chore(deps): bump the common group across 1 directory with 14 updates

[dependabot]

Bumps the common group with 12 updates in the / directory:

Package	From	To
github.com/alicebob/miniredis/v2	2.33.0	2.34.0
github.com/containerd/containerd/v2	2.0.0	2.0.1
github.com/gocsaf/csaf/v3	3.1.0	3.1.1
github.com/secure-systems-lab/go-securesystemslib	0.8.0	0.9.0
github.com/sigstore/rekor	1.3.6	1.3.7
github.com/spf13/cast	1.7.0	1.7.1
github.com/tetratelabs/wazero	1.8.1	1.8.2
github.com/zclconf/go-cty	1.15.0	1.15.1
golang.org/x/net	0.31.0	0.32.0
google.golang.org/protobuf	1.35.2	1.36.0
helm.sh/helm/v3	3.16.3	3.16.4
modernc.org/sqlite	1.34.1	1.34.2

Updates github.com/alicebob/miniredis/v2 from 2.33.0 to 2.34.0

Release notes

Sourced from github.com/alicebob/miniredis/v2's releases.

add ZRANK/ZREVRANK, fix ZINTERSTORE and XTRIM

• fix ZINTERSTORE where target is one of the source sets
• added support for ZRank and ZRevRank with score (thanks Jeff Howell)
• fix MEMORY subcommand casing (thanks @​joshaber)
• use streamCmp in Xtrim (thanks @​daniel-cohere)

Changelog

Sourced from github.com/alicebob/miniredis/v2's changelog.

v2.34.0

• fix ZINTERSTORE where target is one of the source sets
• added support for ZRank and ZRevRank with score (thanks Jeff Howell)
• fix MEMORY subcommand casing (thanks @​joshaber)
• use streamCmp in Xtrim (thanks @​daniel-cohere)

Commits

• c5669ae changelog for v2.34.0
• 5320c5c Merge pull request #391 from daniel-cohere/streamCmp-in-xtrim
• e4791b5 use streamCmp in Xtrim
• ef93126 Fix MEMORY subcommand casing (#389)
• 1863d22 inttest and fix some returns
• 5056952 added support for ZRank and ZRevRank with score
• 08e664a update dependency
• 12d2a70 CI against go 1.23
• 8225546 fix ZINTERSTORE where target is one of the source sets
• See full diff in compare view

Updates github.com/containerd/containerd/v2 from 2.0.0 to 2.0.1

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.0.1

Welcome to the v2.0.1 release of containerd!

The first patch release for containerd 2.0 includes a number of bug fixes and improvements.

Highlights

Container Runtime Interface (CRI)

• Fix apply IoOwner options when not in user namespace (#11151)
• Fix cri grpc plugin config migration (#11140)
• Support CNI STATUS Verb (containerd/go-cni#123)

Image Distribution

• Update differ to handle zstd media types (#11068)

Runtime

• Update runc binary to v1.2.3 (#11142)
• Fix panic due to nil dereference cgroups v2 (#11098)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Wei Fu
• Archit Kulkarni
• Jin Dong
• Phil Estes
• Akhil Mohan
• Akihiro Suda
• Alexey Lunev
• Austin Vazquez
• Maksym Pavlenko
• Mike Brown
• Michael Zappa
• Samuel Karp
• Sebastiaan van Stijn
• Andrey Smirnov
• Davanum Srinivas

Changes

• Prepare release notes for v2.0.1 (#11158)
  • b0ece5dc5 Prepare release notes for v2.0.1

... (truncated)

Commits

• 88aa2f5 Merge pull request #11158 from dmcgowan/prepare-v2.0.1
• b0ece5d Prepare release notes for v2.0.1
• e206c07 Merge pull request #11154 from k8s-infra-cherrypick-robot/cherry-pick-11122-t...
• fe69570 build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0
• eb2d0c4 Merge pull request #11153 from k8s-infra-cherrypick-robot/cherry-pick-11130-t...
• eb2ce68 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+
• c11f124 Merge pull request #11139 from k8s-infra-cherrypick-robot/cherry-pick-11086-t...
• 8c6dd50 Merge pull request #11151 from k8s-infra-cherrypick-robot/cherry-pick-11104-t...
• e9004f0 Merge pull request #11146 from k8s-infra-cherrypick-robot/cherry-pick-11135-t...
• c403b64 Merge pull request #11140 from k8s-infra-cherrypick-robot/cherry-pick-11061-t...
• Additional commits viewable in compare view

Updates github.com/gocsaf/csaf/v3 from 3.1.0 to 3.1.1

Release notes

Sourced from github.com/gocsaf/csaf/v3's releases.

v3.1.1

Release 3.1.1

• ensure HTTP requests use proxy env vars (Thanks to @​ncsc-ie-devs)

Commits

• 1daaed2 ensure HTTP requests use proxy env vars (#597)
• 18af28f Merge pull request #600 from gocsaf/docs-proxy-for-2
• b8a9803 fix docs link to standard
• 678f232 Merge pull request #593 from gocsaf/add-upload-permission
• 2435abe Merge pull request #594 from gocsaf/update_go_3rd_party_libs_2024_11_22
• 3dc84f3 Merge pull request #598 from gocsaf/docs-readme-12
• b218084 Update README.md that go paths can be adjusted
• 9495d8b Update Go 3rd party libs
• f6d7589 Add required upload permissions
• See full diff in compare view

Updates github.com/secure-systems-lab/go-securesystemslib from 0.8.0 to 0.9.0

Commits

• 7d19192 Merge pull request #103 from secure-systems-lab/dependabot/go_modules/golang....
• 21102fa chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
• 1fb13ff Merge pull request #102 from secure-systems-lab/dependabot/github_actions/act...
• 4e1c22d chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0
• 847cabc Merge pull request #101 from secure-systems-lab/dependabot/go_modules/golang....
• 06fac2f chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0
• c1aadb2 Merge pull request #100 from secure-systems-lab/dependabot/go_modules/github....
• 8fef2d7 chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0
• c65f6c8 Merge pull request #99 from secure-systems-lab/dependabot/go_modules/golang.o...
• 35b687d chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.29.0
• Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.3.6 to 1.3.7

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.7

Changelog

Please see https://github.com/sigstore/rekor/blob/main/CHANGELOG.md for changes included in this release.

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.7

New Features

• log request body on 500 error to aid debugging (#2283)
• Add support for signing with Tink keyset (#2228)
• Add public key hash check in Signed Note verification (#2214)
• update Trillian TLS configuration (#2202)
• Add TLS support for Trillian server (#2164)
• Replace docker-compose with plugin if available (#2153)
• Add flags to backfill script (#2146)
• Unset DisableKeepalive for backfill HTTP client (#2137)
• Add script to delete indexes from Redis (#2120)
• Run CREATE statement in backfill script (#2109)
• Add MySQL support to backfill script (#2081)
• Run e2e tests on mysql and redis index backends (#2079)

Bug Fixes

• remove unneeded value in log message (#2282)
• Add error message when computing consistency proof (#2278)
• fix validation error handling on API (#2217)
• fix error in pretty-printed inclusion proof from verify subcommand (#2210)
• Fix index scripts (#2203)
• fix failing sharding test
• Better error handling in backfill script (#2148)
• Batch entries in cleanup script (#2158)
• Add missing workflow for index cleanup test (#2121)
• hashedrekord: fix schema $id (#2092)

Contributors

• Aditya Sirish
• Bob Callaway
• Colleen Murphy
• cpanato
• Firas Ghanmi
• Hayden B
• Hojoung (Brian) Jang
• William Woodruff

Commits

• 4caadbc changelog for v1.3.7 (#2284)
• 9fddf00 log request body on 500 error to aid debugging (#2283)
• 92584b7 remove unneeded value in log message (#2282)
• 56ea4b5 Add error message when computing consistency proof (#2278)
• 3eb84f9 build(deps): Bump the all group with 2 updates
• 28aa29c build(deps): Bump google/cloud-sdk from 500.0.0 to 501.0.0
• d7e2d1d build(deps): Bump codecov/codecov-action from 4.6.0 to 5.0.2
• a018e78 build(deps): Bump google.golang.org/api from 0.205.0 to 0.206.0
• 38d5f67 build(deps): Bump golang from d56c3e0 to 73f06be
• ded5cd1 build(deps): Bump google.golang.org/api from 0.204.0 to 0.205.0
• Additional commits viewable in compare view

Updates github.com/spf13/cast from 1.7.0 to 1.7.1

Release notes

Sourced from github.com/spf13/cast's releases.

v1.7.1

What's Changed

• Update README.md by @​lesichkovm in spf13/cast#224
• Fix ToUint64 issue with string input exceeding maximum int64 by @​skyjerry in spf13/cast#213

New Contributors

• @​lesichkovm made their first contribution in spf13/cast#224
• @​skyjerry made their first contribution in spf13/cast#213

Full Changelog: spf13/cast@v1.7.0...v1.7.1

Commits

• 487df00 Merge pull request #213 from skyjerry/fix-uint64
• 955c718 Merge pull request #224 from lesichkovm/patch-1
• 1849825 Update README.md
• 6e9731d Title: Fix ToUint64E function in cast library for Go
• See full diff in compare view

Updates github.com/tetratelabs/wazero from 1.8.1 to 1.8.2

Release notes

Sourced from github.com/tetratelabs/wazero's releases.

v1.8.2

This release includes two main things:

• the arm64 bug fix for a huge binary tetratelabs/wazero#2346 by @​evacchi
• misc OSes supports by @​ncruces

Commits

• 610c202 arm64: account for imported functions when encoding relocation islands (#2346)
• 2c4b66b compiler: require ARMv8.1 (#2345)
• d25ce10 chore: update action deps (#2344)
• 0a20795 Enable compiler on NetBSD, DragonFly, illumos and Solaris (#2343)
• e5ba948 Add DragonFly, illumos, Solaris to CI. (#2341)
• c5e90c5 Add *BSD to CI. (#2338)
• dc08732 Fix users list (#2334)
• 05b2499 Add Modus to "who's using wazero" list (#2333)
• c8d0f0a experimental: clarify memory allocator context is for module instantiation (#...
• See full diff in compare view

Updates github.com/zclconf/go-cty from 1.15.0 to 1.15.1

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.15.1 (November 26, 2024)

• function: Function calls can now return more mark-related information when called with unknown values when neither AllowMarks nor AllowUnknown are set for a particular parameter. (#196)

Commits

• 3149f9d Prepare for v1.15.1 release
• 63279be Update CHANGELOG.md
• da16ad4 function: include marks when returning early with an unknown value
• ea922e7 Add GitHub's "funding" metadata file
• 7313684 function/stdlib: Even more Distinct tests
• b843884 function/stdlib: unit tests for Distinct function
• 0b7ccb8 docs: fix little typo in value marks
• 9a4ed1e Prepare for possible future v1.15.1 release
• See full diff in compare view

Updates golang.org/x/net from 0.31.0 to 0.32.0

Commits

• 285e1cf go.mod: update golang.org/x dependencies
• d0a1049 route: remove unused sizeof* consts on freebsd
• 6e41410 http2: fix benchmarks using common frame read/write functions
• 4be1253 route: change from syscall to x/sys/unix
• bc37675 http2: limit number of PINGs bundled with RST_STREAMs
• e9cd716 route: fix parse of zero-length sockaddrs in RIBs
• 9a51899 http2: add SETTINGS_ENABLE_CONNECT_PROTOCOL support
• See full diff in compare view

Updates golang.org/x/xerrors from 0.0.0-20231012003039-104605ab7028 to 0.0.0-20240716161551-93cc26a95ae9

Commits

• See full diff in compare view

Updates google.golang.org/protobuf from 1.35.2 to 1.36.0

Updates helm.sh/helm/v3 from 3.16.3 to 3.16.4

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.16.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.16.4. The common platform binaries are here:

• MacOS amd64 (checksum / 8dc25671120a4af197afe7ad9041fb8e1dd71bc01e5ef73dba1139cbc9e9f44b)
• MacOS arm64 (checksum / e2442d8f05d53d84c39b869bc5fe5affad247ee2f4c706a040919c146edb1f94)
• Linux amd64 (checksum / fc307327959aa38ed8f9f7e66d45492bb022a66c3e5da6063958254b9767d179)
• Linux arm (checksum / 432e774d1087d3773737888d384c62477b399227662b42cbf0c32e95e6e72556)
• Linux arm64 (checksum / d3f8f15b3d9ec8c8678fbf3280c3e5902efabe5912e2f9fcf29107efbc8ead69)
• Linux i386 (checksum / 6022b34e165a5196827043c77bcd1fa28ef48109b3a4af46e8660ddb0a6c44e0)
• Linux ppc64le (checksum / 0ba4375a6dcf6117a8e7729fbed36d9220f8ad98dbc7aabc16186f22917caead)
• Linux s390x (checksum / 10b88dc2afd97267feba8283d58dcb1c937defb7df8de152c86b60aaece47d59)
• Linux riscv64 (checksum / e733c727de7644cfeb25b094e1f0a56c53a7cb437c93c992aa92e6c7b9f6af93)
• Windows amd64 (checksum / 9bb114c12e530a7129fd3d78fc1784e813dd7a6e29e5f9b5af8bc83fd1066d36)
• Windows arm64 (checksum / a4afeee93031920ec08b7e880c859a159bcd222837a81196cadaeb42408ad0b3)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.17.0 is the next feature release and will be on January 15, 2025

Changelog

• Bump golang.org/x/crypto from 0.30.0 to 0.31.0 7877b45b63f95635153b29a42c0c2f4273ec45ca (dependabot[bot])
• Bump the k8s-io group with 7 updates 848e586c27f05d84bc19d082f395098aba0b7619 (dependabot[bot])

Commits

• 7877b45 Bump golang.org/x/crypto from 0.30.0 to 0.31.0
• 848e586 Bump the k8s-io group with 7 updates
• See full diff in compare view

Updates k8s.io/api from 0.31.2 to 0.31.3

Commits

• b7783ab Update dependencies to v0.31.3 tag
• See full diff in compare view

Updates modernc.org/sqlite from 1.34.1 to 1.34.2

Commits

• fe367e3 merge dev@2573fa9f, updates #198
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions