build(deps): bump the go-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the go-dependencies group with 8 updates in the / directory:

Package	From	To
github.com/BurntSushi/toml	1.3.2	1.4.0
github.com/GoogleContainerTools/kaniko	1.22.0	1.23.2
github.com/buildpacks/lifecycle	0.19.6	0.20.1
github.com/google/go-containerregistry	0.20.0	0.20.2
github.com/onsi/gomega	1.33.1	1.34.1
golang.org/x/crypto	0.25.0	0.26.0
golang.org/x/mod	0.19.0	0.20.0
golang.org/x/oauth2	0.21.0	0.22.0

Updates github.com/BurntSushi/toml from 1.3.2 to 1.4.0

Release notes

Sourced from github.com/BurntSushi/toml's releases.

v1.4.0

This version requires Go 1.18

• Add toml.Marshal() (#405)

• Require 2-digit hour (#320)

• Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError for position information (#398)

• Fix inline tables with dotted keys inside inline arrays (e.g. k=[{a.b=1}]) (#400)

Commits

• 1e2c053 Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()
• f8f7e48 Update toml-test
• 9a80667 Add -json flag to tomlv
• 3203540 fuzz: move fuzz_targets from oss-fuzz (#406)
• 77ce858 Add Marshal Function (#405)
• 0e879cb Fix panic when trying to set subkey for a value that's not a table
• c299e75 Update toml-test
• 4223137 Fix inline tables with dotted keys inside inline arrays (#400)
• 45e7e49 Update toml-test
• c320c2d Fix utf8.RuneError test
• Additional commits viewable in compare view

Updates github.com/GoogleContainerTools/kaniko from 1.22.0 to 1.23.2

Release notes

Sourced from github.com/GoogleContainerTools/kaniko's releases.

v1.23.2 Release 2024-07-09

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.23.2
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.23.2-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.23.2-slim

v1.23.2 is a patch release updating kaniko dependency version. See below for the specific deps that were updated.

Dependency Updates:

• chore(deps): bump github.com/moby/buildkit and github.com/docker/docker #3242
• chore(deps): bump docker/build-push-action from 6.1.0 to 6.3.0 #3236
• chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 #3235
• chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 #3237
• chore(deps): bump google.golang.org/api from 0.185.0 to 0.187.0 #3238
• chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.17.1 to 1.17.5 #3239
• chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.24 to 1.17.1 #3220
• chore(deps): bump docker/build-push-action from 6.0.0 to 6.1.0 #3218
• chore(deps): bump google.golang.org/api from 0.183.0 to 0.185.0 #3219
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.56.1 #3221
• chore(deps): bump docker/build-push-action from 5.3.0 to 6.0.0 #3212
• chore(deps): bump cloud.google.com/go/storage from 1.41.0 to 1.42.0 #3204
• chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 #3205
• chore(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 #3206
• chore(deps): bump imjasonh/setup-crane from 0.3 to 0.4 #3210
• chore(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 #3190
• chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.21 to 1.16.24 #3191
• chore(deps): bump google.golang.org/api from 0.182.0 to 0.183.0 #3192
• chore(deps): bump github.com/containerd/containerd from 1.7.17 to 1.7.18 #3193
• chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.2 #3194

Huge thank you for this release towards our contributors:

• Aaron Prindle
• dependabot[bot]

v1.23.1 Release 2024-06-07

The executor images in this release are:

... (truncated)

Changelog

Sourced from github.com/GoogleContainerTools/kaniko's changelog.

v1.23.2 Release 2024-07-09

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.23.2
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.23.2-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.23.2-slim

• deps: bump github.com/moby/buildkit and github.com/docker/docker #3242
• chore(deps): bump docker/build-push-action from 6.1.0 to 6.3.0 #3236
• chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 #3235
• chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 #3237
• chore(deps): bump google.golang.org/api from 0.185.0 to 0.187.0 #3238
• chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.17.1 to 1.17.5 #3239
• chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.24 to 1.17.1 #3220
• chore(deps): bump docker/build-push-action from 6.0.0 to 6.1.0 #3218
• chore(deps): bump google.golang.org/api from 0.183.0 to 0.185.0 #3219
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.56.1 #3221
• chore(deps): bump docker/build-push-action from 5.3.0 to 6.0.0 #3212
• chore(deps): bump cloud.google.com/go/storage from 1.41.0 to 1.42.0 #3204
• chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 #3205
• chore(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 #3206
• chore(deps): bump imjasonh/setup-crane from 0.3 to 0.4 #3210
• chore(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 #3190
• chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.21 to 1.16.24 #3191
• chore(deps): bump google.golang.org/api from 0.182.0 to 0.183.0 #3192
• chore(deps): bump github.com/containerd/containerd from 1.7.17 to 1.7.18 #3193
• chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.2 #3194

Huge thank you for this release towards our contributors:

• Aaron Prindle
• dependabot[bot]

v1.23.1 Release 2024-06-07

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.23.1
</tr></table> 

... (truncated)

Commits

• 1ae9a84 chore(release): release v1.23.2 (#3243)
• 5283199 deps: bump github.com/moby/buildkit and github.com/docker/docker (#3242)
• 38f1ad8 chore(deps): bump docker/build-push-action from 6.1.0 to 6.3.0 (#3236)
• 1769774 chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 (#3235)
• 3dc85a1 chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#3237)
• 22dfb05 chore(deps): bump google.golang.org/api from 0.185.0 to 0.187.0 (#3238)
• c5d3495 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager (#3239)
• d6aab15 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager (#3220)
• 31f27d6 chore(deps): bump docker/build-push-action from 6.0.0 to 6.1.0 (#3218)
• a3e7508 chore(deps): bump google.golang.org/api from 0.183.0 to 0.185.0 (#3219)
• Additional commits viewable in compare view

Updates github.com/buildpacks/lifecycle from 0.19.6 to 0.20.1

Release notes

Sourced from github.com/buildpacks/lifecycle's releases.

v0.20.1

lifecycle v0.20.1

Welcome to v0.20.1, a release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker (compatible) daemon or an OCI registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.20.1.

Features

Bugfixes

• Fix run-image access check in restorer phase (#1386 by @​pbusko and @​nicolasbender )
• When setting up buildpack env, process layers for a given buildpack in alphabetical order (#1394 by @​natalieparellano)

Chores

• Updates go to version 1.22.6
• #1390 docker from 26.1.4+incompatible to 26.1.5+incompatible
• #1384 Adapt tools/test-fork/sh to current GitHub Actions workflows

Full Changelog: buildpacks/lifecycle@v0.20.0...release/0.20.1

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:

@​pbusko @​nicolasbender @​natalieparellano @​jabrown85 @​hhiroshell

lifecycle v0.20.0

Welcome to v0.20.0, a release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker (compatible) daemon or an OCI registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

... (truncated)

Commits

• 13adc3a Merge pull request #1390 from buildpacks/dependabot/go_modules/github.com/doc...
• 2e76236 When setting up buildpack env, process layers for a given buildpack in alphab...
• 191e6c4 Bump github.com/docker/docker
• a43d599 Fix run-image access check in restorer phase (#1386)
• 9f262b3 Adapt tools/test-fork.sh to the current GitHub Action workflows. (#1384)
• df6be88 Recover corrupted cache (#1381)
• a87e12e Surface registry error (#1376)
• 12e2de8 Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#1375)
• 4c40dca Bump the go-dependencies group across 1 directory with 6 updates (#1373)
• 04f1ad1 Fix CNB_TARGET_* env vars on older Platform API (#1374)
• Additional commits viewable in compare view

Updates github.com/docker/docker from 26.1.4+incompatible to 27.0.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.0.3

27.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.0.3 milestone
• moby/moby, 27.0.3 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix a regression that incorrectly reported a port mapping from a host IPv6 address to an IPv4-only container as an error. moby/moby#48090
• Fix a regression that caused duplicate subnet allocations when creating networks. moby/moby#48089
• Fix a regression resulting in "fail to register layer: failed to Lchown" errors when trying to pull an image with rootless enabled on a system that supports native overlay with user-namespaces. moby/moby#48086

v27.0.2

27.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.0.2 milestone
• moby/moby, 27.0.2 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix a regression that caused port numbers to be ignored when parsing a Docker registry URL. docker/cli#5197, docker/cli#5198

Removed

• api/types: deprecate ContainerJSONBase.Node field and ContainerNode type. These definitions were used by the standalone ("classic") Swarm API, but never implemented in the Docker Engine itself. moby/moby#48055

v27.0.1

27.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.0.0 milestone
• moby/moby, 27.0.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

New

• containerd image store: Add --platform flag to docker image push and improve the default behavior when not all platforms of the multi-platform image are available locally. docker/cli#4984, moby/moby#47679
• Add support to docker stack deploy for driver_opts in a service's networks. docker/cli#5125
• Consider additional /usr/local/libexec and /usr/libexec paths when looking up the userland proxy binaries by a name with a docker- prefix. moby/moby#47804

Bug fixes and enhancements

... (truncated)

Commits

• 662f78c Merge pull request #48090 from thaJeztah/27.0_backport_48067_fix_specific_ipv...
• b86d9bd Merge pull request #48086 from thaJeztah/27.0_backport_fix_rootless_pull
• 0dbc3ac Merge pull request #48087 from thaJeztah/27.0_backport_gofmt
• 276a648 Fix incorrect validation of port mapping
• 22aa07b Merge pull request #48089 from robmry/backport-27.0/48069_fix_overlapping_sub...
• 23b8b02 Fix duplicate subnet allocations
• bf222d6 fix some gofmt issues reported by goreportcard
• f8231b5 daemon/graphdriver/overlay2: set TarOptions.InUserNS for native differ
• b951474 pkg/archive: createTarFile: consistently use the same value for userns
• c5794e2 pkg/archive: handleTarTypeBlockCharFifo: don't discard EPERM errors
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.0 to 0.20.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.2

What's Changed

• deps: bump docker dep by @​imjasonh in google/go-containerregistry#1991

Full Changelog: google/go-containerregistry@v0.20.1...v0.20.2

v0.20.1

What's Changed

• Create remote.Push by @​mattmoor in google/go-containerregistry#1978

Full Changelog: google/go-containerregistry@v0.20.0...v0.20.1

Commits

• c195f15 deps: bump docker dep (#1991)
• c3d1dcc Create remote.Push (#1978)
• See full diff in compare view

Updates github.com/onsi/gomega from 1.33.1 to 1.34.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.1

1.34.1

Maintenance

• Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

v1.34.0

1.34.0

Features

• Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

• fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
• issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

• bump ginkgo [8af2ece]
• Fix typo in docs [123a071]
• Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
• Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
• Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
• Bump github-pages from 230 to 231 in /docs (#748) [892c303]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.1

Maintenance

• Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

1.34.0

Features

• Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

• fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
• issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

• bump ginkgo [8af2ece]
• Fix typo in docs [123a071]
• Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
• Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
• Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
• Bump github-pages from 230 to 231 in /docs (#748) [892c303]

Commits

• fa057b8 v1.34.1
• 5e71dcd Use slices from exp/slices to keep golang 1.20 compat
• 32e5498 v1.34.0
• cb3fa6a run go mod tidy and wonder why go get doesnt just run it for me in the first ...
• 8af2ece bump ginkgo
• 878940c fix incorrect handling of nil slices in HaveExactElements (fixes #771)
• f5bec80 clean up bipartitegraph tests
• ebadb67 issue_765 - fixed bug in Hopcroft-Karp algorithm
• 123a071 Fix typo in docs
• c549e0d Add RoundTripper method to ghttp.Server
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.25.0 to 0.26.0

Commits

• 5bcd010 go.mod: update golang.org/x dependencies
• 3375612 ssh: add support for unpadded RSA signatures
• bb80217 ssh: don't use dsa keys in integration tests
• 6879722 ssh: remove go 1.21+ dependency on slices
• e983fa2 sha3: Avo port of keccakf_amd64.s
• 80fd972 LICENSE: update per Google Legal
• f2bc3a6 x509roots/fallback/internal/goissue52287: delete
• d66d9c3 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/mod from 0.19.0 to 0.20.0

Commits

• bc151c4 README: fix link to x/tools
• d1f873e modfile: fix Cleanup clobbering Line reference
• b56a28f modfile: Add support for tool lines
• 79169e9 LICENSE: update per Google Legal
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.21.0 to 0.22.0

Commits

• 6d8340f LICENSE: update per Google Legal
• See full diff in compare view

Updates golang.org/x/sync from 0.7.0 to 0.8.0

Commits

• 411f99e LICENSE: update per Google Legal
• See full diff in compare view

Updates golang.org/x/sys from 0.22.0 to 0.23.0

Commits

• aa1c4c8 unix: provide Mount on openbsd
• cde4660 unix: add linux mseal system call
• 31ef9e7 unix: update to Linux kernel 6.10
• d03a807 unix: update glibc to 2.40
• beb5949 windows: correctly generate GetAce syscall
• 7bb0bf7 cpu: add Int8 matrix multiplication instructions CPU feature flag for ARM64
• bce4cf7 windows: add GetKeyboardLayout & ToUnicodeEx
• 0eac9b5 windows: add flags for GetAdaptersAddresses
• 0c18c88 cpu: add DIT option and hwcap DIT support
• dce4e64 LICENSE: update per Google Legal
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.22.0 to 0.23.0

Commits

• d598954 go.mod: update golang.org/x dependencies
• d4346f0 LICENSE: update per Google Legal
• See full diff in compare view

Updates golang.org/x/text from 0.16.0 to 0.17.0

Commits

• b2bec85 go.mod: update golang.org/x dependencies
• ae0cf96 LICENSE: update per Google Legal
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #64.