Bump the go group with 13 updates

[dependabot]

Bumps the go group with 13 updates:

Package	From	To
github.com/c-bata/go-prompt	0.2.5	0.2.6
github.com/apache/camel-k/v2	2.5.0	2.7.0
github.com/forPelevin/gomoji	1.3.0	1.3.1
github.com/gookit/color	1.5.4	1.6.0
github.com/jedib0t/go-pretty/v6	6.6.5	6.6.8
github.com/magiconair/properties	1.8.9	1.8.10
github.com/spf13/viper	1.19.0	1.20.1
github.com/stretchr/testify	1.10.0	1.11.1
github.com/urfave/cli	1.22.16	1.22.17
github.com/vbauerster/mpb/v8	8.9.1	8.10.2
golang.org/x/sync	0.12.0	0.15.0
golang.org/x/term	0.30.0	0.32.0
golang.org/x/text	0.23.0	0.26.0

Updates github.com/c-bata/go-prompt from 0.2.5 to 0.2.6

Commits

• 82a9122 Merge pull request #224 from zaynetro/upgrade-term-pkg
• 20e0658 Update pkg/term to 1.2.0
• 8aae7fb Merge pull request #222 from c-bata/go-1-16
• d527d12 Use go 1.16
• 8e6eb48 Add Bit as a project using go-prompt.
• 327dcaa Add topicctl as a project using go-prompt.
• See full diff in compare view

Updates github.com/apache/camel-k/v2 from 2.5.0 to 2.7.0

Release notes

Sourced from github.com/apache/camel-k/v2's releases.

v2.7.0

Installation procedure

Install the operator looking at the official Camel K operator 2.7.0 installation procedure.

What's Changed

• chore(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 by @​dependabot in apache/camel-k#6067
• chore(deps): bump golang.org/x/time from 0.9.0 to 0.10.0 by @​dependabot in apache/camel-k#6072
• chore(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 by @​dependabot in apache/camel-k#6074
• chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 by @​dependabot in apache/camel-k#6075
• fix(ci): nightly multi arch by @​squakez in apache/camel-k#6077
• chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @​dependabot in apache/camel-k#6078
• chore(doc): crd v1alpha1 remove by @​squakez in apache/camel-k#6079
• chore(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by @​dependabot in apache/camel-k#6082
• chore(deps): golang 1.24 by @​squakez in apache/camel-k#6084
• chore(traits): remove deprecations no longer supported by @​squakez in apache/camel-k#6085
• fix(e2e): wait for Pod readiness by @​squakez in apache/camel-k#6088
• chore(deps): bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 by @​dependabot in apache/camel-k#6086
• fix(ctrl): set ready state when reconciling back to normal by @​squakez in apache/camel-k#6087
• feat(dependencies): bump kubernetes to 1.32 by @​squakez in apache/camel-k#6089
• fix(builder): allow any plain Quarkus runtime by @​squakez in apache/camel-k#6090
• fix(helm): extra environment variables by @​eshepelyuk in apache/camel-k#6092
• fix(builder): use maven.config file by @​squakez in apache/camel-k#6093
• chore(deps): bump sigs.k8s.io/structured-merge-diff/v4 from 4.5.0 to 4.6.0 by @​dependabot in apache/camel-k#6095
• chore(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 by @​dependabot in apache/camel-k#6096
• chore(deps): bump github.com/operator-framework/api from 0.26.0 to 0.30.0 by @​dependabot in apache/camel-k#6097
• chore(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 by @​dependabot in apache/camel-k#6100
• chore(deps): bump golang.org/x/text from 0.22.0 to 0.23.0 by @​dependabot in apache/camel-k#6101
• chore(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 by @​dependabot in apache/camel-k#6103
• chore(deps): bump golang.org/x/term from 0.29.0 to 0.30.0 by @​dependabot in apache/camel-k#6104
• Update jdk-version.adoc by @​fkdraeb in apache/camel-k#6105
• fix(dependencies): controller gen bump by @​squakez in apache/camel-k#6107
• chore(deps): bump golang.org/x/net from 0.34.0 to 0.36.0 by @​dependabot in apache/camel-k#6109
• chore(deps): bump golang.org/x/time from 0.10.0 to 0.11.0 by @​dependabot in apache/camel-k#6108
• chore(deps): bump knative.dev/eventing from 0.43.3 to 0.44.3 by @​dependabot in apache/camel-k#6102
• chore(builder): include jib profile in project by @​squakez in apache/camel-k#6099
• chore(deps): bump github.com/prometheus/common from 0.62.0 to 0.63.0 by @​dependabot in apache/camel-k#6111
• fix(api): count all sources only once by @​squakez in apache/camel-k#6110
• fix(trait): merge integrationplatform trait by @​squakez in apache/camel-k#6112
• chore(api): remove IntegrationProfile deprecation notice by @​squakez in apache/camel-k#6114
• chore(deps): bump prometheus to 0.81.0 by @​squakez in apache/camel-k#6116
• chore(deps): bump github.com/onsi/gomega from 1.36.2 to 1.36.3 by @​dependabot in apache/camel-k#6118
• chore(deps): viper 1.20.0 by @​squakez in apache/camel-k#6117
• chore(deps): bump knative.dev/eventing from 0.44.3 to 0.44.4 by @​dependabot in apache/camel-k#6119
• chore(deps): bump github.com/spf13/viper from 1.20.0 to 1.20.1 by @​dependabot in apache/camel-k#6120
• fix(trait): use it and ik repositories by @​squakez in apache/camel-k#6121
• chore(deps): bump github.com/onsi/gomega from 1.36.3 to 1.37.0 by @​dependabot in apache/camel-k#6124
• Update binding.adoc by @​fkdraeb in apache/camel-k#6127
• chore(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 by @​dependabot in apache/camel-k#6129
• chore(deps): bump golang.org/x/text from 0.23.0 to 0.24.0 by @​dependabot in apache/camel-k#6130
• chore(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by @​dependabot in apache/camel-k#6131

... (truncated)

Changelog

Sourced from github.com/apache/camel-k/v2's changelog.

= Releasing Apache Camel K

This procedure describes all the steps required to release a new version of Apache Camel K. It is not intended to be final, but rather a working document that needs to be updated when new requirements are found or the technical process changes.

NOTE: starting Camel K version 2, the release process of Kamelets catalog and Camel K Runtime is independent.

== Docker Hub staging setting

This project staging is hosted on https://hub.docker.com/orgs/camelk/repositories[CamelK Docker Hub organization]. Make sure one of the organization administrator grant your personal user the right privileges to push an image to this org.

[[releasing-software]] == Software required to release

In order to release Camel K you may need certain software installed in the machine from where you're performing the release action. Most of the actions are scripted and may assume the presence of tools (in some case with specific version). Here a best effort list (may not be fully accurate):

• git CLI
• mvn CLI
• Docker and DockerX tooling
• https://www.qemu.org/[QEMU] - required to emulate ARM64 build
• cyclonedx-gomod CLI - required to generate SBOM

[[arm64-verify]] === Verify if your machine can build an ARM64 container image

As suggested above, you may need to install some software to be able to build an ARM64 based image. You can verify that with:

docker buildx ls | grep arm

NOTE: if you don't list any available builder, if you're on Ubuntu, you can install quickly QEMU via sudo apt-get install -y qemu qemu-user-static and retry to list the ARM64 based builders afterward.

[[releasing-camel-k]] == Release Camel K

As the process will do Git operations, it is advisable that you clone the Camel K repository to some new location (ie /Desktop/) in order to avoid to conflict with any other development in progress. If you’re starting a major or a minor release version, you need to create the respective release-a.b.x branch. It’s highly advisable not to release directly from main branch.

git clone https://github.com/apache/camel-k.git
cd camel-k
If you release a patch version, otherwise see next chapter
git checkout release-2.0.x

NOTE: don't use /tmp/ directories as the release process may last a few days and files generated before the voting, will be used once the release is finalized. If you use any temporary directory, make sure to store the files generated by the release procedure or later recover them from Apache dist folders.

=== Create release branch

... (truncated)

Commits

• c61820d chore(release): preparing for tag v2.7.0
• 52595be chore(release): Helm chart for 2.7.0
• 033c3a2 chore: starting release branch for release-2.7.x
• c598645 chore(runtime): default ck runtime 3.15.3
• 0b46667 fix(ctrl): use caSecrets parameters for kamelet download
• e5b8eea feat(trait): use sensible timeout for Quarkus native builder
• b5ffc2f chore(deps): bump github.com/stoewer/go-strcase from 1.3.0 to 1.3.1
• 64dc4fc fix(trait): cron replace only related components
• f53e6a7 fix(install): remove unneded rbacs
• 43a6cae fix(e2e): cron test time reduction
• Additional commits viewable in compare view

Updates github.com/forPelevin/gomoji from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/forPelevin/gomoji's releases.

v1.3.1

What's Changed

• Handle variation selectors in RemoveEmojis by @​forPelevin in forPelevin/gomoji#27

Full Changelog: forPelevin/gomoji@v1.3.0...v1.3.1

Commits

• e6aacc4 Fix emoji removal with accented chars (#27)
• See full diff in compare view

Updates github.com/gookit/color from 1.5.4 to 1.6.0

Release notes

Sourced from github.com/gookit/color's releases.

v1.6.0

Change Log

Fixed

• fix: fix slice init length (#97) gookit/color@d4a4cd9
• fix: resolve color tag parsing issue in #52 (PR #98) gookit/color@bdf4489
• Fix race condition in Theme.Tips method when called concurrently (#109) gookit/color@6de7584

Feature

• ✨ feat: add new convert func: HSVToRGB, RGBToHSV gookit/color@d95f213

Update

• Optimize RenderCode performance with fast paths for string arguments (#110) gookit/color@e532935
• 🎨 up: Remove dependencies on stretchr/testify and use a lighter gookit/assert alternative. gookit/color@4ac4e07
• 👔 up: remove deprecated var isLikeInCmd, update some tests gookit/color@c5db0d0
• 👔 up: update detect env, use internal Level* instead of the terminfo.ColorLevel* gookit/color@173325a
• 🔥 chore: remove any.go, merge printer.go to quickstart.go gookit/color@f46f52e

Other

• build(deps): bump WillAbides/setup-go-faster from 1.8.0 to 1.9.0 (#66) gookit/color@62dd3d2
• build(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 (#68) gookit/color@b79b464
• build(deps): bump WillAbides/setup-go-faster from 1.9.0 to 1.9.1 (#69) gookit/color@ecb5570
• build(deps): bump actions/checkout from 3 to 4 (#73) gookit/color@91529f0
• build(deps): bump WillAbides/setup-go-faster from 1.9.1 to 1.10.1 (#71) gookit/color@3df6d41
• build(deps): bump WillAbides/setup-go-faster from 1.10.1 to 1.11.0 (#74) gookit/color@8fa8954
• build(deps): bump WillAbides/setup-go-faster from 1.11.0 to 1.12.0 (#75) gookit/color@9c0ef29
• build(deps): bump golang.org/x/sys from 0.11.0 to 0.13.0 (#76) gookit/color@4af2bdd
• build(deps): bump golang.org/x/sys from 0.13.0 to 0.14.0 (#77) gookit/color@44243ab
• build(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0 (#78) gookit/color@72fbeaf
• build(deps): bump WillAbides/setup-go-faster from 1.12.0 to 1.13.0 (#79) gookit/color@0c83bae
• build(deps): bump github/codeql-action from 2 to 3 (#80) gookit/color@1bc67c4
• build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0 (#81) gookit/color@23187d9
• build(deps): bump WillAbides/setup-go-faster from 1.13.0 to 1.14.0 (#82) gookit/color@d7e962b
• build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 (#83) gookit/color@f6fd20f
• build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0 (#86) gookit/color@18d84cb
• build(deps): bump softprops/action-gh-release from 1 to 2 (#87) gookit/color@7e68fa7
• build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 (#88) gookit/color@532f1f3
• build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 (#89) gookit/color@c76538d
• build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0 (#90) gookit/color@7eaf97a
• Update utils_test.go to allow running in read-only mode. (#91) gookit/color@fedc174
• build(deps): bump golang.org/x/sys from 0.21.0 to 0.25.0 (#96) gookit/color@07ab70b
• build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#85) gookit/color@4bcc6db
• build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#99) gookit/color@992eecf
• build(deps): bump golang.org/x/sys from 0.25.0 to 0.30.0 (#100) gookit/color@90a1068
• build(deps): bump golang.org/x/sys from 0.30.0 to 0.31.0 (#101) gookit/color@860732e
• 📝 chore: add ci test on go1.21+, remove test on go1.18 gookit/color@5a49561

... (truncated)

Commits

• 0b1dc4c ✅ demo: update the examples deps and some codes
• fa47891 ⬆️ dep: upgrade gookit/assert to v0.1.1, update some tests
• d95f213 ✨ feat: add new convert func: HSVToRGB, RGBToHSV
• 173325a 👔 up: update detect env, use internal Level* instead of the terminfo....
• c5db0d0 👔 up: remove deprecated var isLikeInCmd, update some tests
• f46f52e 🔥 chore: remove any.go, merge printer.go to quickstart.go
• cc45966 🎨 chore: update some go file code style
• e532935 Optimize RenderCode performance with fast paths for string arguments (#110)
• f14a7b8 📝 chore: update some code style and some tests
• 6de7584 Fix race condition in Theme.Tips method when called concurrently (#109)
• Additional commits viewable in compare view

Updates github.com/jedib0t/go-pretty/v6 from 6.6.5 to 6.6.8

Release notes

Sourced from github.com/jedib0t/go-pretty/v6's releases.

v6.6.8

What's Changed

• OSC 8 hiperlink support by @​houdini91 in jedib0t/go-pretty#364
• Add pac-man classic (chomp) and colored dominoes indeterminate indicators by @​mach6 in jedib0t/go-pretty#370
• Experimental Style funcs for progress by @​ptxmac in jedib0t/go-pretty#369
• progress demo tweaks by @​jedib0t in jedib0t/go-pretty#371

New Contributors

• @​houdini91 made their first contribution in jedib0t/go-pretty#364
• @​mach6 made their first contribution in jedib0t/go-pretty#370
• @​ptxmac made their first contribution in jedib0t/go-pretty#369

Full Changelog: jedib0t/go-pretty@v6.6.7...v6.6.8

v6.6.7

What's Changed

• README.md: fix ci status badge by @​jedib0t in jedib0t/go-pretty#355
• text: support NO_COLOR/FORCE_COLOR env directives; fixes #352 by @​jedib0t in jedib0t/go-pretty#360
• table: support vertical merge in HTML rendering; fixes #348 by @​jedib0t in jedib0t/go-pretty#361

Full Changelog: jedib0t/go-pretty@v6.6.6...v6.6.7

v6.6.6

What's Changed

• table: fix rebalancing of long merged columns, fixes #350 by @​knrc in jedib0t/go-pretty#353
• update dependencies; other minor fixes by @​jedib0t in jedib0t/go-pretty#354

New Contributors

• @​knrc made their first contribution in jedib0t/go-pretty#353

Full Changelog: jedib0t/go-pretty@v6.6.5...v6.6.6

Commits

• 3c86af8 progress demo tweaks (#371)
• 2ac3ff0 progress: option to override tracker rendering logic (#369)
• c802c02 Add pac-man classic chomp and colored dominoes indeterminate indicators (#370)
• 18e8a01 OSC 8 hiperlink support (#364)
• b14745c table: support vertical merge in HTML rendering; fixes #348 (#361)
• 5a8fa5f text: support NO_COLOR/FORCE_COLOR env directives; fixes #352 (#360)
• be73dfa README.md: fix ci status badge (#355)
• 51030bd update dependencies; other minor fixes (#354)
• 2b859b4 table: fix rebalancing of long merged columns; fixes #350 (#353)
• See full diff in compare view

Updates github.com/magiconair/properties from 1.8.9 to 1.8.10

Release notes

Sourced from github.com/magiconair/properties's releases.

v1.8.10

What's Changed

• Add 32bit numeric getters which do not panic by @​magiconair in magiconair/properties#77
• escape leading whitespace on value in Write() by @​magiconair in magiconair/properties#81

Full Changelog: magiconair/properties@v1.8.9...v1.8.10

Commits

• 281f515 Merge pull request #81 from magiconair/issue-80
• 6b7aa68 test with go1.24
• 06f3133 escape leading whitespace on value in Write()
• 3dfc3b5 Merge pull request #77 from magiconair/get32bit
• b148584 Add 32bit numeric getters which do not panic
• See full diff in compare view

Updates github.com/spf13/viper from 1.19.0 to 1.20.1

Release notes

Sourced from github.com/spf13/viper's releases.

v1.20.1

What's Changed

Bug Fixes 🐛

• Backport config type fixes to 1.20.x by @​sagikazarmark in spf13/viper#2005

Full Changelog: spf13/viper@v1.20.0...v1.20.1

v1.20.0

[!WARNING] This release includes a few minor breaking changes. Read the upgrade guide for details.

What's Changed

Exciting New Features 🎉

• New encoding layer by @​sagikazarmark in spf13/viper#1869

Enhancements 🚀

• Drop Go 1.20 support by @​sagikazarmark in spf13/viper#1846
• Drop slog shim by @​sagikazarmark in spf13/viper#1848
• Replace file searching API with a finder by @​sagikazarmark in spf13/viper#1849
• Finder feature flag by @​sagikazarmark in spf13/viper#1852
• Allow setting options on the global Viper instance by @​sagikazarmark in spf13/viper#1856
• Add experimental flag for bind struct by @​sagikazarmark in spf13/viper#1854
• Make the remote package a separate module by @​sagikazarmark in spf13/viper#1860
• Add decoder hook option by @​sagikazarmark in spf13/viper#1872
• Encoder improvements by @​sagikazarmark in spf13/viper#1885
• Get uint8 by @​martinconic in spf13/viper#1894

Bug Fixes 🐛

• Fix missing config type when reading from a buffer by @​sagikazarmark in spf13/viper#1857
• fix: do not allow setting dependencies to nil values by @​sagikazarmark in spf13/viper#1871
• feat: copy keydelim from parent chart in viper.Sub() by @​obs-gh-alexlew in spf13/viper#1887

Breaking Changes 🛠

• Drop encoding formats: HCL, Java properties, INI by @​sagikazarmark in spf13/viper#1870

Dependency Updates ⬆️

• chore: update mapstructure by @​sagikazarmark in spf13/viper#1723
• chore: update crypt by @​sagikazarmark in spf13/viper#1834
• build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @​dependabot in spf13/viper#1853
• Revert to go-difflib and go-spew releases by @​skitt in spf13/viper#1861
• build(deps): bump actions/dependency-review-action from 4.3.2 to 4.3.3 by @​dependabot in spf13/viper#1862
• build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @​dependabot in spf13/viper#1865
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @​dependabot in spf13/viper#1864
• chore: update crypt by @​sagikazarmark in spf13/viper#1866
• build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @​dependabot in spf13/viper#1876
• build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in /remote by @​dependabot in spf13/viper#1878
• build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in spf13/viper#1879
• build(deps): bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @​dependabot in spf13/viper#1881

... (truncated)

Commits

• 9568cfc fix: config type check when loading any config
• fd05140 fix(config): get config type from v.configType or config file ext
• c038295 docs: add update instructions for 1.20
• 9c07e0f build: disable unused linters
• 48112d6 ci: add Go 1.24 to the test matrix
• 66e3e28 build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
• 17b96ac New Logo
• 8b223a4 build(deps): bump github.com/spf13/cast from 1.7.0 to 1.7.1
• 91fd363 chore: update afero
• e75c48f Fix issues reported by testifylint
• Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in stretchr/testify#1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in stretchr/testify#1614
• Lazily render mock diff output on successful match by @​mikeauclair in stretchr/testify#1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in stretchr/testify#1427
• assert: add IsNotType by @​bartventer in stretchr/testify#1730
• assert.JSONEq: shortcut if same strings by @​dolmen in stretchr/testify#1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in stretchr/testify#1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in stretchr/testify#1761
• suite: faster methods filtering (internal refactor) by @​dolmen in stretchr/testify#1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in stretchr/testify#1345
• Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in stretchr/testify#1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in stretchr/testify#1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in stretchr/testify#1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in stretchr/testify#1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in stretchr/testify#1688
• Replace deprecated io/ioutil with io and os by @​alexandear in stretchr/testify#1684
• Document consequences of calling t.FailNow() by @​greg0ire in stretchr/testify#1710
• chore: update docs for Unset #1621 by @​techfg in stretchr/testify#1709
• README: apply gofmt to examples by @​alexandear in stretchr/testify#1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in stretchr/testify#1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in stretchr/testify#1716
• Update documentation for the Error function in assert or require package by @​architagr in stretchr/testify#1675
• assert: remove deprecated build constraints by @​alexandear in stretchr/testify#1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in stretchr/testify#1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in stretchr/testify#1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in stretchr/testify#1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in stretchr/testify#1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in stretchr/testify#1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in stretchr/testify#1742
• mock: enable parallel testing on internal testsuite by @​dolmen in stretchr/testify#1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in stretchr/testify#1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in stretchr/testify#1745

... (truncated)

Commits

• 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
• af8c912 Backport #1786 to release/1.11
• b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
• 69831f3 build(deps): bump actions/checkout from 4 to 5
• a53be35 Improve captureTestingT helper
• aafb604 mock: improve formatting of error message
• 7218e03 improve error msg
• 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
• bc7459e suite: faster filtering of methods (-testify.m)
• 7d37b5c suite: refactor methodFilter
• Additional commits viewable in compare view

Updates github.com/urfave/cli from 1.22.16 to 1.22.17

Release notes

Sourced from github.com/urfave/cli's releases.

v1.22.17

What's Changed

• Update dependencies in v1 series by @​meatballhat in urfave/cli#2158

Full Changelog: urfave/cli@v1.22.16...v1.22.17

Commits

• 992e53d Merge pull request #2158 from urfave/v1-deps-up
• b37456c Update dependencies in v1 series
• 394fbd8 Merge pull request #2156 from urfave/v1-not-dependabot
• 2a5bdc7 Dependabot does not work like this
• 77bb234 Merge pull request #2153 from urfave/v1-dependabot-maybe
• 5d6ed14 Is this file needed on each release branch?
• See full diff in compare view

Updates github.com/vbauerster/mpb/v8 from 8.9.1 to 8.10.2

Release notes

Sourced from github.com/vbauerster/mpb/v8's releases.

v8.10.2

Full Changelog: vbauerster/mpb@v8.10.1...v8.10.2

v8.10.1

Full Changelog: vbauerster/mpb@v8.10.0...v8.10.1

v8.10.0

BarOption added:

• BarFillerOnAbort
• BarFillerClearOnAbort

Thanks to @​mustafabayar

v8.9.3

No release notes provided.

v8.9.2

If your code relied on mpb.DoneError type, please rename to mpb.ErrDone. Related commit: 3b489183981764cfe7a8f177f7d5e1e853d7cdbc.

Commits

• d30b560 v8.10.2
• 7efde3c make [][]io.Reader with capacity
• 0675e6b prefer builtin min (needs Go 1.21)
• db1c068 no need to capture loop var since Go 1.22

[github-actions]

📗 Scan Summary

• Frogbot scanned for vulnerabilities and found 5 issues

Scan Category	Status	Security Issues
Software Composition Analysis	✅ Done	1 Issues Found 1 Medium
Contextual Analysis	✅ Done	-
Static Application Security Testing (SAST)	✅ Done	4 Issues Found 4 Low
Secrets	✅ Done	-
Infrastructure as Code (IaC)	✅ Done	Not Found

📦 Vulnerable Dependencies

Severity	ID	Contextual Analysis	Direct Dependencies	Impacted Dependency	Fixed Versions
Medium	-	-	github.com/apache/camel-k/v2:v2.7.0 github.com/go-viper/mapstructure/v2:v2.3.0	github.com/go-viper/mapstructure/v2 v2.3.0	[2.4.0]

🔖 Details

Vulnerability Details

Direct Dependencies:	github.com/apache/camel-k/v2:v2.7.0, github.com/go-viper/mapstructure/v2:v2.3.0
Impacted Dependency:	github.com/go-viper/mapstructure/v2:v2.3.0
Fixed Versions:	[2.4.0]
CVSS V3:	5.3

go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

---

🐸 JFrog Frogbot

[github-actions]

{
		ResolverPrefix + Url: "http://some.url.com",
		DeployerPrefix + Url: "http://some.other.url.com",
	}

at common/build/buildinfoproperties_test.go (line 146)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details

Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

---

🐸 JFrog Frogbot

[github-actions]

{"repo", "http://url/art", "http://url/art/api/npm/repo"}

at artifactory/commands/utils/npmcmdutils_test.go (line 17)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details

Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

---

🐸 JFrog Frogbot

[github-actions]

{"repo", "http://url/art/", "http://url/art/api/npm/repo"}

at artifactory/commands/utils/npmcmdutils_test.go (line 18)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details

Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

---

🐸 JFrog Frogbot

[github-actions]

{"", "http://url/art", "http://url/art/api/npm/"}

at artifactory/commands/utils/npmcmdutils_test.go (line 20)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details

Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

---

🐸 JFrog Frogbot