build(deps): bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.1 #1603
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
|
No changes to code we use, but they now declare to work only against Go 1.18. To do: figure out if that is really the minimum, and if we care. |
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/theupdateframework/go-tuf-0.3.1
branch
2 times, most recently
from
88b772f
to
7df0116
Compare
|
I would say that we should be just merged. We are moving most tools to go 1.18 |
|
Looking at the existing dependencies, c/common already depends on Ginkgo and Gomega with the same The risk is that any of these dependencies might actually start relying on Go 1.18 features, and it would be a bit harder to notice. But then… we tend to apply Dependabot PRs all the time and I’m not really interested in trying to change that. |
|
@dependabot rebase |
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
|
@dependabot recreate |
Bumps [github.com/theupdateframework/go-tuf](https://github.com/theupdateframework/go-tuf) from 0.3.0 to 0.3.1. - [Release notes](https://github.com/theupdateframework/go-tuf/releases) - [Commits](theupdateframework/go-tuf@v0.3.0...v0.3.1) --- updated-dependencies: - dependency-name: github.com/theupdateframework/go-tuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/theupdateframework/go-tuf-0.3.1
branch
from
fa91c4e
to
b377170
Compare
dependabot
bot
deleted the
dependabot/go_modules/github.com/theupdateframework/go-tuf-0.3.1
branch
Bumps github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.1.
Release notes
Sourced from github.com/theupdateframework/go-tuf's releases.
Commits
0d40b25test: fix flakey util test (#333)eed9e6cchore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 (#331)3bb077echore(deps): bump requests from 2.28.0 to 2.28.1 (#332)e3efe98fix: verify length and hashes of fetched bytes before parsing (#325)439ce47chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#324)986a4c5chore(deps): bump requests from 2.27.1 to 2.28.0 (#317)81cd9b3chore(deps): bump Python from 3.6 to 3.10 (#318)355e39cfeat: Implement TAP-12 support (#310)ae904d2docs: Add DCO instructions (#319)36a2930build: update go version to 1.18 (#314)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)