Bump the go group with 15 updates

[dependabot]

Bumps the go group with 15 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2/feature/s3/manager	1.17.9	1.17.10
github.com/aws/aws-sdk-go-v2/service/ecr	1.31.0	1.32.0
github.com/aws/aws-sdk-go-v2/service/s3	1.58.2	1.58.3
github.com/containers/image/v5	5.32.0	5.32.1
github.com/mikefarah/yq/v4	4.44.2	4.44.3
github.com/mittwald/go-helm-client	0.12.10	0.12.12
github.com/onsi/ginkgo/v2	2.19.1	2.20.0
github.com/onsi/gomega	1.34.0	1.34.1
github.com/sigstore/cosign/v2	2.3.0	2.4.0
github.com/sigstore/sigstore	1.8.7	1.8.8
golang.org/x/exp	0.0.0-20240613232115-7f521ea00fb8	0.0.0-20240719175910-8a7402abbf56
golang.org/x/mod	0.19.0	0.20.0
golang.org/x/net	0.27.0	0.28.0
golang.org/x/oauth2	0.21.0	0.22.0
golang.org/x/text	0.16.0	0.17.0

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.17.9 to 1.17.10

Commits

• 08f1f0b Release 2022-10-24
• 0e1e20e Regenerated Clients
• 281c268 Update SDK's smithy-go dependency to v1.13.4
• db7c0a3 Update endpoints model
• 1eae80d Update API model
• 17628c4 EC2 IMDS client logging fixes (#1891)
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.31.0 to 1.32.0

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/service/ecr's changelog.

Release (2023-04-19)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/comprehend: v1.24.0
  • Feature: This release supports native document models for custom classification, in addition to plain-text models. You train native document models using documents (PDF, Word, images) in their native format.
• github.com/aws/aws-sdk-go-v2/service/ecs: v1.26.0
  • Feature: This release supports the Account Setting "TagResourceAuthorization" that allows for enhanced Tagging security controls.
• github.com/aws/aws-sdk-go-v2/service/ram: v1.18.0
  • Feature: This release adds support for customer managed permissions. Customer managed permissions enable customers to author and manage tailored permissions for resources shared using RAM.
• github.com/aws/aws-sdk-go-v2/service/rds: v1.43.1
  • Documentation: Adds support for the ImageId parameter of CreateCustomDBEngineVersion to RDS Custom for Oracle
• github.com/aws/aws-sdk-go-v2/service/s3: v1.32.0
  • Feature: Provides support for "Snow" Storage class.
• github.com/aws/aws-sdk-go-v2/service/secretsmanager: v1.19.4
  • Documentation: Documentation updates for Secrets Manager

Release (2023-04-17)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/appflow: v1.26.0
  • Feature: This release adds a Client Token parameter to the following AppFlow APIs: Create/Update Connector Profile, Create/Update Flow, Start Flow, Register Connector, Update Connector Registration. The Client Token parameter allows idempotent operations for these APIs.
• github.com/aws/aws-sdk-go-v2/service/drs: v1.13.0
  • Feature: Changed existing APIs and added new APIs to support using an account-level launch configuration template with AWS Elastic Disaster Recovery.
• github.com/aws/aws-sdk-go-v2/service/dynamodb: v1.19.5
  • Documentation: Documentation updates for DynamoDB API
• github.com/aws/aws-sdk-go-v2/service/emrserverless: v1.7.0
  • Feature: The GetJobRun API has been updated to include the job's billed resource utilization. This utilization shows the aggregate vCPU, memory and storage that AWS has billed for the job run. The billed resources include a 1-minute minimum usage for workers, plus additional storage over 20 GB per worker.
• github.com/aws/aws-sdk-go-v2/service/internetmonitor: v1.2.0
  • Feature: This release includes a new configurable value, TrafficPercentageToMonitor, which allows users to adjust the amount of traffic monitored by percentage
• github.com/aws/aws-sdk-go-v2/service/iotwireless: v1.27.0
  • Feature: Supports the new feature of LoRaWAN roaming, allows to configure MaxEirp for LoRaWAN gateway, and allows to configure PingSlotPeriod for LoRaWAN multicast group
• github.com/aws/aws-sdk-go-v2/service/lambda: v1.33.0
  • Feature: Add Python 3.10 (python3.10) support to AWS Lambda

