Skip to content

build(deps): bump the gomod group with 7 updates #2610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the gomod group with 7 updates #2610

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 31, 2025
edited
Loading

Bumps the gomod group with 7 updates:

Package From To
github.com/go-jose/go-jose/v3 3.0.3 3.0.4
github.com/golangci/golangci-lint 1.59.1 1.64.8
github.com/hashicorp/go-cty 1.4.1-0.20200414143053-d3edf31b6320 1.5.0
github.com/hashicorp/terraform-plugin-sdk/v2 2.34.0 2.36.1
github.com/stretchr/testify 1.9.0 1.10.0
golang.org/x/crypto 0.31.0 0.36.0
golang.org/x/oauth2 0.22.0 0.26.0

Updates github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4

Release notes

Sourced from github.com/go-jose/go-jose/v3's releases.

v3.0.4

What's Changed

Backport fix for GHSA-c6gw-w398-hv78 CVE-2025-27144 go-jose/go-jose#174

Full Changelog: go-jose/go-jose@v3.0.3...v3.0.4

Commits

Updates github.com/golangci/golangci-lint from 1.59.1 to 1.64.8

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.64.8

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 8b37f14162043f908949f1b363d061dc9ba713c0 fix: check version of the configuration (#5564)

v1.64.7

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 94946f3c52a89774b2c7d255311c34f17f8fac7a build(deps): bump github.com/OpenPeeDeeP/depguard/v2 from 2.2.0 to 2.2.1 (#5509)
  • 132365e252c985a191c6eaea3f0cc01ca9120ccc build(deps): bump github.com/golangci/dupl from 3e9179ac440a to f665c8d69b32 (#5512)
  • bddd1bcedbc2f3d767e2362be91ff9eb481493cd build(deps): bump github.com/securego/gosec/v2 from 2.22.1 to 2.22.2 (#5515)
  • 624fb4e717dc89f1b55d6a84a69355fe64d60036 build(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 (#5507)
  • 8cffdb7d21e5b2b89f163f70c60ac9686c9d6180 build(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 in /scripts/gen_github_action_config in the scripts group (#5521)
  • 7a3f3d7c941475ee01edca221c44ea5ba59290a3 build(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0 (#5508)
  • c13fd5b7627c436246f36044a575990b5ec75c7d build(deps): bump honnef.co/go/tools from 0.6.0 to 0.6.1 (#5510)

v1.64.6

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 3d28c57b576da4671faa9ec73890a6dd63f021ef Require type for oneOf mutual exclusion (#5426)
  • 84ab7530439226915db56606ca08cadaa05d2dae build(deps): bump 4d63.com/gocheckcompilerdirectives from 1.2.1 to 1.3.0 (#5485)
  • 9fddfc4769d6300e7c29ca3e5c2c8ffbe8caa9f8 build(deps): bump github.com/4meepo/tagalign from 1.4.1 to 1.4.2 (#5430)
  • 404916a76cdfb5741677e9bdfd2e2cee8595d65c build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v3 from 3.3.0 to 3.3.1 (#5467)
  • 3b6b9da36740ba61c3b0878a96b2fdc1a40eeb29 build(deps): bump github.com/catenacyber/perfsprint from 0.8.1 to 0.8.2 (#5441)
  • 336b21bb5c21d6538d6b1d8aa1fc3c778a8d0212 build(deps): bump github.com/kisielk/errcheck from 1.8.0 to 1.9.0 (#5447)
  • baad5bb7bd258e693266831b4a2b3dbf330405b6 build(deps): bump github.com/kkHAIKE/contextcheck from 1.1.5 to 1.1.6 (#5482)
  • 9e832c95a4156a00d3a899ec567eba071fe50507 build(deps): bump github.com/ldez/exptostd from 0.4.1 to 0.4.2 (#5456)
  • f2c630353beae8e62bbd71821de0ec56161fd567 build(deps): bump github.com/mgechev/revive from 1.6.1 to 1.7.0 (#5422)
  • 9a2423aa4bbbb26b3b8954a208abadc053c6e9c8 build(deps): bump github.com/nunnatsa/ginkgolinter from 0.19.0 to 0.19.1 (#5435)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.64.8

  • Detects use of configuration files from golangci-lint v2

v1.64.7

  1. Linters bug fixes
    • depguard: from 2.2.0 to 2.2.1
    • dupl: from 3e9179ac440a to f665c8d69b32
    • gosec: from 2.22.1 to 2.22.2
    • staticcheck: from 0.6.0 to 0.6.1
  2. Documentation
    • Add GitLab documentation

v1.64.6

  1. Linters bug fixes
    • asciicheck: from 0.4.0 to 0.4.1
    • contextcheck: from 1.1.5 to 1.1.6
    • errcheck: from 1.8.0 to 1.9.0
    • exptostd: from 0.4.1 to 0.4.2
    • ginkgolinter: from 0.19.0 to 0.19.1
    • go-exhaustruct: from 3.3.0 to 3.3.1
    • gocheckcompilerdirectives: from 1.2.1 to 1.3.0
    • godot: from 1.4.20 to 1.5.0
    • perfsprint: from 0.8.1 to 0.8.2
    • revive: from 1.6.1 to 1.7.0
    • tagalign: from 1.4.1 to 1.4.2

v1.64.5

  1. Bug fixes
    • Add missing flag new-from-merge-base-flag
  2. Linters bug fixes
    • asciicheck: from 0.3.0 to 0.4.0
    • forcetypeassert: from 0.1.0 to 0.2.0
    • gosec: from 2.22.0 to 2.22.1

v1.64.4

  1. Linters bug fixes
    • gci: fix standard packages list for go1.24

v1.64.3

  1. Linters bug fixes
    • ginkgolinter: from 0.18.4 to 0.19.0
    • go-critic: from 0.11.5 to 0.12.0
    • revive: from 1.6.0 to 1.6.1
    • gci: fix standard packages list for go1.24

... (truncated)

Commits
  • 8b37f14 fix: check version of the configuration (#5564)
  • 7bcf51e docs: update documentation assets (#5527)
  • 2e83e32 docs: update GitHub Action assets (#5528)
  • 8cffdb7 build(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 in /scripts/gen_g...
  • bddd1bc build(deps): bump github.com/securego/gosec/v2 from 2.22.1 to 2.22.2 (#5515)
  • 132365e build(deps): bump github.com/golangci/dupl from 3e9179ac440a to f665c8d69b32 ...
  • c13fd5b build(deps): bump honnef.co/go/tools from 0.6.0 to 0.6.1 (#5510)
  • 94946f3 build(deps): bump github.com/OpenPeeDeeP/depguard/v2 from 2.2.0 to 2.2.1 (#5509)
  • 7a3f3d7 build(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0 (#5508)
  • 624fb4e build(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 (#5507)
  • Additional commits viewable in compare view

Updates github.com/hashicorp/go-cty from 1.4.1-0.20200414143053-d3edf31b6320 to 1.5.0

Changelog

Sourced from github.com/hashicorp/go-cty's changelog.

1.5.0 (March 17, 2025)

  • cty: New Value.HasWhollyKnownType method, for testing whether a value's type could potentially change if any unknown values it was constructed from were to become known. (#55)
  • convert: Fix incorrect panic when converting a tuple with a dynamic-typed null member into a list or set, due to overly-liberal type unification. (#56)

1.4.2

  • function/stdlib: The jsonencode function will now correctly accept a null as its argument, and produce the JSON representation "null" rather than returning an error. (#54)
  • convert: Don't panic when asked to convert a tuple of objects to a list type constraint containing a nested cty.DynamicPseudoType. (#53)

1.4.1 (March 5, 2025)

  • function/stdlib: Fix various panics related to sets with unknown element types in the set-manipulation functions. (#52)
  • json: Remove json.UnmarshalDynamicWithImpliedType function that was only available in hashicorp/go-cty 1.4.1 pseudo-versions. (#6)

1.4.0 (April 7, 2020)

  • function/stdlib: The string functions that partition strings into individual characters (grapheme clusters) now use the appropriate segmentation rules from Unicode 12.0.0, while previous versions used Unicode 9.0.0.
  • function/stdlib: New functions Replace and RegexReplace for matching and replacing sequences of characters in a given string with another given string. (#45)
  • function/stdlib: The function Substr will now produce a zero-length string when given a length of zero. Previously it was incorrectly returning the remainder of the string after the given offset. (#48)
  • function/stdlib: The Floor and Ceil functions will now return an infinity if given an infinity, rather than returning the maximum/minimum integer value. (#51)
  • cty: Convenience methods for constructing path index steps from normal Go int and string values. (#50)

1.3.1 (March 3, 2020)

  • convert: Fix incorrect conversion rules for maps of maps that were leading to panics. This will now succeed in some more cases that ought to have been valid, and produce a proper error if there is no valid outcome. (#47)
  • function/stdlib: Fix an implementation error in the Contains function that was introduced in 1.3.0, so it will now produce a correct result rather than failing with a confusing error message. (#46)

1.3.0 (February 19, 2020)

  • convert: There are now conversions from map types to object types, as long as the given map type's element type is convertible to all of the object type's attribute types. (#42)
  • function/stdlib: HashiCorp has contributed a number of additional functions to the standard library that were originally implemented directly inside their Terraform codebase: (#37)
    • Element: take an element from a list or tuple by index, using modulo wrap-around.
    • CoalesceList: return the first non-empty list argument.
    • Compact: take a list of strings and return a new list of strings with all empty strings removed.
    • Contains: returns true if a given value appears as an element in a list, tuple, or set.
    • Distinct: filters duplicate elements from a list while retaining the order of remaining items.
    • ChunkList: turn a list into a list-of-lists where each top-level list is a "chunk" of a particular size of elements from the input.
    • Flatten: given a sequence that might contain other sequences, eliminate any intermediate sequences to produce a flat sequence.
    • Keys: return a list of keys from a map or object value in lexical order.
    • Values: return a list of values from a map in the same order as Keys.
    • Lookup: conditional lookup of an element from a map if it's present, or a fallback value if not. (This one differs from its Terraform equivalent in that the default value argument is required.)
    • Merge: given one or more maps or objects, merge them together into a single collection.
    • ReverseList: given a list, return a new list with the same items in the opposite order.
    • SetProduct: compute the cartesian product of one or more sets.
    • Slice: extract a consecutive sub-list from a list.
    • Zipmap: given a pair of lists of the same length, interpret the first as keys and the second as corresponding values to produce a map.
    • A factory MakeToFunc to build functions that each convert to a particular type constraint.
    • TimeAdd: add a duration to a timestamp to produce a new timestamp.
    • Ceil and Floor: round a fractional value to the nearest integer, away from or towards zero respectively.

... (truncated)

Commits

Updates github.com/hashicorp/terraform-plugin-sdk/v2 from 2.34.0 to 2.36.1

Release notes

Sourced from github.com/hashicorp/terraform-plugin-sdk/v2's releases.

v2.36.1

NOTES:

  • Write-only attribute support is in technical preview and offered without compatibility promises until Terraform 1.11 is generally available. (#1375)

BUG FIXES:

  • helper/schema: Fixed bug that allowed write-only attributes within set nested blocks. Any attribute within a set nested block with WriteOnly set to true will now trigger an error message. (#1427)

v2.36.0

NOTES:

  • Write-only attribute support is in technical preview and offered without compatibility promises until Terraform 1.11 is generally available. (#1375)

FEATURES:

  • helper/schema: Added WriteOnly schema behavior for managed resource schemas to indicate a write-only attribute. Write-only attribute values are not saved to the Terraform plan or state artifacts. (#1375)
  • helper/validation: Added PreferWriteOnlyAttribute() validator that warns practitioners when a write-only version of a configured attribute is available. (#1375)
  • schema/resource: Added ValidateRawResourceConfigFuncs field which allows resources to define validation logic during the ValidateResourceTypeConfig RPC. (#1375)

v2.35.0

NOTES:

  • all: This Go module has been updated to Go 1.22 per the Go support policy. It is recommended to review the Go 1.22 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#1373)
  • helper/schema: While this Go module will not receive support for ephemeral resource types, the provider server is updated to handle the new operations, which will be required to prevent errors when updating terraform-plugin-framework or terraform-plugin-mux in the future. (#1390)
Changelog

Sourced from github.com/hashicorp/terraform-plugin-sdk/v2's changelog.

2.36.1 (February 19, 2025)

NOTES:

  • Write-only attribute support is in technical preview and offered without compatibility promises until Terraform 1.11 is generally available. (#1375)

BUG FIXES:

  • helper/schema: Fixed bug that allowed write-only attributes within set nested blocks. Any attribute within a set nested block with WriteOnly set to true will now trigger an error message. (#1427)

2.36.0 (February 04, 2025)

NOTES:

  • Write-only attribute support is in technical preview and offered without compatibility promises until Terraform 1.11 is generally available. (#1375)

FEATURES:

  • helper/schema: Added WriteOnly schema behavior for managed resource schemas to indicate a write-only attribute. Write-only attribute values are not saved to the Terraform plan or state artifacts. (#1375)
  • helper/validation: Added PreferWriteOnlyAttribute() validator that warns practitioners when a write-only version of a configured attribute is available. (#1375)
  • schema/resource: Added ValidateRawResourceConfigFuncs field which allows resources to define validation logic during the ValidateResourceTypeConfig RPC. (#1375)

2.35.0 (October 31, 2024)

NOTES:

  • all: This Go module has been updated to Go 1.22 per the Go support policy. It is recommended to review the Go 1.22 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#1373)
  • helper/schema: While this Go module will not receive support for ephemeral resource types, the provider server is updated to handle the new operations, which will be required to prevent errors when updating terraform-plugin-framework or terraform-plugin-mux in the future. (#1390)
Commits
  • 7b9b111 Update changelog
  • 9a1ad1d Update meta package SDKVersion
  • aff3eb7 Result of tsccr-helper -log-level=info gha update -latest .github/ (#1424)
  • b7f3e6f helper/schema: Add validation to prevent write-only attributes in set nested ...
  • 83d80f8 chore: Update golangci-lint linters and apply fixes (#1428)
  • a46ad95 build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 (#1423)
  • 4d5e3b9 adjust permissions for docs files (#1422)
  • e6b2d53 Update changelog
  • f54d3a2 Update meta package SDKVersion
  • 37b133f chore: Update CI to run corner tests on all v5 protocol Terraform versions (#...
  • Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

Fixes

Documentation, Build & CI

New Contributors

... (truncated)

Commits
  • 89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
  • 07bac60 Merge pull request #1667 from sikehish/flaky
  • 716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
  • 118fb83 NotSame should fail if args are not pointers #1661 (#1664)
  • 7d99b2b attempt 2
  • 05f87c0 more similar
  • ea7129e better fmt
  • a1b9c9e Merge pull request #1663 from ybrustin/master
  • 8302de9 Merge branch 'master' into master
  • 89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.31.0 to 0.36.0

Commits
  • 49bf5b8 go.mod: update golang.org/x dependencies
  • 24852b6 ssh: add decode support for banners
  • bbc689c ssh: use a more straightforward return value
  • 7292932 ssh: limit the size of the internal packet queue while waiting for KEX
  • f66f74b acme/autocert: check host policy before probing the cache
  • b0784b7 x509roots/fallback: drop obsolete build constraint
  • 911360c all: bump golang.org/x/crypto dependencies of asm generators
  • 89ff08d all: upgrade go directive to at least 1.23.0 [generated]
  • e47973b all: update certs for go1.24
  • 9290511 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.22.0 to 0.26.0

Commits
  • b9c813b google: add warning about externally-provided credentials
  • 49a531d all: make method and struct comments match the names
  • 22134a4 README: don't recommend go get
  • 3e64809 x/oauth2: add Token.ExpiresIn
  • 16a9973 jwt: rename example to avoid vet error
  • b52af7d endpoints: add GitLab DeviceAuthURL
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the gomod group with 7 updates
3745209 
Bumps the gomod group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) | `3.0.3` | `3.0.4` |
| [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) | `1.59.1` | `1.64.8` |
| [github.com/hashicorp/go-cty](https://github.com/hashicorp/go-cty) | `1.4.1-0.20200414143053-d3edf31b6320` | `1.5.0` |
| [github.com/hashicorp/terraform-plugin-sdk/v2](https://github.com/hashicorp/terraform-plugin-sdk) | `2.34.0` | `2.36.1` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.9.0` | `1.10.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.31.0` | `0.36.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.22.0` | `0.26.0` |


Updates `github.com/go-jose/go-jose/v3` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](go-jose/go-jose@v3.0.3...v3.0.4)

Updates `github.com/golangci/golangci-lint` from 1.59.1 to 1.64.8
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/main/CHANGELOG.md)
- [Commits](golangci/golangci-lint@v1.59.1...v1.64.8)

Updates `github.com/hashicorp/go-cty` from 1.4.1-0.20200414143053-d3edf31b6320 to 1.5.0
- [Changelog](https://github.com/hashicorp/go-cty/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-cty/commits/v1.5.0)

Updates `github.com/hashicorp/terraform-plugin-sdk/v2` from 2.34.0 to 2.36.1
- [Release notes](https://github.com/hashicorp/terraform-plugin-sdk/releases)
- [Changelog](https://github.com/hashicorp/terraform-plugin-sdk/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-plugin-sdk@v2.34.0...v2.36.1)

Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.9.0...v1.10.0)

Updates `golang.org/x/crypto` from 0.31.0 to 0.36.0
- [Commits](golang/crypto@v0.31.0...v0.36.0)

Updates `golang.org/x/oauth2` from 0.22.0 to 0.26.0
- [Commits](golang/oauth2@v0.22.0...v0.26.0)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/hashicorp/go-cty
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/hashicorp/terraform-plugin-sdk/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 31, 2025
@dependabot dependabot bot mentioned this pull request Mar 31, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants