build(deps): bump the go-dependencies group with 6 updates

[dependabot]

Bumps the go-dependencies group with 6 updates:

Package	From	To
github.com/docker/cli	24.0.6+incompatible	24.0.7+incompatible
github.com/docker/docker	24.0.6+incompatible	24.0.7+incompatible
github.com/go-git/go-git/v5	5.9.0	5.10.0
github.com/google/go-cmp	0.5.9	0.6.0
github.com/onsi/gomega	1.28.0	1.29.0
golang.org/x/oauth2	0.12.0	0.13.0

Updates github.com/docker/cli from 24.0.6+incompatible to 24.0.7+incompatible

Commits

• afdd53b Merge pull request #4629 from thaJeztah/24.0_update_engine
• 12c309f Merge pull request #4628 from thaJeztah/24.0_backport_bump_compress
• f427198 vendor: github.com/docker/docker v24.0.6
• 1777018 vendor: github.com/klauspost/compress v1.17.2
• cde0441 vendor: github.com/klauspost/compress v1.16.5
• d9f94d5 Merge pull request #4618 from thaJeztah/24.0_backport_cli-issue-502
• 54d83fb Add docker ps status descriptions
• 30a185e Merge pull request #4609 from thaJeztah/24.0_backport_x_net
• d43c48d vendor: golang.org/x/net v0.17.0
• 1919679 vendor: golang.org/x/crypto v0.14.0
• Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.7

24.0.7

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.7 milestone
• moby/moby, 24.0.7 milestone

Bug fixes and enhancements

• Write overlay2 layer metadata atomically. moby/moby#46703
• Fix "Rootful-in-Rootless" Docker-in-Docker on systemd version 250 and later. moby/moby#46626
• Fix dockerd-rootless-setuptools.sh when username contains a backslash. moby/moby#46407
• Fix a bug that would prevent network sandboxes to be fully deleted when stopping containers with no network attachments and when dockerd --bridge=none is used. moby/moby#46702
• Fix a bug where cancelling an API request could interrupt container restart. moby/moby#46697
• Fix an issue where containers would fail to start when providing --ip-range with a range larger than the subnet. docker/for-mac#6870
• Fix data corruption with zstd output. moby/moby#46709
• Fix the conditions under which the container's MAC address is applied. moby/moby#46478
• Improve the performance of the stats collector. moby/moby#46448
• Fix an issue with source policy rules ending up in the wrong order. moby/moby#46441

Packaging updates

• Add support for Fedora 39 and Ubuntu 23.10. docker/docker-ce-packaging#940, docker/docker-ce-packaging#955
• Fix docker.socket not getting disabled when uninstalling the docker-ce RPM package. docker/docker-ce-packaging#852
• Upgrade Go to go1.20.10. docker/docker-ce-packaging#951
• Upgrade containerd to v1.7.6 (static binaries only). moby/moby#46103
• Upgrade the containerd.io package to v1.6.24.

Security

• Deny containers access to /sys/devices/virtual/powercap by default. This change hardens against CVE-2020-8694, CVE-2020-8695, and CVE-2020-12912, and an attack known as the PLATYPUS attack. For more details, see advisory, commit.

Commits

• 311b9ff Merge pull request #46697 from thaJeztah/24.0_backport_restart_nocancel
• af60804 Merge pull request from GHSA-jq35-85cj-fj4p
• 3cf363e Merge pull request #46709 from thaJeztah/24.0_backport_bump_compress
• 05d7386 daemon: daemon.containerRestart: don't cancel restart on context cancel
• 649c944 Merge pull request #46703 from thaJeztah/24.0_backport_atomic-layer-data-write
• 9b20b1a Merge pull request #46702 from thaJeztah/24.0_backport_releaseNetwork_Network...
• dd37b0b vendor: github.com/klauspost/compress v1.17.2
• 7058c0d vendor: github.com/klauspost/compress v1.16.5
• 57bd388 daemon: overlay2: Write layer metadata atomically
• 05d95fd daemon: release sandbox even when NetworkDisabled
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.10.0

What's Changed

• PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by @​ThinkChaos in go-git/go-git#782
• Worktree, apply ProxyOption on Pull by @​nodivbyzero in go-git/go-git#840
• Repository: add clone --shared feature by @​enverbisevac in go-git/go-git#860
• build: Add github workflow to check commit message format by @​pjbgf in go-git/go-git#867
• Improve handling of remote errors by @​makkes in go-git/go-git#866
• build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by @​dependabot in go-git/go-git#873
• plumbing: commitgraph, Add generation v2 support by @​zeripath in go-git/go-git#869
• plumbing: protocol/packp, Add validation for decodeLine by @​pjbgf in go-git/go-git#868
• plumbing: parse the encoding header of the commit object by @​liwenqiu in go-git/go-git#761
• plumbing: commitgraph, allow SHA256 commit-graphs by @​zeripath in go-git/go-git#853
• plumbing: commitgraph, Allow reading commit-graph chains by @​zeripath in go-git/go-git#854
• plumbing/object: Support mergetag in merge commits by @​adityasaky in go-git/go-git#847

New Contributors

• @​nodivbyzero made their first contribution in go-git/go-git#840
• @​adityasaky made their first contribution in go-git/go-git#847
• @​hezhizhen made their first contribution in go-git/go-git#836
• @​0x34d made their first contribution in go-git/go-git#855
• @​liwenqiu made their first contribution in go-git/go-git#761
• @​enverbisevac made their first contribution in go-git/go-git#860
• @​makkes made their first contribution in go-git/go-git#866

Full Changelog: go-git/go-git@v5.9.0...v5.10.0

Commits

• 72ce996 Merge pull request #869 from zeripath/graph-generation-2
• 24261e8 Merge pull request #873 from go-git/dependabot/go_modules/golang.org/x/net-0....
• 3ee0288 build: bump golang.org/x/net from 0.15.0 to 0.17.0
• 69b88d9 plumbing: commitgraph, Add generation v2 support
• 623c6df Merge pull request #866 from makkes/better-error-handling
• 129b709 plumbing: transport/common, Improve handling of remote errors
• e61537e Merge pull request #867 from pjbgf/commit-checker
• 1a73661 build: Add github workflow to check commit message format
• 771a3eb Merge pull request #868 from pjbgf/fix-fuzz
• 7ef7dc7 Merge pull request #860 from enverbisevac/master
• Additional commits viewable in compare view

Updates github.com/google/go-cmp from 0.5.9 to 0.6.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.6.0

New API:

• (#340) Add cmpopts.EquateComparable

Documentation changes:

• (#337) Use of hotlinking of Go identifiers

Build changes:

• (#325) Remove purego fallbacks

Testing changes:

• (#322) Run tests for Go 1.20 version
• (#332) Pin GitHub action versions
• (#327) set workflow permission to read-only

Commits

• c3ad843 Add cmpopts.EquateComparable (#340)
• e250a55 Use of hotlinking of Go identifiers (#337)
• 8a3e8dd set workflow permission to read-only (#327)
• 8cea5de Pin GitHub action versions (#332)
• 3bb304a Run tests for Go 1.20 version (#322)
• 571a56b Remove purego fallbacks (#325)
• See full diff in compare view

Updates github.com/onsi/gomega from 1.28.0 to 1.29.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.29.0

1.29.0

Features

• MatchError can now take an optional func(error) bool + description [2b39142]

v1.28.1

1.28.1

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0 [635d196]
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 [14f8859]
• Bump golang.org/x/net from 0.14.0 to 0.17.0 [d8a6508]
• #703 doc(matchers): HaveEach() doc comment updated [2705bdb]
• Minor typos (#699) [375648c]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.29.0

Features

• MatchError can now take an optional func(error) bool + description [2b39142]

1.28.1

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0 [635d196]
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 [14f8859]
• Bump golang.org/x/net from 0.14.0 to 0.17.0 [d8a6508]
• #703 doc(matchers): HaveEach() doc comment updated [2705bdb]
• Minor typos (#699) [375648c]

Commits

• b94b195 v1.29.0
• 2b39142 MatchError can now take an optional func(error) bool + description
• ab6045c v1.28.1
• 635d196 Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0
• 14f8859 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0
• d8a6508 Bump golang.org/x/net from 0.14.0 to 0.17.0
• 2705bdb #703 doc(matchers): HaveEach() doc comment updated
• 375648c Minor typos (#699)
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.12.0 to 0.13.0

Commits

• 3c5dbf0 go.mod: update golang.org/x dependencies
• 11625cc google: add authorized_user conditional to Credentials.UniverseDomain
• 8d6d45b google: add Credentials.UniverseDomain to support TPC
• 43b6a7b google: adding support for external account authorized user
• 14b275c oauth2: workaround misspelling of verification_uri
• 18352fc google/internal/externalaccount: adding BYOID Metrics
• 9095a51 oauth2: clarify error if endpoint missing DeviceAuthURL
• 2d9e4a2 oauth2/google: remove meta validations for aws external credentials
• 55cd552 oauth2: support PKCE
• e3fb0fb oauth2: support device flow
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions