Update all dependencies
This MR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| boto3 |
==1.24.33 -> ==1.24.36
|
 |
|
|
|
patch | |
| sigstore/cosign |
v1.9.0 -> v1.10.0
|
|
|
|
|
ironbank-github | minor |
Release Notes
boto/boto3
v1.24.36
=======
- api-change:
account: [botocore] This release enables customers to manage the primary contact information for their AWS accounts. For more information, see https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html - api-change:
ec2: [botocore] Added support for EC2 M1 Mac instances. For more information, please visit aws.amazon.com/mac. - api-change:
iotdeviceadvisor: [botocore] Added new service feature (Early access only) - Long Duration Test, where customers can test the IoT device to observe how it behaves when the device is in operation for longer period. - api-change:
medialive: [botocore] Link devices now support remote rebooting. Link devices now support maintenance windows. Maintenance windows allow a Link device to install software updates without stopping the MediaLive channel. The channel will experience a brief loss of input from the device while updates are installed. - api-change:
rds: [botocore] This release adds the "ModifyActivityStream" API with support for audit policy state locking and unlocking. - api-change:
transcribe: [botocore] Remove unsupported language codes for StartTranscriptionJob and update VocabularyFileUri for UpdateMedicalVocabulary
v1.24.35
=======
- api-change:
athena: [botocore] This feature allows customers to retrieve runtime statistics for completed queries - api-change:
cloudwatch: [botocore] Update cloudwatch client to latest version - api-change:
dms: [botocore] Documentation updates for Database Migration Service (DMS). - api-change:
docdb: [botocore] Enable copy-on-write restore type - api-change:
ec2-instance-connect: [botocore] This release includes a new exception type "EC2InstanceUnavailableException" for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs. - api-change:
frauddetector: [botocore] The release introduces Account Takeover Insights (ATI) model. The ATI model detects fraud relating to account takeover. This release also adds support for new variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to Model Version APIs. - api-change:
iotsitewise: [botocore] Added asynchronous API to ingest bulk historical and current data into IoT SiteWise. - api-change:
kendra: [botocore] Amazon Kendra now provides Oauth2 support for SharePoint Online. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html - api-change:
network-firewall: [botocore] Network Firewall now supports referencing dynamic IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists. - api-change:
rds: [botocore] Adds support for creating an RDS Proxy for an RDS for MariaDB database.
v1.24.34
=======
- api-change:
acm-pca: [botocore] AWS Certificate Manager (ACM) Private Certificate Authority (PCA) documentation updates - api-change:
iot: [botocore] GA release the ability to enable/disable IoT Fleet Indexing for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs. This includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
sigstore/cosign
v1.10.0
Enhancements
- Add env subcommand. (https://github.com/sigstore/cosign/pull/2051)
- feat: cert-extensions verify (https://github.com/sigstore/cosign/pull/1626)
- sign-blob: bundle should work independently (https://github.com/sigstore/cosign/pull/2016)
- Add --oidc-provider flag to specify which provider to use for ambient credentials (https://github.com/sigstore/cosign/pull/1998)
- Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore (https://github.com/sigstore/cosign/pull/1866)
- Add --platform flag to cosign sbom download (https://github.com/sigstore/cosign/pull/1975)
- Route deprectated -version to subcommand (https://github.com/sigstore/cosign/pull/1854)
- Add cyclonedx predicate type for attestations (https://github.com/sigstore/cosign/pull/1977)
- Updated Azure kms commands. (https://github.com/sigstore/cosign/pull/1972)
- Add spdxjson predicate type for attestations (https://github.com/sigstore/cosign/pull/1974)
- Drop tuf client dependency on GCS client library (https://github.com/sigstore/cosign/pull/1967)
- feat(fulcioroots): singleton error pattern (https://github.com/sigstore/cosign/pull/1965)
- tuf: improve TUF client concurrency and caching (https://github.com/sigstore/cosign/pull/1953)
- Separate RegExp matching of issuer/subject from strict (https://github.com/sigstore/cosign/pull/1956)
Documention
- update design doc link (https://github.com/sigstore/cosign/pull/2077)
- specs: fix list formatting on SIGNATURE_SPEC (https://github.com/sigstore/cosign/pull/2030)
- public-key: fix command description (https://github.com/sigstore/cosign/pull/2024)
- docs(readme): add installation steps for container image for cosign binary (https://github.com/sigstore/cosign/pull/1986)
- Add Cloudsmith Container Registry to tested registry list (https://github.com/sigstore/cosign/pull/1966)
Bug Fixes
- Fix OIDC test (https://github.com/sigstore/cosign/pull/2050)
- Use cosign.ConfirmPrompt more consistently (https://github.com/sigstore/cosign/pull/2039)
- chore: add note about SIGSTORE_REKOR_PUBLIC_KEY (https://github.com/sigstore/cosign/pull/2040)
- Fix #1378 create new attestation signature in replace mode if not existent (https://github.com/sigstore/cosign/pull/2014)
- encrypt values to create the github action secret (https://github.com/sigstore/cosign/pull/1990)
- fix/update post build job (https://github.com/sigstore/cosign/pull/1983)
- fix typos (https://github.com/sigstore/cosign/pull/1982)
Others
- Bump github.com/hashicorp/vault/sdk from 0.5.2 to 0.5.3 (https://github.com/sigstore/cosign/pull/2079)
- Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 (https://github.com/sigstore/cosign/pull/2078)
- Bump google.golang.org/api from 0.87.0 to 0.88.0 (https://github.com/sigstore/cosign/pull/2081)
- Remove hack/tools.go (https://github.com/sigstore/cosign/pull/2080)
- Remove replace directives in go.mod. (https://github.com/sigstore/cosign/pull/2070)
- Bump mikefarah/yq from 4.25.3 to 4.26.1 (https://github.com/sigstore/cosign/pull/2076)
- Bump github.com/xanzy/go-gitlab from 0.68.2 to 0.69.0 (https://github.com/sigstore/cosign/pull/2075)
- Bump actions/dependency-review-action from 2.0.2 to 2.0.4 (https://github.com/sigstore/cosign/pull/2073)
- Bump google.golang.org/api from 0.86.0 to 0.87.0 (https://github.com/sigstore/cosign/pull/2064)
- chore(deps): CycloneDX PredicateType changed to use in-toto-golang (https://github.com/sigstore/cosign/pull/2067)
- Bump github.com/open-policy-agent/opa from 0.42.0 to 0.42.2 (https://github.com/sigstore/cosign/pull/2063)
- Bump google.golang.org/grpc from 1.47.0 to 1.48.0 (https://github.com/sigstore/cosign/pull/2062)
- Bump actions/setup-go from 3.2.0 to 3.2.1 (https://github.com/sigstore/cosign/pull/2060)
- Bump github/codeql-action from 2.1.15 to 2.1.16 (https://github.com/sigstore/cosign/pull/2065)
- Bump actions/cache from 3.0.4 to 3.0.5 (https://github.com/sigstore/cosign/pull/2066)
- update to go 1.18 (https://github.com/sigstore/cosign/pull/2059)
- Bump github.com/open-policy-agent/opa from 0.35.0 to 0.42.0 (https://github.com/sigstore/cosign/pull/2046)
- update ct/otel and etcd (https://github.com/sigstore/cosign/pull/2054)
- remove tests with 1.21 k8s cluster because it is deprecated and add v1.23/24 (https://github.com/sigstore/cosign/pull/2055)
- Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (https://github.com/sigstore/cosign/pull/2042)
- Bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 (https://github.com/sigstore/cosign/pull/2032)
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.0 to 2.1.1 (https://github.com/sigstore/cosign/pull/2037)
- Bump github/codeql-action from 2.1.14 to 2.1.15 (https://github.com/sigstore/cosign/pull/2038)
- Bump google.golang.org/api from 0.85.0 to 0.86.0 (https://github.com/sigstore/cosign/pull/2036)
- Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (https://github.com/sigstore/cosign/pull/2035)
- Bump ossf/scorecard-action from 1.1.1 to 1.1.2 (https://github.com/sigstore/cosign/pull/2033)
- Bump github.com/xanzy/go-gitlab from 0.68.0 to 0.68.2 (https://github.com/sigstore/cosign/pull/2029)
- Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (https://github.com/sigstore/cosign/pull/2026)
- Attempt to clean up pkg/cosign (https://github.com/sigstore/cosign/pull/2018)
- Bump github/codeql-action from 2.1.13 to 2.1.14 (https://github.com/sigstore/cosign/pull/2023)
- Bump github.com/google/go-containerregistry from 0.9.0 to 0.10.0 (https://github.com/sigstore/cosign/pull/2021)
- Bump mikefarah/yq from 4.25.2 to 4.25.3 (https://github.com/sigstore/cosign/pull/2022)
- Bump google.golang.org/api from 0.84.0 to 0.85.0 (https://github.com/sigstore/cosign/pull/2015)
- Bump github.com/stretchr/testify from 1.7.3 to 1.7.4 (https://github.com/sigstore/cosign/pull/2010)
- Bump github.com/google/go-github/v45 from 45.1.0 to 45.2.0 (https://github.com/sigstore/cosign/pull/2011)
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (https://github.com/sigstore/cosign/pull/2012)
- Bump github/codeql-action from 2.1.12 to 2.1.13 (https://github.com/sigstore/cosign/pull/2013)
- Bump github.com/stretchr/testify from 1.7.2 to 1.7.3 (https://github.com/sigstore/cosign/pull/2009)
- Bump actions/dependency-review-action from 2.0.1 to 2.0.2 (https://github.com/sigstore/cosign/pull/2001)
- Bump github.com/hashicorp/vault/sdk from 0.5.1 to 0.5.2 (https://github.com/sigstore/cosign/pull/1996)
- Bump actions/dependency-review-action from 1.0.2 to 2.0.1 (https://github.com/sigstore/cosign/pull/2000)
- Bump google.golang.org/api from 0.83.0 to 0.84.0 (https://github.com/sigstore/cosign/pull/1999)
- Bump sigstore/sigstore to HEAD (https://github.com/sigstore/cosign/pull/1995)
- Bump github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1 (https://github.com/sigstore/cosign/pull/1988)
- cleanup ci job and remove policy-controller references (https://github.com/sigstore/cosign/pull/1981)
- Bump google.golang.org/api from 0.82.0 to 0.83.0 (https://github.com/sigstore/cosign/pull/1979)
- cleanup: unexport kubernetes.Client method (https://github.com/sigstore/cosign/pull/1973)
- Remove policy-controller now that it lives in sigstore/policy-controller (https://github.com/sigstore/cosign/pull/1976)
- Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 (https://github.com/sigstore/cosign/pull/1980)
- Bump actions/cache from 3.0.3 to 3.0.4 (https://github.com/sigstore/cosign/pull/1970)
- Bump github.com/hashicorp/go-hclog from 1.2.0 to 1.2.1 (https://github.com/sigstore/cosign/pull/1968)
- Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (https://github.com/sigstore/cosign/pull/1963)
- Bump google.golang.org/grpc from 1.46.2 to 1.47.0 (https://github.com/sigstore/cosign/pull/1943)
- Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.5 to 0.1.6 (https://github.com/sigstore/cosign/pull/1958)
- replace gcr.io/distroless/ to use ghcr.io/distroless/ (https://github.com/sigstore/cosign/pull/1961)
- Bump github/codeql-action from 2.1.11 to 2.1.12 (https://github.com/sigstore/cosign/pull/1951)
- Bump google.golang.org/api from 0.81.0 to 0.82.0 (https://github.com/sigstore/cosign/pull/1948)
Contributors
- Adolfo García Veytia (@puerco)
- Asra Ali (@asraa)
- Batuhan Apaydın (@developer-guy)
- Billy Lynch (@wlynch)
- Bob Callaway (@bobcallaway)
- Carlos Tadeu Panato Junior (@cpanato)
- Ciara Carey (@ciaracarey)
- Frederik Boster (@Syquel)
- Furkan Türkal (@Dentrax)
- Hector Fernandez (@hectorj2f)
- Jason Hall (@imjasonh)
- Jinhong Brejnholt (@JBrejnholt)
- Josh Dolitsky (@jdolitsky)
- Masahiro331 (@masahiro331)
- Priya Wadhwa (@priyawadhwa)
- Ville Aikas (@vaikas)
- William Woodruff (@woodruffw)
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.
Edited by renovate