go.mod: update various minor dependencies #1658
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes a panic when AddGroup isn't called before AddCommand(my-sub-command) is executed Signed-off-by: Sebastiaan van Stijn <[email protected]>
The golang.org/x/ projects now tag releases. full diff: golang/term@f5c789d...v0.1.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
…e27f20d full diff: Shopify/logrus-bugsnag@6dbc35f...577dee2 Signed-off-by: Sebastiaan van Stijn <[email protected]>
This is a dependency for docker/distribution, which does not yet use go modules, so indirect dependencies aren't updated automatically. image-spec v1.0.2 contains mitigations for CVE-2021-41190. full diff: opencontainers/image-spec@v1.0.1...v1.0.2 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: distribution/distribution@v2.7.1...v2.8.1 Signed-off-by: Sebastiaan van Stijn <[email protected]>
updating the indirect dependency to match other projects; this version adds a go.mod; matttproud/golang_protobuf_extensions@v1.0.1...v1.0.2 Signed-off-by: Sebastiaan van Stijn <[email protected]>
|
@justincormack ptal 🤗 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates most dependencies to a more current version, better reflecting
the versions of these dependencies that are used in code consuming the notary
module. By updating, we're able to verify that the code in this repository doesn't
break with the newer versions.
There's a couple more dependencies to update, but some of those may require local
changes, so doing that separately.
I split the updates into many commits, picking an order of updates that allowed
for individual dependencies to be updated (using a different order often led to
many dependencies to be updated at once, which makes reviewing the changes more
difficult). I included a link to the "full" diff for each update to assist in
reviewing as well.
go.mod: github.com/spf13/cobra v1.6.1
Fixes a panic when AddGroup isn't called before AddCommand(my-sub-command) is executed
full diff: spf13/cobra@v1.6.0...v1.6.1
go.mod: golang.org/x/term v0.1.0
The golang.org/x/ projects now tag releases.
full diff: golang/term@f5c789d...v0.1.0
go.mod: github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
full diff: Shopify/logrus-bugsnag@6dbc35f...577dee2
go.mod: github.com/opencontainers/image-spec v1.0.2
This is a dependency for docker/distribution, which does not yet use go modules,
so indirect dependencies aren't updated automatically.
image-spec v1.0.2 contains mitigations for CVE-2021-41190.
full diff: opencontainers/image-spec@v1.0.1...v1.0.2
go.mod: github.com/docker/distribution v2.8.1
full diff: distribution/distribution@v2.7.1...v2.8.1
go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2
updating the indirect dependency to match other projects; this version adds
a go.mod;
full diff: matttproud/golang_protobuf_extensions@v1.0.1...v1.0.2