Bump the common group with 39 updates

[dependabot]

Bumps the common group with 39 updates:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/azcore	1.16.0	1.17.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity	1.8.0	1.8.2
github.com/CycloneDX/cyclonedx-go	0.9.1	0.9.2
github.com/alicebob/miniredis/v2	2.33.0	2.34.0
github.com/aquasecurity/go-version	0.0.0-20241105054539-1951e80d786f	0.0.1
github.com/bmatcuk/doublestar/v4	4.7.1	4.8.1
github.com/cheggaaa/pb/v3	3.1.5	3.1.6
github.com/containerd/containerd/v2	2.0.0	2.0.2
github.com/containerd/platforms	1.0.0-rc.0	1.0.0-rc.1
github.com/go-git/go-git/v5	5.12.0	5.13.2
github.com/gocsaf/csaf/v3	3.1.0	3.1.1
github.com/google/go-containerregistry	0.20.2	0.20.3
github.com/hashicorp/go-getter	1.7.6	1.7.8
github.com/hashicorp/hc-install	0.9.0	0.9.1
github.com/hashicorp/terraform-exec	0.21.0	0.22.0
github.com/open-policy-agent/opa	0.70.0	1.1.0
github.com/owenrumney/squealer	1.2.5	1.2.11
github.com/samber/lo	1.47.0	1.49.1
github.com/secure-systems-lab/go-securesystemslib	0.8.0	0.9.0
github.com/sigstore/rekor	1.3.6	1.3.9
github.com/spf13/cast	1.7.0	1.7.1
github.com/spf13/cobra	1.8.1	1.9.1
github.com/spf13/pflag	1.0.5	1.0.6
github.com/tetratelabs/wazero	1.8.1	1.9.0
github.com/zclconf/go-cty	1.15.0	1.16.1
go.etcd.io/bbolt	1.3.11	1.4.0
golang.org/x/crypto	0.29.0	0.33.0
golang.org/x/mod	0.22.0	0.23.0
golang.org/x/net	0.31.0	0.35.0
golang.org/x/sync	0.10.0	0.11.0
golang.org/x/term	0.26.0	0.29.0
golang.org/x/text	0.20.0	0.22.0
golang.org/x/vuln	1.1.3	1.1.4
google.golang.org/protobuf	1.35.2	1.36.4
helm.sh/helm/v3	3.16.3	3.17.1
k8s.io/api	0.31.3	0.32.1
k8s.io/utils	0.0.0-20240902221715-702e33fdd3c3	0.0.0-20241104100929-3ea5e8cea738
modernc.org/sqlite	1.34.1	1.35.0
github.com/mailru/easyjson	0.7.7	0.9.0

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.16.0 to 1.17.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.17.0

1.17.0 (2025-01-07)

Features Added

• Added field OperationLocationResultPath to runtime.NewPollerOptions[T] for LROs that use the Operation-Location pattern.
• Support encoding.TextMarshaler and encoding.TextUnmarshaler interfaces in arm.ResourceID.

Commits

• 525870f Prepare azcore v1.17.0 for release (#23907)
• 52b9e5f Fix incorrect variable name (#23903)
• 8feeabd Added BlobProperties field to BlobPrefix in listblob response (#23801)
• bcb396b automation support data plan (#23879)
• 8c76043 [Release] sdk/resourcemanager/cosmos/armcosmos/4.0.0-beta.2 (#23863)
• 933ca99 documentation correction for create container error (#23888)
• ba0c64b [skip ci]
• d9d44c0 [Release] sdk/resourcemanager/deviceregistry/armdeviceregistry/0.2.0 generati...
• f32543f Add Documentation for MPG SDK generation (#23837)
• 310191a bump to @​azure-tools/typespec-go 0.3.5 (#23881)
• Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.8.0 to 1.8.2

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.8.2

1.8.2 (2025-02-12)

Other Changes

• Upgraded dependencies

sdk/azidentity/v1.8.1

1.8.1 (2025-01-15)

Bugs Fixed

• User credential types inconsistently log access token scopes
• DefaultAzureCredential skips managed identity in Azure Container Instances
• Credentials having optional tenant IDs such as AzureCLICredential and InteractiveBrowserCredential require setting AdditionallyAllowedTenants when used with some clients

Other Changes

• ChainedTokenCredential and DefaultAzureCredential continue to their next credential after ManagedIdentityCredential receives an unexpected response from IMDS, indicating the response is from something else such as a proxy

Commits

• 5474626 Prepare azidentity v1.8.2 for release (#24108)
• 4d55b0c [tracing/azotel] Enable span link and propagation support (#24081)
• dc2f507 Increment package version after release of storage/azdatalake (#24105)
• 7efafe4 Increment package version after release of storage/azfile (#24101)
• ae43d8b Increment package version after release of storage/azblob (#24102)
• 03b82ac prep for azdatalake preview (#24103)
• 6ee011a [Storage] Prep for release stg97 - Blob and Files (#24100)
• db0a6cb [Storage] stg97 features (#24080)
• d9d7f1b Support Linux environment (#24095)
• 57bab21 Parameterize test-pipeline version separator (#24094)
• Additional commits viewable in compare view

Updates github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.2

Changelog

Features

• 39ede217f126cfbc80eabf880f6643be3d392a4f: feat: add MarshalXML and UnmarshalXML (@​DmitriyLewen)
• e9191ed11a269fcb6b3fb54e000ed6d81b5bf9db: feat: add UnmarshalJSON (@​DmitriyLewen)

Fixes

• 80fede1f13a956d35eb14696cd2ca9d2d943f809: fix: add json tag for Identity (@​DmitriyLewen)
• 24e9503293f0837e6e7ea3ff670ef958e6075b87: fix: tests (@​DmitriyLewen)
• d68a199bc1747e5d6a7d4196c2f270535bbf6e3e: fix: use identity as array in valid-evidence.json (@​DmitriyLewen)
• ff9cc28f9c9554328bd6c1ad56098be5a692d5e9: fix: use componentEvidence array for Evidence.Identity field (@​DmitriyLewen)

Building and Packaging

• 016ee293d464d6383be3a714f7fb0debebef8ad5: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (@​dependabot[bot])
• 77153ab5fe005f6484ac1e1225e7152df00db3f1: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (@​dependabot[bot])
• 4f50d02c1282ac1d0d7448502b231a0e84a1e529: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (@​dependabot[bot])
• b84451219e77e0fbbe7d5ba054bcf25dbc7aaea4: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (@​dependabot[bot])
• 238cbea3479fed9fdfcbfa5f1751828390a05211: build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (@​dependabot[bot])
• bbe8f3c2c7c4567514ae966c69bf93fc1b3dba2a: build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (@​dependabot[bot])
• 05f8930fe918a31941ebf90eec627e5e6e908d1c: build(deps): bump github.com/terminalstatic/go-xsd-validate (@​dependabot[bot])
• 082f87791a5e290c9d4c6e8126dc0cc987028a60: build(deps): bump gitpod/workspace-go from 2a9e01c to 9c95281 (@​dependabot[bot])
• 093b1c15164dad5d46768db0e3f6ee43eb60ca20: build(deps): bump gitpod/workspace-go from 9c95281 to 6932342 (@​dependabot[bot])
• 47b7e01ce8f8209894065e9656217b8c00a3c8ea: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (@​dependabot[bot])
• ce6eb841cb1e21aa28efbccd9eb8fe5eea0555c9: build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (@​dependabot[bot])

Others

• 4d3aff9fab9ae78bd6fbbc9fd0912fab14c8fb64: UPDATE_SNAPSHOTS=true make test (@​DmitriyLewen)
• 31d954443e6563aeee69d82bdfb82aee83e07df1: refactor (@​DmitriyLewen)
• 0170729e313a681fc8659643601410ae10ffe803: refactor: update convert package (@​DmitriyLewen)

Commits

• cba06ff Merge pull request #205 from CycloneDX/dependabot/go_modules/github.com/termi...
• 5c81749 Merge pull request #211 from CycloneDX/dependabot/github_actions/actions/setu...
• 753526c Merge pull request #204 from DmitriyLewen/fix/componentEvidence-as-array
• 4d3aff9 UPDATE_SNAPSHOTS=true make test
• d68a199 fix: use identity as array in valid-evidence.json
• 24e9503 fix: tests
• 238cbea build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
• a7f7415 Merge branch 'master' of github.com:DmitriyLewen/cyclonedx-go into fix/compon...
• 05f8930 build(deps): bump github.com/terminalstatic/go-xsd-validate
• 464d426 Merge pull request #202 from CycloneDX/dependabot/github_actions/actions/chec...
• Additional commits viewable in compare view

Updates github.com/alicebob/miniredis/v2 from 2.33.0 to 2.34.0

Release notes

Sourced from github.com/alicebob/miniredis/v2's releases.

add ZRANK/ZREVRANK, fix ZINTERSTORE and XTRIM

• fix ZINTERSTORE where target is one of the source sets
• added support for ZRank and ZRevRank with score (thanks Jeff Howell)
• fix MEMORY subcommand casing (thanks @​joshaber)
• use streamCmp in Xtrim (thanks @​daniel-cohere)

Changelog

Sourced from github.com/alicebob/miniredis/v2's changelog.

v2.34.0

• fix ZINTERSTORE where target is one of the source sets
• added support for ZRank and ZRevRank with score (thanks Jeff Howell)
• fix MEMORY subcommand casing (thanks @​joshaber)
• use streamCmp in Xtrim (thanks @​daniel-cohere)

Commits

• c5669ae changelog for v2.34.0
• 5320c5c Merge pull request #391 from daniel-cohere/streamCmp-in-xtrim
• e4791b5 use streamCmp in Xtrim
• ef93126 Fix MEMORY subcommand casing (#389)
• 1863d22 inttest and fix some returns
• 5056952 added support for ZRank and ZRevRank with score
• 08e664a update dependency
• 12d2a70 CI against go 1.23
• 8225546 fix ZINTERSTORE where target is one of the source sets
• See full diff in compare view

Updates github.com/aquasecurity/go-version from 0.0.0-20241105054539-1951e80d786f to 0.0.1

Commits

• See full diff in compare view

Updates github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.1

Release notes

Sourced from github.com/bmatcuk/doublestar/v4's releases.

Small Performance Improvement for MatchUnvalidated

Skip some additional validation checks in MatchUnvalidated. Thanks to @​lukemassa for the PR!

Additional documentation improvements from @​timo-reymann. Thanks!

What's Changed

• Explicitly mention number support and add tests by @​timo-reymann in bmatcuk/doublestar#100
• Skip more validation by @​lukemassa in bmatcuk/doublestar#101

New Contributors

• @​timo-reymann made their first contribution in bmatcuk/doublestar#100
• @​lukemassa made their first contribution in bmatcuk/doublestar#101

Full Changelog: bmatcuk/doublestar@v4.8.0...v4.8.1

Fixed Escaped Meta in the "Base" of the Pattern

If the "base" of a pattern (ie, everything up to the first path slash before any meta characters) contains an escaped meta character, doublestar would fail to glob any files.

Thanks to @​tdurieux for finding and fixing this bug!

Breaking-ish Change

I've updated SplitPattern to unescape meta characters in the first returned string. I suspect this shouldn't cause issues for anyone because, if anyone was using this function, they've probably either never passed a pattern with escaped meta characters, or hand-rolled an unescape method to fix the bug - which will now be a no-op for them.

What's Changed

• fix(#96) unescapeMeta the pattern base by @​tdurieux in bmatcuk/doublestar#97

New Contributors

• @​tdurieux made their first contribution in bmatcuk/doublestar#97

Full Changelog: bmatcuk/doublestar@v4.7.1...v4.8.0

Commits

• b707fe4 Wording
• 569c123 Add tests to make sure we're skipping validation
• 3b1e3d1 Skip additional validations
• 24bdb14 small updates to docs and tests
• 32ab680 test: Add tests for number ranges and sets
• 9ee73e3 docs: Document number ranges and sets in README
• 29e67f4 fix windows tests
• 28b892c remove sponsor =(
• 4b5670c fix(#96) some minor corrections to escaping pattern base
• 1e7ad31 fix: fix match when there is a escaped meta in the pattern
• See full diff in compare view

Updates github.com/cheggaaa/pb/v3 from 3.1.5 to 3.1.6

Commits

• 634b527 Merge pull request #226 from cheggaaa/dependabot/go_modules/v3/github.com/mat...
• 72db192 Merge pull request #225 from secDre4mer/master
• 1897845 Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 in /v3
• 4d7e5a0 feat: AIX support
• d0803d4 Merge pull request #224 from cheggaaa/dependabot/go_modules/v3/github.com/fat...
• bce8d1a Bump github.com/fatih/color from 1.17.0 to 1.18.0 in /v3
• 4ca3463 Merge pull request #221 from cheggaaa/dependabot/go_modules/v3/github.com/fat...
• ced2481 Merge pull request #222 from cheggaaa/dependabot/go_modules/v3/github.com/mat...
• e774f99 Bump github.com/mattn/go-runewidth from 0.0.15 to 0.0.16 in /v3
• 809a0b4 Bump github.com/fatih/color from 1.16.0 to 1.17.0 in /v3
• Additional commits viewable in compare view

Updates github.com/containerd/containerd/v2 from 2.0.0 to 2.0.2

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.0.2

Welcome to the v2.0.2 release of containerd!

The second patch release for containerd 2.0 includes a number of bug fixes and improvements.

Highlights

Container Runtime Interface (CRI)

• Remove confusing warning in cri runtime config migration (#11256)
• Fix runtime platform loading in cri image plugin init (#11248)

Runtime

• Update runc binary to v1.2.4 (#11239)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Jin Dong
• Derek McGowan
• Akihiro Suda
• Kazuyoshi Kato
• Henry Wang
• Krisztian Litkey
• Phil Estes
• Samuel Karp
• Sebastiaan van Stijn
• Akhil Mohan
• Brian Goff
• Chongyi Zheng
• Maksym Pavlenko
• Mike Brown
• Pierre Gimalac
• Wei Fu

Changes

• Prepare release notes for v2.0.2 (#11245)
  • cdaf4dfb4 Prepare release notes for v2.0.2
• Update platforms to latest rc (#11259)
  • eb125e1dd Update platforms to latest rc
• Remove confusing warning in cri runtime config migration (#11256)
  • 468079c5c Remove confusing warning in cri runtime config migration
• Fix runtime platform loading in cri image plugin init (#11248)
  • a2d9d4fd5 Fix runtime platform loading in cri image plugin init

... (truncated)

Commits

• c507a02 Merge pull request #11245 from AkihiroSuda/prepare-v2.0.2
• cdaf4df Prepare release notes for v2.0.2
• 0d9aa65 Merge pull request #11259 from k8s-infra-cherrypick-robot/cherry-pick-11257-t...
• eb125e1 Update platforms to latest rc
• c334ae6 Merge pull request #11256 from k8s-infra-cherrypick-robot/cherry-pick-10980-t...
• 468079c Remove confusing warning in cri runtime config migration
• b48e108 Merge pull request #11248 from k8s-infra-cherrypick-robot/cherry-pick-11165-t...
• a2d9d4f Fix runtime platform loading in cri image plugin init
• e1b0bb6 Merge pull request #11246 from k8s-infra-cherrypick-robot/cherry-pick-11161-t...
• 184ffad Add integ test to check tty leak
• Additional commits viewable in compare view

Updates github.com/containerd/platforms from 1.0.0-rc.0 to 1.0.0-rc.1

Release notes

Sourced from github.com/containerd/platforms's releases.

v1.0.0-rc.1

What's Changed

• Replace arm64 minor variant logic with lookup table by @​harryzcy in containerd/platforms#18
• replace testify with stdlib in tests by @​thaJeztah in containerd/platforms#21
• Move windows matcher logic so all platforms can use by @​cpuguy83 in containerd/platforms#22

New Contributors

• @​cpuguy83 made their first contribution in containerd/platforms#22

Full Changelog: containerd/platforms@v1.0.0-rc.0...v1.0.0-rc.1

Commits

• e3566b8 Merge pull request #22 from cpuguy83/windows_everywhere
• 7c58292 Move windows matcher logic so all platforms can use
• 9ada2e3 Merge pull request #21 from thaJeztah/stdlib_testing
• 458d3b7 Merge pull request #18 from harryzcy/arm64-lookup
• 86a86b7 replace testify with stdlib in tests
• 364665a Replace arm64 minor variant logic with lookup table
• See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.12.0 to 5.13.2

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.13.2

What's Changed

• plumbing: use the correct user agent string. Fixes #883 by @​uragirii in go-git/go-git#1364
• build: bump golang.org/x/sys from 0.28.0 to 0.29.0 in the golang-org group by @​dependabot in go-git/go-git#1365
• build: bump the golang-org group with 2 updates by @​dependabot in go-git/go-git#1367
• build: bump github.com/ProtonMail/go-crypto from 1.1.3 to 1.1.4 by @​dependabot in go-git/go-git#1368
• build: bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by @​dependabot in go-git/go-git#1378
• build: bump github/codeql-action from 3.28.0 to 3.28.1 by @​dependabot in go-git/go-git#1376
• build: bump github.com/elazarl/goproxy from 1.2.3 to 1.4.0 by @​dependabot in go-git/go-git#1377
• git: worktree, fix restoring dot slash files (backported to v5). Fixes #1176 by @​BeChris in go-git/go-git#1361
• build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2 by @​dependabot in go-git/go-git#1392
• git: worktree_status, fix adding dot slash files to working tree (backported to v5). Fixes #1150 by @​BeChris in go-git/go-git#1359
• build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5 by @​dependabot in go-git/go-git#1383

Full Changelog: go-git/go-git@v5.13.1...v5.13.2

v5.13.1

What's Changed

• build: bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 by @​dependabot in go-git/go-git#1327
• build: bump github.com/elazarl/goproxy from 1.2.1 to 1.2.2 by @​dependabot in go-git/go-git#1329
• build: bump github.com/elazarl/goproxy from 1.2.2 to 1.2.3 by @​dependabot in go-git/go-git#1340
• Revert "plumbing: transport/ssh, Add support for SSH @​cert-authority." by @​pjbgf in #1346

Full Changelog: go-git/go-git@v5.13.0...v5.13.1

v5.13.0

What's Changed

• build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by @​dependabot in go-git/go-git#1065
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1068
• build: bump golang.org/x/net from 0.23.0 to 0.24.0 by @​dependabot in go-git/go-git#1071
• Properly support skipping of non-mandatory extensions by @​codablock in go-git/go-git#1066
• git: Refine some codes in test and non-test. by @​onee-only in go-git/go-git#1077
• plumbing: protocol/packp, client-side filter capability support by @​edigaryev in go-git/go-git#1000
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by @​dependabot in go-git/go-git#1078
• plumbing: fix sideband demux on flush by @​aymanbagabas in go-git/go-git#1084
• storage: dotgit, head reference usually comes first by @​aymanbagabas in go-git/go-git#1085
• build: bump golang.org/x/text from 0.14.0 to 0.15.0 by @​dependabot in go-git/go-git#1091
• build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1094
• build: bump golang.org/x/net from 0.24.0 to 0.25.0 by @​dependabot in go-git/go-git#1093
• git: Added an example for Repository.Branches by @​johnmatthiggins in go-git/go-git#1088
• git: worktree_commit, Modify checking empty commit. Fixes #723 by @​onee-only in go-git/go-git#1050
• plumbing: transport/http, Wrap http errors to return reason. Fixes #1097 by @​ggambetti in go-git/go-git#1100
• build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by @​dependabot in go-git/go-git#1106
• build: bump golang.org/x/text from 0.15.0 to 0.16.0 by @​dependabot in go-git/go-git#1107
• Bumps Go versions and go-billy by @​pjbgf in go-git/go-git#1056
• _examples: Fixed a dead link COMPATIBILITY.md by @​gecko655 in go-git/go-git#1109
• build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by @​dependabot in go-git/go-git#1115
• build: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by @​hbelmiro in go-git/go-git#1124
• build: bump golang.org/x/net from 0.25.0 to 0.26.0 by @​dependabot in go-git/go-git#1104

... (truncated)

Commits

• 2c68247 Merge pull request #1383 from go-git/dependabot/go_modules/github.com/ProtonM...
• d462c2e Merge pull request #1359 from BeChris/issue1150-v5
• 32ac23a Merge pull request #1392 from go-git/dependabot/go_modules/github.com/pjbgf/s...
• 93e635a build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2
• b2bb975 git: worktree_status, took into account code review remarks
• 518ac88 git: worktree_status, fix adding dot slash files to working tree (backported ...
• 21b3150 build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5
• 189e7e4 Merge pull request #1361 from BeChris/issue1176-v5
• 654815a Merge pull request #1377 from go-git/dependabot/go_modules/github.com/elazarl...
• 91dbdb9 Merge pull request #1376 from go-git/dependabot/github_actions/github/codeql-...
• Additional commits viewable in compare view

Updates github.com/gocsaf/csaf/v3 from 3.1.0 to 3.1.1

Release notes

Sourced from github.com/gocsaf/csaf/v3's releases.

v3.1.1

Release 3.1.1

• ensure HTTP requests use proxy env vars (Thanks to @​ncsc-ie-devs)

Commits

• 1daaed2 ensure HTTP requests use proxy env vars (#597)
• 18af28f Merge pull request #600 from gocsaf/docs-proxy-for-2
• b8a9803 fix docs link to standard
• 678f232 Merge pull request #593 from gocsaf/add-upload-permission
• 2435abe Merge pull request #594 from gocsaf/update_go_3rd_party_libs_2024_11_22
• 3dc84f3 Merge pull request #598 from gocsaf/docs-readme-12
• b218084 Update README.md that go paths can be adjusted
• 9495d8b Update Go 3rd party libs
• f6d7589 Add required upload permissions
• See full diff in compare view

Updates github.com/google/go-containerregistry from 0.20.2 to 0.20.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.3

What's Changed

• remote/transport: Make bearer transport go-routine-safe by @​2opremio in google/go-containerregistry#1806
• Expose compare package by @​jonjohnsonjr in google/go-containerregistry#2001
• fix: redact.URL uses (*URL).Redacted to omit basic-auth password by @​bmoylan in google/go-containerregistry#1947
• bump actions to latest by @​ajayk in google/go-containerregistry#2011
• don't pin chainguard-dev/actions by @​imjasonh in google/go-containerregistry#2025
• Check for 406 status code when handling referrers API endpoint response by @​malancas in google/go-containerregistry#2026
• mutate: Create a defensive annotations copy by @​jonjohnsonjr in google/go-containerregistry#2030
• Detect zstd in crane append by @​jonjohnsonjr in google/go-containerregistry#2023
• bump deps using hack/bump-deps.sh by @​imjasonh in google/go-containerregistry#2042

New Contributors

• @​bmoylan made their first contribution in google/go-containerregistry#1947
• @​ajayk made their first contribution in google/go-containerregistry#2011
• @​malancas made their first contribution in google/go-containerregistry#2026

Full Changelog: google/go-containerregistry@v0.20.2...v0.20.3

Commits

• c4dd792 bump deps using hack/bump-deps.sh (#2042)
• 6bce25e Detect zstd in crane append (#2023)
• 06dcd85 mutate: Create a defensive annotations copy (#2030)
• a9a53a8 check for 406 status code when handling referrers endpoint response (#2026)
• 4630c40 don't pin chainguard-dev/actions (#2025)
• 808e354 bump actions to latest (#2011)
• a07d1ca fix: redact.URL uses (*URL).Redacted to omit basic-auth password (#1947)
• 00f182b Expose compare package (#2001)
• b8e87ed remote/transport: Make bearer transport go-routine-safe (#1806)
• See full diff in compare view

Updates github.com/hashicorp/go-getter from 1.7.6 to 1.7.8

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.8

What's Changed

• sec: fix s3 and gcs host checks by @​dduzgun-security in hashicorp/go-getter#512

Full Changelog: hashicorp/go-getter@v1.7.7...v1.7.8

v1.7.7

What's Changed

• Clean up git repo on disk when the ref checkout fails by @​james-warren0 in hashicorp/go-getter#504
• [COMPLIANCE] Add Copyright and License Headers by @​hashicorp-copywrite in hashicorp/go-getter#409
• Add CODEOWNERS file in .github/CODEOWNERS by @​mukeshjc in hashicorp/go-getter#505
• IND-1804 Bump up dependencies to remediate vulnerabiities by @​mohanmanikanta2299 in hashicorp/go-getter#513
• Updating arguments in github release CI by @​mohanmanikanta2299 in hashicorp/go-getter#514
• Updating .goreleaser.yml file with valid version by @​mohanmanikanta2299 in hashicorp/go-getter#515

New Contributors

• @​james-warren0 made their first contribution in hashicorp/go-getter#504
• @​mukeshjc made their first contribution in hashicorp/go-getter#505
• @​mohanmanikanta2299 made their first contribution in hashicorp/go-getter#513

Full Changelog: hashicorp/go-getter@v1.7.6...v1.7.7

Commits

• f7836fb sec: fix s3 and gcs host checks (#512)
• 7dddd13 Merge pull request #515 from hashicorp/Vulnerability_Fix_v1
• 0f05341 IND-1804 Updating .goreleaser.yml file with valid version
• 81c6950 Merge pull request #514 from hashicorp/Vulnerability_Fix_v1
• d315d97 IND-1804 Updating arguments in github release CI
• 6552f72 Merge pull request #513 from hashicorp/Vulnerability_Fix_v1
• 2e56c18 IND-1804 Bump up dependencies to remediate vulnerabiities
• 842d6c3 Merge pull request #505 from mukeshjc/main
• 7edd4e0 Add CODEOWNERS file in .github/CODEOWNERS
• 6077ad5 Merge pull request #409 from hashicorp/compliance/add-headers
• Additional commits viewable in compare view

Updates github.com/hashicorp/hc-install from 0.9.0 to 0.9.1

Release notes

Sourced from github.com/hashicorp/hc-install's releases.

v0.9.1

What's Changed

• build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 by @​dependabot in hashicorp/hc-install#268
• build(deps): bump github.com/ProtonMail/go-crypto from 1.1.0 to 1.1.2 by @​dependabot in hashicorp/hc-install#261
• build(deps): bump github.com/ProtonMail/go-crypto from 1.1.0-alpha.2 to 1.1.0 by @​dependabot in hashicorp/hc-install#259
• build(deps): bump github.com/ProtonMail/go-crypto from 1.1.2 to 1.1.3 by @​dependabot in hashicorp/hc-install#263
• build(deps): bump golang.org/x/mod from 0.21.0 to 0.22.0 by @​dependabot in hashicorp/hc-install#262

New Contributors

• @​imakewebthings made their first contribution in hashicorp/hc-install#252

Full Changelog: hashicorp/hc-install@v0.9.0...v0.9.1

Commits

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request bumps multiple dependencies in the go.mod file. It includes updates to Azure SDK components (azcore, azidentity), various utility libraries (cyclonedx-go, miniredis), and other core dependencies like golang.org/x packages and Kubernetes components. These updates bring in bug fixes, performance improvements, and new features from the respective libraries.

Updated class diagram for github.com/Azure/azure-sdk-for-go/sdk/azcore

classDiagram
  class PollerOptions {
    +OperationLocationResultPath string
  }
  note for PollerOptions "Added field OperationLocationResultPath to runtime.NewPollerOptions[T] for LROs that use the Operation-Location pattern."
  class ResourceID {
    +TextMarshaler interface
    +TextUnmarshaler interface
  }
  note for ResourceID "Support encoding.TextMarshaler and encoding.TextUnmarshaler interfaces in arm.ResourceID."

Loading

Updated class diagram for github.com/CycloneDX/cyclonedx-go

classDiagram
  class Evidence {
    +Identity []ComponentEvidence
  }
  note for Evidence "Evidence.Identity is now an array of ComponentEvidence"
  class ComponentEvidence {
    +MarshalXML()
    +UnmarshalXML()
    +UnmarshalJSON()
  }
  note for ComponentEvidence "Added MarshalXML, UnmarshalXML and UnmarshalJSON methods"

Loading

Updated class diagram for github.com/alicebob/miniredis/v2

classDiagram
  class Miniredis {
    +ZRank()
    +ZRevRank()
    +ZINTERSTORE()
    +XTRIM()
  }
  note for Miniredis "Added ZRank and ZRevRank methods. Fixed ZINTERSTORE and XTRIM methods."

Loading

File-Level Changes

Change	Details	Files
Bumped azure-sdk-for-go/sdk/azcore to v1.17.0. This update introduces a new field for LROs using the Operation-Location pattern and supports encoding interfaces in arm.ResourceID.	Added field OperationLocationResultPath to runtime.NewPollerOptions[T] for LROs that use the Operation-Location pattern. Supported encoding.TextMarshaler and encoding.TextUnmarshaler interfaces in arm.ResourceID.	go.mod go.sum
Bumped azure-sdk-for-go/sdk/azidentity to v1.8.2. This update includes dependency upgrades and fixes for logging access token scopes, managed identity in Azure Container Instances, and tenant ID requirements.	Upgraded dependencies. Fixed inconsistent logging of access token scopes for user credential types. Addressed an issue where DefaultAzureCredential skipped managed identity in Azure Container Instances. Resolved the requirement to set AdditionallyAllowedTenants for credentials with optional tenant IDs.	go.mod go.sum
Bumped cyclonedx-go to v0.9.2. This update adds MarshalXML, UnmarshalXML, and UnmarshalJSON functions, and fixes issues related to the Identity field.	Added MarshalXML and UnmarshalXML functions. Added UnmarshalJSON function. Fixed the json tag for Identity. Addressed issues in tests and updated the valid-evidence.json file. Ensured the use of the componentEvidence array for the Evidence.Identity field.	go.mod go.sum
Bumped miniredis/v2 to v2.34.0. This update fixes ZINTERSTORE, adds support for ZRank/ZREVRANK, fixes MEMORY subcommand casing, and uses streamCmp in XTRIM.	Fixed ZINTERSTORE where the target is one of the source sets. Added support for ZRank and ZRevRank with score. Fixed MEMORY subcommand casing. Used streamCmp in Xtrim.	go.mod go.sum
Bumped go-version to v0.0.1.		go.mod go.sum
Bumped doublestar/v4 to v4.8.1. This update includes a performance improvement for MatchUnvalidated and fixes an issue with escaped meta characters in the pattern base.	Skipped additional validation checks in MatchUnvalidated for a performance improvement. Fixed an issue where doublestar would fail to glob any files if the base of a pattern contained an escaped meta character. Updated SplitPattern to unescape meta characters in the first returned string.	go.mod go.sum
Bumped pb/v3 to v3.1.6. This update adds AIX support and bumps github.com/mattn/go-colorable and github.com/fatih/color.	Added AIX support. Bumped github.com/mattn/go-colorable from 0.1.13 to 0.1.14. Bumped github.com/fatih/color from 1.17.0 to 1.18.0.	go.mod go.sum
Bumped containerd/containerd/v2 to 2.0.2. This patch release includes bug fixes and improvements, such as removing a confusing warning in cri runtime config migration and fixing runtime platform loading in cri image plugin init.	Removed a confusing warning in cri runtime config migration. Fixed runtime platform loading in cri image plugin init. Updated runc binary to v1.2.4.	go.mod go.sum
Bumped containerd/platforms to 1.0.0-rc.1. This update replaces arm64 minor variant logic with a lookup table, replaces testify with stdlib in tests, and moves windows matcher logic.	Replaced arm64 minor variant logic with a lookup table. Replaced testify with stdlib in tests. Moved windows matcher logic so all platforms can use it.	go.mod go.sum
Bumped go-git/go-git/v5 to 5.13.2. This update fixes restoring dot slash files, uses the correct user agent string, and includes dependency bumps.	Fixed restoring dot slash files. Used the correct user agent string. Fixed adding dot slash files to working tree. Bumped github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5.	go.mod go.sum
Bumped gocsaf/csaf/v3 to 3.1.1. This update ensures HTTP requests use proxy environment variables.	Ensured HTTP requests use proxy environment variables.	go.mod go.sum
Bumped google/go-containerregistry to 0.20.3. This update makes bearer transport go-routine-safe, exposes the compare package, and fixes URL redaction.	Made bearer transport go-routine-safe. Exposed the compare package. Fixed URL redaction to omit basic-auth password. Checked for 406 status code when handling referrers API endpoint response. Created a defensive annotations copy in mutate. Detected zstd in crane append.	go.mod go.sum
Bumped hashicorp/go-getter to 1.7.8. This update fixes S3 and GCS host checks.	Fixed S3 and GCS host checks.	go.mod go.sum
Bumped hashicorp/hc-install to 0.9.1. This update bumps github.com/go-git/go-git/v5 and github.com/ProtonMail/go-crypto.	Bumped github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0. Bumped github.com/ProtonMail/go-crypto from 1.1.0 to 1.1.2.	go.mod go.sum
Bumped hashicorp/terraform-exec to 0.22.0.		go.mod
Bumped open-policy-agent/opa to 1.1.0.		go.mod
Bumped owenrumney/squealer to 1.2.11.		go.mod
Bumped samber/lo to 1.49.1.		go.mod
Bumped secure-systems-lab/go-securesystemslib to 0.9.0.		go.mod
Bumped sigstore/rekor to 1.3.9.		go.mod
Bumped spf13/cast to 1.7.1.		go.mod
Bumped spf13/cobra to 1.9.1.		go.mod
Bumped spf13/pflag to 1.0.6.		go.mod
Bumped tetratelabs/wazero to 1.9.0.		go.mod
Bumped zclconf/go-cty to 1.16.1.		go.mod
Bumped go.etcd.io/bbolt to 1.4.0.		go.mod
Bumped golang.org/x/crypto to 0.33.0.		go.mod
Bumped golang.org/x/mod to 0.23.0.		go.mod
Bumped golang.org/x/net to 0.35.0.		go.mod
Bumped golang.org/x/sync to 0.11.0.		go.mod
Bumped golang.org/x/term to 0.29.0.		go.mod
Bumped golang.org/x/text to 0.22.0.		go.mod
Bumped golang.org/x/vuln to 1.1.4.		go.mod
Bumped google.golang.org/protobuf to 1.36.4.		go.mod
Bumped helm.sh/helm/v3 to 3.17.1.		go.mod
Bumped k8s.io/api to 0.32.1.		go.mod
Bumped k8s.io/utils to 0.0.0-20241104100929-3ea5e8cea738.		go.mod
Bumped modernc.org/sqlite to 1.35.0.		go.mod
Bumped github.com/mailru/easyjson to 0.9.0.		go.mod

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

[codiumai-pr-agent-free]

CI Feedback 🧐

(Feedback updated until commit 89a016d)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Validate PR title

Failed stage: Run amannn/action-semantic-pull-request@v5 [❌]

Failed test name: ""

Failure summary: The action failed because the pull request title "Bump the common group with 39 updates" does not contain a valid conventional commit type prefix. The PR title must start with a type (e.g., 'feat:', 'fix:', 'chore:', etc.) following the Conventional Commits specification.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 123: db 124: parser 125: deps 126: 127: githubBaseUrl: https://api.github.com 128: env: 129: GITHUB_TOKEN: *** 130: ##[endgroup] 131: ##[error]No release type found in pull request title "Bump the common group with 39 updates". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

[dependabot]

Superseded by #43.