merge upstream changes from v0.13.0 (#8)

* Bump the go-modules group with 1 update

Bumps the go-modules group with 1 update: [github.com/containerd/containerd](https://github.com/containerd/containerd).

- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.8...v1.7.9)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump golang.org/x/sys from 0.14.0 to 0.15.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.14.0 to 0.15.0.
- [Commits](golang/sys@v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump golang.org/x/crypto from 0.15.0 to 0.16.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0.
- [Commits](golang/crypto@v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump the go-modules group with 4 updates

Bumps the go-modules group with 4 updates: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/spf13/afero](https://github.com/spf13/afero), [github.com/spf13/cast](https://github.com/spf13/cast) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `github.com/go-git/go-git/v5` from 5.10.0 to 5.10.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.10.0...v5.10.1)

Updates `github.com/spf13/afero` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](spf13/afero@v1.10.0...v1.11.0)

Updates `github.com/spf13/cast` from 1.5.1 to 1.6.0
- [Release notes](https://github.com/spf13/cast/releases)
- [Commits](spf13/cast@v1.5.1...v1.6.0)

Updates `golang.org/x/tools` from 0.15.0 to 0.16.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/spf13/afero
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/spf13/cast
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/tools
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump the go-modules group with 2 updates

Bumps the go-modules group with 2 updates: [github.com/containerd/containerd](https://github.com/containerd/containerd) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).


Updates `github.com/containerd/containerd` from 1.7.9 to 1.7.10
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.9...v1.7.10)

Updates `github.com/google/go-containerregistry` from 0.16.1 to 0.17.0
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/google/go-containerregistry
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump the go-modules group with 1 update

Bumps the go-modules group with 1 update: [github.com/klauspost/compress](https://github.com/klauspost/compress).

- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](klauspost/compress@v1.17.3...v1.17.4)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump the go-modules group with 1 update

Bumps the go-modules group with 1 update: [github.com/paketo-buildpacks/occam](https://github.com/paketo-buildpacks/occam).

- [Release notes](https://github.com/paketo-buildpacks/occam/releases)
- [Commits](paketo-buildpacks/occam@v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/paketo-buildpacks/occam
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump the go-modules group with 1 update

Bumps the go-modules group with 1 update: [github.com/pierrec/lz4/v4](https://github.com/pierrec/lz4).

- [Commits](pierrec/lz4@v4.1.18...v4.1.19)

---
updated-dependencies:
- dependency-name: github.com/pierrec/lz4/v4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /dependency/retrieval

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump golang.org/x/crypto from 0.16.0 to 0.17.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](golang/crypto@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump github.com/containerd/containerd from 1.7.10 to 1.7.11

Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.10 to 1.7.11.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.10...v1.7.11)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.1 to 5.11.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.10.1...v5.11.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump github.com/cloudflare/circl in /dependency/retrieval

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.3...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump github.com/go-git/go-git/v5 in /dependency/retrieval

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.4.2 to 5.11.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.4.2...v5.11.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Updating buildpack.toml with new versions 3.11.7

* Updating buildpack.toml with new versions 3.12.1

* Updating buildpack.toml with new versions 3.11.8, 3.12.2

* Updating github-config

* Updating github-config

* Updating github-config

* Updating github-config

* Updating github-config

* Updating github-config

* Updating github-config

* Updating github-config

* Updating github-config

* Bump github.com/opencontainers/runc from 1.1.10 to 1.1.12

Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.10 to 1.1.12.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.1.10...v1.1.12)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Updating github-config

* Updating github-config

* Updating github-config

* Allow user to remove setuptools by setting BP_CPYTHON_RM_SETUPTOOLS env var

* Bump google.golang.org/protobuf from 1.31.0 to 1.33.0

Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Updating github-config

* Updating buildpack.toml with new versions 3.10.14, 3.8.19, 3.9.19

* Add support for Ubuntu Noble dependencies (paketo-buildpacks#710)

* Add Noble dependencies
* add dependency test for noble


Co-authored-by: Ralf Pannemans <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: paketo-bot <[email protected]>
Co-authored-by: Jerico Pena <[email protected]>
Co-authored-by: Pavel Busko <[email protected]>
Co-authored-by: Ralf Pannemans <[email protected]>

Author: 6 people

.github/workflows/create-draft-release.yml

@@ -53,9 +53,8 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   release:

.github/workflows/test-pull-request.yml

@@ -55,9 +55,8 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   roundup:

build.go

@@ -17,6 +17,7 @@ import (
 
 //go:generate faux --interface DependencyManager --output fakes/dependency_manager.go
 //go:generate faux --interface PythonInstaller --output fakes/installer.go
+//go:generate faux --interface PythonPipCleanup --output fakes/pip_cleanup.go
 //go:generate faux --interface SBOMGenerator --output fakes/sbom_generator.go
 
 // DependencyManager defines the interface for picking the best matching
@@ -38,6 +39,11 @@ type PythonInstaller interface {
 	) error
 }
 
+// PythonPipCleanup defines the interface for cleaning up pip after a python installation
+type PythonPipCleanup interface {
+	Cleanup(packages []string, targetLayer string) error
+}
+
 type SBOMGenerator interface {
 	GenerateFromDependency(dependency postal.Dependency, dir string) (sbom.SBOM, error)
 }
@@ -51,6 +57,7 @@ type SBOMGenerator interface {
 func Build(
 	dependencies DependencyManager,
 	pythonInstaller PythonInstaller,
+	pipCleanup PythonPipCleanup,
 	sbomGenerator SBOMGenerator,
 	logger scribe.Emitter,
 	clock chronos.Clock,
@@ -181,6 +188,17 @@ func Build(
 			duration = downloadDuration
 		}
 
+		pipCleanupDuration, err := clock.Measure(func() error {
+			if _, ok := os.LookupEnv("BP_CPYTHON_RM_SETUPTOOLS"); ok {
+				return pipCleanup.Cleanup(pipPackagesToBeUninstalled(), cpythonLayer.Path)
+			}
+			return nil
+		})
+		if err != nil {
+			return packit.BuildResult{}, err
+		}
+		duration += pipCleanupDuration
+
 		logger.Action("Completed in %s", duration.Round(time.Millisecond))
 		logger.Break()
 

build_test.go

@@ -31,6 +31,7 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 		clock             chronos.Clock
 		dependencyManager *fakes.DependencyManager
 		pythonInstaller   *fakes.PythonInstaller
+		pipCleanup        *fakes.PythonPipCleanup
 		sbomGenerator     *fakes.SBOMGenerator
 		buffer            *bytes.Buffer
 		logEmitter        scribe.Emitter
@@ -108,7 +109,9 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 
 		pythonInstaller = &fakes.PythonInstaller{}
 
-		build = cpython.Build(dependencyManager, pythonInstaller, sbomGenerator, logEmitter, clock)
+		pipCleanup = &fakes.PythonPipCleanup{}
+
+		build = cpython.Build(dependencyManager, pythonInstaller, pipCleanup, sbomGenerator, logEmitter, clock)
 
 	})
 
@@ -203,6 +206,7 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 
 		// Pre-compiled binary installation does not call pythonInstaller.Install
 		Expect(pythonInstaller.InstallCall.CallCount).To(Equal(0))
+		Expect(pipCleanup.CleanupCall.CallCount).To(Equal(0))
 	})
 
 	it("returns a result that compiles and installs python from source", func() {
@@ -222,6 +226,7 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 		Expect(err).NotTo(HaveOccurred())
 
 		Expect(pythonInstaller.InstallCall.CallCount).To(Equal(1))
+		Expect(pipCleanup.CleanupCall.CallCount).To(Equal(0))
 
 		Expect(result.Layers).To(HaveLen(1))
 		layer := result.Layers[0]
@@ -441,6 +446,26 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 		})
 	})
 
+	context("when the BP_CPYTHON_RM_SETUPTOOLS env var is set", func() {
+		it.Before(func() {
+			t.Setenv("BP_CPYTHON_RM_SETUPTOOLS", "value-is-ignored")
+		})
+
+		it("pip cleanup is called", func() {
+			_, err := build(buildContext)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(pipCleanup.CleanupCall.CallCount).To(Equal(1))
+		})
+	})
+
+	context("when the BP_CPYTHON_RM_SETUPTOOLS env var is not set", func() {
+		it("pip cleanup is not called", func() {
+			_, err := build(buildContext)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(pipCleanup.CleanupCall.CallCount).To(Equal(0))
+		})
+	})
+
 	context("failure cases", func() {
 		context("when the dependency cannot be resolved", func() {
 			it.Before(func() {
@@ -515,6 +540,24 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 			})
 		})
 
+		context("when the BP_CPYTHON_RM_SETUPTOOLS env var is set", func() {
+			it.Before(func() {
+				t.Setenv("BP_CPYTHON_RM_SETUPTOOLS", "value-is-ignored")
+			})
+
+			context("pip cleanup call fails with error", func() {
+				it.Before(func() {
+					pipCleanup.CleanupCall.Returns.Error = errors.New("failed to uninstall pip package")
+				})
+
+				it("returns an error", func() {
+					_, err := build(buildContext)
+					Expect(pipCleanup.CleanupCall.CallCount).To(Equal(1))
+					Expect(err).To(MatchError("failed to uninstall pip package"))
+				})
+			})
+		})
+
 		context("installing python from source", func() {
 			it.Before(func() {
 				dependencyManager.ResolveCall.Returns.Dependency.Source = dependencyManager.ResolveCall.Returns.Dependency.URI

buildpack.toml

@@ -278,14 +278,14 @@ api = "0.7"
     version = "3.11.3"
 
   [[metadata.dependencies]]
-    checksum = "sha256:b87a3ef940234b0010b310d537a8bce351dc391fdc67f66873a2ef3ec0d4a840"
-    cpe = "cpe:2.3:a:python:python:3.12.0:*:*:*:*:*:*:*"
+    checksum = "sha256:b1b60a0153ce4fb9558ac63c88cb302c28e81e16659c2926dac1d568783b0fff"
+    cpe = "cpe:2.3:a:python:python:3.11.8:*:*:*:*:*:*:*"
     id = "python"
     licenses = ["0BSD", "CNRI-Python-GPL-Compatible", "PSF-2.0"]
     name = "Python"
-    purl = "pkg:generic/python@3.12.0?checksum=51412956d24a1ef7c97f1cb5f70e185c13e3de1f50d131c0aac6338080687afb&download_url=https://www.python.org/ftp/python/3.12.0/Python-3.12.0.tgz"
-    source = "https://www.python.org/ftp/python/3.12.0/Python-3.12.0.tgz"
-    source-checksum = "sha256:51412956d24a1ef7c97f1cb5f70e185c13e3de1f50d131c0aac6338080687afb"
+    purl = "pkg:generic/python@3.11.8?checksum=d3019a613b9e8761d260d9ebe3bd4df63976de30464e5c0189566e1ae3f61889&download_url=https://www.python.org/ftp/python/3.11.8/Python-3.11.8.tgz"
+    source = "https://www.python.org/ftp/python/3.11.8/Python-3.11.8.tgz"
+    source-checksum = "sha256:d3019a613b9e8761d260d9ebe3bd4df63976de30464e5c0189566e1ae3f61889"
     stacks = ["io.buildpacks.stacks.bionic"]
     uri = "http://dash-app-resources.plotly-system.svc.cluster.local/packages/kpack-offline-files/python_3.12.0_linux_x64_bionic_b87a3ef9.tgz"
     version = "3.12.0"

dependency/actions/compile/README.md

@@ -4,6 +4,9 @@ Running compilation locally:
 ```shell
 docker build --tag compilation-<target> --file <target>.Dockerfile .
 
+# Noble example
+docker build --tag compilation-noble --file noble.Dockerfile .
+
 # Jammy example
 docker build --tag compilation-jammy --file jammy.Dockerfile .
 
@@ -20,6 +23,9 @@ output_dir=$(mktemp -d)
 ```shell
 $ docker run --volume $output_dir:/tmp/compilation compilation-<target> --outputDir /tmp/compilation --target <target> --version <version> 
 
+# Noble example
+$ docker run --volume $output_dir:/tmp/compilation compilation-noble --outputDir /tmp/compilation --target noble --version 3.10.7
+
 # Jammy example
 $ docker run --volume $output_dir:/tmp/compilation compilation-jammy --outputDir /tmp/compilation --target jammy --version 3.10.7
 

dependency/actions/compile/noble.Dockerfile

@@ -0,0 +1,28 @@
+FROM ubuntu:noble
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+  apt-get -y install --no-install-recommends \
+    apt-utils \
+    build-essential \
+    ca-certificates \
+    curl \
+    dialog \
+    libbz2-dev \
+    libdb-dev \
+    libffi-dev \
+    libgdbm-dev \
+    liblzma-dev \
+    libreadline-dev \
+    libsqlite3-dev \
+    libssl-dev \
+    ncurses-dev \
+    tk8.6-dev \
+    tzdata \
+    xz-utils \
+  && apt-get -y --force-yes -d install --no-install-recommends --reinstall libtcl8.6 libtk8.6 libxss1
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

dependency/retrieval/go.mod

@@ -13,40 +13,42 @@ require (
 )
 
 require (
+	dario.cat/mergo v1.0.0 // indirect
 	github.com/BurntSushi/toml v1.2.0 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Microsoft/go-winio v0.6.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad // indirect
-	github.com/acomagu/bufpipe v1.0.3 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
 	github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/dgryski/go-minhash v0.0.0-20190315135803-ad340ca03076 // indirect
 	github.com/ekzhu/minhash-lsh v0.0.0-20190924033628-faac2c6342f8 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.1 // indirect
 	github.com/go-enry/go-license-detector/v4 v4.3.0 // indirect
-	github.com/go-git/gcfg v1.5.0 // indirect
-	github.com/go-git/go-billy/v5 v5.3.1 // indirect
-	github.com/go-git/go-git/v5 v5.4.2 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-git/go-git/v5 v5.11.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jdkato/prose v1.2.1 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/montanaflynn/stats v0.6.6 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shogo82148/go-shuffle v1.0.1 // indirect
+	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
-	github.com/xanzy/ssh-agent v0.3.2 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
 	gonum.org/v1/gonum v0.12.0 // indirect
 	gopkg.in/neurosnap/sentences.v1 v1.0.7 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect