Bump github.com/xmidt-org/arrange from 0.3.0 to 0.4.0 #178

dependabot · 2023-02-23T09:23:12Z

Bumps github.com/xmidt-org/arrange from 0.3.0 to 0.4.0.

Release notes

Sourced from github.com/xmidt-org/arrange's releases.

v0.4.0 2023-02-22

tls 1.3 is used as the default minimum version

only strong cipher suites are allowed for tls version less than 1.3

Changelog

Sourced from github.com/xmidt-org/arrange's changelog.

[v0.4.0]

tls 1.3 is used as the default minimum version

only strong cipher suites are allowed for tls version less than 1.3

Commits

d7c30c0 Merge pull request #89 from xmidt-org/denopink/release/v0.4.0
1ae47a3 Update printer_test.go
d9a0084 patch linter later
ae9361d Merge branch 'denopink/release/v0.4.0' of https://github.com/xmidt-org/arrang...
5dbc180 patch failing tests
b0e42fc Merge branch 'main' into denopink/release/v0.4.0
d872407 Update CHANGELOG.md
7522b47 Merge pull request #78 from xmidt-org/update-formating
b504a3a A hand full of minor changes to update to go 1.19+ formatting.
862fb2d Bump github.com/gorilla/mux from 1.7.4 to 1.8.0 (#63)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/xmidt-org/arrange](https://github.com/xmidt-org/arrange) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/xmidt-org/arrange/releases) - [Changelog](https://github.com/xmidt-org/arrange/blob/main/CHANGELOG.md) - [Commits](xmidt-org/arrange@v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: github.com/xmidt-org/arrange dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

guardrails · 2023-02-23T09:25:43Z

⚠️ We detected 29 security issues in this pull request:

Vulnerable Libraries (29)

Severity	Details
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210806184541-e5e7981a1069@v0.0.0-20210806184541-e5e7981a1069 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210514084401-e8d321eab015@v0.0.0-20210514084401-e8d321eab015 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210315160823-c6e025ad8005@v0.0.0-20210315160823-c6e025ad8005 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20220425223048-2871e0cb64e4@v0.0.0-20220425223048-2871e0cb64e4 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20210119194325-5f4716e94777@v0.0.0-20210119194325-5f4716e94777 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20220325170049-de3da57026de@v0.0.0-20220325170049-de3da57026de - no patch available
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20220411220226-7b82a4e95df4@v0.0.0-20220411220226-7b82a4e95df4 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211007075335-d3039528d8ac@v0.0.0-20211007075335-d3039528d8ac upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20220209214540-3681064d5158@v0.0.0-20220209214540-3681064d5158 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210823070655-63515b42dcdf@v0.0.0-20210823070655-63515b42dcdf upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20220412020605-290c469a71a5@v0.0.0-20220412020605-290c469a71a5 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210927094055-39ccf1dd6fa6@v0.0.0-20210927094055-39ccf1dd6fa6 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20210316092652-d523dce5a7f4@v0.0.0-20210316092652-d523dce5a7f4 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20220520000938-2e3eb7b945c2@v0.0.0-20220520000938-2e3eb7b945c2 upgrade to: 1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210220050731-9a76102bfb43@v0.0.0-20210220050731-9a76102bfb43 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20220328115105-d36c6a25d886@v0.0.0-20220328115105-d36c6a25d886 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20220128215802-99c3d69c2c27@v0.0.0-20220128215802-99c3d69c2c27 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20220227234510-4e6760a101f9@v0.0.0-20220227234510-4e6760a101f9 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20210503060351-7fd8e65b6420@v0.0.0-20210503060351-7fd8e65b6420 - no patch available
Medium	pkg:golang/github.com/hashicorp/consul/api@v1.12.0@v1.12.0 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20210410081132-afb366fc7cd1@v0.0.0-20210410081132-afb366fc7cd1 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211210111614-af8b64212486@v0.0.0-20211210111614-af8b64212486 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210603125802-9665404d3644@v0.0.0-20210603125802-9665404d3644 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/miekg/dns@v1.1.41@v1.1.41 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210320140829-1e4c9ba3b0c4@v0.0.0-20210320140829-1e4c9ba3b0c4 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210908233432-aa78b53d3365@v0.0.0-20210908233432-aa78b53d3365 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210305230114-8fe3ee5dd75b@v0.0.0-20210305230114-8fe3ee5dd75b upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211124211545-fe61309f8881@v0.0.0-20211124211545-fe61309f8881 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210616094352-59db8d763f22@v0.0.0-20210616094352-59db8d763f22 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad