyncingSo...
  • 571c31a Merge pull request #3079 from k8s-infra-cherrypick-robot/cherry-pick-3078-to-...
  • 8d66e89 cache: clone maps to prevent data race when concurrently creating caches usin...
  • aa3f342 [release-0.20] 🐛 Check to see if custom source implements fmt.Stringer when l...
  • 8f7e114 Merge pull request #3074 from sbueringer/pr-fix-fake-list
  • 3b23354 fake client: preserve TypeMeta during List call with UnstructuredList
  • Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.0...v0.20.1

v0.20.0

Highlights

  • Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
  • New experimental priority queue feature
    • More details in #3013 and #2374
    • Can be enabled via manager.Options.Controller.UsePriorityQueue
    • Please give it a try and provide feedback in #2374
  • AggregatedDiscovery is automatically used when available (#2901)
  • As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

  • Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
  • logging: Stop deduplicating API warnings by default (#2953)
  • webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
  • webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
  • cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

  • cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
  • cache: Export NewInformer option (#3061)
  • cert-watcher: Add polling (#3020 #3050)
  • controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
  • fake client: Allow adding indexes at runtime (#3021)
  • fake client: Add support for ServiceAccountToken subresource (#2969)
  • restmapper: Use AggregatedDiscovery if available (#2901)
  • util: Add HasOwnerReference func (#2882)
  • webhook: Add custom path option (#2998)

🐛 Bug Fixes

  • controller: Error when source.Start() never returns (#2997 #3006 #3008)
  • fake client: Don't return items on invalid selector (#3022)
  • fake client: Fix TOCTOU races (#2980)
  • fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)

... (truncated)

Commits
  • 626b2f3 Merge pull request #3089 from k8s-infra-cherrypick-robot/cherry-pick-3085-to-...
  • 64cb665 bug: Priorityqueue: Yet another queue_depth metric fix
  • 791b6c9 Merge pull request #3088 from k8s-infra-cherrypick-robot/cherry-pick-3075-to-...
  • 99a4044 🌱 Add debug logging for the state of the priority queue
  • f33705e [release-0.20] 🐛fix(controller): support WaitForSync in custom TypedSyncingSo...
  • 571c31a Merge pull request #3079 from k8s-infra-cherrypick-robot/cherry-pick-3078-to-...
  • 8d66e89 cache: clone maps to prevent data race when concurrently creating caches usin...
  • aa3f342 [release-0.20] 🐛 Check to see if custom source implements fmt.Stringer when l...
  • 8f7e114 Merge pull request #3074 from sbueringer/pr-fix-fake-list
  • 3b23354 fake client: preserve TypeMeta during List call with UnstructuredList
  • Additional commits viewable in compare view

Updates sigs.k8s.io/kustomize/kyaml from 0.18.1 to 0.19.0

Release notes

Sourced from sigs.k8s.io/kustomize/kyaml's releases.

api/v0.19.0

Announce

This release introduces a unified internal package version (v0.19.0) across the entire kustomize repository. ref. kubernetes-sigs/kustomize#5800

Chore

#5810: Better error message on undefined loader behavior.

Dependencies

#5825: Update to latest kube-opeapi to drop govalidator dependency #5830: downgrade go-difflib and go-spew to tagged releases #5837: Update kyaml to v0.19.0

cmd/config/v0.19.0

Caution

This release of cmd/config module skipped a few versions(v0.15.0 -> v0.19.0) to unify each pkg version in the kustomize repo. ref. kubernetes-sigs/kustomize#5800

Announce

This release introduces a unified internal package version (v0.19.0) across the entire kustomize repository.

Dependencies

#5825: Update to latest kube-opeapi to drop govalidator dependency #5830: downgrade go-difflib and go-spew to tagged releases #5837: Update kyaml to v0.19.0

kyaml/v0.19.0

Announce

This release introduces a unified internal package version (v0.19.0) across the entire kustomize repository. ref. kubernetes-sigs/kustomize#5800

Dependencies

#5825: Update to latest kube-opeapi to drop govalidator dependency #5830: downgrade go-difflib and go-spew to tagged releases

Commits
  • b69e765 Merge pull request #5839 from koba1t/pinToCmdConfig
  • 8a51255 Update cmd/config to v0.19.0
  • ce667b7 Merge pull request #5837 from koba1t/pinToKyaml
  • 1b33db5 Update kyaml to v0.19.0
  • 880a7a0 add go work verification step for github actions (#5833)
  • 2867f35 downgrade go-difflib and go-spew to tagged releases (#5830)
  • 214aa2a Merge pull request #5823 from kubernetes-sigs/dependabot/go_modules/hack/gola...
  • 6f62ee7 build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 in /hack
  • fcc9537 Merge pull request #5825 from dims/update-to-latest-kube-api-to-drop-govalida...
  • 84e6594 Update golangci/golangci-lint to v1.56.2
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-minor group across 3 directories with 8 updates

Verified

This commit was signed with the committer’s verified signature.
nickvergessen Joas Schilling
GPG key ID: F72FA5B49FFA96B0
Verified
Learn about vigilant mode
Loading
Loading status checks…
2dfc7e2 
Bumps the go-minor group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.32.8` | `1.34.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.10` | `1.29.2` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.72.2` | `1.74.1` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.3.5` | `0.4.0` |
| [github.com/fluxcd/pkg/apis/event](https://github.com/fluxcd/pkg) | `0.13.0` | `0.15.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.69.4` | `1.70.0` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.19.4` | `0.20.1` |

Bumps the go-minor group with 1 update in the /api directory: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime).
Bumps the go-minor group with 2 updates in the /tfctl directory: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) and [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize).


Updates `github.com/aws/aws-sdk-go-v2` from 1.32.8 to 1.34.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@v1.32.8...v1.34.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.10 to 1.29.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@config/v1.28.10...config/v1.29.2)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.72.2 to 1.74.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.72.2...service/s3/v1.74.1)

Updates `github.com/cyphar/filepath-securejoin` from 0.3.5 to 0.4.0
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.3.5...v0.4.0)

Updates `github.com/fluxcd/pkg/apis/event` from 0.13.0 to 0.15.0
- [Commits](fluxcd/pkg@git/v0.13.0...git/v0.15.0)

Updates `google.golang.org/grpc` from 1.69.4 to 1.70.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.69.4...v1.70.0)

Updates `sigs.k8s.io/controller-runtime` from 0.19.4 to 0.20.1
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.19.4...v0.20.1)

Updates `sigs.k8s.io/controller-runtime` from 0.19.4 to 0.20.1
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.19.4...v0.20.1)

Updates `sigs.k8s.io/controller-runtime` from 0.19.4 to 0.20.1
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.19.4...v0.20.1)

Updates `sigs.k8s.io/kustomize/kyaml` from 0.18.1 to 0.19.0
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](kubernetes-sigs/kustomize@kyaml/v0.18.1...api/v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: github.com/fluxcd/pkg/apis/event
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
- dependency-name: sigs.k8s.io/kustomize/kyaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added area/ci Continuous Integration pipeline dependencies Dependency management for library and code labels Jan 27, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 3, 2025

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Feb 3, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/go-minor-04177166e0 branch February 3, 2025 05:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/ci Continuous Integration pipeline dependencies Dependency management for library and code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants