build(deps): bump github.com/quay/clair/config from 1.4.1 to 1.4.2 in /clair_config/go #74

dependabot · 2025-05-05T16:09:00Z

Bumps github.com/quay/clair/config from 1.4.1 to 1.4.2.

Changelog

Sourced from github.com/quay/clair/config's changelog.

[Unreleased]

[v4.8.0] - 2024-10-09

'Chore

ab3a754e: update claircore to v1.5.19

f783b356: update claircore to v1.5.18

9286ab86: update claircore to v1.5.17

Admin

d3467bad: add pre v4.8.0 admin command to delete OVAL vulns

d53780b6: add a check for compatible migration version

87c24a9c: add command to update go packages with norm_version

02e6c925: add pre v4.7.3 admin command to create index

All

55294aaf: fix incorrect API paths

daa78ec2: fix some typos

Amqp

8fcd294c: migrate to maintained package

#1793### Auto

07b0ea7b: improve log messages

#2092### Build(Deps)

5092198b: bump golang.org/x/time from 0.6.0 to 0.7.0

e7b6deac: bump golang.org/x/net from 0.29.0 to 0.30.0

55fb7735: bump github.com/klauspost/compress from 1.17.9 to 1.17.10

7a2e7186: bump github.com/prometheus/client_golang

698d9170: bump github.com/rogpeppe/go-internal from 1.12.0 to 1.13.1

7ec7e04f: bump go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace

96ee336f: bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace

5fb41ed8: bump golang.org/x/net from 0.28.0 to 0.29.0

2a13e7b7: bump peter-evans/create-pull-request from 6 to 7

061b1e09: bump github.com/prometheus/client_golang

a2c920f4: bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace

bbaece4e: bump go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace

24aff4e4: bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

b203913a: bump github.com/prometheus/client_golang

96937294: bump github.com/grafana/pyroscope-go/godeltaprof

01b57db6: bump github.com/google/go-containerregistry

7ceeaaa2: bump github.com/go-stomp/stomp/v3 from 3.1.1 to 3.1.2

c3ce1982: bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.3

95f5a5f2: bump github.com/google/go-containerregistry

1a5f342c: bump github.com/go-stomp/stomp/v3 from 3.1.0 to 3.1.1

5821a5bf: bump golang.org/x/net from 0.26.0 to 0.27.0

08587861: bump github.com/google/go-containerregistry

74914938: bump go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace

67bdbbbe: bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace

dd9d6760: bump go.opentelemetry.io/otel from 1.27.0 to 1.28.0

fcee4364: bump github.com/klauspost/compress from 1.17.8 to 1.17.9

3f229e99: bump github.com/google/go-containerregistry

... (truncated)

Commits

a9a68e1 notifier: increase default durations to be more reasonable
d8e9dcf chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0
bfa8f11 chore(deps): bump github.com/quay/claircore from 1.5.35 to 1.5.36
f8a4162 chore(deps): bump github.com/prometheus/client_golang
7ce22ab chore(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1
c53cf2b chore(deps): bump the golang-x group with 2 updates
a5833a4 chore(deps): bump golang.org/x/net in the golang-x group
7ab81b3 config: clean environment in example
a0a35fd ci: Allow go test to access un-vendored dependencies
cc6fb14 chore(deps): bump github.com/rs/zerolog from 1.33.0 to 1.34.0
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/quay/clair/config](https://github.com/quay/clair) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/quay/clair/releases) - [Changelog](https://github.com/quay/clair/blob/main/CHANGELOG.md) - [Commits](quay/clair@config/v1.4.1...config/v1.4.2) --- updated-dependencies: - dependency-name: github.com/quay/clair/config dependency-version: 1.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 5, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump github.com/quay/clair/config from 1.4.1 to 1.4.2 in /clair_config/go #74

build(deps): bump github.com/quay/clair/config from 1.4.1 to 1.4.2 in /clair_config/go #74

Uh oh!

dependabot bot commented on behalf of github May 5, 2025

Uh oh!

Uh oh!

build(deps): bump github.com/quay/clair/config from 1.4.1 to 1.4.2 in /clair_config/go #74

Are you sure you want to change the base?

build(deps): bump github.com/quay/clair/config from 1.4.1 to 1.4.2 in /clair_config/go #74

Uh oh!

Conversation

dependabot bot commented on behalf of github May 5, 2025

[Unreleased]

[v4.8.0] - 2024-10-09

'Chore

Admin

All

Amqp

Uh oh!

Uh oh!