Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.0 in /src #1424

Merged
merged 2 commits into from
Dec 19, 2023
Merged

build(deps): bump gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.0 in /src #1424

merged 2 commits into from
Dec 19, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 16, 2023

Bumps gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 16, 2023
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed.
https://softwarefactory-project.io/zuul/t/local/buildset/3b36562e98b04dceba8d96557fc5868e

✔️ unit-test SUCCESS in 6m 09s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 10s
✔️ unit-test-restricted SUCCESS in 6m 05s
✔️ system-test-fedora-rawhide SUCCESS in 31m 43s
✔️ system-test-fedora-39 SUCCESS in 25m 50s
system-test-fedora-38 NODE_FAILURE Node request 200-0006752372 failed in 0s

dependabot bot added 2 commits December 19, 2023 01:02
@dependabot @debarshiray
build: Bump golang.org/x/text to 0.3.8 for CVE-2022-32149
f9f930c 
... or GHSA-69ch-w2m2-3vjp.

This is of somewhat academic interest because golang.org/x/text is only
used by the NeuterAccents function in github.com/spf13/afero, which
isn't used anywhere in the code base.

#1423
https://github.com/containers/toolbox/security/dependabot/14

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @debarshiray
build: Bump gopkg.in/yaml.v3 to 3.0.0 for CVE-2022-28948
73b229e 
... or GHSA-hp87-p4gw-j4gq.

This is of somewhat academic interest because gopkg.in/yaml.v3 is only
used by the YAMLEq function in github.com/stretchr/testify, which isn't
used anywhere in the code base.

#1424
https://github.com/containers/toolbox/security/dependabot/15

Signed-off-by: dependabot[bot] <[email protected]>
@debarshiray debarshiray force-pushed the dependabot/go_modules/src/gopkg.in/yaml.v3-3.0.0 branch from a80cb85 to 73b229e Compare December 19, 2023 00:15
debarshiray
debarshiray approved these changes Dec 19, 2023
View reviewed changes
Copy link
Member

@debarshiray debarshiray left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Rebased on top of main. Will merge once the CI finishes.

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/3d18c1bc07d8450c9cec4e8ff5ae0eeb

✔️ unit-test SUCCESS in 7m 48s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 4m 25s
✔️ unit-test-restricted SUCCESS in 7m 23s
✔️ system-test-fedora-rawhide SUCCESS in 30m 37s
✔️ system-test-fedora-39 SUCCESS in 34m 14s
✔️ system-test-fedora-38 SUCCESS in 33m 52s

@debarshiray debarshiray merged commit 73b229e into main Dec 19, 2023
2 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/src/gopkg.in/yaml.v3-3.0.0 branch December 19, 2023 01:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@debarshiray debarshiray debarshiray approved these changes

@HarryMichal HarryMichal Awaiting requested review from HarryMichal HarryMichal is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@debarshiray