Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Bump the go_modules group with 12 updates #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): Bump the go_modules group with 12 updates #19

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 19, 2024

Bumps the go_modules group with 12 updates:

Package From To
github.com/docker/docker 24.0.6+incompatible 24.0.9+incompatible
github.com/jackc/pgx/v4 4.18.1 4.18.2
github.com/nats-io/nats-server/v2 2.9.9 2.9.23
golang.org/x/crypto 0.14.0 0.20.0
golang.org/x/net 0.17.0 0.21.0
google.golang.org/protobuf 1.31.0 1.33.0
github.com/cloudevents/sdk-go/v2 2.14.0 2.15.2
github.com/containerd/containerd 1.7.6 1.7.11
github.com/dvsekhvalnov/jose2go 1.5.0 1.6.0
github.com/jackc/pgproto3/v2 2.3.2 2.3.3
github.com/nats-io/nkeys 0.4.5 0.4.6
github.com/opencontainers/runc 1.1.5 1.1.12

Updates github.com/docker/docker from 24.0.6+incompatible to 24.0.9+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.9

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity
CVE-2024-21626 runc 1.1.12 High, CVSS 8.6
CVE-2024-24557 Docker Engine 24.0.9 Medium, CVSS 6.9

Important ⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

Packaging updates

v24.0.8

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857

... (truncated)

Commits
  • fca702d Merge pull request from GHSA-xw73-rw38-6vjc
  • f78a772 Merge pull request #47281 from thaJeztah/24.0_backport_bump_containerd_binary...
  • 61afffe Merge pull request #47270 from thaJeztah/24.0_backport_bump_runc_binary_1.1.12
  • b38e74c Merge pull request #47276 from thaJeztah/24.0_backport_bump_runc_1.1.12
  • dac5663 update containerd binary to v1.7.13
  • 20e1af3 vendor: github.com/opencontainers/runc v1.1.12
  • 858919d update runc binary to v1.1.12
  • 141ad39 Merge pull request #47266 from vvoland/ci-fix-makeps1-templatefail-24
  • db968c6 hack/make.ps1: Fix go list pattern
  • 61c51fb Merge pull request #47221 from vvoland/pkg-pools-close-noop-24
  • Additional commits viewable in compare view

Updates github.com/jackc/pgx/v4 from 4.18.1 to 4.18.2

Changelog

Sourced from github.com/jackc/pgx/v4's changelog.

4.18.2 (March 4, 2024)

Fix CVE-2024-27289

SQL injection can occur when all of the following conditions are met:

  1. The non-default simple protocol is used.
  2. A placeholder for a numeric value must be immediately preceded by a minus.
  3. There must be a second placeholder for a string value after the first placeholder; both must be on the same line.
  4. Both parameter values must be user-controlled.

Thanks to Paul Gerste for reporting this issue.

Fix CVE-2024-27304

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Thanks to Paul Gerste for reporting this issue.

  • Fix *dbTx.Exec not checking if it is already closed
Commits
  • 14690df Update changelog
  • 779548e Update required Go version to 1.17
  • 80e9662 Update github.com/jackc/pgconn to v1.14.3
  • 0bf9ac3 Fix erroneous test case
  • f94eb0e Always wrap arguments in parentheses in the SQL sanitizer
  • 826a892 Fix SQL injection via line comment creation in simple protocol
  • 7d882f9 Fix *dbTx.Exec not checking if it is already closed
  • 1d07b8b go mod tidy
  • See full diff in compare view

Updates github.com/nats-io/nats-server/v2 from 2.9.9 to 2.9.23

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.9.23

Changelog

Go Version

  • 1.20.10

Fixed

Accounts

  • Prevent bypassing authorization block when enabling system account access in accounts block (#4605). Backport from v2.10.2

Leafnodes

  • Prevent a leafnode cluster from receiving a message multiple times in a queue subscription (#4578). Backport from v2.10.2

JetStream

  • Hold lock when calculating the first message for subject in a message block (#4531). Backport from v2.10.0
  • Add self-healing mechanism to detect and delete orphaned Raft groups (#4647). Backport from v2.10.0
  • Prevent forward proposals in consumers after scaling down a stream (#4647). Backport from v2.10.0
  • Fix race condition during leader failover scenarios resulting in potential duplicate messages being sourced (#4592). Backport from v2.10.2

Complete Changes

nats-io/nats-server@v2.9.22...v2.9.23

Release v2.9.22

Changelog

Go Version

  • 1.20.8 (updated out-of-cycle since Go 1.19 is now EOL)

Dependencies

  • github.com/nats-io/jwt/v2 v2.5.0
  • golang.org/x/crypto v0.12.0
  • golang.org/x/sys v0.11.0

Improved

Monitoring

  • CORS Allow-Origin passthrough for monitoring server (#4423) Thanks to @​mdawar for the contribution!

JetStream

  • Improve consumer scaling reliability with filters and cluster restart (#4404)
  • Send event on lame duck mode (LDM) to avoid placing assets on shutting down nodes (#4405)
  • Skip filestore tombstones if downgrade from 2.10 occurs (#4452)
  • Adjust delivered and waiting count when consumer message delivery fails (#4472)

Fixed

Config

  • Allow empty configs and fix JSON compatibility (#4394, #4418)
  • Remove TLS OCSP debug log on reload (#4453)

... (truncated)

Commits
  • 45436e1 Release v2.9.23 (#4652)
  • 72ffa38 Release v2.9.23
  • 05fe77f Backport #4592 to 2.9 (#4651)
  • 6a73e68 [2.9.x] Bump Travis Go version to 1.20.10 (#4650)
  • 8b981a2 Backports from v2.10 for v2.9.23 release (#4647)
  • 28eb7c0 Only setup auto no-auth for $G account iff no authorization block was defined.
  • 9f16edd Make sure to not forward a message across a route for dq sub when we are a sp...
  • 0ac7895 Add in utility to detect and delete any NRG orphans.
  • 50722e9 When scaling a consumer down make sure to pop the loopAndForwardProposals go ...
  • 770cf2e Backport JetStream benchmarks improvements to 2.9.x (#4644)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.14.0 to 0.20.0

Commits
  • 0aab8d0 all: update go.mod x/net dependency
  • 5bead59 ocsp: don't use iota for externally defined constants
  • 1a86580 x/crypto/internal/poly1305: improve sum_ppc64le.s
  • 1c981e6 ssh/test: don't use DSA keys in integrations tests, update test RSA key
  • 62c9f17 x509roots/nss: manually exclude a confusingly constrained root
  • 405cb3b go.mod: update golang.org/x dependencies
  • 913d3ae x509roots/fallback: update bundle
  • dbb6ec1 ssh/test: skip tests on darwin that fail on the darwin-amd64-longtest LUCI bu...
  • 403f699 ssh/test: avoid leaking a net.UnixConn in server.TryDialWithAddr
  • 055043d go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.17.0 to 0.21.0

Commits
  • 73d21fd go.mod: update golang.org/x dependencies
  • 643fd16 html: fix SOLIDUS '/' handling in attribute parsing
  • 73e4b50 dns/dnsmessage: allow name compression for SRV resource parsing
  • b2208d0 internal/quic/qlog: fix typo
  • 0d0b98c http2: avoid goroutine starvation in TestServer_Push_RejectAfterGoAway
  • 07e05fd http2: remove suspicious uint32->v conversion in frame code
  • 26b646e quic: avoid deadlock in Endpoint.Close
  • cb5b10f go.mod: update golang.org/x dependencies
  • 689bbc7 quic: deflake TestStreamsCreateConcurrency
  • f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

  • Patch for a potential security issue. See CVE-2024-28110.
  • Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

Release v2.15.1

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits
  • de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
  • c5f8d9d Update v2/protocol/http/protocol.go
  • c17d949 Avoid modifying the DefaultClient's Transport
  • 67e3899 Merge pull request #1020 from duglin/oops
  • f0061e0 oops
  • 4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
  • b6949b0 Bump the bundler group across 1 directories with 1 update
  • df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
  • 1af6e06 Bump golangci/golangci-lint-action from 3 to 4
  • 2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
  • Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.6 to 1.7.11

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.11

Welcome to the v1.7.11 release of containerd!

The eleventh patch release for containerd 1.7 contains various fixes and updates including one security issue.

Notable Updates

  • Fix Windows default path overwrite issue (#9440)
  • Update push to always inherit distribution sources from parent (#9452)
  • Update shim to use net dial for gRPC shim sockets (#9458)
  • Fix otel version incompatibility (#9483)
  • Fix Windows snapshotter blocking snapshot GC on remove failure (#9482)
  • Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

  • Emit deprecation warning for AUFS snapshotter (#9436)
  • Emit deprecation warning for v1 runtime (#9450)
  • Emit deprecation warning for deprecated CRI configs (#9469)
  • Emit deprecation warning for CRI v1alpha1 usage (#9479)
  • Emit deprecation warning for CRIU config in CRI (#9481)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Samuel Karp
  • Derek McGowan
  • Phil Estes
  • Bjorn Neergaard
  • Danny Canter
  • Sebastiaan van Stijn
  • ruiwen-zhao
  • Akihiro Suda
  • Amit Barve
  • Charity Kathure
  • Maksym Pavlenko
  • Milas Bowman
  • Paweł Gronowski
  • Wei Fu

Changes

  • [release/1.7] Prepare release notes for v1.7.11 (#9491)

... (truncated)

Changelog

Sourced from github.com/containerd/containerd's changelog.

Versioning and Release

This document details the versioning and release plan for containerd. Stability is a top goal for this project, and we hope that this document and the processes it entails will help to achieve that. It covers the release process, versioning numbering, backporting, API stability and support horizons.

If you rely on containerd, it would be good to spend time understanding the areas of the API that are and are not supported and how they impact your project in the future.

This document will be considered a living document. Supported timelines, backport targets and API stability guarantees will be updated here as they change.

If there is something that you require or this document leaves out, please reach out by filing an issue.

Releases

Releases of containerd will be versioned using dotted triples, similar to Semantic Version. For the purposes of this document, we will refer to the respective components of this triple as <major>.<minor>.<patch>. The version number may have additional information, such as alpha, beta and release candidate qualifications. Such releases will be considered "pre-releases".

Major and Minor Releases

Major and minor releases of containerd will be made from main. Releases of containerd will be marked with GPG signed tags and announced at https://github.com/containerd/containerd/releases. The tag will be of the format v<major>.<minor>.<patch> and should be made with the command git tag -s v<major>.<minor>.<patch>.

After a minor release, a branch will be created, with the format release/<major>.<minor> from the minor tag. All further patch releases will be done from that branch. For example, once we release v1.0.0, a branch release/1.0 will be created from that tag. All future patch releases will be done against that branch.

Pre-releases

Pre-releases, such as alphas, betas and release candidates will be conducted from their source branch. For major and minor releases, these releases will be done from main. For patch releases, these pre-releases should be done within the corresponding release branch.

While pre-releases are done to assist in the stabilization process, no guarantees are provided.

... (truncated)

Commits

Updates github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0

Commits

Updates github.com/jackc/pgproto3/v2 from 2.3.2 to 2.3.3

Commits

Updates github.com/nats-io/nkeys from 0.4.5 to 0.4.6

Release notes

Sourced from github.com/nats-io/nkeys's releases.

v0.4.6

What's Changed

Full Changelog: nats-io/nkeys@v0.4.5...v0.4.6

Commits
  • 62e5d8c Merge pull request #60 from nats-io/0_4_6
  • f63761b [BUMP] release version and dependencies
  • d2e442e Merge pull request #59 from nats-io/empty
  • 58fb9d6 Make sure to use byte slice to receive proper copy, otherwise empty public ke...
  • See full diff in compare view

Updates github.com/opencontainers/runc from 1.1.5 to 1.1.12

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1.12 -- "Now you're thinking with Portals™!"

This is the twelfth patch release in the 1.1.z release branch of runc. It fixes a high-severity container breakout vulnerability involving leaked file descriptors, and users are strongly encouraged to update as soon as possible.

  • Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process).

    In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again.

    Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.12] - 2024-01-31

Now you're thinking with Portals™!

Security

  • Fix CVE-2024-21626, a container breakout attack that took advantage of a file descriptor that was leaked internally within runc (but never leaked to the container process). In addition to fixing the leak, several strict hardening measures were added to ensure that future internal leaks could not be used to break out in this manner again. Based on our research, while no other container runtime had a similar leak, none had any of the hardening steps we've introduced (and some runtimes would not check for any file descriptors that a calling process may have leaked to them, allowing for container breakouts due to basic user error).

[1.1.11] - 2024-01-01

Happy New Year!

Fixed

Changed

  • Support memory.peak and memory.swap.peak in cgroups v2. Add swapOnlyUsage in MemoryStats. This field reports swap-only usage. For cgroupv1, Usage and Failcnt are set by subtracting memory usage from memory+swap usage. For cgroupv2, Usage, Limit, and MaxUsage are set. (#4000, #4010, #4131)
  • build(deps): bump github.com/cyphar/filepath-securejoin. (#4140)

[1.1.10] - 2023-10-31

Śruba, przykręcona we śnie, nie zmieni sytuacji, jaka panuje na jawie.

Added

  • Support for hugetlb.<pagesize>.rsvd limiting and accounting. Fixes the issue of postres failing when hugepage limits are set. (#3859, #4077)

Fixed

  • Fixed permissions of a newly created directories to not depend on the value of umask in tmpcopyup feature implementation. (#3991, #4060)
  • libcontainer: cgroup v1 GetStats now ignores missing kmem.limit_in_bytes (fixes the compatibility with Linux kernel 6.1+). (#4028)

... (truncated)

Commits
  • 51d5e94 VERSION: release 1.1.12
  • 2a4ed3e merge 1.1-GHSA-xr7r-f8xq-vfvv into release-1.1
  • e9665f4 init: don't special-case logrus fds
  • 683ad2f libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
  • b6633f4 cgroup: plug leaks of /sys/fs/cgroup handle
  • 284ba30 init: close internal fds before execve
  • fbe3eed setns init: do explicit lookup of execve argument early
  • 0994249 init: verify after chdir that cwd is inside the container
  • 506552a Fix File to Close
  • 099ff69 merge #4177 into opencontainers/runc:release-1.1
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): Bump the go_modules group with 12 updates
ac7b9cb 
Bumps the go_modules group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/docker/docker](https://github.com/docker/docker) | `24.0.6+incompatible` | `24.0.9+incompatible` |
| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.18.1` | `4.18.2` |
| [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) | `2.9.9` | `2.9.23` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.14.0` | `0.20.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.17.0` | `0.21.0` |
| google.golang.org/protobuf | `1.31.0` | `1.33.0` |
| [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) | `2.14.0` | `2.15.2` |
| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.6` | `1.7.11` |
| [github.com/dvsekhvalnov/jose2go](https://github.com/dvsekhvalnov/jose2go) | `1.5.0` | `1.6.0` |
| [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3) | `2.3.2` | `2.3.3` |
| [github.com/nats-io/nkeys](https://github.com/nats-io/nkeys) | `0.4.5` | `0.4.6` |
| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.1.5` | `1.1.12` |


Updates `github.com/docker/docker` from 24.0.6+incompatible to 24.0.9+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.6...v24.0.9)

Updates `github.com/jackc/pgx/v4` from 4.18.1 to 4.18.2
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md)
- [Commits](jackc/pgx@v4.18.1...v4.18.2)

Updates `github.com/nats-io/nats-server/v2` from 2.9.9 to 2.9.23
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/.goreleaser.yml)
- [Commits](nats-io/nats-server@v2.9.9...v2.9.23)

Updates `golang.org/x/crypto` from 0.14.0 to 0.20.0
- [Commits](golang/crypto@v0.14.0...v0.20.0)

Updates `golang.org/x/net` from 0.17.0 to 0.21.0
- [Commits](golang/net@v0.17.0...v0.21.0)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `github.com/cloudevents/sdk-go/v2` from 2.14.0 to 2.15.2
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](cloudevents/sdk-go@v2.14.0...v2.15.2)

Updates `github.com/containerd/containerd` from 1.7.6 to 1.7.11
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.6...v1.7.11)

Updates `github.com/dvsekhvalnov/jose2go` from 1.5.0 to 1.6.0
- [Commits](dvsekhvalnov/jose2go@v1.5...v1.6.0)

Updates `github.com/jackc/pgproto3/v2` from 2.3.2 to 2.3.3
- [Commits](jackc/pgproto3@v2.3.2...v2.3.3)

Updates `github.com/nats-io/nkeys` from 0.4.5 to 0.4.6
- [Release notes](https://github.com/nats-io/nkeys/releases)
- [Changelog](https://github.com/nats-io/nkeys/blob/main/.goreleaser.yml)
- [Commits](nats-io/nkeys@v0.4.5...v0.4.6)

Updates `github.com/opencontainers/runc` from 1.1.5 to 1.1.12
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.1.5...v1.1.12)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/cloudevents/sdk-go/v2
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/containerd/containerd
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/dvsekhvalnov/jose2go
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/jackc/pgproto3/v2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/nats-io/nkeys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 19, 2024
@dependabot dependabot bot mentioned this pull request Apr 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants