chore(deps): bump the go-modules group with 14 updates

[dependabot]

Bumps the go-modules group with 14 updates:

Package	From	To
github.com/onsi/gomega	1.31.0	1.31.1
github.com/paketo-buildpacks/occam	0.18.1	0.18.2
github.com/containerd/containerd	1.7.12	1.7.13
github.com/google/go-containerregistry	0.18.0	0.19.0
github.com/google/uuid	1.5.0	1.6.0
github.com/klauspost/compress	1.17.4	1.17.6
github.com/opencontainers/runc	1.1.11	1.1.12
github.com/shirou/gopsutil/v3	3.23.12	3.24.1
github.com/yusufpapurcu/wmi	1.2.3	1.2.4
golang.org/x/mod	0.14.0	0.15.0
golang.org/x/net	0.20.0	0.21.0
golang.org/x/sys	0.16.0	0.17.0
golang.org/x/tools	0.17.0	0.18.0
google.golang.org/grpc	1.60.1	1.61.1

Updates github.com/onsi/gomega from 1.31.0 to 1.31.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.31.1

1.31.1

Fixes

• Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]
• Update test in case keeping msg is desired [ad1a367]

Maintenance

• Show how to import the format sub package [24e958d]
• tidy up go.sum [26661b8]
• bump dependencies [bde8f7a]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.31.1

Fixes

• Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]
• Update test in case keeping msg is desired [ad1a367]

Maintenance

• Show how to import the format sub package [24e958d]
• tidy up go.sum [26661b8]
• bump dependencies [bde8f7a]

Commits

• 762b171 v1.31.1
• 26661b8 tidy up go.sum
• bde8f7a bump dependencies
• 24e958d Show how to import the format sub package
• ad1a367 Update test in case keeping msg is desired
• e0dd999 Inverted arguments order of FailureMessage of BeComparableToMatcher
• See full diff in compare view

Updates github.com/paketo-buildpacks/occam from 0.18.1 to 0.18.2

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.2

What's Changed

• Bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 by @​dependabot in paketo-buildpacks/occam#274

Full Changelog: paketo-buildpacks/occam@v0.18.1...v0.18.2

Commits

• f37d228 Bump github.com/opencontainers/runc from 1.1.5 to 1.1.12
• See full diff in compare view

Updates github.com/containerd/containerd from 1.7.12 to 1.7.13

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.13

Welcome to the v1.7.13 release of containerd!

The thirteenth patch release for containerd 1.7 updates the runc binary in the release builds to address CVE-2024-21626

Notable Updates

• Update runc binary to v1.1.12 (GHSA-xr7r-f8xq-vfvv)
• Update seccomp profile for new syscalls added since Linux 5.16 (#9693)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Evan Lezar
• Paweł Gronowski
• Phil Estes
• Wei Fu

Changes

• Prepare v1.7.13 and update runc to v1.1.12 (#9724)
  • b97e611b9 Prepare release notes for v1.7.13
  • 2e7fa14db Update runc binary to v1.1.12
• [release/1.7] seccomp: kernel 6.7 (#9693)
  • 1bed37871 seccomp: kernel 6.7
• [release/1.7] Update container-device-interface to v0.6.2 (#9685)
  • 14628d4aa Update container-device-interface to v0.6.2
• [release/1.7] content: Add InfoReaderProvider (#9658)
  • 836477930 content: Add InfoReaderProvider

Dependency Changes

• tags.cncf.io/container-device-interface v0.6.2 new
• tags.cncf.io/container-device-interface/specs-go v0.6.0 new

Previous release can be found at v1.7.12

Commits

• 7c3aca7 Merge pull request #9724 from dmcgowan/prepare-v1.7.13
• b97e611 Prepare release notes for v1.7.13
• 2e7fa14 Update runc binary to v1.1.12
• cbda56b Merge pull request #9693 from k8s-infra-cherrypick-robot/cherry-pick-9684-to-...
• 1bed378 seccomp: kernel 6.7
• 1944259 Merge pull request #9685 from elezar/dependency-update-container-device-inter...
• 14628d4 Update container-device-interface to v0.6.2
• 8c780b7 Merge pull request #9658 from vvoland/contentprovider-1.7
• 8364779 content: Add InfoReaderProvider
• See full diff in compare view

Updates github.com/google/go-containerregistry from 0.18.0 to 0.19.0

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.19.0

What's Changed

• Work around docker v25 tarballs by @​jonjohnsonjr in google/go-containerregistry#1872

Full Changelog: google/go-containerregistry@v0.18.0...v0.19.0

Commits

• 8dadbe7 Work around docker v25 tarballs (#1872)
• See full diff in compare view

Updates github.com/google/uuid from 1.5.0 to 1.6.0

Release notes

Sourced from github.com/google/uuid's releases.

v1.6.0

1.6.0 (2024-01-16)

Features

• add Max UUID constant (#149) (c58770e)

Bug Fixes

• fix typo in version 7 uuid documentation (#153) (016b199)
• Monotonicity in UUIDv7 (#150) (a2b2b32)

Changelog

Sourced from github.com/google/uuid's changelog.

1.6.0 (2024-01-16)

Features

• add Max UUID constant (#149) (c58770e)

Bug Fixes

• fix typo in version 7 uuid documentation (#153) (016b199)
• Monotonicity in UUIDv7 (#150) (a2b2b32)

Commits

• 0f11ee6 chore(master): release 1.6.0 (#151)
• 16939da chore(tests): add strict monotonicity test case for uuid v7. (#154)
• 016b199 fix: fix typo in version 7 uuid documentation (#153)
• 1d8b6ea ci: set token permissions to github workflows (#143)
• a2b2b32 fix: Monotonicity in UUIDv7 (#150)
• c58770e feat: add Max UUID constant (#149)
• See full diff in compare view

Updates github.com/klauspost/compress from 1.17.4 to 1.17.6

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.6

What's Changed

• zstd: Fix incorrect repeat coding in best mode by @​klauspost in klauspost/compress#923
• s2: Fix DecodeConcurrent deadlock on errors by @​klauspost in klauspost/compress#925
• build: Remove garble compiler by @​klauspost in klauspost/compress#924

Full Changelog: klauspost/compress@v1.17.5...v1.17.6

v1.17.5

What's Changed

• flate: Fix reset with dictionary on custom window encodes by @​klauspost in klauspost/compress#912
• zstd: Limit better/best default window to 8MB by @​klauspost in klauspost/compress#913
• zstd: Shorter and faster asm for decSymbol.newState by @​greatroar in klauspost/compress#896
• zstd: Add Frame header encoding and stripping by @​klauspost in klauspost/compress#908
• zstd: Tweak noasm FSE decoder by @​greatroar in klauspost/compress#910
• s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom use by @​Jille in klauspost/compress#916
• s2: Fix incorrect length encoded by writer.AddSkippableBlock by @​Jille in klauspost/compress#917
• s2: Fix up AddSkippableBlock more by @​klauspost in klauspost/compress#919
• s2: Document and test how to peek the stream for skippable blocks by @​Jille in klauspost/compress#918
• internal/race,s2: add some race instrumentation by @​egonelbre in klauspost/compress#903
• build(deps): bump the github-actions group with 4 updates by @​dependabot in klauspost/compress#900
• CI: Hash pin sensitive actions and configure Dependabot to automatically update them by @​diogoteles08 in klauspost/compress#899
• Update generator and executable go.mod by @​klauspost in klauspost/compress#904
• Update README.md by @​pelenium in klauspost/compress#905
• build(deps): bump the github-actions group with 1 update by @​dependabot in klauspost/compress#906

New Contributors

• @​pelenium made their first contribution in klauspost/compress#905
• @​Jille made their first contribution in klauspost/compress#916

Full Changelog: klauspost/compress@v1.17.4...v1.17.5

Commits

• 255a132 s2: Fix DecodeConcurrent deadlock on errors (#925)
• e8251aa build: Remove garble compiler (#924)
• 32f34cf build(deps): bump the github-actions group with 1 update (#921)
• aac36dc zstd: Fix incorrect repeat coding in best mode (#923)
• 9b0f130 Update README.md
• 6662a21 s2: Document and test how to peek the stream for skippable blocks (#918)
• 3deb878 s2: Fix up AddSkippableBlock more (#919)
• 6ac58c9 s2: Fix incorrect length encoded by writer.AddSkippableBlock (#917)
• 515f153 s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom...
• 01b2a79 zstd: Limit default window to 8MB (#913)
• Additional commits viewable in compare view

Updates github.com/opencontainers/runc from 1.1.11 to 1.1.12

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1.12 -- "Now you're thinking with Portals™!"

This is the twelfth patch release in the 1.1.z release branch of runc. It fixes a high-severity container breakout vulnerability involving leaked file descriptors, and users are strongly encouraged to update as soon as possible.

• Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process).

  In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again.

  Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

• libseccomp

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

• Aleksa Sarai [email protected]
• hang.jiang [email protected]
• lfbzhm [email protected]

Signed-off-by: Aleksa Sarai [email protected]

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.12] - 2024-01-31

Now you're thinking with Portals™!

Security

• Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process). In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again. Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

Commits

• 51d5e94 VERSION: release 1.1.12
• 2a4ed3e merge 1.1-GHSA-xr7r-f8xq-vfvv into release-1.1
• e9665f4 init: don't special-case logrus fds
• 683ad2f libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
• b6633f4 cgroup: plug leaks of /sys/fs/cgroup handle
• 284ba30 init: close internal fds before execve
• fbe3eed setns init: do explicit lookup of execve argument early
• 0994249 init: verify after chdir that cwd is inside the container
• 506552a Fix File to Close
• 099ff69 merge #4177 into opencontainers/runc:release-1.1
• Additional commits viewable in compare view

Updates github.com/shirou/gopsutil/v3 from 3.23.12 to 3.24.1

Release notes

Sourced from github.com/shirou/gopsutil/v3's releases.

v3.24.1

Compatibility Notice

We don't think #1585 will affect compatibility about PlatformVersion in host.Info(), but maybe it will.

What's Changed

disk

• [linux][disk]: fix Rdev cast by @​shirou in shirou/gopsutil#1575

host

• [host]: add EnableBootTimeCache function by @​shirou in shirou/gopsutil#1579
• ensure host platform are files and have contents by @​brycekahle in shirou/gopsutil#1584

process

• Windows, read all PIDs if there are more than 1024 PIDs. by @​jnewmano in shirou/gopsutil#1580

Other Changes

• use VERSION_ID from os-release by @​brycekahle in shirou/gopsutil#1585

New Contributors

• @​jnewmano made their first contribution in shirou/gopsutil#1580
• @​brycekahle made their first contribution in shirou/gopsutil#1584

Full Changelog: shirou/gopsutil@v3.23.12...v3.24.1

Commits

• 65b5fa3 Merge pull request #1587 from shirou/dependabot/github_actions/actions/upload...
• 2241397 chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0
• 9de1a42 Merge pull request #1585 from DataDog/bryce.kahle/os-release-version-id
• 9b6f828 Merge pull request #1584 from DataDog/bryce.kahle/host-platform
• dc01f63 Merge pull request #1583 from shirou/dependabot/github_actions/actions/cache-...
• e912ebd Merge pull request #1580 from jnewmano/patch-1
• b86b36a Merge pull request #1586 from shirou/dependabot/github_actions/actions/upload...
• 61758d5 chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0
• d753f78 use VERSION_ID from os-release
• b0d976c ensure host platform are files and have contents
• Additional commits viewable in compare view

Updates github.com/yusufpapurcu/wmi from 1.2.3 to 1.2.4

Release notes

Sourced from github.com/yusufpapurcu/wmi's releases.

v1.2.4

What's Changed

• Added float64 support by @​bilinenkisi in yusufpapurcu/wmi#7

New Contributors

• @​bilinenkisi made their first contribution in yusufpapurcu/wmi#7

Full Changelog: yusufpapurcu/wmi@v1.2.3...v1.2.4

Commits

• 6c94d73 Added float64 support by @​bilinenkisi (#7)
• See full diff in compare view

Updates golang.org/x/mod from 0.14.0 to 0.15.0

Commits

• fa1ba42 sumdb: replace globsMatchPath with module.MatchPrefixPatterns
• See full diff in compare view

Updates golang.org/x/net from 0.20.0 to 0.21.0

Commits

• 73d21fd go.mod: update golang.org/x dependencies
• 643fd16 html: fix SOLIDUS '/' handling in attribute parsing
• 73e4b50 dns/dnsmessage: allow name compression for SRV resource parsing
• b2208d0 internal/quic/qlog: fix typo
• 0d0b98c http2: avoid goroutine starvation in TestServer_Push_RejectAfterGoAway
• 07e05fd http2: remove suspicious uint32->v conversion in frame code
• 26b646e quic: avoid deadlock in Endpoint.Close
• See full diff in compare view

Updates golang.org/x/sys from 0.16.0 to 0.17.0

Commits

• 914b96c windows: support ill-formed UTF-16 in UTF16PtrToString
• 511ec84 Revert "windows: support nil done parameter in ReadFile and WriteFile"
• 628365d windows: support nil done parameter in ReadFile and WriteFile
• bef1bd8 unix: move mksyscall regexp to package level variables
• 5710a32 unix/linux: update Linux kernel to 6.7
• b3ce6a3 windows: build env_windows_test.go only go Go 1.21 and above
• c3fa2b8 windows: fix parsing of non-ASCII entries in token.Environ
• f69d32a unix: in TestDirent, make as many ReadDirent calls as are needed
• 0d9df52 unix: add more SECCOMP constants
• See full diff in compare view

Updates golang.org/x/tools from 0.17.0 to 0.18.0

Commits

• c5643e9 gopls/internal/server: fix two bugs related to dynamic configuration
• 50b4f1b gopls/internal/golang: close open file
• f0ef3c6 gopls: update x/telemetry dependency to fix crash
• 8cf0a8e gopls: record that v0.15 will be the last to support go1.18
• 730dc3c gopls/internal/settings: add a hidden option to disable zero config
• 95f04f4 gopls/internal/golang: add resolve support for inline refactorings
• 9619683 gopls/internal/cache: treat local replaces as workspace modules
• a5af84e gopls/internal/cache: check views on any on-disk change to go.mod files
• a7407fa gopls: update telemetry
• 314368d go/analysis/passes/deepequalerrors: audit for types.Alias safety
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.60.1 to 1.61.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.61.1

Bug Fixes

• server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)
  • Special Thanks: @​s-matyukevich for discovering the root cause

Release 1.61.0

New Features

• resolver: provide method, AuthorityOverrider, to allow resolver.Builders to override the default authority for a ClientConn. (EXPERIMENTAL) (#6752)
  • Special Thanks: @​Aditya-Sood
• xds: add support for mTLS Credentials in xDS bootstrap (gRFC A65) (#6757)
  • Special Thanks: @​atollena
• server: add grpc.WaitForHandlers ServerOption to cause Server.Stop to block until method handlers return. (EXPERIMENTAL) (#6922)

Performance Improvements

• grpc: skip compression of empty messages as an optimization (#6842)
  • Special Thanks: @​jroper
• orca: use atomic pointer to improve performance in server metrics recorder (#6799)
  • Special Thanks: @​danielzhaotongliu

Bug Fixes

• client: correctly enable TCP keepalives with OS defaults on windows (#6863)
  • Special Thanks: @​mmatczuk
• server: change some stream operations to return UNAVAILABLE instead of UNKNOWN when underlying connection is broken (#6891)
  • Special Thanks: @​mustafasen81
• server: fix GracefulStop to block until all method handlers return (v1.60 regression). (#6922)
• server: fix two bugs that could lead to panics at shutdown when using NumStreamWorkers (EXPERIMENTAL). (#6856)
• reflection: do not send invalid descriptors to clients for files that cannot be fully resolved (#6771)
  • Special Thanks: @​jhump
• xds: don't fail channel/server startup when xds creds is specified, but bootstrap is missing certificate providers (#6848)
• xds: Atomically read and write xDS security configuration client side (#6796)
• xds/server: fix RDS handling for non-inline route configs (#6915)

Commits

• c6e7f04 Change version to 1.61.1 (#6981)
• dbd4cbc cherry-pick #6977 to 1.61.x release branch (#6980)
• 57ed608 Change version to 1.61.1-dev (#6937)
• 8167bc3 Change version to 1.61.0 (#6936)
• 52e2363 test/xds: Use different import path for gRPC Messages (#6933)
• 67e50be transport: Remove redundant if in handleGoAway (#6930)
• e96f521 alts: Extract AuthInfo after handshake in ALTS e2e test. (#6931)
• 987df13 metadata: move FromOutgoingContextRaw() to internal (#6765)
• 61eab37 server: block GracefulStop on method handlers and make blocking optional for ...
• ddd377f xds/server: fix RDS handling for non-inline route configs (#6915)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.