Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Dashboard #4

Open
22 tasks
renovate bot opened this issue Jul 20, 2023 · 0 comments
Open
22 tasks

Dependency Dashboard #4

renovate bot opened this issue Jul 20, 2023 · 0 comments

Comments

@renovate
Copy link
Contributor

renovate bot commented Jul 20, 2023
edited
Loading

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

  • chore(deps): update packages/subiquity_client/subiquity digest to 1d074a1
  • chore(deps): update dependency pdfrx to <=1.0.101
  • chore(deps): update dependency ubuntu_logger to ^0.2.0
  • chore(deps): update dependency ubuntu_service to ^0.4.0
  • chore(deps): update dependency yaru_test to ^0.3.0
  • chore(deps): update module github.com/stretchr/testify to v1.10.0
  • chore(deps): update module google.golang.org/grpc to v1.70.0
  • chore(deps): update module google.golang.org/grpc/cmd/protoc-gen-go-grpc to v1.5.1
  • chore(deps): update codecov/codecov-action action to v5
  • chore(deps): update dependency yaru to v7
  • chore(deps): update peter-evans/create-pull-request action to v7

Warning

Renovate failed to look up the following dependencies: Failed to look up dart package ubuntu_utils, Failed to look up dart package ubuntu_wizard, Failed to look up dart package landscape_client, Failed to look up dart package subiquity_client, Failed to look up dart package timezone_map, Failed to look up dart package ubuntu_provision, Failed to look up dart package subiquity_test, Failed to look up dart package ubuntu_provision_test, Failed to look up dart package provd_client, Failed to look up dart package ubuntu_bootstrap, Failed to look up dart package ubuntu_init.

Files affected: apps/factory_reset_tools/pubspec.yaml, apps/ubuntu_bootstrap/pubspec.yaml, apps/ubuntu_init/pubspec.yaml, packages/subiquity_test/pubspec.yaml, packages/ubuntu_provision/pubspec.yaml, packages/ubuntu_provision_test/pubspec.yaml, packages/ubuntu_utils/pubspec.yaml

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

git-submodules
.gitmodules
  • packages/subiquity_client/subiquity main@218f4268a01fd0ab284a80ea2a017cec610eaaf9
github-actions
.github/workflows/automatic-doc-checks.yml
.github/workflows/check-snap-label.yaml
.github/workflows/ci.yml
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • actions/setup-go v5
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • peter-evans/create-pull-request v6
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • peter-evans/create-pull-request v6
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • codecov/codecov-action v4
  • actions/cache v4
  • actions/checkout v4
  • actions/checkout v4
  • actions/setup-go v5
  • codecov/codecov-action v4
  • actions/cache v4
  • actions/checkout v4
  • docker/setup-qemu-action v3
  • docker/setup-buildx-action v3
  • actions/upload-artifact v4
  • actions/checkout v4
  • asdf-vm/actions v3
  • bluefireteam/melos-action v3
  • actions/setup-go v5
  • actions/cache v4
  • actions/cache v4
  • actions/upload-artifact v4
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
  • ubuntu 24.04
.github/workflows/pr.yaml
  • canonical/has-signed-canonical-cla v1
  • actions/labeler v5
.github/workflows/snap-release.yaml
  • actions/checkout v4
  • peter-evans/create-pull-request v7
.github/workflows/sync-gh-jira.yaml
  • canonical/sync-issues-github-jira v1
docs/.github/workflows/automatic-doc-checks.yml
docs/.github/workflows/sphinx-python-dependency-build-checks.yml
  • actions/checkout v4
gomod
provd/go.mod
  • go 1.22.0
  • go 1.22.11
  • github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf@d3cd4ed1dbcf
  • github.com/linuxdeepin/go-gir v0.0.0-20230710064042-bd15f0549c87@bd15f0549c87
  • github.com/spf13/cobra v1.8.0
  • github.com/spf13/viper v1.18.2
  • github.com/stretchr/testify v1.9.0
  • github.com/ubuntu/decorate v0.0.0-20231211084900-69db9a41777a@69db9a41777a
  • github.com/ubuntu/ubuntu-report v1.7.4-0.20240410144652-96f37d845fac@96f37d845fac
  • google.golang.org/grpc v1.63.2
  • google.golang.org/protobuf v1.33.0
  • gopkg.in/yaml.v3 v3.0.1
  • github.com/godbus/dbus/v5 v5.1.0
provd/tools/go.mod
  • go 1.21.0
  • go 1.22.5
  • github.com/golangci/golangci-lint v1.57.2
  • google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
  • google.golang.org/protobuf v1.33.0
pub
apps/factory_reset_tools/pubspec.yaml
  • args ^2.4.2
  • dbus ^0.7.10
  • ffi ^2.1.0
  • flutter
  • flutter_markdown ^0.7.0
  • flutter_riverpod ^2.5.1
  • flutter_svg ^2.0.10
  • handy_window ^0.4.0
  • retry ^3.1.2
  • ubuntu_localizations ^0.5.0
  • ubuntu_utils ^0.1.0
  • ubuntu_wizard ^0.1.0
  • yaml ^3.1.2
  • yaru ^5.3.0
  • ubuntu_lints ^0.4.0
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
apps/ubuntu_bootstrap/pubspec.yaml
  • args ^2.4.2
  • barcode_widget ^2.0.4
  • crypt ^4.3.1
  • dbus ^0.7.10
  • file ^7.0.0
  • flutter
  • flutter_html ^3.0.0-beta.2
  • flutter_html_svg ^3.0.0-beta.2
  • flutter_html_table ^3.0.0-beta.2
  • flutter_riverpod ^2.5.1
  • flutter_spinbox ^0.13.1
  • flutter_svg ^2.0.10
  • form_field_validator ^1.1.0
  • freezed_annotation ^2.4.1
  • gsettings ^0.2.8
  • handy_window ^0.4.0
  • html ^0.15.4
  • landscape_client ^0.0.1
  • nm ^0.5.0
  • riverpod_annotation ^2.6.1
  • safe_change_notifier ^0.4.0
  • scroll_to_index ^3.0.1
  • split_view ^3.2.1
  • subiquity_client ^0.0.1
  • timezone_map
  • ubuntu_flavor ^0.4.0
  • ubuntu_localizations ^0.5.0
  • ubuntu_logger ^0.1.1
  • ubuntu_provision ^0.1.0
  • ubuntu_service ^0.3.1
  • ubuntu_utils ^0.1.0
  • ubuntu_widgets ^0.7.1
  • ubuntu_wizard ^0.1.0
  • xdg_desktop_portal ^0.1.13
  • yaml ^3.1.2
  • yaru ^5.3.0
  • build_runner ^2.4.8
  • freezed ^2.4.6
  • integration_test
  • mockito 5.4.4
  • riverpod_generator ^2.6.3
  • subiquity_test ^0.1.0
  • translations_cleaner ^0.0.5
  • ubuntu_lints ^0.4.0
  • ubuntu_provision_test ^0.1.0
  • ubuntu_test ^0.2.2
  • yaru_test ^0.2.0
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
apps/ubuntu_init/pubspec.yaml
  • args ^2.4.2
  • barcode_widget ^2.0.4
  • dbus ^0.7.10
  • flutter
  • flutter_html ^3.0.0-beta.2
  • flutter_riverpod ^2.5.1
  • flutter_svg ^2.0.10
  • form_field_validator ^1.1.0
  • gsettings ^0.2.8
  • handy_window ^0.4.0
  • pdfrx <=1.0.99
  • provd_client ^0.1.0
  • stdlibc ^0.1.4
  • timezone_map
  • ubuntu_flavor ^0.4.0
  • ubuntu_localizations ^0.5.0
  • ubuntu_logger ^0.1.1
  • ubuntu_provision ^0.1.0
  • ubuntu_service ^0.3.1
  • ubuntu_session ^0.0.4
  • ubuntu_utils ^0.1.0
  • ubuntu_widgets ^0.7.1
  • ubuntu_wizard ^0.1.0
  • yaru ^5.3.0
  • build_runner ^2.4.8
  • integration_test
  • mockito 5.4.4
  • translations_cleaner ^0.0.5
  • ubuntu_lints ^0.4.0
  • ubuntu_provision_test ^0.1.0
  • ubuntu_test ^0.2.2
  • yaru_test ^0.2.0
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
packages/landscape_client/pubspec.yaml
  • grpc ^4.0.1
  • mockito 5.4.4
  • build_runner ^2.4.8
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
packages/provd_client/pubspec.yaml
  • fixnum ^1.1.0
  • grpc ^4.0.1
  • protobuf ^3.1.0
  • protoc_plugin ^21.1.2
  • build_runner ^2.4.8
  • mockito 5.4.4
  • ubuntu_lints ^0.4.0
  • dart >=3.0.0 <4.0.0
packages/subiquity_client/pubspec.yaml
  • freezed_annotation ^2.4.1
  • json_annotation ^4.9.0
  • package_config ^2.1.0
  • ubuntu_logger ^0.1.1
  • xdg_directories ^1.0.4
  • build_runner ^2.4.8
  • freezed ^2.4.6
  • json_serializable ^6.7.1
  • mockito 5.4.4
  • ubuntu_lints ^0.4.0
  • dart >=3.0.0 <4.0.0
packages/subiquity_test/pubspec.yaml
  • build_runner ^2.4.8
  • mockito 5.4.4
  • subiquity_client ^0.1.0
  • ubuntu_lints ^0.4.0
  • dart >=3.0.0 <4.0.0
packages/ubuntu_provision/pubspec.yaml
  • dbus ^0.7.10
  • diacritic ^0.1.5
  • file ^7.0.0
  • flutter
  • flutter_html ^3.0.0-beta.2
  • flutter_riverpod ^2.5.1
  • flutter_svg ^2.0.10
  • form_field_validator ^1.1.0
  • freezed_annotation ^2.4.1
  • gsettings ^0.2.8
  • nm ^0.5.0
  • pdfrx <=1.0.99
  • platform ^3.1.2
  • safe_change_notifier ^0.4.0
  • stdlibc ^0.1.4
  • subiquity_client ^0.1.0
  • timezone_map
  • ubuntu_flavor ^0.4.0
  • ubuntu_localizations ^0.5.0
  • ubuntu_logger ^0.1.1
  • ubuntu_service ^0.3.1
  • ubuntu_session ^0.0.4
  • ubuntu_utils ^0.1.0
  • ubuntu_widgets ^0.7.1
  • ubuntu_wizard ^0.1.0
  • udev ^0.0.3
  • upower ^0.7.0
  • url_launcher ^6.2.5
  • yaml ^3.1.2
  • yaru ^5.3.0
  • build_runner ^2.4.8
  • fake_async ^1.3.1
  • freezed ^2.4.6
  • json_serializable ^6.7.1
  • mockito 5.4.4
  • translations_cleaner ^0.0.5
  • ubuntu_lints ^0.4.0
  • ubuntu_test ^0.2.2
  • vector_graphics ^1.1.11
  • yaru_test ^0.2.0
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
packages/ubuntu_provision_test/pubspec.yaml
  • dbus ^0.7.10
  • flutter
  • flutter_spinbox ^0.13.1
  • gsettings ^0.2.8
  • subiquity_client ^0.1.0
  • ubuntu_bootstrap ^0.1.0
  • ubuntu_flavor ^0.4.0
  • ubuntu_init ^0.1.0
  • ubuntu_provision ^0.1.0
  • ubuntu_service ^0.3.1
  • ubuntu_test ^0.2.2
  • ubuntu_utils ^0.1.0
  • ubuntu_wizard ^0.1.0
  • yaru ^5.3.0
  • yaru_test ^0.2.0
  • ubuntu_lints ^0.4.0
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
packages/ubuntu_utils/pubspec.yaml
  • args ^2.4.2
  • flutter
  • ubuntu_localizations ^0.5.0
  • ubuntu_logger ^0.1.1
  • ubuntu_service ^0.3.1
  • ubuntu_wizard ^0.1.0
  • url_launcher ^6.2.5
  • yaml ^3.1.2
  • yaru ^5.3.0
  • build_runner ^2.4.8
  • mockito 5.4.4
  • plugin_platform_interface ^2.1.8
  • ubuntu_lints ^0.4.0
  • url_launcher_platform_interface ^2.3.2
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
packages/ubuntu_wizard/pubspec.yaml
  • flutter
  • ubuntu_flavor ^0.4.0
  • ubuntu_localizations ^0.5.0
  • ubuntu_widgets ^0.7.1
  • wizard_router ^1.2.0
  • yaru ^5.3.0
  • ubuntu_lints ^0.4.0
  • ubuntu_test ^0.2.2
  • yaru_test ^0.2.0
  • dart >=3.0.0 <4.0.0
  • flutter >=3.19.2
pubspec.yaml
  • melos ^6.0.0
  • dart >=3.0.0 <4.0.0
  • Check this box to trigger a request for Renovate to run again on this repository
@jpnurmi jpnurmi pinned this issue Jul 20, 2023
@seb128 seb128 unpinned this issue Sep 2, 2024
@d-loose d-loose pinned this issue Sep 5, 2024
d-loose added a commit that referenced this issue Jan 28, 2025
@d-loose
chore: bump go toolchain
a93d3ef 
Needed to fix two vulnerabilities:

```
Vulnerability #1: GO-2025-3420
    Sensitive headers incorrectly sent after cross-domain redirect in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.22.5
    Fixed in: net/http@go1.22.11
    Example traces found:
      #1: internal/services/telemetry/telemetry.go:38:31: telemetry.sysmetricsImpl.SendDecline calls sysmetrics.SendDecline, which eventually calls http.Client.Do

Vulnerability #2: GO-2025-3373
    Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.22.5
    Fixed in: crypto/x509@go1.22.11
    Example traces found:
      #1: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.CertPool.AppendCertsFromPEM
      #2: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.Verify
      #3: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.VerifyHostname
      #4: cmd/provd/daemon/daemon_test.go:449:25: daemon_test.TestMain calls fmt.Sprintf, which eventually calls x509.HostnameError.Error
      #5: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.ParseCertificate
```
d-loose added a commit that referenced this issue Jan 28, 2025
@d-loose
chore: bump go toolchain
4fca47e 
Needed to fix two vulnerabilities:

```
Vulnerability #1: GO-2025-3420
    Sensitive headers incorrectly sent after cross-domain redirect in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.22.5
    Fixed in: net/http@go1.22.11
    Example traces found:
      #1: internal/services/telemetry/telemetry.go:38:31: telemetry.sysmetricsImpl.SendDecline calls sysmetrics.SendDecline, which eventually calls http.Client.Do

Vulnerability #2: GO-2025-3373
    Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.22.5
    Fixed in: crypto/x509@go1.22.11
    Example traces found:
      #1: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.CertPool.AppendCertsFromPEM
      #2: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.Verify
      #3: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.VerifyHostname
      #4: cmd/provd/daemon/daemon_test.go:449:25: daemon_test.TestMain calls fmt.Sprintf, which eventually calls x509.HostnameError.Error
      #5: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.ParseCertificate
```
d-loose added a commit that referenced this issue Jan 28, 2025
@d-loose
chore: bump go toolchain (#920)
b627b78 
Needed to fix two vulnerabilities:

```
Vulnerability #1: GO-2025-3420
    Sensitive headers incorrectly sent after cross-domain redirect in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.22.5
    Fixed in: net/http@go1.22.11
    Example traces found:
      #1: internal/services/telemetry/telemetry.go:38:31: telemetry.sysmetricsImpl.SendDecline calls sysmetrics.SendDecline, which eventually calls http.Client.Do

Vulnerability #2: GO-2025-3373
    Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.22.5
    Fixed in: crypto/x509@go1.22.11
    Example traces found:
      #1: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.CertPool.AppendCertsFromPEM
      #2: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.Verify
      #3: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.VerifyHostname
      #4: cmd/provd/daemon/daemon_test.go:449:25: daemon_test.TestMain calls fmt.Sprintf, which eventually calls x509.HostnameError.Error
      #5: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.ParseCertificate
```
d-loose added a commit that referenced this issue Jan 28, 2025
@d-loose
chore: bump go toolchain
ed31846 
Needed to fix two vulnerabilities:

```
Vulnerability #1: GO-2025-3420
    Sensitive headers incorrectly sent after cross-domain redirect in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.22.5
    Fixed in: net/http@go1.22.11
    Example traces found:
      #1: internal/services/telemetry/telemetry.go:38:31: telemetry.sysmetricsImpl.SendDecline calls sysmetrics.SendDecline, which eventually calls http.Client.Do

Vulnerability #2: GO-2025-3373
    Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.22.5
    Fixed in: crypto/x509@go1.22.11
    Example traces found:
      #1: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.CertPool.AppendCertsFromPEM
      #2: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.Verify
      #3: cmd/provd/daemon/daemon_test.go:224:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls x509.Certificate.VerifyHostname
      #4: cmd/provd/daemon/daemon_test.go:449:25: daemon_test.TestMain calls fmt.Sprintf, which eventually calls x509.HostnameError.Error
      #5: internal/testutils/systembus.go:35:10: testutils.StartLocalSystemBus calls sync.Once.Do, which eventually calls x509.ParseCertificate
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants