build(deps): bump the ci group with 13 updates

[dependabot]

Bumps the ci group with 13 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.21.0	1.23.5
github.com/aws/aws-sdk-go-v2/config	1.18.37	1.25.11
github.com/aws/aws-sdk-go-v2/service/dynamodb	1.21.5	1.26.3
github.com/aws/aws-sdk-go-v2/service/s3	1.38.5	1.47.2
github.com/elgohr/go-localstack	1.0.20	1.0.38
github.com/fluxcd/pkg/apis/event	0.5.2	0.6.0
github.com/fluxcd/pkg/apis/meta	1.1.2	1.2.0
github.com/fluxcd/pkg/runtime	0.42.0	0.43.0
github.com/fluxcd/source-controller/api	1.1.0	1.2.0
github.com/hashicorp/terraform-json	0.17.1	0.18.0
github.com/jenkins-x/go-scm	1.14.11	1.14.21
github.com/spf13/afero	1.9.5	1.11.0
github.com/spf13/viper	1.16.0	1.17.0

Updates github.com/aws/aws-sdk-go-v2 from 1.21.0 to 1.23.5

Commits

• ce842a7 Release 2023-12-01
• d40f923 Regenerated Clients
• 3a00ef5 Update API model
• 1f61a06 fix: correct recognition and zeroing of cache-wrapped AnonymousCredentials (#...
• 623d430 fix: correct wrapping of errors in authentication workflow (#2403)
• cb676e7 Release 2023-11-30.2
• 21db1a2 Regenerated Clients
• 833655d Update API model
• fcfb7ac fix: use region overrides in endpoint discovery (#2393)
• f3ea5b8 Release 2023-11-30
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.18.37 to 1.25.11

Commits

• ce842a7 Release 2023-12-01
• d40f923 Regenerated Clients
• 3a00ef5 Update API model
• 1f61a06 fix: correct recognition and zeroing of cache-wrapped AnonymousCredentials (#...
• 623d430 fix: correct wrapping of errors in authentication workflow (#2403)
• cb676e7 Release 2023-11-30.2
• 21db1a2 Regenerated Clients
• 833655d Update API model
• fcfb7ac fix: use region overrides in endpoint discovery (#2393)
• f3ea5b8 Release 2023-11-30
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/dynamodb from 1.21.5 to 1.26.3

Commits

• 9f608f2 Release 2022-03-30
• b20782d Regenerated Clients
• 3d6301f Update API model
• f9446dc EventStream Fixes (#1647)
• b03e3da internal/awstesting: Update SDK custom certificate testing utils (#1626)
• 07b773f Release 2022-03-29
• f749fcd Regenerated Clients
• 67e7aad Update API model
• 0191ee9 Update Batch changelog description (#1643)
• 99dac8e Release 2022-03-28
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.5 to 1.47.2

Commits

• ce842a7 Release 2023-12-01
• d40f923 Regenerated Clients
• 3a00ef5 Update API model
• 1f61a06 fix: correct recognition and zeroing of cache-wrapped AnonymousCredentials (#...
• 623d430 fix: correct wrapping of errors in authentication workflow (#2403)
• cb676e7 Release 2023-11-30.2
• 21db1a2 Regenerated Clients
• 833655d Update API model
• fcfb7ac fix: use region overrides in endpoint discovery (#2393)
• f3ea5b8 Release 2023-11-30
• Additional commits viewable in compare view

Updates github.com/elgohr/go-localstack from 1.0.20 to 1.0.38

Commits

• 21b21fd Merge pull request #900 from elgohr/dependabot/go_modules/aws-sdk-5611216042
• 7cd6723 ⬆️ Bump the aws-sdk group with 4 updates
• 109c5f6 Merge pull request #899 from elgohr/dependabot/go_modules/aws-sdk-74c0703fa8
• 6daaa08 ⬆️ Bump the aws-sdk group with 4 updates
• 3cd58cc Merge pull request #898 from elgohr/dependabot/go_modules/docker-ff2e075c67
• 55e90e4 ⬆️ Bump the docker group with 2 updates
• 829ba17 Merge pull request #897 from elgohr/dependabot/go_modules/aws-sdk-2e7f06f1f9
• 3a8c802 ⬆️ Bump the aws-sdk group with 2 updates
• 9da99f8 Merge pull request #896 from elgohr/dependabot/go_modules/aws-sdk-741d579572
• bca974e ⬆️ Bump the aws-sdk group with 3 updates
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.5.2 to 0.6.0

Commits

• dfed4fb git/libgit2: remove dep to pkg/runtime
• d65cef8 Merge pull request #327 from fluxcd/internal-deps-up
• 13f4fb1 Update internal dependencies
• 353ad50 Merge pull request #325 from fluxcd/go-1.18-mod
• cddc690 Update Go to v1.18 in go.mod
• 6c44a11 Merge pull request #324 from fluxcd/kube-0.25.0
• c0a1eba Update Kubernetes packages to v1.25.0
• 107f0af Merge pull request #318 from aryan9600/split-git
• 8a3d5fc pkg/git: split into pkg/git/gogit and pkg/git/libgit2
• 58fb44c Merge pull request #321 from somtochiama/delete-oci
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.2.0

Commits

• cc785fa Merge pull request #686 from fluxcd/k8s-1.28
• 1d7d31b all: Group github.com/fluxcd/cli-utils imports
• 09ba5d8 runtime: Add pprof.GetHandlers to help setup the metrics server
• 768085d runtime: Update sigs.k8s.io/controller-runtime to v0.16.3
• 2e007cb ssa: Update Kubernetes to v1.28.4
• e7686cf kustomize: Update Kustomize to v5.2.1
• 3be575d oci: Update sigs.k8s.io/controller-runtime to v0.16.3
• 7f72436 helmtestserver: Update Helm to v3.13.2
• fe543f5 git: Update golang.org/x/crypto to v0.15.0
• 129adfd apis: Update Kubernetes to v1.28
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.42.0 to 0.43.0

Commits

• 3dc541c Merge pull request #687 from fluxcd/update-internal
• 1477c6d Update internal dependencies
• cc785fa Merge pull request #686 from fluxcd/k8s-1.28
• 1d7d31b all: Group github.com/fluxcd/cli-utils imports
• 09ba5d8 runtime: Add pprof.GetHandlers to help setup the metrics server
• 768085d runtime: Update sigs.k8s.io/controller-runtime to v0.16.3
• 2e007cb ssa: Update Kubernetes to v1.28.4
• e7686cf kustomize: Update Kustomize to v5.2.1
• 3be575d oci: Update sigs.k8s.io/controller-runtime to v0.16.3
• 7f72436 helmtestserver: Update Helm to v3.13.2
• Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.2.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.2.0

Changelog

v1.2.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.0
• ghcr.io/fluxcd/source-controller:v1.2.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.1.2

Changelog

v1.1.2 changelog

Container images

• docker.io/fluxcd/source-controller:v1.1.2
• ghcr.io/fluxcd/source-controller:v1.1.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.1.1

Changelog

v1.1.1 changelog

Container images

• docker.io/fluxcd/source-controller:v1.1.1
• ghcr.io/fluxcd/source-controller:v1.1.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.2.0

Release date: 2023-12-05

This minor release comes with API changes, bug fixes and several new features.

Bucket

A new field, .spec.prefix, has been added to the Bucket API, which enables server-side filtering of files if the object's .spec.provider is set to generic/aws/gcp.

OCIRepository and HelmChart

Two new fields, .spec.verify.matchOIDCIdentity.issuer and .spec.verify.matchOIDCIdentity.subject have been added to the HelmChart and OCIRepository APIs. If the image has been keylessly signed via Cosign, these fields can be used to verify the OIDC issuer of the Fulcio certificate and the OIDC identity's subject respectively.

HelmRepository

A new boolean field, .spec.insecure, has been introduced to the HelmRepository API, which allows connecting to a non-TLS HTTP container registry. It is only considered if the object's .spec.type is set to oci.

From this release onwards, HelmRepository objects of type OCI are treated as static objects, i.e. they have an empty status. Existing objects undergo a one-time automatic migration and new objects will be undergo a one-time reconciliation to remove any status fields.

Additionally, the controller now performs a shallow clone if the .spec.ref.name of the GitRepository object points to a branch or a tag.

Furthermore, a bug has been fixed, where the controller would try to authenticate against public OCI registries if the HelmRepository object has a reference to a Secret containing a CA certificate.

Lastly, dependencies have been updated to their latest version, including an update of Kubernetes to v1.28.4.