Release (2023-04-14)

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/ecs: v1.25.1
  • Documentation: This release supports ephemeral storage for AWS Fargate Windows containers.
• github.com/aws/aws-sdk-go-v2/service/lambda: v1.32.0
  • Feature: This release adds SnapStart related exceptions to InvokeWithResponseStream API. IAM access related documentation is also added for this API.
• github.com/aws/aws-sdk-go-v2/service/migrationhubrefactorspaces: v1.9.8
  • Documentation: Doc only update for Refactor Spaces environments without network bridge feature.
• github.com/aws/aws-sdk-go-v2/service/rds: v1.43.0

... (truncated)

Commits

• 86ce13f Release 2023-04-19
• e607ef1 Regenerated Clients
• 0135839 Update endpoints model
• b3bd75c Update API model
• b3d01a6 Release 2023-04-17
• 30a2730 Regenerated Clients
• 7c3afda Update endpoints model
• 749f0c8 Update API model
• b83b305 Release 2023-04-14
• cdcc36a Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.58.2 to 1.58.3

Commits

• 5102c2e Release 2024-08-02
• 001b1fd Regenerated Clients
• 0897137 Update API model
• a274795 add assurance tests for auth scheme select (#2730)
• 2d43bf8 Release 2024-08-01
• 5bd193d Regenerated Clients
• 5954703 Update API model
• 0c73d2b Release 2024-07-30
• 3102b1f Regenerated Clients
• 348b939 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.32.0 to 5.32.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.32.1

What's Changed

• Bump c/storage to v1.55.0, c/image to v5.32.0 by @​TomSweeneyRedHat in containers/image#2495
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5 by @​renovate in containers/image#2496
• Record (TOC digest → DiffID) mapping in BlobInfoCache by @​mtrmac in containers/image#2321
• Revamp codespell by @​kolyshkin in containers/image#2498
• fix(deps): update module golang.org/x/oauth2 to v0.22.0 by @​renovate in containers/image#2501
• fix(deps): update module golang.org/x/sync to v0.8.0 by @​renovate in containers/image#2502
• manifest: LayerInfos: preallocate the slice by @​kolyshkin in containers/image#2499
• zstd:chunked refactoring for early review by @​mtrmac in containers/image#2503
• fix(deps): update module golang.org/x/crypto to v0.26.0 by @​renovate in containers/image#2504
• Record zstd:chunked format, and annotations, in BlobInfoCache by @​mtrmac in containers/image#2487

Full Changelog: containers/image@v5.32.0...v5.32.1

Commits

• 1064a5a Release 5.32.1
• c7233ee Merge remote-tracking branch 'upstream/main' into HEAD
• 5af61e0 Bump to 5.32.1-dev
• 8c7c58c Merge pull request #2487 from mtrmac/chunked-bic2
• 3d38dae Detect zstd:chunked format in source blobs
• ac2ca25 Allow dockerImageDestination to reuse zstd:chunked blobs
• 243b49d Extend private.ReusedBlob to allow zstd:chunked reuses
• 76af27c Record the specific variant, and TOC annotations, for blobs we compress
• f9d27e8 Add digest -> specific variant, annotation data to BIC
• 5dcb348 Fix a comment
• Additional commits viewable in compare view

Updates github.com/mikefarah/yq/v4 from 4.44.2 to 4.44.3

Release notes

Sourced from github.com/mikefarah/yq/v4's releases.

v4.44.3

• Fixed upper-case file extension detection, Thanks @​ryenus (#2121)
• Log printing follow no-colors flag #2082
• Skip and warn when interpolating strings and theres a unclosed bracket #2083
• Fixed CSV content starting with # issue #2076
• Bumped dependencies

Changelog

Sourced from github.com/mikefarah/yq/v4's changelog.

4.44.3:

• Fixed upper-case file extension detection, Thanks @​ryenus (#2121)
• Log printing follow no-colors flag #2082
• Skip and warn when interpolating strings and theres a unclosed bracket #2083
• Fixed CSV content starting with # issue #2076
• Bumped dependencies

Commits

• bbdd974 Bumping version
• 9940668 Preparing release
• 95aacce Add Flox to installation methods (#2117)
• b9c3ff6 convert file ext to lowercase for format detection (#2121)
• b80e1cb Use static bin in snap (#2090)
• 0ff8415 Bump golang.org/x/net from 0.26.0 to 0.27.0 (#2099)
• e8dcf3f Bump github.com/goccy/go-yaml from 1.11.3 to 1.12.0 (#2108)
• 208302c Bump golang from 1.22.4 to 1.22.5 (#2091)
• ef6fb92 Log printing follow no-colors flag #2082
• 28646c7 Skip and warn when interpolating strings and theres a unclosed bracket #2083
• Additional commits viewable in compare view

Updates github.com/mittwald/go-helm-client from 0.12.10 to 0.12.12

Release notes

Sourced from github.com/mittwald/go-helm-client's releases.

v0.12.12

What's Changed

• replace experimental slices pkg in favour of the stdlib one by @​tariq1890 in mittwald/go-helm-client#212
• fix go mod file by @​tariq1890 in mittwald/go-helm-client#213
• remove pkg/errors import in favour of stdlib errors by @​tariq1890 in mittwald/go-helm-client#211

Full Changelog: mittwald/go-helm-client@v0.12.11...v0.12.12

v0.12.11

What's Changed

• feat: add support for using reset-then-reuse-values flag by @​pbalogh-sa in mittwald/go-helm-client#205

New Contributors

• @​pbalogh-sa made their first contribution in mittwald/go-helm-client#205

Full Changelog: mittwald/go-helm-client@v0.12.10...v0.12.11

Commits

• 9278c2f Merge pull request #211 from tariq1890/no-pkg-errors
• 67a43ec Merge branch 'master' into no-pkg-errors
• ee0d3c4 Merge pull request #212 from tariq1890/no-exp-slices
• b4ba8cd remove pkg/errors import in favour of stdlib errors
• a874dd3 replace experimental slices pkg in favour of the stdlib one
• 056c02c fix go mod file
• 5d801cb Merge pull request #205 from pbalogh-sa/support-reset-then-reuse-values
• f1d25ae Merge branch 'master' into support-reset-then-reuse-values
• f453a7e feat: add support for using reset-then-reuse-values flag
• See full diff in compare view

Updates github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.20.0

2.20.0

Features

• Add buildvcs flag [be5ab95]

Maintenance

• Add update-deps to makefile [d303d14]
• bump all dependencies [7a50221]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.20.0

Features

• Add buildvcs flag [be5ab95]

Maintenance

• Add update-deps to makefile [d303d14]
• bump all dependencies [7a50221]

Commits

• 265b1a0 v2.20.0
• d303d14 Add update-deps to makefile
• 7a50221 bump all dependencies
• be5ab95 Add buildvcs flag
• See full diff in compare view

Updates github.com/onsi/gomega from 1.34.0 to 1.34.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.1

1.34.1

Maintenance

• Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.1

Maintenance

• Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

Commits

• fa057b8 v1.34.1
• 5e71dcd Use slices from exp/slices to keep golang 1.20 compat
• See full diff in compare view

Updates github.com/sigstore/cosign/v2 from 2.3.0 to 2.4.0

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.4.0 begins the modernization of the Cosign client, which includes:

• Support for the newer Sigstore specification-compliant bundle format
• Support for providing trust roots (e.g. Fulcio certificates, Rekor keys) through a trust root file, instead of many different flags
• Conformance test suite integration to verify signing and verification behavior

In future updates, we'll include:

• General support for the trust root file, instead of only when using the bundle format during verification
• Simplification of trust root flags and deprecation of the Cosign-specific bundle format
• Bundle support with container signing

We have also moved nightly Cosign container builds to GHCR instead of GCR.

Features

• Add new bundle support to verify-blob and verify-blob-attestation (#3796)
• Adding protobuf bundle support to sign-blob and attest-blob (#3752)
• Bump sigstore/sigstore to support email_verified as string or boolean (#3819)
• Conformance testing for cosign (#3806)
• move incremental builds per commit to GHCR instead of GCR (#3808)
• Add support for recording creation timestamp for cosign attest (#3797)
• Include SCT verification failure details in error message (#3799)

Contributors

• Bob Callaway
• Hayden B
• Slavek Kabrda
• Zach Steindler
• Zsolt Horvath

Full Changelog: sigstore/cosign@v2.3.0...v2.4.0

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.4.0

v2.4.0 begins the modernization of the Cosign client, which includes:

• Support for the newer Sigstore specification-compliant bundle format
• Support for providing trust roots (e.g. Fulcio certificates, Rekor keys) through a trust root file, instead of many different flags
• Conformance test suite integration to verify signing and verification behavior

In future updates, we'll include:

• General support for the trust root file, instead of only when using the bundle format during verification
• Simplification of trust root flags and deprecation of the Cosign-specific bundle format
• Bundle support with container signing

We have also moved nightly Cosign container builds to GHCR instead of GCR.

Features

• Add new bundle support to verify-blob and verify-blob-attestation (#3796)
• Adding protobuf bundle support to sign-blob and attest-blob (#3752)
• Bump sigstore/sigstore to support email_verified as string or boolean (#3819)
• Conformance testing for cosign (#3806)
• move incremental builds per commit to GHCR instead of GCR (#3808)
• Add support for recording creation timestamp for cosign attest (#3797)
• Include SCT verification failure details in error message (#3799)

Contributors

• Bob Callaway
• Hayden B
• Slavek Kabrda
• Zach Steindler
• Zsolt Horvath

Commits

• b5e7dc1 Add login for GHCR (#3820)
• c346825 Bump sigstore/sigstore (#3819)
• fd0368a Conformance testing for cosign (#3806)
• 2387b50 chore(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 (#3815)
• be43902 move incremental builds per commit to GHCR instead of GCR (#3808)
• d0492cf chore(deps): bump github.com/buildkite/agent/v3 from 3.75.1 to 3.76.2 (#3813)
• e3a3914 chore(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (#3814)
• 7bac5e9 tidy up validate release script (#3817)
• 983a368 chore(deps): bump go.step.sm/crypto from 0.50.0 to 0.51.1 (#3812)
• 71a4952 chore(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#3811)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.7 to 1.8.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.8

What's Changed

• Fixes issue in Device access token request by @​rishabhsvats in sigstore/sigstore#1752
• Support email_verified as a String by @​sabre1041 in sigstore/sigstore#1794
• Dependency updates

Full Changelog: sigstore/sigstore@v1.8.7...v1.8.8

Commits

• 7053232 build(deps): Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#1796)
• dd948da build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1797)
• 7cc4a3e build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp
• 9584c8e build(deps): Bump dexidp/dex in /test/e2e in the all group
• 5b69695 build(deps): Bump github.com/aws/aws-sdk-go
• 54745c6 build(deps): Bump the all group with 2 updates
• 0a54fea Support email_verified as a String (#1794)
• 89b9585 Fixes issue in Device access token request (#1752)
• 562745e build(deps): Bump localstack/localstack in /test/e2e in the all group
• 516ef6e build(deps): Bump github.com/aws/aws-sdk-go in /pkg/signature/kms/aws
• Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20240613232115-7f521ea00fb8 to 0.0.0-20240719175910-8a7402abbf56

Commits

• See full diff in compare view

Updates golang.org/x/mod from 0.19.0 to 0.20.0

Commits

• bc151c4 README: fix link to x/tools
• d1f873e modfile: fix Cleanup clobbering Line reference
• b56a28f modfile: Add support for tool lines
• 79169e9 LICENSE: update per Google Legal
• See full diff in compare view

Updates golang.org/x/net from 0.27.0 to 0.28.0

Commits

• 4542a42 go.mod: update golang.org/x dependencies
• 765c7e8 xsrftoken: create no padding base64 string by RawURLEncoding
• 032e4e4 LICENSE: update per Google Legal
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.21.0 to 0.22.0

Commits

• 6d8340f LICENSE: update per Google Legal
• See full diff in compare view

Updates golang.org/x/text from 0.16.0 to 0.17.0

Commits

• b2bec85 go.mod: update golang.org/x dependencies
• ae0cf96 LICENSE: update per Google Legal
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Mend Scan Summary: ❌

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	4
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	2
HIGH RISK LICENSES	10
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

[ocmbot]

Integration Tests for 4a1aa4f run with result: Success ✅!