Update dependencies for `build.assets/tooling` by jentfoo · Pull Request #26907 · gravitational/teleport

jentfoo · 2023-05-25T15:59:13Z

Update dependencies for build.assets/tooling. This should cover the build.assets/tooling PR's that would be opened once #26867 is merged.

In addition the following CVE's are addressed:
GHSA-fxg5-wq6x-vr4w
GHSA-vvpx-j8f3-3w6h
GHSA-2q89-485c-9j2x

Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) from 0.9.3-0.20191025211905-234833755cb2 to 1.5.0. - [Release notes](https://github.com/hashicorp/go-hclog/releases) - [Commits](https://github.com/hashicorp/go-hclog/commits/v1.5.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-hclog dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.0.0-20180821212333-d2e6202438be to 0.8.0. - [Commits](https://github.com/golang/oauth2/commits/v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.6.0 to 0.10.0. - [Commits](golang/mod@v0.6.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.4.0 to 4.6.0. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](bmatcuk/doublestar@v4.4.0...v4.6.0) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.4.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.1.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.8.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/gravitational/trace](https://github.com/gravitational/trace) from 1.1.15 to 1.2.1. - [Release notes](https://github.com/gravitational/trace/releases) - [Commits](gravitational/trace@v1.1.15...v1.2.1) --- updated-dependencies: - dependency-name: github.com/gravitational/trace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

public-teleport-github-review-bot · 2023-05-25T17:03:57Z

@jentfoo See the table below for backport results.

Branch	Result
branch/v11	Failed
branch/v12	Failed
branch/v13	Failed

* Bump github.com/hashicorp/go-hclog in /build.assets/tooling Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) from 0.9.3-0.20191025211905-234833755cb2 to 1.5.0. - [Release notes](https://github.com/hashicorp/go-hclog/releases) - [Commits](https://github.com/hashicorp/go-hclog/commits/v1.5.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-hclog dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/oauth2 in /build.assets/tooling Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.0.0-20180821212333-d2e6202438be to 0.8.0. - [Commits](https://github.com/golang/oauth2/commits/v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/mod from 0.6.0 to 0.10.0 in /build.assets/tooling Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.6.0 to 0.10.0. - [Commits](golang/mod@v0.6.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/bmatcuk/doublestar/v4 in /build.assets/tooling Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.4.0 to 4.6.0. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](bmatcuk/doublestar@v4.4.0...v4.6.0) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/bradleyfalzon/ghinstallation/v2 in /build.assets/tooling Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.4.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.1.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/stretchr/testify in /build.assets/tooling Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/sirupsen/logrus in /build.assets/tooling Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.8.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/gravitational/trace in /build.assets/tooling Bumps [github.com/gravitational/trace](https://github.com/gravitational/trace) from 1.1.15 to 1.2.1. - [Release notes](https://github.com/gravitational/trace/releases) - [Commits](gravitational/trace@v1.1.15...v1.2.1) --- updated-dependencies: - dependency-name: github.com/gravitational/trace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update CIRCL to address CVE GHSA-2q89-485c-9j2x * go.mod: Join two require sections --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/hashicorp/go-hclog in /build.assets/tooling Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) from 0.9.3-0.20191025211905-234833755cb2 to 1.5.0. - [Release notes](https://github.com/hashicorp/go-hclog/releases) - [Commits](https://github.com/hashicorp/go-hclog/commits/v1.5.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-hclog dependency-type: direct:production update-type: version-update:semver-major ... * Bump golang.org/x/oauth2 in /build.assets/tooling Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.0.0-20180821212333-d2e6202438be to 0.8.0. - [Commits](https://github.com/golang/oauth2/commits/v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... * Bump golang.org/x/mod from 0.6.0 to 0.10.0 in /build.assets/tooling Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.6.0 to 0.10.0. - [Commits](golang/mod@v0.6.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... * Bump github.com/bmatcuk/doublestar/v4 in /build.assets/tooling Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.4.0 to 4.6.0. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](bmatcuk/doublestar@v4.4.0...v4.6.0) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-minor ... * Bump github.com/bradleyfalzon/ghinstallation/v2 in /build.assets/tooling Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.4.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.1.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... * Bump github.com/stretchr/testify in /build.assets/tooling Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... * Bump github.com/sirupsen/logrus in /build.assets/tooling Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.8.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-minor ... * Bump github.com/gravitational/trace in /build.assets/tooling Bumps [github.com/gravitational/trace](https://github.com/gravitational/trace) from 1.1.15 to 1.2.1. - [Release notes](https://github.com/gravitational/trace/releases) - [Commits](gravitational/trace@v1.1.15...v1.2.1) --- updated-dependencies: - dependency-name: github.com/gravitational/trace dependency-type: direct:production update-type: version-update:semver-minor ... * Update CIRCL to address CVE GHSA-2q89-485c-9j2x * go.mod: Join two require sections --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot Bot added 8 commits May 25, 2023 09:24

jentfoo added dependencies Pull requests that update a dependency file backport/branch/v11 labels May 25, 2023

jentfoo requested review from adaadb6, codingllama, r0mant, rosstimothy, wadells and zmb3 May 25, 2023 15:59

jentfoo self-assigned this May 25, 2023

github-actions Bot added the size/md label May 25, 2023

github-actions Bot requested a review from klizhentas May 25, 2023 15:59

rosstimothy approved these changes May 25, 2023

View reviewed changes

Comment thread build.assets/tooling/go.mod Outdated

jentfoo added 2 commits May 25, 2023 10:18

Update CIRCL to address CVE GHSA-2q89-485c-9j2x

d29f390

go.mod: Join two require sections

275d749

zmb3 approved these changes May 25, 2023

View reviewed changes

public-teleport-github-review-bot Bot removed request for adaadb6, codingllama, klizhentas, r0mant and wadells May 25, 2023 16:22

jentfoo added this pull request to the merge queue May 25, 2023

Merged via the queue into master with commit 83a64c1 May 25, 2023

jentfoo deleted the jent/build.assets_updates branch May 25, 2023 17:01

This was referenced May 25, 2023

[v11] Update dependencies for build.assets/tooling (#26907) #26916

Merged

[v12] Update dependencies for build.assets/tooling (#26907) #26917

Merged

[v13] Update dependencies for build.assets/tooling (#26907) #26918

Merged

r0mant mentioned this pull request Jul 14, 2023

Release 13.2.2 #29158

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependencies for `build.assets/tooling`#26907

Update dependencies for `build.assets/tooling`#26907
jentfoo merged 10 commits intomasterfrom
jent/build.assets_updates

jentfoo commented May 25, 2023 •

edited

Loading

Uh oh!

Uh oh!

public-teleport-github-review-bot Bot commented May 25, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

jentfoo commented May 25, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

public-teleport-github-review-bot Bot commented May 25, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

jentfoo commented May 25, 2023 •

edited

Loading