Bump the backend group across 1 directory with 13 updates

[dependabot]

Bumps the backend group with 10 updates in the / directory:

Package	From	To
github.com/Masterminds/semver/v3	3.2.1	3.3.0
github.com/aquasecurity/trivy	0.53.0	0.54.1
github.com/google/go-containerregistry	0.20.1	0.20.2
github.com/open-policy-agent/opa	0.67.0	0.68.0
github.com/operator-framework/api	0.26.0	0.27.0
github.com/rs/cors	1.11.0	1.11.1
github.com/tektoncd/pipeline	0.62.0	0.63.0
golang.org/x/oauth2	0.21.0	0.22.0
google.golang.org/api	0.189.0	0.195.0
helm.sh/helm/v3	3.15.3	3.15.4

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

• Fix: bad package in README by @​sdelicata in Masterminds/semver#226
• Updating the GitHub Actions and versions of Go used by @​mattfarina in Masterminds/semver#229
• Fix spelling in README by @​robinschneider in Masterminds/semver#222
• Adding go build cache to fuzz output by @​mattfarina in Masterminds/semver#232
• Add caching to fuzz testing by @​mattfarina in Masterminds/semver#234
• updating github actions by @​mattfarina in Masterminds/semver#235
• feat: nil version equality by @​KnutZuidema in Masterminds/semver#213
• add >= and <= by @​grosser in Masterminds/semver#238
• doc: hyphen range constraint without whitespace by @​johnnychen94 in Masterminds/semver#216
• Removing reference to vert by @​mattfarina in Masterminds/semver#245
• simplify StrictNewVersion by @​grosser in Masterminds/semver#241
• Updating the testing version of Go used by @​mattfarina in Masterminds/semver#246
• bumping min version in go.mod based on what's tested by @​mattfarina in Masterminds/semver#248
• Updating changelog for 3.3.0 by @​mattfarina in Masterminds/semver#249

New Contributors

• @​sdelicata made their first contribution in Masterminds/semver#226
• @​robinschneider made their first contribution in Masterminds/semver#222
• @​KnutZuidema made their first contribution in Masterminds/semver#213
• @​grosser made their first contribution in Masterminds/semver#238
• @​johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

• #238: Add LessThanEqual and GreaterThanEqual functions (thanks @​grosser)
• #213: nil version equality checking (thanks @​KnutZuidema)

Changed

• #241: Simplify StrictNewVersion parsing (thanks @​grosser)
• Testing support up through Go 1.23
• Minimum version set to 1.21 as this is what's tested now
• Fuzz testing now supports caching

Commits

• e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
• e80c4ea Updating changelog for 3.3.0
• 80427ad Merge pull request #248 from mattfarina/bump-min-version
• b610837 bumping min version in go.mod based on what's tested
• a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
• 7c178cf Updating the testing version of Go used
• 29f94c1 Merge pull request #241 from grosser/grosser/validate
• 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
• b55476a Removing reference to vert
• d07450b simplify StrictNewVersion
• Additional commits viewable in compare view

Updates github.com/aquasecurity/trivy from 0.53.0 to 0.54.1

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.54.1

Changelog

• 854c61d34a550a9fcbab3bc59e55b868c15d1962 release: v0.54.1 [release/v0.54] (#7282)
• 334a1c293bb3d490af2a6d80732f399efaac22f7 fix(flag): incorrect behavior for deprected flag --clear-cache [backport: release/v0.54] (#7285)
• f61725c28b56d80fb46395479842a2ab0c517c5f fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283)
• a7b7117fe2c9608e990b42e702cc83675c48f888 fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279)

v0.54.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#7268

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0540-2024-07-30

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.54.1 (2024-07-31)

Bug Fixes

• flag: incorrect behavior for deprected flag --clear-cache [backport: release/v0.54] (#7285) (334a1c2)
• java: Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) (f61725c)
• plugin: do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) (a7b7117)

0.54.0 (2024-07-30)

Features

• add log.FilePath() function for logger (#7080) (1f5f348)
• add openSUSE tumbleweed detection and scanning (#6965) (17b5dbf)
• cli: rename --vuln-type flag to --pkg-types flag (#7104) (7cbdb0a)
• mariner: Add support for Azure Linux (#7186) (5cbc452)
• misconf: enabled China configuration for ACRs (#7156) (d1ec89d)
• nodejs: add license parser to pnpm analyser (#7036) (03ac93d)
• sbom: add image labels into SPDX and CycloneDX reports (#7257) (4a2f492)
• sbom: add vulnerability support for SPDX formats (#7213) (efb1f69)
• share build-in rules (#7207) (bff317c)
• vex: retrieve VEX attestations from OCI registries (#7249) (c2fd2e0)
• vex: VEX Repository support (#7206) (88ba460)
• vuln: add --pkg-relationships (#7237) (5c37361)

Bug Fixes

• Add dependencyManagement exclusions to the child exclusions (#6969) (dc68a66)
• add missing platform and type to spec (#7149) (c8a7abd)
• cli: error on missing config file (#7154) (7fa5e7d)
• close file when failed to open gzip (#7164) (2a577a7)
• dotnet: don't include non-runtime libraries into report for *.deps.json files (#7039) (5bc662b)
• dotnet: show nuget package dir not found log only when checking nuget packages (#7194) (d76feba)
• ignore nodes when listing permission is not allowed (#7107) (25f8143)
• java: avoid panic if deps from pom in it dir are not found (#7245) (4e54a7e)
• java: use go-mvn-version to remove Package duplicates (#7088) (a7a304d)
• misconf: do not evaluate TF when a load error occurs (#7109) (f27c236)
• nodejs: detect direct dependencies when using latest version for files yarn.lock + package.json (#7110) (54bb8bd)
• report: hide empty table when all secrets/license/misconfigs are ignored (#7171) (c3036de)
• secret: skip regular strings contain secret patterns (#7182) (174b1e3)
• secret: trim excessively long lines (#7192) (92b13be)
• secret: update length of hugging-face-access-token (#7216) (8c87194)
• server: pass license categories to options (#7203) (9d52018)

Performance Improvements

... (truncated)

Commits

• 854c61d release: v0.54.1 [release/v0.54] (#7282)
• 334a1c2 fix(flag): incorrect behavior for deprected flag --clear-cache [backport: r...
• f61725c fix(java): Return error when trying to find a remote pom to avoid segfault [b...
• a7b7117 fix(plugin): do not call GitHub content API for releases and tags [backport: ...
• ff403a3 release: v0.54.0 [main] (#7075)
• b3ee4bc docs: update ecosystem page reporting with plopsec.com app (#7262)
• 3b7aad3 chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
• c2fd2e0 feat(vex): retrieve VEX attestations from OCI registries (#7249)
• 4a2f492 feat(sbom): add image labels into SPDX and CycloneDX reports (#7257)
• f198cf8 refactor(flag): return error if both --download-db-only and `--download-jav...
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.1 to 0.20.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.2

What's Changed

• deps: bump docker dep by @​imjasonh in google/go-containerregistry#1991

Full Changelog: google/go-containerregistry@v0.20.1...v0.20.2

Commits

• c195f15 deps: bump docker dep (#1991)
• See full diff in compare view

Updates github.com/open-policy-agent/opa from 0.67.0 to 0.68.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.68.0

This release contains a mix of features and bugfixes.

Breaking Changes

entrypoint annotation implies document scope (#6798)

The entrypoint annotation's scope requirement has changed from rule to document (open-policy-agent/opa#6798). Furthermore, if no scope annotation is declared for a METADATA block preceding a rule, the presence of an entrypoint annotation with a true value will assign the block a document scope, where the rule scope is otherwise the default.

In practice, a rule entrypoint always point to the entire document and not a particular rule definition. The previous behavior was a bug, and one we've now addressed.

Authored by @​anderseknert

Topdown and Rego

• ast: Fixing nil-pointer dereference in compiler for partial rule edge case (#6930) authored by @​johanfylling
• ast+parser: Add hint to future-proof imports (6968) authored by @​srenatus
• topdown: Adding unification scope to virtual-cache key. Fixing issue where false positive cache hits can occur when unification "restricts" the scope of ref-head rule evaluation (#6926) authored by @​johanfylling reported by @​anderseknert
• topdown: Marshal JWT encode sign inputs as JSON (#6934) authored by @​charlieegan3

Runtime, Tooling, SDK

• ast: Make type checker copy method copy all values (#6949) authored by @​anderseknert
• ast: Include term locations in rule heads when requested (#6860) authored by @​anderseknert
• debug: Adding experimental debugger SDK (#6876) authored by @​johanfylling
• distributedtracing: allow OpenTelemetry resource attributes to be configured under distributed_tracing config (#6942) authored and reported by @​brettmc
• download: Fixing issue when saving OCI bundles on disk (#6939) authored and reported by @​Sergey-Kizimov
• logging: Always include HTTP request context in incoming req context (#6951) authored by @​ashutosh-narkar reported by @​alvarogomez93
• plugins/bundle: Avoid race-condition during bundle reconfiguration and activation (#6849) authored by @​ashutosh-narkar reported by @​Pushpalanka
• plugins/bundle: Escape reserved chars used in persisted bundle directory name (#6915) authored by @​ashutosh-narkar reported by @​alvarogomez93
• plugins/rest: Support AWS_CONTAINER_CREDENTIALS_FULL_URI metadata endpoint (#6893) authored and reported by @​mbamber
• util+server: Fix bug around chunked request handling. (#6904) authored by @​philipaconrad reported by @​David-Wobrock
• opa exec: This command never supported "pretty" formatting (--format=pretty or -f pretty), only json. Passing pretty is now invalid. (#6923) authored by @​srenatus Note that the flag is now unnecessary, but it's kept so existing calls like opa exec -fjson ... remain valid.

Security Fix: CVE-2024-8260 (#6933)

This release includes a fix where OPA would accept UNC locations on Windows. Reading those could leak NTLM hashes. The attack vector would include an adversary tricking the user in passing an UNC path to OPA, e.g. opa eval -d $FILE. UNC paths are now forbidden. If this is an issue for you, please reach out on Slack or GitHub issues.

Reported by Shelly Raban Authored by @​ashutosh-narkar

Docs, Website, Ecosystem

• docs: Suggest using opa-config.yaml as name for config file (#6966) (#6959) authored by @​anderseknert
• docs: Add documentation for OPA Spring Boot integration (#6898) authored by @​charlieegan3
• docs: Update Istio tutorial (#6896) authored by @​Pindar
• docs: Update contrib docs (#6974) authored by @​charlieegan3

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.68.0

This release contains a mix of features and bugfixes.

Breaking Changes

entrypoint annotation implies document scope (#6798)

The entrypoint annotation's scope requirement has changed from rule to document (open-policy-agent/opa#6798). Furthermore, if no scope annotation is declared for a METADATA block preceding a rule, the presence of an entrypoint annotation with a true value will assign the block a document scope, where the rule scope is otherwise the default.

In practice, a rule entrypoint always point to the entire document and not a particular rule definition. The previous behavior was a bug, and one we've now addressed.

Authored by @​anderseknert

Topdown and Rego

• ast: Fixing nil-pointer dereference in compiler for partial rule edge case (#6930) authored by @​johanfylling
• ast+parser: Add hint to future-proof imports (6968) authored by @​srenatus
• topdown: Adding unification scope to virtual-cache key. Fixing issue where false positive cache hits can occur when unification "restricts" the scope of ref-head rule evaluation (#6926) authored by @​johanfylling reported by @​anderseknert
• topdown: Marshal JWT encode sign inputs as JSON (#6934) authored by @​charlieegan3

Runtime, Tooling, SDK

• ast: Make type checker copy method copy all values (#6949) authored by @​anderseknert
• ast: Include term locations in rule heads when requested (#6860) authored by @​anderseknert
• debug: Adding experimental debugger SDK (#6876) authored by @​johanfylling
• distributedtracing: allow OpenTelemetry resource attributes to be configured under distributed_tracing config (#6942) authored and reported by @​brettmc
• download: Fixing issue when saving OCI bundles on disk (#6939) authored and reported by @​Sergey-Kizimov
• logging: Always include HTTP request context in incoming req context (#6951) authored by @​ashutosh-narkar reported by @​alvarogomez93
• plugins/bundle: Avoid race-condition during bundle reconfiguration and activation (#6849) authored by @​ashutosh-narkar reported by @​Pushpalanka
• plugins/bundle: Escape reserved chars used in persisted bundle directory name (#6915) authored by @​ashutosh-narkar reported by @​alvarogomez93
• plugins/rest: Support AWS_CONTAINER_CREDENTIALS_FULL_URI metadata endpoint (#6893) authored and reported by @​mbamber
• util+server: Fix bug around chunked request handling. (#6904) authored by @​philipaconrad reported by @​David-Wobrock
• opa exec: This command never supported "pretty" formatting (--format=pretty� or -f pretty), only json. Passing pretty is now invalid. (#6923) authored by @​srenatus Note that the flag is now unnecessary, but it's kept so existing calls like opa exec -fjson ... remain valid.

Security Fix: CVE-2024-8260 (#6933)

This release includes a fix where OPA would accept UNC locations on Windows. Reading those could leak NTLM hashes. The attack vector would include an adversary tricking the user in passing an UNC path to OPA, e.g. opa eval -d $FILE. UNC paths are now forbidden. If this is an issue for you, please reach out on Slack or GitHub issues.

Reported by Shelly Raban Authored by @​ashutosh-narkar

Docs, Website, Ecosystem

... (truncated)

Commits

• db53d77 Prepare v0.68.0 release (#6976)
• 2d28934 build(deps): bump github/codeql-action from 3.26.5 to 3.26.6
• 1bec88c docs: Update contrib docs (#6974)
• 3ac5104 debug: Adding debugger SDK (#6877)
• b0f417f build(deps): bump github.com/prometheus/client_golang from 1.20.1 to 1.20.2
• d613fd1 build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#6971)
• f10cc1f Change required scope of entrypoint from rule to document (#6963)
• 5d08783 topdown: Adding unification scope to virtual-cache key
• 25d21f5 ast/parser: add hint to future-proof imports (#6968)
• 7b535a7 Docs: suggest using opa-config.yaml as name for config file (#6966)
• Additional commits viewable in compare view

Updates github.com/operator-framework/api from 0.26.0 to 0.27.0

Release notes

Sourced from github.com/operator-framework/api's releases.

v0.27.0

What's Changed

• Fix some typos in cel.go by @​logonoff in operator-framework/api#343
• Bump k8s.io/apiextensions-apiserver from 0.30.1 to 0.30.2 by @​dependabot in operator-framework/api#344
• Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @​dependabot in operator-framework/api#346
• Fix codecov-action params by @​m1kola in operator-framework/api#349
• Bump k8s.io/apiextensions-apiserver from 0.30.2 to 0.30.3 by @​dependabot in operator-framework/api#353
• Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.18.5 by @​dependabot in operator-framework/api#356
• Bump kubernetes libraries to v0.31.0 and controller-runtime to v0.19.0 by @​perdasilva in operator-framework/api#357

New Contributors

• @​logonoff made their first contribution in operator-framework/api#343

Full Changelog: operator-framework/api@v0.26.0...v0.27.0

Commits

• 41cb4ae Bump kubernetes libraries to v0.31.0 and controller-runtime to v0.19.0 (#357)
• 46fd7e5 Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.18.5 (#356)
• a5729e2 Bump k8s.io/apiextensions-apiserver from 0.30.2 to 0.30.3 (#353)
• ce8a923 Fix codecov-action params (#349)
• 2e3c15f Bump github.com/spf13/cobra from 1.8.0 to 1.8.1
• fa102cb Bump k8s.io/apiextensions-apiserver from 0.30.1 to 0.30.2
• e122588 Fix some typos in cel.go (#343)
• See full diff in compare view

Updates github.com/prometheus/client_golang from 1.19.1 to 1.20.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.2

• [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

v1.20.1

This release contains the critical fix for the issue. Thanks to @​geberl, @​CubicrootXYZ, @​zetaab and @​timofurrer for helping us with the investigation!

• [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on Linux machines. #1587

v1.20.0

Thanks everyone for contributions!

⚠️ In this release we remove one (broken anyway, given Go runtime changes) metric and add three new (representing GOGC, GOMEMLIMIT and GOMAXPROCS flags) to the default collectors.NewGoCollector() collector. Given its popular usage, expect your binary to expose two additional metric.

Changes

• [CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
• [FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
• [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
• [FEATURE] testutil: Add CollectAndFormat method. #1503
• [FEATURE] histograms: Add support for exemplars in native histograms. #1471
• [FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496
• [FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544
• [FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537
• [FEATURE] process-collectors: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555
• [FEATURE] promlint: Add duplicated metric lint rule. #1472
• [BUGFIX] promlint: Relax metric type in name linter rule. #1455
• [BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480
• [BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424

• feat(prometheus/testutil/promlint/validations): refine lintMetricType… by @​foehammer127 in prometheus/client_golang#1455
• Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 in /examples/middleware by @​dependabot in prometheus/client_golang#1457
• Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 by @​dependabot in prometheus/client_golang#1458
• Bump golang.org/x/sys from 0.16.0 to 0.17.0 by @​dependabot in prometheus/client_golang#1459
• Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 in /tutorial/whatsup by @​dependabot in prometheus/client_golang#1461
• Merge Release 1.19 back to main by @​ArthurSens in prometheus/client_golang#1462
• Bump the github-actions group with 2 updates by @​dependabot in prometheus/client_golang#1456
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @​dependabot in prometheus/client_golang#1466
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /examples/middleware by @​dependabot in prometheus/client_golang#1467
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /tutorial/whatsup by @​dependabot in prometheus/client_golang#1469
• Add LintDuplicateMetric to promlint by @​bboreham in prometheus/client_golang#1472
• Auto-update Go Collector Metrics for new Go versions by @​SachinSahu431 in prometheus/client_golang#1476
• Implement Unwrap() for responseWriterDelegator by @​igor-drozdov in prometheus/client_golang#1480
• Bump golang.org/x/sys from 0.17.0 to 0.18.0 by @​dependabot in prometheus/client_golang#1485
• Bump github.com/prometheus/procfs from 0.12.0 to 0.13.0 by @​dependabot in prometheus/client_golang#1486
• ci: Remove hardcoded supported Go versions from go.yml by @​SachinSahu431 in prometheus/client_golang#1489
• feat: metrics generation workflow by @​SachinSahu431 in prometheus/client_golang#1481

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.2 / 2024-08-23

• [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

• [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587

1.20.0 / 2024-08-14

• [CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
• [FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
• [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
• [FEATURE] testutil: Add CollectAndFormat method. #1503
• [FEATURE] histograms: Add support for exemplars in native histograms. #1471
• [FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496
• [FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544
• [FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537
• [FEATURE] process-collector: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555
• [FEATURE] promlint: Add duplicated metric lint rule. #1472
• [BUGFIX] promlint: Relax metric type in name linter rule. #1455
• [BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480
• [BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424

1.19.0 / 2024-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

• [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
• [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

1.17.0 / 2023-09-27

• [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
• [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
• [ENHANCEMENT] Enable detection of a native histogram without observations. #1314

1.16.0 / 2023-06-15

• [BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. #1252
• [BUGFIX] api: Fix undefined execution order in return statements. #1260
• [BUGFIX] native histograms: Fix bug in bucket key calculation. #1279

... (truncated)

Commits

• 67121dc Merge pull request #1596 from mrueg/fix-uncompressed-content-header
• 187acd4 Cut 1.20.2
• f7f8f3a fix: Unset Content-Encoding header when uncompressed
• 2254d6c Merge pull request #1587 from prometheus/fix-processcollector
• 4a15d05 Cut 1.20.1
• f2dd7b3 Use pedantic registry in other places too, to double check.
• 261fe84 bugfix: Pass network metrics to processCollector's Describe() function
• 5bf3341 Use NewPedanticRegistry in Process' Collector tests
• 73b811c Cut 1.20.0 release. (#1580)
• 7ce5089 gocollector: Attach original runtime/metrics metric name to help. (#1578)
• Additional commits viewable in compare view

Updates github.com/rs/cors from 1.11.0 to 1.11.1

Commits

• a814d79 Re-add support for multiple Access-Control-Request-Headers field (fixes #184)...
• 1562b17 Removed redundant log nil checks (#178)
• 3d336ea Update all dependencies to latest in examples (#175)
• 85fc0ca Make Gin wrapper's status configurable and use 204 as default (fixes #145) (#...
• See full diff in compare view

Updates github.com/tektoncd/pipeline from 0.62.0 to 0.63.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.63.0 "Abyssinian K-9"

-Docs @ v0.63.0 -Examples @ v0.63.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.63.0/release.yaml
REKOR_UUID=108e9186e8c5677a41806e924e8c5d6a3c1e083f8c35950f0d1af7e0e6a4c0712a2eb4bf92e9538e
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.63.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q ...
Description has been truncated

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.