build(deps): bump the go-deps group with 6 updates

[dependabot]

Bumps the go-deps group with 6 updates:

Package	From	To
github.com/aws/aws-sdk-go	1.52.5	1.52.6
github.com/containers/common	0.58.2	0.58.3
github.com/containers/image/v5	5.30.0	5.30.1
github.com/hashicorp/go-retryablehttp	0.7.5	0.7.6
github.com/vmware/govmomi	0.37.1	0.37.2
google.golang.org/api	0.178.0	0.179.0

Updates github.com/aws/aws-sdk-go from 1.52.5 to 1.52.6

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.52.6 (2024-05-09)

Service Client Updates

• service/bedrock-agent-runtime: Updates service API and documentation
• service/pinpoint: Updates service API and documentation
  • This release adds support for specifying email message headers for Email Templates, Campaigns, Journeys and Send Messages.
• service/route53resolver: Updates service documentation
• service/ssm-sap: Updates service API, documentation, and paginators
• service/verifiedpermissions: Updates service API and documentation

Commits

• df3d175 Release v1.52.6 (2024-05-09) (#5256)
• See full diff in compare view

Updates github.com/containers/common from 0.58.2 to 0.58.3

Release notes

Sourced from github.com/containers/common's releases.

v0.58.3

What's Changed

• [v0.58] Address CVE-2024-3737 by @​TomSweeneyRedHat in containers/common#1991
• Bump to v0.58.2 by @​TomSweeneyRedHat in containers/common#1957

Full Changelog: containers/common@v0.58.2...v0.58.3

Commits

• b5b9a9e [v0.58] Bump to v0.58
• 31d5168 [v0.58] Address CVE-2024-3737
• 09fc822 Merge pull request #1957 from TomSweeneyRedHat/dev/tsweeney/v0.58.2-2
• See full diff in compare view

Updates github.com/containers/image/v5 from 5.30.0 to 5.30.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.30.1

This fixes CVE-2024-3727 .

Digest values used throughout this library were not always validated. That allowed attackers to trigger, when pulling untrusted images, unexpected authenticated registry accesses on behalf of a victim user.

In less common uses of this library (using other transports or not using the containers/image/v5/copy.Image API), an attacker could also trigger local path traversals or crashes.

Commits

• 56e750a Release 5.30.1
• 132678b Merge pull request #2404 from mtrmac/digest-unmarshal-5.30
• b724ee7 Validate the tags returned by a registry
• a9225e4 Call .Validate() before digest.Digest.String() if necessary
• 4a3785d Refactor the error handling further
• a802d65 Refactor the error handling path of saveStream
• 39e7c91 Call .Validate() before digest.Hex() / digest.Encoded()
• 2bcb834 Validate digests before using them
• See full diff in compare view

Updates github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6

Changelog

Sourced from github.com/hashicorp/go-retryablehttp's changelog.

0.7.6 (May 9, 2024)

ENHANCEMENTS:

• client: support a RetryPrepare function for modifying the request before retrying (#216)
• client: support HTTP-date values for Retry-After header value (#138)
• client: avoid reading entire body when the body is a *bytes.Reader (#197)

BUG FIXES:

• client: fix a broken check for invalid server certificate in go 1.20+ (#210)

Commits

• d969eaa Merge pull request #225 from hashicorp/manicminer-patch-2
• 2ad8ed4 v0.7.6
• 4077b29 Changelog for #210
• 1643719 Merge pull request #210 from tomclegg/noretry-header-cert
• eb08cce Merge branch 'main' into noretry-header-cert
• 4fb315e Merge pull request #224 from hashicorp/tooling/pr-actions
• f67cc6e deprecations, linting
• e82c700 GHA workflows for unit tests
• 834d13d update go version
• e6c9acc Merge pull request #223 from hashicorp/manicminer-patch-1
• Additional commits viewable in compare view

Updates github.com/vmware/govmomi from 0.37.1 to 0.37.2

Release notes

Sourced from github.com/vmware/govmomi's releases.

v0.37.2

Release v0.37.2

Release Date: 2024-05-09

💫 API Changes

• [37269b6a] add checksum validation in Content Library update session file API
• [ce7ef70a] add SSLCertificate to TransferEndpoint in content library API (#3420)

💫 vcsim (Simulator)

• [6a0d7e7d] Add PbmCheckCompatibility method in pbm simulator
• [e6fe159b] fix ReconfigVM validation when changing disk size (#3423)

🧹 Chore

• [9a1b3c8f] Update version.go for v0.37.2

⚠️ BREAKING

📖 Commits

• [9a1b3c8f] chore: Update version.go for v0.37.2
• [6a0d7e7d] vcsim: Add PbmCheckCompatibility method in pbm simulator
• [37269b6a] api: add checksum validation in Content Library update session file API
• [e6fe159b] vcsim: fix ReconfigVM validation when changing disk size (#3423)
• [ce7ef70a] api: add SSLCertificate to TransferEndpoint in content library API (#3420)

Commits

• 9a1b3c8 chore: Update version.go for v0.37.2
• 6a0d7e7 vcsim: Add PbmCheckCompatibility method in pbm simulator
• 37269b6 api: add checksum validation in Content Library update session file API
• e6fe159 vcsim: fix ReconfigVM validation when changing disk size
• ce7ef70 api: add SSLCertificate to TransferEndpoint in content library API
• See full diff in compare view

Updates google.golang.org/api from 0.178.0 to 0.179.0

Release notes

Sourced from google.golang.org/api's releases.

v0.179.0

0.179.0 (2024-05-09)

Features

• all: Auto-regenerate discovery clients (#2573) (887c564)
• all: Auto-regenerate discovery clients (#2575) (a784ae0)

Bug Fixes

• Bump auth to v0.4.1 (#2577) (090ff6c)

Changelog

Sourced from google.golang.org/api's changelog.

0.179.0 (2024-05-09)

Features

• all: Auto-regenerate discovery clients (#2573) (887c564)
• all: Auto-regenerate discovery clients (#2575) (a784ae0)

Bug Fixes

• Bump auth to v0.4.1 (#2577) (090ff6c)

Commits

• 9fdd500 chore(main): release 0.179.0 (#2574)
• 090ff6c fix: bump auth to v0.4.1 (#2577)
• a784ae0 feat(all): auto-regenerate discovery clients (#2575)
• 887c564 feat(all): auto-regenerate discovery clients (#2573)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions