Bump the go-modules-updates group with 9 updates

[dependabot]

Bumps the go-modules-updates group with 9 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2/config	1.27.8	1.27.12
github.com/aws/aws-sdk-go-v2/credentials	1.17.8	1.17.12
github.com/aws/aws-sdk-go-v2/service/secretsmanager	1.28.4	1.28.7
github.com/go-sql-driver/mysql	1.8.0	1.8.1
github.com/hashicorp/vault/api	1.12.2	1.13.0
github.com/pelletier/go-toml/v2	2.2.0	2.2.2
github.com/testcontainers/testcontainers-go	0.22.0	0.30.0
golang.org/x/crypto	0.21.0	0.23.0
modernc.org/sqlite	1.29.5	1.29.9

Updates github.com/aws/aws-sdk-go-v2/config from 1.27.8 to 1.27.12

Commits

• e7dfd72 Release 2024-05-08
• 316c7cd Regenerated Clients
• ba18a1e Update API model
• 31c2861 fix: improve Go doc formatter (#2636)
• 7a87a62 add missing changelog (#2635)
• 8cc2bc3 Release 2024-05-07
• 36b4e92 Regenerated Clients
• 9e70bfa Update API model
• 7a654f5 dep: bump x/net to 0.23.0 (#2631)
• eff2620 Release 2024-05-06
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.8 to 1.17.12

Commits

• e7dfd72 Release 2024-05-08
• 316c7cd Regenerated Clients
• ba18a1e Update API model
• 31c2861 fix: improve Go doc formatter (#2636)
• 7a87a62 add missing changelog (#2635)
• 8cc2bc3 Release 2024-05-07
• 36b4e92 Regenerated Clients
• 9e70bfa Update API model
• 7a654f5 dep: bump x/net to 0.23.0 (#2631)
• eff2620 Release 2024-05-06
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/secretsmanager from 1.28.4 to 1.28.7

Commits

• e155bb7 Release 2023-10-06
• 9d342ba Regenerated Clients
• 1df9914 Update SDK's smithy-go dependency to v1.15.0
• 32ada3a Update API model
• 12ba4ac Release 2023-10-05
• be8a8e0 Regenerated Clients
• dc38adb Update endpoints model
• a52086e Update API model
• 1ed22c1 Release 2023-10-04
• e007bcd Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/go-sql-driver/mysql from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.8.1

What's Changed

Bugfixes:

• fix race condition when context is canceled in #1562 and #1570

Full Changelog: go-sql-driver/mysql@v1.8.0...v1.8.1

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

Version 1.8.1 (2024-03-26)

Bugfixes:

• fix race condition when context is canceled in #1562 and #1570

Commits

• 4395c45 update changelog for releasing v1.8.1 (#1576)
• 7eeaba6 Fix issue 1567 (#1570) (#1571)
• 65395d8 fix race condition when context is canceled (#1565)
• 1e75613 add wrapper method to call mc.cfg.Logger (#1564)
• 33fa6e5 replace interface{} with any (#1561)
• See full diff in compare view

Updates github.com/hashicorp/vault/api from 1.12.2 to 1.13.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.13.0

1.13.0

March 01, 2023

SECURITY:

• secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]

CHANGES:

• auth/alicloud: require the role field on login [GH-19005]
• auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
• auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users. This will only be used internally for implementing user lockout. [GH-17104]
• core: Bump Go version to 1.20.1.
• core: Vault version has been moved out of sdk and into main vault module. Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
• logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
• plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
• plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
• plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
• plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
• sdk: Remove version package, make useragent.String versionless. [GH-19068]
• secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
• secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
• sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
• ui: Upgrade Ember to version 4.4.0 [GH-17086]

FEATURES:

• Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
• Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
• Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
• GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
• Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
• New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
• PKI Cross-Cluster Revocations: Revocation information can now be synchronized across primary and performance replica clusters offering a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
• Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
• Transit managed keys: The transit secrets engine now supports configuring and using managed keys
• User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
• VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
• Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
• OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new OpenAPI-based Go & .NET Client libraries (beta). You can use them to perform various secret management operations easily from your applications.

IMPROVEMENTS:

• Redis ElastiCache DB Engine: Renamed configuration parameters for disambiguation; old parameters still supported for compatibility. [GH-18752]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.13.0

March 01, 2023

SECURITY:

• secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]
• auth/approle: When using the Vault and Vault Enterprise (Vault) approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999 has been fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. [HSEC-2023-07]

CHANGES:

• auth/alicloud: require the role field on login [GH-19005]
• auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
• auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users. This will only be used internally for implementing user lockout. [GH-17104]
• core: Bump Go version to 1.20.1.
• core: Vault version has been moved out of sdk and into main vault module. Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
• logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
• plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
• plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
• plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
• plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
• sdk: Remove version package, make useragent.String versionless. [GH-19068]
• secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
• secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
• sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
• ui: Upgrade Ember to version 4.4.0 [GH-17086]

FEATURES:

• User lockout: Ignore repeated bad credentials from the same user for a configured period of time. Enabled by default.
• Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
• Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
• Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
• GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
• Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
• New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
• PKI Cross-Cluster Revocations: Revocation information can now be synchronized across primary and performance replica clusters offering a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
• Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
• Transit managed keys: The transit secrets engine now supports configuring and using managed keys
• User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
• VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
• Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
• OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new [OpenAPI-based Go] & [OpenAPI-based .NET] Client libraries (beta). You can use them to perform various secret management operations easily from your applications.

IMPROVEMENTS:

... (truncated)

Commits

• a4cf0dc Remove rc1 prerelease tag. (#19417)
• 0a42f2a backport of commit 9bb8321a5bf5b26beae865eb6290bd17aabc159f (#19409)
• 75f1ea2 backport of commit eb70bfdc5bfb0dd4c47326e1933b94bd93602c56 (#19407)
• 20e201b backport of commit da31528fdc0d9b043a21b1676694eecfaef130db (#19405)
• 7383b52 backport of commit 52bbf65ae7232e9306c8c8d7d392399f82d24f04 (#19397)
• b3dc15f backport of commit ba013912b1b2fd75fd7776fecb5e5f0329cb21e4 (#19396)
• 1240c8c backport of commit 538bb799e49ba12e6b6fec9877d7a03b2225d239 (#19381)
• 478b6f1 backport of commit 7b2ff1f111b95786528bd578fea5f25b88afb119 (#19382)
• a5edc66 backport of commit d35be2d0de3d1c036248570c538c2051c4c1dc57 (#19375)
• a0beacd Backport of add nil check for secret id entry on delete via accessor into rel...
• Additional commits viewable in compare view

Updates github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.2

Release notes

Sourced from github.com/pelletier/go-toml/v2's releases.

v2.2.2

What's Changed

Fixed bugs

• Fix race condition when tracking keys that have already been seen by @​sysulq in pelletier/go-toml#947

New Contributors

• @​sysulq made their first contribution in pelletier/go-toml#947

Full Changelog: pelletier/go-toml@v2.2.1...v2.2.2

v2.2.1

What's Changed

Fixed bugs

• Encode: fix indentation when marshalling slices as array tables by @​daniel-weisse in pelletier/go-toml#944

New Contributors

• @​daniel-weisse made their first contribution in pelletier/go-toml#944

Full Changelog: pelletier/go-toml@v2.2.0...v2.2.1

Commits

• a3d5a0b fix: sync pool race condition (#947)
• d00d2cc Fix indentation of custom type arrays (#944)
• See full diff in compare view

Updates github.com/testcontainers/testcontainers-go from 0.22.0 to 0.30.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.30.0

What's Changed

🚀 Features

• feat(k6):Add remote test scripts (#2350) @​bearrito
• feat: optimizes file copies to and from containers (#2450) @​codefromthecrypt
• feat(exitcode): Add exit code sugar method (#2342) @​bearrito
• feat: add module to support InfluxDB v1.x (#1703) @​JJCinAZ
• feat: authenticate docker on PullImage (#2446) @​codefromthecrypt
• feat: add distribution-registry module (#2341) @​mdelapenya
• feat: support passing io.Reader as ContainerFile (#2401) @​mdelapenya
• feat(MustConn): Add MustConnectionString on (some) dbs (#2343) @​bearrito
• feat: support for waiting for response headers (#2349) @​mdelapenya
• Add method for getting Weaviate's gRPC port (#2339) @​antas-marcin
• feat: add openfga module (#2332) @​mdelapenya

🐛 Bug Fixes

• Fix: HTTP wait strategy does not take query params into account (#2466) @​benja-M-1
• fix: logging deadlock (#2346) @​stevenh
• fix(exec): updates the Multiplexed opt to combine stdout and stderr (#2452) @​gustavosbarreto
• bug:Fix AMQPS url (#2462) @​bearrito
• Added error handling for context.Canceled in log reading code (#2268) @​prateekdwivedi
• fix: consul race on HTTP port (#2336) @​codefromthecrypt

📖 Documentation

• docs: fix wrong copy&paste in Weaviate docs (#2338) @​mdelapenya

🧹 Housekeeping

• Upgrade neo4j module to use features from v0.29.1 of testcontainers-go (#2463) @​danielorbach
• chore: use "docker compose" (v2) instead of "docker-compose" (v1) (#2464) @​mdelapenya
• refactor: Add Weaviate modules tests (#2447) @​antas-marcin
• docs: Fix typo in ci-test-go.yml (#2394) @​uh-zz
• redpanda: set entrypoint to the custom entrypoint file (#2347) @​bojand
• Move the container and config tests into a test package (#2242) @​Minivera
• chore: use WithEnv option in localstack module (#2337) @​mdelapenya
• chore: check that the new version is not empty (#2331) @​mdelapenya

📦 Dependency updates

• fix: data race on container run, caused by the otelhttp dependency (#2345) @​stevenh
• chore(deps): bump github/codeql-action from 2.22.12 to 3.24.9 (#2459) @​dependabot
• chore(deps): Bumping ChromaGo client version (#2402) @​tazarov
• chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#2444) @​mdelapenya
• chore: bump ryuk to latest v0.7.0 (#2395) @​mdelapenya
• chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#2392) @​mdelapenya
• chore: updated compose-go version (#2340) @​shettyh
• chore(deps): bump mkdocs-material from 8.2.7 to 9.5.13 (#2334) @​dependabot

... (truncated)

Commits

• fe33f3a chore: use new version (v0.30.0) in modules and examples
• 4a079a0 Fix url creation to handle query params when using HTTP wait strategy (#2466)
• 8ee975e fix: data race on container run (#2345)
• e8b8e55 fix: logging deadlock (#2346)
• 55ca42a feat(k6):Add remote test scripts (#2350)
• 697c264 feat: optimizes file copies to and from containers (#2450)
• 88622f0 fix(exec): updates the Multiplexed opt to combine stdout and stderr (#2452)
• db61369 Upgrade neo4j module to use features from v0.29.1 of testcontainers-go (#2463)
• 2d89e90 bug:Fix AMQPS url (#2462)
• d24cf91 chore: more compose updates in comments
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.21.0 to 0.23.0

Commits

• 905d78a go.mod: update golang.org/x dependencies
• ebb717d ssh: validate key type in SSH_MSG_USERAUTH_PK_OK response
• 0da2a6a openpgp: fix function name in comment
• 5defcc1 sha3: fix Sum results for SHAKE functions on s390x
• d042a39 go.mod: update golang.org/x dependencies
• b92bf94 ssh: respect MaxAuthTries also for "none" auth attempts
• 6f79b5a ssh: add server side multi-step authentication
• 8d0d405 x/crypto/chacha20: cleanup chacha_ppc64le.s
• b91329d all: remove redundant words in comments and fix some typos
• See full diff in compare view

Updates modernc.org/sqlite from 1.29.5 to 1.29.9

Commits

• fed279c Merge branch 'begin-use-context' into 'master'
• 5bcefd1 use passed context in BeginTx
• ab5c380 remove all traces of mattn/go-sqlite3
• 86f4fa0 upgrade to SQLite 3.45.3
• f6288a5 upgrade to SQLite 3.45.2, support linux/loong64 /3
• dc27467 upgrade to SQLite 3.45.2, support linux/loong64 /2
• 2baa790 upgrade to SQLite 3.45.2, support linux/loong64
• 21d90b2 Merge branch 'feature/89/add-backup-commit-method' into 'master'
• 01aa83b fixup! sqlite: add Backup.Commit method
• 27e480d CONTRIBUTORS: added self as contributor
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying spot-site with    Cloudflare Pages

Latest commit:	86e2e09
Status:	✅  Deploy successful!
Preview URL:	https://8ae2f4b0.spot-7ki.pages.dev
Branch Preview URL:	https://dependabot-go-modules-go-mod.spot-7ki.pages.dev

View logs