Bump the non-gardener-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the non-gardener-dependencies group with 7 updates in the / directory:

Package	From	To
cloud.google.com/go/storage	1.46.0	1.47.0
github.com/bradleyfalzon/ghinstallation/v2	2.10.0	2.12.0
github.com/fsnotify/fsnotify	1.7.0	1.8.0
github.com/gorilla/sessions	1.2.2	1.4.0
golang.org/x/oauth2	0.23.0	0.24.0
ocm.software/ocm	0.17.0	0.18.0
sigs.k8s.io/controller-runtime	0.19.2	0.19.3

Updates cloud.google.com/go/storage from 1.46.0 to 1.47.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.47.0

1.47.0 (2024-11-14)

Features

• storage: Introduce dp detector based on grpc metrics (#11100) (60c2323)

Bug Fixes

• storage: Bump auth dep (#11135) (9620a51)

Commits

• 703c26a chore(main): release spanner 1.47.0 (#7960)
• b726d41 feat(aiplatform): add UpdateExplanationDataset to aiplatform (#8118)
• fc49c78 feat(spanner): add databoost property for batch transactions (#8152)
• 005d2df fix(internal/retry): never return nil from GRPCStatus() (#8128)
• b429aa1 chore(internal/postprocessor): fix profiler & errorreporting shortnames (#8131)
• 4e80088 chore(deps): update gax-go and google.golang.org/api (#8117)
• e43ebeb chore(postprocessor): add update steps (#8103)
• 72d0127 test: skip flaky test (#8129)
• 20573e2 chore(postprocessor): fix missing format specifier (#8112)
• 28aa098 chore(postprocessor): update manual entries (#8111)
• Additional commits viewable in compare view

Updates github.com/bradleyfalzon/ghinstallation/v2 from 2.10.0 to 2.12.0

Release notes

Sourced from github.com/bradleyfalzon/ghinstallation/v2's releases.

v2.12.0

What's Changed

• Update go-github to v66 by @​asvoboda in bradleyfalzon/ghinstallation#129
• Bumped github.com/golang-jwt/jwt/v4 due to security CVE-2024-51744 by @​bynov in bradleyfalzon/ghinstallation#130
• Bump the actions group across 1 directory with 2 updates by @​dependabot in bradleyfalzon/ghinstallation#125

New Contributors

• @​bynov made their first contribution in bradleyfalzon/ghinstallation#130

Full Changelog: bradleyfalzon/ghinstallation@v2.11.0...v2.12.0

v2.11.0

What's Changed

• Update go-github to v61 by @​asvoboda in bradleyfalzon/ghinstallation#116
• Update go-github to v62 by @​asvoboda in bradleyfalzon/ghinstallation#122
• ioutil + jwt deprecations by @​kfcampbell in bradleyfalzon/ghinstallation#120
• Updates go.mod / ci / dependabot config by @​cpanato in bradleyfalzon/ghinstallation#121

NOTE: Now requires Go >= 1.16 to build.

New Contributors

• @​kfcampbell made their first contribution in bradleyfalzon/ghinstallation#120
• @​cpanato made their first contribution in bradleyfalzon/ghinstallation#121

Full Changelog: bradleyfalzon/ghinstallation@v2.10.0...v2.11.0

Commits

• f5c03cd Bump the actions group across 1 directory with 2 updates
• 568f250 Bumped github.com/golang-jwt/jwt/v4 due to security CVE-2024-51744
• e55c642 Update go-github to v66
• d680810 update
• a932ed9 add dependabot config for github actions
• d845b12 update ci actions and test with supported go versions
• 4f391ad update go mod to go1.21
• 289c613 Bump to go 1.16
• b7ac110 Revert "Run go mod tidy (#1) for tidyness of PR"
• 6514ddd JWT deprecations
• Additional commits viewable in compare view

Updates github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.8.0

Additions

• all: add FSNOTIFY_DEBUG to print debug logs to stderr (#619)

Changes and fixes

• windows: fix behaviour of WatchList() to be consistent with other platforms (#610)

• kqueue: ignore events with Ident=0 (#590)

• kqueue: set O_CLOEXEC to prevent passing file descriptors to children (#617)

• kqueue: emit events as "/path/dir/file" instead of "path/link/file" when watching a symlink (#625)

• inotify: don't send event for IN_DELETE_SELF when also watching the parent (#620)

• inotify: fix panic when calling Remove() in a goroutine (#650)

• fen: allow watching subdirectories of watched directories (#621)

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.8.0 2023-10-31

Additions

• all: add FSNOTIFY_DEBUG to print debug logs to stderr (#619)

Changes and fixes

• windows: fix behaviour of WatchList() to be consistent with other platforms (#610)

• kqueue: ignore events with Ident=0 (#590)

• kqueue: set O_CLOEXEC to prevent passing file descriptors to children (#617)

• kqueue: emit events as "/path/dir/file" instead of "path/link/file" when watching a symlink (#625)

• inotify: don't send event for IN_DELETE_SELF when also watching the parent (#620)

• inotify: fix panic when calling Remove() in a goroutine (#650)

• fen: allow watching subdirectories of watched directories (#621)

#590: fsnotify/fsnotify#590 #610: fsnotify/fsnotify#610 #617: fsnotify/fsnotify#617 #619: fsnotify/fsnotify#619 #620: fsnotify/fsnotify#620 #621: fsnotify/fsnotify#621 #625: fsnotify/fsnotify#625 #650: fsnotify/fsnotify#650

Commits

• a9bc2e0 Prepare 1.8.0 release
• 2d133b8 inotify: fix panic on Remove()
• 1626962 Update CI
• c1467c0 test/kqueue: watch symlinks
• 800ed83 kqueue: don't change internal state when Add() returns error (#638)
• ad74244 remove extra "to" from doc comment (#634)
• bec8903 Split out Watcher and backends (#632)
• a618f07 inotify: add recursive watcher (#472)
• 17d9053 Print diffs for test failures
• 53b06a8 inotify: implement WithNoFollow() (#631)
• Additional commits viewable in compare view

Updates github.com/gorilla/sessions from 1.2.2 to 1.4.0

Release notes

Sourced from github.com/gorilla/sessions's releases.

v1.4.0

Summary

There were new features important for compatibility with some of the upcoming cookie security changes with google that required a new Partitioned attribute be added to the cookies, this attribute was only available in go 1.23, which has just recently been released.

If you require a version that is backward compatible with a lower version than go 1.23 then you'll need to use release v1.3.0.

The following notes show the difference between 1.2.2 and the current version because 1.3.0 was a hotfix for go 1.22 and below.

What's Changed

• Improve File System Path Handling by @​moloch-- in gorilla/sessions#274
• #272: feat: Add support for paritioned attribute in cookies as per chrome 3rd party cookie phaseout by @​kashishbehl in gorilla/sessions#273
• fix no default samesite by @​bharat-rajani in gorilla/sessions#276
• Fix gorillatoolkit link in README.md by @​mbacalan in gorilla/sessions#278
• Add mysql store to the readme by @​danielepintore in gorilla/sessions#279

New Contributors

• @​moloch-- made their first contribution in gorilla/sessions#274
• @​kashishbehl made their first contribution in gorilla/sessions#273
• @​bharat-rajani made their first contribution in gorilla/sessions#276
• @​mbacalan made their first contribution in gorilla/sessions#278
• @​danielepintore made their first contribution in gorilla/sessions#279

Full Changelog: gorilla/sessions@v1.2.2...v1.4.0

v1.3.0

The maintainers of this repo merged a PR into main with the net/http.Cookie field Partitioned which is a field only available in go 1.23. As a result all usage of the main branch will not work unless users are on 1.23 which at the time of writing is currently unreleased. This broke the install for a number of users so the intent of this release is to push out a couple of features and bugfixes with the go 1.23 specific changes removed.

Releases should be used exclusively until go 1.23 is released.

What's Changed

• Improve File System Path Handling by @​moloch-- in gorilla/sessions#274
• #272: feat: Add support for paritioned attribute in cookies as per chrome 3rd party cookie phaseout by @​kashishbehl in gorilla/sessions#273
• fix no default samesite by @​bharat-rajani in gorilla/sessions#276
• Fix gorillatoolkit link in README.md by @​mbacalan in gorilla/sessions#278

New Contributors

• @​moloch-- made their first contribution in gorilla/sessions#274
• @​kashishbehl made their first contribution in gorilla/sessions#273
• @​bharat-rajani made their first contribution in gorilla/sessions#276
• @​mbacalan made their first contribution in gorilla/sessions#278

Full Changelog: gorilla/sessions@v1.2.2...v1.3.0

Commits

• bb4cd60 chore: Update readme to relect go 1.23 release
• e2083f9 chore: update to go 1.23 for workflows
• 6eef180 fix: Missing SameSite attribute on options
• a56e60c Add mysql store to the readme (#279)
• 466d29e chore: Update readme and copyrights
• 7a8159e chore(go): Remove go version 1.11 support
• ff5660f chore(go): Add warning about main branch
• 8e2d547 chore(go): Remove vendored dependencies
• c373b3e Fix gorillatoolkit link in README.md (#278)
• ef99c78 fix(cookie): Add default samesite (#276)
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.23.0 to 0.24.0

Commits

• 22134a4 README: don't recommend go get
• See full diff in compare view

Updates ocm.software/ocm from 0.17.0 to 0.18.0

Release notes

Sourced from ocm.software/ocm's releases.

v0.18.0

Release v0.18.0

• change short text for help topic (#1058)
• bug: allow http protocol for oci access (#1060)
• bug: fix unmarshal consumer identity with empty value (#1057)
• fix artifact set tagging (#1033)
• component constructor with references field (#1054)
• priority for CLI registration options (#1045)
• chore: update 'flake.nix' (#1049)
• add action doc (#1032)
• chore: update 'flake.nix' (#1040)
• chore: update 'flake.nix' (#1039)
• fix downloader handling (#1031)
• Adjust README with rotated GPG key (#1025)

🐛 Bug Fixes

• [release-v0.18.0] fix: version info for OCI refs (#1080)
• fix: set tlskyber=0 (#1047)
• fix: remove ocm release key if present (#1024)
• chore: release fallout corrections (#1023)

🧰 Maintenance

• chore: force bump to 0.18.0-dev (#1061)
• chore: reuse aggregation from ctf during component build (#1044)
• chore: disable runner cache for release note drafter (#1051)
• chore: enhance the publishing to other repositories then github (#1028)
• chore: migrate all component builds: ca => ctf (#1043)
• chore(ci): various optimizations for build processing, caching and concurrency (#996)
• fix: remove ocm release key if present (#1024)
• chore: release fallout corrections (#1023)

⬆️ Dependencies

• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in the go_modules group (#1048)
• chore(deps): bump github.com/containerd/errdefs from 0.3.0 to 1.0.0 (#1037)
• chore(deps): bump the ci group with 2 updates (#1038)
• chore(deps): bump the go group with 8 updates (#1036)

v0.18.0-rc.2

... (truncated)

Changelog

Sourced from ocm.software/ocm's changelog.

Release Process

General Information

In the Open Component Model organization, the main development is done on the main branch. Thus, the main branch is used to develop on the latest minor version.

The release process focuses on the creation of release/<major>.<minor> release branches and the generation of release tags based on these branches. Every release branch is used to permanently track the development of a specific minor release of the OCM project. Whenever there is a critical issue for a specific minor release, a patch is cherry-picked into the release branch and a new patch release for that given minor version is created.

The release branches are initially created from the main branch via the GitHub action Release Branch Creation.

A release is generated by calling a specific release GitHub Action. It is executed on the branch which should be released - regardless whether it is a patch or a minor release.

In any case, a pre-release may be created by specifying a pre-release suffix for the release action execution. This will lead (for most use cases) to the creation of a "Release Candidate" which can be tested and delivered to end users willing to test the new release.

Release Workflow

Diagram

gitGraph TB:
    commit id: "VERSION 0.17.0-dev"
    commit id: "feat: some feature"
    branch "releases/v0.17"
    commit tag: "v0.17.0-rc.1" type: REVERSE
    checkout main
    commit id: "fix: hotfix bug" type: HIGHLIGHT
    checkout releases/v0.17
    cherry-pick id: "fix: hotfix bug"
    commit tag: "v0.17.0-rc.2"
    branch "releases/v0.17.0"
    checkout "releases/v0.17.0"
    commit id: "VERSION 0.17.0" tag:"v0.17.0"
    checkout main
    commit id: "VERSION 0.18.0-dev"
</tr></table> 

Loading

... (truncated)

Commits

• 2ea69c7 change short text for help topic (#1058)
• beabf65 chore: force bump to 0.18.0-dev (#1061)
• 3577e7e bug: allow http protocol for oci access (#1060)
• 37c6514 bug: fix unmarshal consumer identity with empty value (#1057)
• 2188c1c chore: reuse aggregation from ctf during component build (#1044)
• d6a5994 fix artifact set tagging (#1033)
• 9e27f16 component constructor with references field (#1054)
• 9f7a730 chore: disable runner cache for release note drafter (#1051)
• c722d03 priority for CLI registration options (#1045)
• 06bc421 fix: set tlskyber=0 (#1047)
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.2 to 0.19.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.19.3

What's Changed

• 🐛 Refactor certificate watcher to use polling, instead of fsnotify by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3023
• 🐛 Use leader elector with client timeout by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3031

Full Changelog: kubernetes-sigs/controller-runtime@v0.19.2...v0.19.3

Commits

• 3e66810 Merge pull request #3037 from kubernetes-sigs/backport019-watch
• 2085acc add watch deprecated to certwatcher
• 0823530 Merge pull request #3031 from k8s-infra-cherrypick-robot/cherry-pick-3028-to-...
• e727239 [release-0.19] 🐛 Refactor certificate watcher to use polling, instead of fsno...
• 2a0ce59 🌱 Make using leader elector with client timeout non-breaking
• 4bc3811 🐛 Fix RenewDeadline typo in leader election
• 0170742 warning: Use leader elector with client timeout
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-3]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[hendrikKahl]

/lgtm