Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency hairyhenderson/gomplate to v4.3.0 #191

Merged
merged 1 commit into from
Mar 4, 2025
Merged

chore(deps): update dependency hairyhenderson/gomplate to v4.3.0 #191

merged 1 commit into from
Mar 4, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 11, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
hairyhenderson/gomplate minor v4.1.0 -> v4.3.0

Release Notes

hairyhenderson/gomplate (hairyhenderson/gomplate)

v4.3.0

Compare Source

Features
Bug Fixes
Documentation
Dependencies
  • actions: Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#​2286) (86b934e)
  • docker: Bump alpine from 3.20 to 3.21 (#​2278) (9439cad)
  • go: Bump cuelang.org/go from 0.10.1 to 0.11.0 (#​2267) (7b89601)
  • go: Bump github.com/hairyhenderson/go-fsimpl from 0.1.8 to 0.2.0 (#​2271) (e29e3ee)
  • go: Bump github.com/hairyhenderson/go-fsimpl from 0.2.0 to 0.2.1 (#​2290) (d7e8e19)
  • go: Bump github.com/itchyny/gojq from 0.12.16 to 0.12.17 (#​2272) (fe927f9)
  • go: Bump github.com/lmittmann/tint from 1.0.5 to 1.0.6 (#​2285) (e04f119)
  • go: Bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 (#​2268) (71a58a1)
  • go: Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#​2270) (67cf0b2)
  • go: Bump golang.org/x/crypto from 0.29.0 to 0.30.0 (#​2277) (e2cf0df)
  • go: Bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#​2280) (f4d9693)
  • go: Bump golang.org/x/sys from 0.27.0 to 0.28.0 (#​2274) (2e9d862)
  • go: Bump golang.org/x/term from 0.26.0 to 0.27.0 (#​2275) (b53e9e4)
  • go: Bump k8s.io/client-go from 0.31.2 to 0.31.3 (#​2269) (8d23672)
  • go: Bump k8s.io/client-go from 0.31.3 to 0.32.0 (#​2282) (aaaf0da)

v4.2.0

Compare Source

Features
Bug Fixes
  • datasources: Properly handle datasources and other URLs beginning with '../' (#​2255) (53d6ca0)
  • lint: Address new lint warnings from golangci-lint 1.62 (#​2256) (a13844c)
  • lint: Fix or ignore lint errors (#​2228) (69d3e0c)
  • strings: Avoid potential overflow on 32-bit systems (#​2257) (1bd86d8)
Documentation
Dependencies
  • actions: Bump docker/login-action from 3.2.0 to 3.3.0 (#​2189) (8f40d1f)
  • actions: Bump docker/setup-buildx-action from 3.4.0 to 3.6.1 (#​2198) (71f53aa)
  • actions: Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 (#​2233) (f908325)
  • actions: Bump docker/setup-qemu-action from 3.1.0 to 3.2.0 (#​2188) (2869ba1)
  • docker: Bump golang from 1.22-alpine to 1.23-alpine (#​2212) (8946529)
  • go: Bump cuelang.org/go from 0.9.2 to 0.10.1 (#​2241) (ca531f2)
  • go: Bump github.com/aws/aws-sdk-go from 1.54.15 to 1.54.16 (#​2172) (19cd050)
  • go: Bump github.com/aws/aws-sdk-go from 1.54.16 to 1.55.5 (#​2200) (6cdc97d)
  • go: Bump github.com/hairyhenderson/go-fsimpl from 0.1.7 to 0.1.8 (#​2243) (d464787)
  • go: Bump github.com/hashicorp/go-sockaddr from 1.0.6 to 1.0.7 (#​2229) (bcb33a2)
  • go: Bump github.com/hashicorp/vault/api from 1.14.0 to 1.15.0 (#​2223) (2e06943)
  • go: Bump github.com/hashicorp/vault/api/auth/aws (#​2224) (87edb20)
  • go: Bump github.com/lmittmann/tint from 1.0.4 to 1.0.5 (#​2178) (cb30e90)
  • go: Bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 (#​2216) (8d8d696)
  • go: Bump github.com/Shopify/ejson from 1.5.2 to 1.5.3 (#​2247) (2622800)
  • go: Bump golang.org/x/crypto from 0.25.0 to 0.27.0 (#​2221) (33faeb3)
  • go: Bump golang.org/x/crypto from 0.27.0 to 0.29.0 (#​2248) (94716fc)
  • go: Bump golang.org/x/sys from 0.22.0 to 0.24.0 (#​2209) (9900424)
  • go: Bump golang.org/x/term from 0.22.0 to 0.24.0 (#​2219) (ab5d4ad)
  • go: Bump golang.org/x/text from 0.16.0 to 0.17.0 (#​2207) (9ab0fc9)
  • go: Bump golang.org/x/text from 0.17.0 to 0.18.0 (#​2220) (8c16576)
  • go: Bump google.golang.org/grpc in the go_modules group (#​2175) (836cbf0)
  • go: Bump k8s.io/client-go from 0.30.2 to 0.30.3 (#​2183) (e13e016)
  • go: Bump k8s.io/client-go from 0.30.3 to 0.31.1 (#​2225) (c60a045)
  • go: Bump k8s.io/client-go from 0.31.1 to 0.31.2 (#​2242) (e080b07)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@phil-davis phil-davis self-assigned this Nov 11, 2024
@renovate renovate bot changed the title chore(deps): update dependency hairyhenderson/gomplate to v4.2.0 chore(deps): update dependency hairyhenderson/gomplate to v4.3.0 Dec 17, 2024
@renovate renovate bot force-pushed the renovate/hairyhenderson-gomplate-4.x branch from 2b5e316 to af3f3b3 Compare December 17, 2024 16:55
@phil-davis
Copy link
Contributor

phil-davis commented Dec 18, 2024
edited
Loading

https://drone.owncloud.com/owncloud-docker/ubuntu/470/2/5

usr/bin/wait-for (gobinary)

===========================

Total: 1 (HIGH: 1, CRITICAL: 0)


┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐

│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │

├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤

│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ v1.22.4           │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │

│         │                │          │        │                   │                │ which contains deeply nested structures...                │

│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │

└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

Need to look into wait-for and see where we are getting that from, and see how to get a later golang that has up-to-date stdlib etc.

Probably needs to first be fixed in #190 and then CI will be happy again.

@renovate renovate bot force-pushed the renovate/hairyhenderson-gomplate-4.x branch from af3f3b3 to 4d3e5e4 Compare February 24, 2025 05:57
@phil-davis
Copy link
Contributor

I have merged the various renovate bot PRs in https://github.com/owncloud-ci/wait-for

Let's try this PR again now, it should get a newer wait-for that hopefully does have have the CVE problems reported by Trivy.

@renovate renovate bot force-pushed the renovate/hairyhenderson-gomplate-4.x branch from 4d3e5e4 to fc8edc3 Compare February 24, 2025 06:07
@phil-davis
Copy link
Contributor

Updated owncloud-ci/golang - that should get a newer golang 1.22.*
owncloud-ci/golang#150

Then we can get an updated wait-for on top of that.

Then (maybe) CI will pass here.

@renovate renovate bot force-pushed the renovate/hairyhenderson-gomplate-4.x branch from fc8edc3 to 9b0faf1 Compare February 25, 2025 01:30
@DeepDiver1975 DeepDiver1975 merged commit 7d14c19 into master Mar 4, 2025
1 check failed
@DeepDiver1975 DeepDiver1975 deleted the renovate/hairyhenderson-gomplate-4.x branch March 4, 2025 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DeepDiver1975 DeepDiver1975 DeepDiver1975 approved these changes

Assignees

@phil-davis phil-davis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@phil-davis @DeepDiver1975