build(deps): bump the go group with 16 updates

[dependabot]

Bumps the go group with 16 updates:

Package	From	To
code.gitea.io/sdk/gitea	0.15.1	0.18.0
cuelang.org/go	0.7.0	0.8.1
github.com/containers/image/v5	5.29.2	5.30.0
github.com/fluxcd/kustomize-controller/api	1.0.0-rc.3	1.2.2
github.com/fluxcd/pkg/apis/event	0.5.2	0.8.0
github.com/fluxcd/pkg/apis/meta	1.1.2	1.3.0
github.com/fluxcd/pkg/runtime	0.42.0	0.46.0
github.com/fluxcd/pkg/untar	0.2.0	0.3.0
github.com/fluxcd/source-controller/api	1.1.0	1.2.5
github.com/open-component-model/ocm-controller	0.19.0	0.20.1
github.com/teekennedy/goldmark-markdown	0.2.0	0.3.0
github.com/yuin/goldmark	1.4.13	1.5.4
golang.org/x/exp	0.0.0-20240103183307-be819d1f06fc	0.0.0-20240222234643-814bf88cf225
golang.org/x/oauth2	0.16.0	0.18.0
k8s.io/klog/v2	2.110.1	2.120.1
k8s.io/utils	0.0.0-20240102154912-e7106e64919e	0.0.0-20240310230437-4693a0247e57

Updates code.gitea.io/sdk/gitea from 0.15.1 to 0.18.0

Updates cuelang.org/go from 0.7.0 to 0.8.1

Updates github.com/containers/image/v5 from 5.29.2 to 5.30.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.30.0

What's Changed

A fair number of improvements when working with zstd and zstd:chunked-compressed images.

Note that make install now installs policy.json and registries.d/default.yaml.

• Refuse compression to zstd when using schema1 by @​mtrmac in containers/image#2196
• Don't expose local account details in oci-archive tar files by @​mtrmac in containers/image#2202
• Trigger a conversion to OCI when compressing to Zstd by @​mtrmac in containers/image#2204
• Add buildtags to avoid fulcio and rekor dependencies by @​siretart in containers/image#2180
• copy: do not fail if digest mismatches by @​giuseppe in containers/image#1980
• Moving policy.json and default.yaml from containers/skopeo by @​rahilarious in containers/image#2215
• Embrace codespell: config, workflow (to alert when new typos added) and get typos fixed by @​yarikoptic in containers/image#2214
• Fix raspberry pi zero cpu variant recognition by @​lstolcman in containers/image#2086
• storage: validate images converted to zstd:chunked by @​giuseppe in containers/image#2243
• Make blob reuse choices manifest-format-sensitive, and allow conversions when writing to format-agnostic transports by @​mtrmac in containers/image#2213
• Edit the manifest when pushing uncompressed data from c/storage by @​mtrmac in containers/image#2273
• Random storage-related cleanups by @​mtrmac in containers/image#2287
• Improve storage transport documentation, primarily about locking by @​mtrmac in containers/image#2291
• Fix c/storage destination with partial pulls by @​mtrmac in containers/image#2288
• Fix manifest updates when we match a layer by TOC digest by @​mtrmac in containers/image#2294
• Cleanly fail when trying to obtain a DiffID of a non-OCI image by @​mtrmac in containers/image#2295
• Beautify TOC-related parts of storageImageSource by @​mtrmac in containers/image#2296
• storage: use the new ApplyStagedLayer interface by @​giuseppe in containers/image#2301
• Also annotate image instances using zstd:chunked as using zstd by @​mtrmac in containers/image#2302
• Support editing ArtifactType, preserve it in lists by @​nalind in containers/image#2304
• Provide data to correctly report throughput on partial pulls by @​mtrmac in containers/image#2308
• Add validation error to digesting reader by @​saschagrunert in containers/image#2312
• Fix handling of errors when fetching layers by URLs by @​mtrmac in containers/image#2310
• Improve handling of zstd vs. zstd:chunked matching by @​mtrmac in containers/image#2317

New Contributors

• @​rahilarious made their first contribution in containers/image#2215
• @​yarikoptic made their first contribution in containers/image#2214
• @​lstolcman made their first contribution in containers/image#2086
• @​bainsy88 made their first contribution in containers/image#2260

Full Changelog: containers/image@v5.29.2...v5.30.0

Commits

• b29bde5 Bump to v5.30.0
• 3cc0bb4 Merge pull request #2328 from containers/renovate/github.com-containers-stora...
• 169d6f5 fix(deps): update module github.com/containers/storage to v1.53.0
• ed96328 Merge pull request #2330 from containers/renovate/golang.org-x-oauth2-0.x
• d097f7f fix(deps): update module golang.org/x/oauth2 to v0.18.0
• 5dbfa1c Merge pull request #2329 from containers/renovate/golang.org-x-crypto-0.x
• 99369af fix(deps): update module golang.org/x/crypto to v0.21.0
• b457769 Merge pull request #2326 from containers/renovate/go-openapi
• 23e4c1d fix(deps): update go-openapi packages
• faa4f4f Merge pull request #2325 from containers/renovate/github.com-stretchr-testify...
• Additional commits viewable in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.0.0-rc.3 to 1.2.2

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.2.2

Changelog

v1.2.2 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.2
• ghcr.io/fluxcd/kustomize-controller:v1.2.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.1

Changelog

v1.2.1 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.1
• ghcr.io/fluxcd/kustomize-controller:v1.2.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.0

Changelog

v1.2.0 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.2.0
• ghcr.io/fluxcd/kustomize-controller:v1.2.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.1.1

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.2.2

Release date: 2024-02-01

This patch release comes with various bug fixes and improvements.

Reconciling empty directories and directories without Kubernetes manifests no longer results in an error. This regressing bug was introduced with the controller upgrade to Kustomize v5.3 and has been fixed in this patch release.

The regression due to which the namespaced objects without a namespace specified resulted in not found error instead of namespace not specified has also been fixed. And the regression due to which Roles and ClusterRoles were reconciled over and over due to the normalization of Roles and ClusterRoles has also been fixed.

In addition, the Kubernetes dependencies have been updated to v1.28.6. Various other dependencies have also been updated to their latest version to patch upstream CVEs.

Lastly, the controller is now built with Go 1.21.

Improvements:

• Update Go to 1.21 #1053
• Various dependency updates #1076 #1074 #1070 #1068 #1065 #1060 #1059 #1051 #1049 #1046 #1044 #1040 #1038

1.2.1

Release date: 2023-12-14

This patch release comes with improvements in logging to provide faster feedback on any HTTP errors encountered while fetching source artifacts.

In addition, the status condition messages are now trimmed to respect the size limit defined by the API.

... (truncated)

Commits

• 7a5ae11 Merge pull request #1077 from fluxcd/release-v1.2.2
• afb9e73 Release v1.2.2
• e5072d5 Add changelog entry for v1.2.2
• 115614b Merge pull request #1076 from fluxcd/backport-1075-to-release/v1.2.x
• 00821eb Update source-controller dependency
• 151e55b Merge pull request #1074 from fluxcd/backport-1072-to-release/v1.2.x
• c575ac2 build(deps): bump the go-deps group with 1 update
• e75aa5f Merge pull request #1070 from fluxcd/backport-1069-to-release/v1.2.x
• ddeda85 build(deps): bump the ci group with 1 update
• 04b1e54 Merge pull request #1068 from fluxcd/backport-1066-to-release/v1.2.x
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.5.2 to 0.8.0

Commits

• 7ef01b0 Merge pull request #442 from blurpy/feature/git_bearer_token
• 659695f Add back support for passphrase protected ssh keys
• 767e771 Validate that basic auth and bearer token cannot be set at the same time
• cbf091c Add test to verify that username from Secret is preferred
• b6c6888 Refactor of NewAuthOptions to only fill the auth options that are relevant
• fef9d6a Add more test scenarios for NewAuthOptions
• 9b9b723 Validate that bearer token is not used over http
• 04d0d48 Add some quick tests of basic auth in client.validateUrl()
• a451505 Support specifying bearerToken for git http token authentication.
• bfb6385 Merge pull request #448 from fluxcd/e2e-ux
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.3.0

Commits

• 31388ce Merge pull request #727 from fluxcd/distribution-up
• 328eb42 Update OCI distribution to v3.0.0-alpha.1
• 7fabcd8 Merge pull request #684 from somtochiama/pull-static-file-oci
• a330445 fix options
• 255f8fc test for static archive
• f155227 refactor test
• 8687514 implement pull static artifact
• 4624208 Merge pull request #726 from fluxcd/deps-kube-v0.28.6
• 30da897 Update dependencies
• 63e3e9c Merge pull request #725 from fluxcd/dependabot/github_actions/ci-f38fbd1956
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.42.0 to 0.46.0

Commits

• cfa07c7 Merge pull request #756 from fluxcd/kustomize-v5.4.0
• 8a7418f Update dependencies to Kustomize v5.4.0
• 159b281 Merge pull request #755 from fluxcd/update-internal-deps-go1.22
• f4ae8e8 Update internal dependencies
• 288cd7a Merge pull request #752 from fluxcd/handle-in-cluster-annotation
• 4971c85 Return a DiffTypeExclude when exclusion annotation is set in cluster
• 46467e7 Merge pull request #754 from fluxcd/update-docker
• 43f36aa Update docker dependencies
• e350b5b Merge pull request #750 from fluxcd/update-deps-go-1.22
• 3ad72d9 Update dependencies to Go 1.22 and Kubernetes 1.29.3
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/untar from 0.2.0 to 0.3.0

Commits

• 5237a0a Merge pull request #80 from fluxcd/gitlab-use-path
• d9ac5fa Split getProjects method into dedicated methods
• 2b42f3f git: drop usage of Name for GitLab operations
• 50807dc Merge pull request #79 from fluxcd/git-update-deps
• 0e910fd Update git dependencies
• 3ae26dc Merge pull request #78 from fluxcd/meta-api-deepcopy
• f622a2b Enable deepcopy gen for meta API
• a77cc48 Merge pull request #77 from fluxcd/kustomize-api
• 0a3c4dd Add make target to generate deepcopy methods
• c9274a8 Introduce Kustomize API group
• Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.2.5

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.2.5

Changelog

v1.2.5 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.5
• ghcr.io/fluxcd/source-controller:v1.2.5

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.4

Changelog

v1.2.4 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.4
• ghcr.io/fluxcd/source-controller:v1.2.4

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.3

Changelog

v1.2.3 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.3
• ghcr.io/fluxcd/source-controller:v1.2.3

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.2

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.2.5

Release date: 2024-04-04

This patch release comes with improvements to the HelmChart name validation and adds logging sanitization of connection error messages for Bucket sources.

Fixes:

• Improve chart name validation #1377
• Sanitize URLs for bucket fetch error messages #1430

Improvements:

• Update controller-gen to v0.14.0 #1399

1.2.4

Release date: 2024-02-01

This patch release updates the Kubernetes dependencies to v1.28.6 and various other dependencies to their latest version to patch upstream CVEs.

Improvements:

• Various dependency updates #1362 #1357 #1353 #1347 #1343 #1340 #1338 #1336 #1334

1.2.3

Release date: 2023-12-14

This patch release updates the controller's Helm dependency to v3.13.3.

Improvements:

• Update Helm to v3.13.3 #1325
• helmrepo: Remove migration log/event #1324

1.2.2

... (truncated)

Commits

• b104212 Merge pull request #1433 from fluxcd/release-v1.2.5
• 46012c7 Release v1.2.5
• e34e017 Add changelog entry for v1.2.5
• a32ae7b Merge pull request #1431 from fluxcd/backport-1430-to-release/v1.2.x
• 2026ba8 Sanitize URLs for bucket fetch error messages.
• b364463 Merge pull request #1404 from fluxcd/backport-1399-to-release/v1.2.x
• 43cb79a updating controller-gen to v0.14.0
• 708568d Merge pull request #1381 from fluxcd/backport-1376-to-release/v1.2.x
• 554e863 build(deps): bump the ci group with 6 updates
• 64b8dbe Merge pull request #1379 from fluxcd/backport-1377-to-release/v1.2.x
• Additional commits viewable in compare view

Updates github.com/open-component-model/ocm-controller from 0.19.0 to 0.20.1

Release notes

Sourced from github.com/open-component-model/ocm-controller's releases.

v0.20.1

Release 0.21.0

• fix: Quick hack to address issue 68 - snapshot tag doesn't meet strict semver check (#390)

v0.20.0

Release 0.20.0

• doc: update the documentation to be more thorough (#393)
• add metadata for hyperspace (#394)
• chore: remove personal information (#389)
• chore(deps): bump the ci group with 2 updates (#392)
• feat: add parsing dockerconfigjson and ocm configuration (#391)

Commits

• d6e6aed release: docs for v0.20.1 (#401)
• 7c50983 fix: Quick hack to address issue 68 - snapshot tag doesn't meet strict semver...
• 7af4b5e release: add release docs for 0.20.0 (#399)
• a0166ea doc: update the documentation to be more thorough (#393)
• 7f9b629 add metadata for hyperspace (#394)
• 6f4a565 chore: remove personal information (#389)
• 8b79b01 chore(deps): bump the ci group with 2 updates (#392)
• 8ad97cf feat: add parsing dockerconfigjson and ocm configuration (#391)
• See full diff in compare view

Updates github.com/teekennedy/goldmark-markdown from 0.2.0 to 0.3.0

Commits

• 0cdef01 Fix lint errors
• 96dcd23 Update module to go 1.21
• 1e1dd11 Add tests for custom node renderers
• 0f4d780 renderer: add support for extending node renderers
• a9e5318 Bump gopkg.in/yaml.v3 from 3.0.0-20200313102051-9f266ea9e77c to 3.0.0
• 286638d renderer: add support for ordered list
• 5350b71 Fix typo
• 215f4f5 Use go 1.18, upgrade all workflow actions
• See full diff in compare view

Updates github.com/yuin/goldmark from 1.4.13 to 1.5.4

Commits

• 82ff890 Fix #361
• 550b0c7 Merge pull request #358 from jmooring/issue-357
• c446c41 Add role to global HTML attributes
• 60df4aa Merge pull request #344 from hjr265/patch-1
• a0962b5 Update README.md
• a87c577 Fix #333
• aaeb985 Merge pull request #332 from stefanfritsch/feature-fences
• 34756f2 Add link to goldmark-fences
• c71a97b Fixed bug related newline code
• ae42b91 Fix bug that escaped space not working with Linkfy extension
• Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20240103183307-be819d1f06fc to 0.0.0-20240222234643-814bf88cf225

Commits

• See full diff in compare view

Updates golang.org/x/oauth2 from 0.16.0 to 0.18.0

Commits

• 85231f9 go.mod: update golang.org/x dependencies
• 34a7afa google/externalaccount: add Config.UniverseDomain
• 95bec95 google/externalaccount: moves externalaccount package out of internal and exp...
• ebe81ad go.mod: update golang.org/x dependencies
• adffd94 google/internal/externalaccount: update serviceAccountImpersonationRE to supp...
• deefa7e google/downscope: add DownscopingConfig.UniverseDomain to support TPC
• See full diff in compare view

Updates k8s.io/klog/v2 from 2.110.1 to 2.120.1

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.30 (Take 2)

What's Changed

• textlogger: allow caller to override stack unwinding by @​pohly in kubernetes/klog#397

Full Changelog: kubernetes/klog@v2.120.0...v2.120.1

Prepare klog release for Kubernetes v1.30 (Take 1)

What's Changed

• OWNERS: remove serathius, add mengjiao-liu, promote pohly by @​pohly in kubernetes/klog#394
• docs: clarify relationship between different features by @​pohly in kubernetes/klog#395
• Add SafePtr wrapper by @​kaisoz in kubernetes/klog#393
• logr v1.4.1 + SetSlogLogger by @​pohly in kubernetes/klog#396

New Contributors

• @​kaisoz made their first contribution in kubernetes/klog#393

Full Changelog: kubernetes/klog@v2.110.1...v2.120.0

Commits

• 007e661 textlogger: allow caller to override stack unwinding
• 2d08296 Merge pull request #396 from pohly/slog-helper
• e4deee8 slog: use main logr package instead of logr/slogr
• 5d1d2d5 add SetSlogLogger
• 39afdba dependencies: logr v1.4.1
• 2086216 Merge pull request #393 from kaisoz/add-safeptr
• 881fa0b Add SafePtr wrapper
• 8dd3f2e Merge pull request #395 from pohly/readme-update
• d3dd725 docs: clarify relationship between different features
• 761b630 Merge pull request #394 from pohly/owners-update
• Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20240102154912-e7106e64919e to 0.0.0-20240310230437-4693a0247e57

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Mend Scan Summary: ❌

Repository: open-component-model/mpas-product-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	2
LICENSE RISK HIGH	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.