Fixes:

• Address miscellaneous issues throughout code base #1257
• helmrepo: only configure tls login option when required #1289
• oci: rename OCIChartRepository.insecure to insecureHTTP #1299
• Use bitnami Minio oci chart for e2e #1301

... (truncated)

Commits

• 452c308 Merge pull request #1305 from fluxcd/release-v1.2.0
• 8700ca9 Release v1.2.0
• 677b62b Add changelog entry for v1.2.0
• 00a71ad Merge pull request #1304 from fluxcd/update-deps
• 2c6bd26 Update Go dependencies
• 1a51af2 Merge pull request #1303 from fluxcd/dependabot/github_actions/ci-6a3fdc2cae
• e2da8c5 build(deps): bump the ci group with 1 update
• 2659568 Merge pull request #1300 from fluxcd/go-git-v5.10.1
• 7df2d25 Update Git dependencies
• 41c44b7 Merge pull request #1301 from somtochiama/fix-minio-chart
• Additional commits viewable in compare view

Updates github.com/hashicorp/terraform-json from 0.17.1 to 0.18.0

Release notes

Sourced from github.com/hashicorp/terraform-json's releases.

v0.18.0

NOTES:

• Update README to explain when not to use this library by @​alisdair in hashicorp/terraform-json#104

ENHANCEMENTS:

• Add PreviousAddress field to ResourceChange to support moved block by @​takaishi in hashicorp/terraform-json#95

BUG FIXES:

• Fixed typing of check results in statefiles by @​Yantrio in hashicorp/terraform-json#101

INTERNAL:

• Bump actions/setup-go from 4.0.1 to 4.1.0 by @​dependabot in hashicorp/terraform-json#98
• Bump github.com/zclconf/go-cty from 1.13.2 to 1.13.3 by @​dependabot in hashicorp/terraform-json#99
• Bump actions/checkout from 3.5.3 to 3.6.0 by @​dependabot in hashicorp/terraform-json#100
• Bump github.com/zclconf/go-cty from 1.13.3 to 1.14.0 by @​dependabot in hashicorp/terraform-json#102
• Bump actions/checkout from 3.6.0 to 4.0.0 by @​dependabot in hashicorp/terraform-json#103
• Bump actions/checkout from 4.0.0 to 4.1.0 by @​dependabot in hashicorp/terraform-json#105
• Bump github.com/zclconf/go-cty from 1.14.0 to 1.14.1 by @​dependabot in hashicorp/terraform-json#107
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @​dependabot in hashicorp/terraform-json#109
• Bump actions/checkout from 4.1.0 to 4.1.1 by @​dependabot in hashicorp/terraform-json#110

New Contributors

• @​Yantrio made their first contribution in hashicorp/terraform-json#101
• @​takaishi made their first contribution in hashicorp/terraform-json#95

Commits

• ac10835 Bump actions/checkout from 4.1.0 to 4.1.1 (#110)
• 39a2ed7 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#109)
• d379256 Bump github.com/zclconf/go-cty from 1.14.0 to 1.14.1 (#107)
• 33462c3 Bump actions/checkout from 4.0.0 to 4.1.0 (#105)
• e58a208 Merge pull request #104 from hashicorp/alisdair/should-i-use-this-library
• 25b978a Update README.md
• a4dc39d Update README.md
• 9aff8f0 Fix typo
• 9901d28 Add PreviousAddress field to ResourceChange to support moved block (#95)
• a7fb827 Update README to explain when not to use this library
• Additional commits viewable in compare view

Updates github.com/jenkins-x/go-scm from 1.14.11 to 1.14.21

Release notes

Sourced from github.com/jenkins-x/go-scm's releases.

1.14.21

Changes in version 1.14.21

Chores

• release 1.14.21 (jenkins-x-bot)
• add variables (jenkins-x-bot)
• deps: bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (dependabot[bot])

1.14.20

Changes in version 1.14.20

Chores

• release 1.14.20 (jenkins-x-bot)
• add variables (jenkins-x-bot)
• deps: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (dependabot[bot])

1.14.19

Changes in version 1.14.19

Chores

• release 1.14.19 (jenkins-x-bot)
• add variables (jenkins-x-bot)
• deps: bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.0 (dependabot[bot])

1.14.18

Changes in version 1.14.18

Chores

• release 1.14.18 (jenkins-x-bot)
• add variables (jenkins-x-bot)
• deps: bump k8s.io/apimachinery from 0.27.3 to 0.28.3 (dependabot[bot])

1.14.17

Changes in version 1.14.17

Chores

• release 1.14.17 (jenkins-x-bot)
• add variables (jenkins-x-bot)
• deps: bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 (dependabot[bot])

1.14.16

Changes in version 1.14.16

Chores

... (truncated)

Commits

• 1eaac96 chore: release 1.14.21
• 3d3ba97 chore: add variables
• 0ea0fb2 Merge pull request #417 from jenkins-x/dependabot/go_modules/golang.org/x/oau...
• b60764c chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0
• 78e5cb2 Merge pull request #416 from jenkins-x/dependabot/go_modules/github.com/googl...
• 8684159 chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
• 2b3c2aa Merge pull request #415 from jenkins-x/dependabot/go_modules/github.com/go-gi...
• e892326 chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.0
• 67184c5 Merge pull request #414 from jenkins-x/dependabot/go_modules/k8s.io/apimachin...
• 0f56217 chore(deps): bump k8s.io/apimachinery from 0.27.3 to 0.28.3
• Additional commits viewable in compare view

Updates github.com/spf13/afero from 1.9.5 to 1.11.0

Release notes

Sourced from github.com/spf13/afero's releases.

v1.11.0

What's Changed

• deps: Update all direct dependencies by @​bep in spf13/afero#410

Full Changelog: spf13/afero@v1.10.0...v1.11.0

v1.10.0

What's Changed

• Add sftpfs files ReadAt method by @​MRtecno98 in spf13/afero#378
• Add build flags for z/OS Unix System Services by @​msradam in spf13/afero#384
• rename mem fs with descendants by @​hanagantig in spf13/afero#364

New Contributors

• @​MRtecno98 made their first contribution in spf13/afero#378
• @​msradam made their first contribution in spf13/afero#384
• @​hanagantig made their first contribution in spf13/afero#364

Full Changelog: spf13/afero@v1.9.5...v1.10.0

Commits

• 5c4385a github: Bump GitHub actions versions
• eb6bef0 github: Format workflow file
• 2fd19a1 github: Add permissions to workflow
• 2a63c9c deps: Update all direct dependencies
• c419971 github: Update Go versions
• ee6eef7 Fix rename mem fs with descendants
• 45ef346 Add zos build flags
• 1882278 Add sftpfs files ReadAt method
• See full diff in compare view

Updates github.com/spf13/viper from 1.16.0 to 1.17.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.17.0

Major changes

Highlighting some of the changes for better visibility.

Please share your feedback in the Discussion forum. Thanks! ❤️

Minimum Go version: 1.19

Viper now requires Go 1.19

This change ensures we can stay up to date with modern practices and dependencies.

log/slog support [BREAKING]

Viper v1.11.0 added an experimental Logger interface to allow custom implementations (besides jwalterweatherman).

In addition, it also exposed an experimental WithLogger function allowing to set a custom logger.

This release deprecates that interface in favor of log/slog released in Go 1.21.

[!WARNING] WithLogger accepts an *slog.Logger from now on.

To preserve backwards compatibility with older Go versions, prior to Go 1.21 Viper accepts a *golang.org/x/exp/slog.Logger.

The experimental flag is removed.

New finder implementation [BREAKING]

As of this release, Viper uses a new library to look for files, called locafero.

The new library is better covered by tests and has been built from scratch as a general purpose file finder library.

The implementation is experimental and is hidden behind a finder build tag.

[!WARNING] The io/fs based implementation (that used to be hidden behind a finder build tag) has been removed.

What's Changed

Exciting New Features 🎉

• Add NATS support by @​hooksie1 in spf13/viper#1590
• Add slog support by @​sagikazarmark in spf13/viper#1627

Enhancements 🚀

• chore: add local development environment using nix by @​sagikazarmark in spf13/viper#1572
• feat: add func GetEnvPrefix by @​baruchiro in spf13/viper#1565
• Improve dev env by @​sagikazarmark in spf13/viper#1575
• fix: code optimization by @​testwill in spf13/viper#1557
• test: remove not needed testutil.Setenv by @​alexandear in spf13/viper#1610
• new finder library based on afero by @​sagikazarmark in spf13/viper#1625

... (truncated)

Commits

• f62f86a refactor: make use of strings.Cut
• 94632fa chore: Use pip3 explicitly to install yamllint
• 3f6cadc chore: Fix copy-paste error for yamllint target
• 287507c docs: add set subset KV example
• f1cb226 chore(deps): update crypt
• c292b55 test: refactor asserts
• 3d006fe refactor: replace interface{} with any
• 8a6dc5d build(deps): bump github/codeql-action from 2.21.8 to 2.21.9
• 96c5c00 chore: remove deprecated build tags
• 44911d2 build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to add @chanwit, @Nalum, @phoban01, @tomhuang12 and @tf-controller/wild-watermelon as reviewers to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/tf-controller/tf-controller/pulls/74/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the teams you specified is not a collaborator of the tf-controller/tf-controller repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request

[dependabot]

The following labels could not be found: area/ci, dependencies.