chore(deps): bump the common group with 10 updates

[dependabot]

Bumps the common group with 10 updates:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/azcore	1.11.1	1.12.0
github.com/CycloneDX/cyclonedx-go	0.8.0	0.9.0
github.com/aquasecurity/trivy-aws	0.9.0	0.10.0
github.com/aquasecurity/trivy-checks	0.11.0	0.12.0
github.com/containerd/containerd	1.7.17	1.7.18
golang.org/x/crypto	0.23.0	0.24.0
golang.org/x/mod	0.17.0	0.18.0
golang.org/x/net	0.25.0	0.26.0
golang.org/x/term	0.20.0	0.21.0
golang.org/x/text	0.15.0	0.16.0

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.11.1 to 1.12.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.12.0

1.12.0 (2024-06-06)

Features Added

• Added field StatusCodes to runtime.FetcherForNextLinkOptions allowing for additional HTTP status codes indicating success.
• Added func NewUUID to the runtime package for generating UUIDs.

Bugs Fixed

• Fixed an issue that prevented pollers using the Operation-Location strategy from unmarshaling the final result in some cases.

Other Changes

• Updated dependencies.

Commits

• e58902b Prep azcore v1.12.0 for release (#23005)
• 9ad32c5 Increment package version after release of internal (#23004)
• 897e903 Update ignore-links.txt (#23003)
• ac7cc04 [keyvault] fix test recording sanitizers (#22911)
• 276cf8c update readme (#22971)
• 5eb479f [azopenai] Updating hash to merged PR. (#22998)
• 9c4f5c5 Prepare sdk/internal v1.9.0 for release (#22991)
• b407f56 Increment version for messaging/azwebpubsub releases (#22466)
• 3af4c7e update mgmt live test (#22996)
• b7d018e fix sdk/resourcemanager/internal module (#22994)
• Additional commits viewable in compare view

Updates github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.0

Changelog

Features

• 729c284798ebe341ced210b661362f77d68cd655: feat: Add CycloneDX 1.6 fields swhid and omniborId (@​snyk-tim)
• b5d35959767efce95f50e96bf752c47fbe374496: feat: add manufacturer and authors (@​snyk-tim)
• c52e698d2fe3fbd60df6ff397f44e7b0ea15a4bc: feat: raise baseline go version to 1.20 (@​nscuro)

Fixes

• 9166e10fdecaadd8a97ceed9636261d351d90a65: fix: ioutil -> io (@​nscuro)
• 349fc8cd072e90d81c0328f1d9dab16aa30fcf60: fix: add bom-ref to OrganizationalEntity/Contact (@​snyk-tim)
• c97da90e259e0051e02e07300c75ad5e37a0311b: fix: handle breaking changes in skywalking-eyes (@​nscuro)

Building and Packaging

• ec6291e9ce9efbbb5d0010de4d8668fcbd05d148: build(deps): bump actions/checkout from 4.1.1 to 4.1.5 (@​dependabot[bot])
• 899fe391ca4d756f1d5ba84478d3bc8795003cba: build(deps): bump actions/checkout from 4.1.5 to 4.1.6 (@​dependabot[bot])
• 8674ed5ecc38b65e03908b5a74308c95039068a9: build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (@​dependabot[bot])
• db3a1144a2ce30b85e5985d2755fa3e4a81c5ca8: build(deps): bump apache/skywalking-eyes from 0.4.0 to 0.6.0 (@​dependabot[bot])
• a3bd05518575f14d917685a02c689f81eedaad5c: build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (@​dependabot[bot])
• 1179dd9051112c3b44a6cc577964c7d501a7258b: build(deps): bump gitpod/workspace-go from 8b9a0f6 to 8d15123 (@​dependabot[bot])
• d98494ea11dbb6550705d46d2473aa2a4a18e642: build(deps): bump gitpod/workspace-go from 9118b93 to 8b9a0f6 (@​dependabot[bot])
• 1e2a3a09e86d720729a3ab7ec55ed3ffa75164a5: build(deps): bump gitpod/workspace-go from 94ae638 to 9118b93 (@​dependabot[bot])
• d4d6e35fcfb08d14589b4a693aac3f28978b640b: build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (@​dependabot[bot])
• 521d1ce7b555013f2b78d8c4a21954815863ab44: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 (@​dependabot[bot])
• f1ebafe5e2d2af3a3d551eb23c583a93b7ebccbf: build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (@​dependabot[bot])

Others

• 16d2143b3d74b77af8a309b331e1bc46a445f495: Fix(1.6): Added missing omitempty in NistQuantumSecurityLevel (@​Petzys)
• ffec473428073e1266169e97c1c64de95e89981b: chore: add license header (@​mcombuechen)
• 1f8fdcc0047611a8baacfcd214c5ba3821fefd51: feat(1.6): add BOM.Declarations (@​mcombuechen)
• 62b53429289d6cc6884b111256588150e3fed308: feat(1.6): add BOM.Definitions (@​mcombuechen)
• c33b9cb58eaa14e89740182fbde2a0cc888bc457: feat(1.6): add CBOM types (@​Petzys)
• 10e10c8bc8fcac6f90c914828786f11e404919b8: feat(1.6): add JSON schema, XML namespace (@​mcombuechen)
• 2dc599a8ad0f2be20e9bfc55ba75764758e6c7b8: feat(1.6): add License.Acknowledgement (@​mcombuechen)
• 7a32fde7e9e9e5fb44f8f8aafadd83a21ff82aaf: feat(1.6): add PostalAddress type (@​mcombuechen)
• b8e4529773c3d12b172729567574ea6201231682: feat(1.6): add SpecVersion for v1.6 (@​mcombuechen)
• c8778287f29dd21bff18a4f27f71f495de7b4991: feat(1.6): add environmentalConsiderations (@​mcombuechen)
• e0e9c670e1617adbdd147cff7cc0747769a4e723: feat(1.6): add schema definitions for CycloneDX 1.6 (@​mcombuechen)
• b1636c2d6bb8aca4161402958a8d894aab7d66b5: feat(1.6): extend EvidenceOccurrence (@​mcombuechen)
• b4b3b94a60b1665c1d0492744032a9375ef751b1: fix(1.6): convert occurrences of OrganizationalEntity (@​mcombuechen)
• 9332ca660b772bc538b3c274ceb3d9f81caa0eb8: fix(1.6): fix json, xml labels on BOM.Definitions (@​mcombuechen)

Commits

• 98a070d Merge pull request #184 from CycloneDX/go-1.20
• 07eb476 Merge pull request #139 from CycloneDX/dependabot/github_actions/apache/skywa...
• 9166e10 fix: ioutil -> io
• c97da90 fix: handle breaking changes in skywalking-eyes
• c52e698 feat: raise baseline go version to 1.20
• b1ff85b Merge pull request #181 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
• 64d6336 Merge pull request #182 from CycloneDX/spec/1.6
• 199cd18 Merge pull request #183 from snyk/fix/convert-lic-header
• ffec473 chore: add license header
• 1179dd9 build(deps): bump gitpod/workspace-go from 8b9a0f6 to 8d15123
• Additional commits viewable in compare view

Updates github.com/aquasecurity/trivy-aws from 0.9.0 to 0.10.0

Release notes

Sourced from github.com/aquasecurity/trivy-aws's releases.

v0.10.0

Description

This is the first release of Trivy AWS as a Trivy plugin.

What's Changed

• feat(plugin): trivy-aws as a plugin for Trivy by @​simar7 in aquasecurity/trivy-aws#153
• refactor(iam): remove adapting nested users and groups by @​nikpivkin in aquasecurity/trivy-aws#168
• chore(index): Add maintainer field to plugin.yaml by @​simar7 in aquasecurity/trivy-aws#170
• chore(plugin): Update release URI by @​simar7 in aquasecurity/trivy-aws#171

Full Changelog: aquasecurity/trivy-aws@v0.9.0...v0.10.0

Commits

• b0d71e5 chore(plugin): Update release URI (#171)
• c3999b2 chore(index): Add maintainer field to plugin.yaml (#170)
• 8a7f09c refactor(iam): remove adapting nested users and groups (#168)
• c92585c feat(plugin): trivy-aws as a plugin for Trivy (#153)
• See full diff in compare view

Updates github.com/aquasecurity/trivy-checks from 0.11.0 to 0.12.0

Release notes

Sourced from github.com/aquasecurity/trivy-checks's releases.

v0.12.0

What's Changed

• Fix page title for AVD-AWS-0342 in vulnerability database documentation by @​thaim in aquasecurity/trivy-checks#140
• feat: support node-collector commands and NodeInfo by @​chen-keinan in aquasecurity/trivy-checks#136
• Add OCI image annotations by @​candrews in aquasecurity/trivy-checks#141
• chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0 by @​dependabot in aquasecurity/trivy-checks#142
• fix: use regex to split command by @​nikpivkin in aquasecurity/trivy-checks#144

New Contributors

• @​thaim made their first contribution in aquasecurity/trivy-checks#140

Full Changelog: aquasecurity/trivy-checks@v0.11.0...v0.12.0

Commits

• 32d7d75 fix: use regex to split command
• 7663e7b chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0
• 20a101a Add OCI image annotations
• 229cef1 feat: command id generator support
• 663383b feat: command id generator support
• 0f7d945 feat: command id generator support
• 7f7bdd4 feat: embedded commands fs support
• c5432ce feat: support node-collector commands and node info
• 5bf5de4 feat: support node-collector commands and node info
• 05e7df3 feat: support node-collector commands and node info
• Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.17 to 1.7.18

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.18

Welcome to the v1.7.18 release of containerd!

The eighteenth patch release for containerd 1.7 contains various updates along with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink time of check to time of use race condition during directory removal.

Highlights

• Update Go version to 1.21.11 (#10298)
• Remove uses of platforms.Platform alias (#10277)
• Migrate log imports to github.com/containerd/log (#10269)
• Migrate errdefs package to github.com/containerd/errdefs (#10266)
• Fix usage of "unknown" platform (#10261)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Sebastiaan van Stijn
• Akhil Mohan
• Austin Vazquez
• Phil Estes

Changes

• Prepare release notes for v1.7.18 (#10301)
  • 9426aab62 Prepare release notes for v1.7.18
• Update Go version to 1.21.11 (#10298)
  • cdd3ea913 Update Go version to 1.21.11
• Remove uses of platforms.Platform alias (#10277)
  • 1e3c662d6 [release/1.7] remove uses of platforms.Platform alias
• Migrate log imports to github.com/containerd/log (#10269)
  • 0af6825b1 migrate logs imports to github.com/containerd/log module
• Migrate errdefs package to github.com/containerd/errdefs (#10266)
  • 308341a44 replace uses of github.com/containerd/containerd/errdefs
  • 47ff8cfce migrate errdefs package to github.com/containerd/errdefs module
• Fix usage of "unknown" platform (#10261)
  • f4d11912a core/image: fix usage of "unknown" platform
• Explicitly set release latest to true (#10265)
  • 5b0480009 Explicitly set release latest to true
  • d669b100d build(deps): bump softprops/action-gh-release from 1 to 2

Changes from containerd/errdefs

... (truncated)

Commits

• ae71819 Merge pull request #10301 from dmcgowan/prepare-v1.7.18
• 9426aab Prepare release notes for v1.7.18
• 1d324db Merge pull request #10298 from dmcgowan/1.7-update-go
• cdd3ea9 Update Go version to 1.21.11
• 0a137f0 Merge pull request #10277 from thaJeztah/1.7_backport_remove_use_of_platform_...
• 1e3c662 [release/1.7] remove uses of platforms.Platform alias
• 300a6de Merge pull request #10269 from thaJeztah/1.7_migrate_containerd_log
• 0af6825 migrate logs imports to github.com/containerd/log module
• be820ac Merge pull request #10266 from thaJeztah/1.7_migrate_to_errdefs_module
• 566c535 Merge pull request #10261 from k8s-infra-cherrypick-robot/cherry-pick-10257-t...
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.24.0

Commits

• 332fd65 go.mod: update golang.org/x dependencies
• 0b431c7 x509roots/fallback: update bundle
• 349231f ssh: implement CryptoPublicKey on sk keys
• 44c9b0f ssh: allow server auth callbacks to send additional banners
• 67b1361 sha3: reenable s390x assembly
• 477a5b4 sha3: make APIs usable with zero allocations
• 59b5a86 sha3: disable s390x assembly
• 10f366e sha3: simplify XOR functions
• See full diff in compare view

Updates golang.org/x/mod from 0.17.0 to 0.18.0

Commits

• c0bdc7b modfile: add API for godebug lines
• 6686f41 module: add COM0 and LPT0 to badWindowsNames
• See full diff in compare view

Updates golang.org/x/net from 0.25.0 to 0.26.0

Commits

• 66e838c go.mod: update golang.org/x dependencies
• 6249541 http2: avoid race in server handler SetReadDeadine/SetWriteDeadline
• 603e3e6 quic: disable X25519Kyber768Draft00 in tests
• 67e8d0c http2: report an error if goroutines outlive serverTester tests
• 5608279 http2: avoid corruption in priority write scheduler
• 0d515a5 http2: factor out frame read/write test functions
• 9f5b79b http2: drop unused retry function
• 03c24c2 http2: use synthetic time in server tests
• 022530c http2: add a more full-featured test net.Conn
• 410d19e http2: avoid racy access to clientStream.requestedGzip
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.20.0 to 0.21.0

Commits

• 5f0bb72 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/text from 0.15.0 to 0.16.0

Commits

• 9c2f3a2 cmd/gotext: fix segfault in extract & rewrite commands
• 59e1219 message: optimize lookupAndFormat function for better performance
• a20a3e2 x/text: update x/tools for go/ssa range-over-func fix
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[DmitriyLewen]

github.com/CycloneDX/cyclonedx-go v0.9.0 uses CycloneDX v1.6.
I moved CycloneDX update to v1.6 to separate PR (#6903).

We will rebase and merge this PR after merge #6903.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.