build(deps): Bump the go_modules group across 1 directory with 11 updates

[dependabot]

Bumps the go_modules group with 5 updates in the / directory:

Package	From	To
github.com/docker/distribution	2.8.0+incompatible	2.8.2+incompatible
github.com/go-git/go-git/v5	5.4.2	5.11.0
github.com/aws/aws-sdk-go	1.31.6	1.34.0
github.com/containerd/containerd	1.5.8	1.6.26
github.com/rancher/wrangler	0.7.3-0.20210224225730-5ed69efb6ab9	0.7.4-security1

Updates github.com/docker/distribution from 2.8.0+incompatible to 2.8.2+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.2

What's Changed

• Revert registry/client: set Accept: identity header when getting layers by @​ndeloof in distribution/distribution#3783
• Parse http forbidden as denied by @​vvoland in distribution/distribution#3914
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2

v2.8.2-beta.2

What's Changed

• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.2

v2.8.2-beta.1

NOTE: This is a pre-release that does not contain any artifacts!

What's Changed

• Fix runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah in distribution/distribution#3650
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.1

v2.8.1

Welcome to the v2.8.1 release of registry!

The 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0

... (truncated)

Commits

• 7c354a4 Merge pull request #3915 from distribution/2.8.2-release-notes
• a173a9c Add v2.8.2 release notes
• 4894d35 Merge pull request #3914 from vvoland/handle-forbidden-28
• f067f66 Merge pull request #3783 from ndeloof/accept-encoding-28
• 483ad69 registry/errors: Parse http forbidden as denied
• 2b0f84d Revert "registry/client: set Accept: identity header when getting layers"
• 320d6a1 Merge pull request #3912 from distribution/2.8.2-beta.2-release-notes
• 5f3ca1b Add release notes for 2.8.2-beta.2 release
• cb840f6 Merge pull request #3911 from thaJeztah/2.8_backport_fix_releaser_filenames
• e884644 Dockerfile: fix filenames of artifacts
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.11.0

What's Changed

• git: validate reference names (#929) by @​aymanbagabas in go-git/go-git#950
• git: stop iterating at oldest shallow when pulling. Fixes #305 by @​dhoizner in go-git/go-git#939
• plumbing: object, enable renames in getFileStatsFromFilePatches by @​djmoch in go-git/go-git#941
• storage: filesystem, Add option to set a specific FS for alternates by @​pjbgf in go-git/go-git#953
• Align worktree validation with upstream and remove build warnings by @​pjbgf in go-git/go-git#958

New Contributors

• @​dhoizner made their first contribution in go-git/go-git#939
• @​djmoch made their first contribution in go-git/go-git#941

Full Changelog: go-git/go-git@v5.10.1...v5.11.0

v5.10.1

What's Changed

• Worktree, ignore ModeSocket files by @​steiler in go-git/go-git#930
• git: add tracer package by @​aymanbagabas in go-git/go-git#916
• remote: Flip clause for fast-forward only check by @​adityasaky in go-git/go-git#875
• plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes #900 by @​anandf in go-git/go-git#901
• plumbing: uppload-server-info, implement upload-server-info by @​aymanbagabas in go-git/go-git#896
• plumbing: optimise memory consumption for filesystem storage by @​pjbgf in go-git/go-git#799
• plumbing: format/packfile, Refactor patch delta by @​pjbgf in go-git/go-git#908
• plumbing: fix empty uploadpack request error by @​aymanbagabas in go-git/go-git#932
• plumbing: transport/git, Improve tests error message by @​pjbgf in go-git/go-git#752
• plumbing: format/pktline, Respect pktline error-line errors by @​aymanbagabas in go-git/go-git#936
• utils: remove ioutil.Pipe and use std library io.Pipe by @​aymanbagabas in go-git/go-git#922
• utils: move trace to utils by @​aymanbagabas in go-git/go-git#931
• cli: separate go module for cli by @​aymanbagabas in go-git/go-git#914
• build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @​dependabot in go-git/go-git#887
• build: bump actions/setup-go from 3 to 4 by @​dependabot in go-git/go-git#891
• build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by @​dependabot in go-git/go-git#888
• build: bump actions/checkout from 3 to 4 by @​dependabot in go-git/go-git#890
• build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by @​dependabot in go-git/go-git#907
• build: bump golang.org/x/text from 0.13.0 to 0.14.0 by @​dependabot in go-git/go-git#906
• build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by @​dependabot in go-git/go-git#917
• build: bump golang.org/x/net from 0.17.0 to 0.18.0 by @​dependabot in go-git/go-git#918

New Contributors

• @​anandf made their first contribution in go-git/go-git#901
• @​steiler made their first contribution in go-git/go-git#930

Full Changelog: go-git/go-git@v5.10.0...v5.10.1

v5.10.0

What's Changed

• PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by @​ThinkChaos in go-git/go-git#782

... (truncated)

Commits

• 5d08d3b Merge pull request #958 from pjbgf/workval
• 5bd1d8f build: Ensure checkout is the first operation
• b2c1982 git: worktree, Align validation with upstream rules
• cec7da6 Merge pull request #953 from pjbgf/alternates
• 8b47ceb storage: filesystem, Add option to set a specific FS for alternates
• 4f61489 Merge pull request #941 from djmoch/filestats-rename
• ae552ce Merge pull request #939 from dhoizner/fix-pull-after-shallow
• cc1895b Merge pull request #950 from aymanbagabas/validate-ref
• de1d5a5 git: validate reference names
• d87110b Merge pull request #948 from go-git/dependabot/go_modules/cli/go-git/github.c...
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.0.0-20210921155107-089bfa567519 to 0.16.0

Commits

• See full diff in compare view

Updates github.com/aws/aws-sdk-go from 1.31.6 to 1.34.0

Changelog

Sourced from github.com/aws/aws-sdk-go's changelog.

Release v1.34.0 (2020-08-07)

Service Client Updates

• service/glue: Updates service API and documentation
  • AWS Glue now adds support for Network connection type enabling you to access resources inside your VPC using Glue crawlers and Glue ETL jobs.
• service/organizations: Updates service API and documentation
  • Documentation updates for some new error reasons.
• service/s3: Updates service documentation and examples
  • Updates Amazon S3 API reference documentation.
• service/sms: Updates service API and documentation
  • In this release, AWS Server Migration Service (SMS) has added new features: 1. APIs to work with application and instance level validation 2. Import application catalog from AWS Application Discovery Service 3. For an application you can start on-demand replication

SDK Features

• service/s3/s3crypto: Updates to the Amazon S3 Encryption Client - This change includes fixes for issues that were reported by Sophie Schmieg from the Google ISE team, and for issues that were discovered by AWS Cryptography.

Release v1.33.21 (2020-08-06)

Service Client Updates

• service/ec2: Updates service API, documentation, and paginators
  • This release supports Wavelength resources, including carrier gateways, and carrier IP addresses.
• service/lex-models: Updates service API and documentation
• service/personalize: Updates service API and documentation
• service/personalize-events: Updates service API and documentation
• service/personalize-runtime: Updates service API and documentation
• service/runtime.lex: Updates service API and documentation

Release v1.33.20 (2020-08-05)

Service Client Updates

• service/appsync: Updates service API and documentation
• service/fsx: Updates service documentation
• service/resourcegroupstaggingapi: Updates service documentation
  • Documentation updates for the Resource Group Tagging API namespace.
• service/sns: Updates service documentation
  • Documentation updates for SNS.
• service/transcribe: Updates service API, documentation, and paginators

Release v1.33.19 (2020-08-04)

Service Client Updates

• service/health: Updates service documentation
  • Documentation updates for health

Release v1.33.18 (2020-08-03)

... (truncated)

Commits

• ae9b9fd Release v1.34.0 (2020-08-07)
• 1e84382 Merge commit '12ff57a16373dda5a0c22eafdf0fa1c4c224f7c4' into release
• b811ea8 Release v1.33.21 (2020-08-06) (#3462)
• 12ff57a Updates to the Amazon S3 Encryption Client - This change includes fixes for i...
• 2007a98 Release v1.33.20 (2020-08-05) (#3460)
• 39b4438 Release v1.33.19 (2020-08-04) (#3458)
• e14cc11 Merge pull request #3432 from diehlaws/common-files-standardization
• 9a13de7 Release v1.33.18 (2020-08-03) (#3456)
• 41f3140 Add reference links to readme
• 29d57fc Implementing suggested changes
• Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.5.8 to 1.6.26

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.6.26

Welcome to the v1.6.26 release of containerd!

The twenty-sixth patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• Fix windows default path overwrite issue (#9441)
• Update push to inherit distribution sources from parent (#9453)
• Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

• Emit deprecation warning for AUFS snapshotter usage (#9448)
• Emit deprecation warning for v1 runtime usage (#9468)
• Emit deprecation warning for CRI v1alpha1 usage (#9468)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Derek McGowan
• Kohei Tokunaga
• Phil Estes
• Bjorn Neergaard
• Sebastiaan van Stijn
• Brian Goff
• Charity Kathure
• Kazuyoshi Kato
• Milas Bowman
• Wei Fu
• ruiwen-zhao

Changes

• [release/1.6] Prepare release notes for v1.6.26 (#9490)
  • ac5c5d3e0 Prepare release notes for v1.6.26
• Github Security Advisory GHSA-7ww5-4wqc-m92c
  • 02f07fe19 contrib/apparmor: deny /sys/devices/virtual/powercap
  • c94577e78 oci/spec: deny /sys/devices/virtual/powercap
• [release/1.6] update to go1.20.12, test go1.21.5 (#9472)
  • 7cbdfc92e update to go1.20.12, test go1.21.5
  • 024b1cce6 update to go1.20.11, test go1.21.4
• [release/1.6] Add cri-api v1alpha2 usage warning to all api calls (#9484)

... (truncated)

Commits

• 3dd1e88 Merge pull request #9490 from dmcgowan/prepare-1.6.26
• 746b910 Merge pull request from GHSA-7ww5-4wqc-m92c
• ac5c5d3 Prepare release notes for v1.6.26
• e7ca005 Merge pull request #9472 from thaJeztah/1.6_update_golang_1.20.12
• 7cbdfc9 update to go1.20.12, test go1.21.5
• 024b1cc update to go1.20.11, test go1.21.4
• 2e40459 Merge pull request #9484 from ruiwen-zhao/cri-api-warning-1.6
• 64e56bf Add cri-api v1alpha2 usage warning to all api calls
• c566b7d Merge pull request #9468 from samuelkarp/deprecation-warning-runtime-1.6
• efefd3b tasks: emit warning for runc v1 runtime
• Additional commits viewable in compare view

Updates github.com/opencontainers/runc from 1.0.2 to 1.1.5

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1.5 -- "囚われた屈辱は　反撃の嚆矢だ"

This is the fifth patch release in the 1.1.z series of runc, which fixes three CVEs found in runc.

• CVE-2023-25809 is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda. GHSA-m8cg-xc2p-r3fc

• CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered by @​Beuc. GHSA-vpvm-3wq2-2wvm

• CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same patch. This variant of the above vulnerability was reported by Lei Wang. GHSA-g2j6-57v7-gm8c

In addition, the following other fixes are included in this release:

• Fix the inability to use /dev/null when inside a container. (#3620)
• Fix changing the ownership of host's /dev/null caused by fd redirection (a regression in 1.1.1). (#3674, #3731)
• Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7. (#3776)
• nsexec: Check for errors in write_log(). (#3721)

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

• libseccomp

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.5] - 2023-03-29

囚われた屈辱は 反撃の嚆矢だ

Security

The following CVEs were fixed in this release:

• CVE-2023-25809 is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda.

• CVE-2023-27561 was a regression in our protections against tricky /proc and /sys configurations (where the container mountpoint is a symlink) causing us to be tricked into incorrectly configuring the container, which effectively re-introduced CVE-2019-19921. This regression was present from v1.0.0-rc95 to v1.1.4 and was discovered by @​Beuc. (#3785)

• CVE-2023-28642 is a different attack vector using the same regression as in CVE-2023-27561. This was reported by Lei Wang.

Fixed

• Fix the inability to use /dev/null when inside a container. (#3620)
• Fix changing the ownership of host's /dev/null caused by fd redirection (a regression in 1.1.1). (#3674, #3731)
• Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7. (#3776)
• nsexec: Check for errors in write_log(). (#3721)
• Various CI fixes and updates. (#3618, #3630, #3640, #3729)

[1.1.4] - 2022-08-24

If you look for perfection, you'll never be content.

Fixed

• Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. (#3511)
• Switch kill() in libcontainer/nsenter to sane_kill(). (#3536)
• Fix "permission denied" error from runc run on noexec fs. (#3541)

... (truncated)

Commits

• f19387a VERSION: release v1.1.5
• 58a9abe Merge pull request from GHSA-m8cg-xc2p-r3fc
• 27fb72c merge branch 'pr-3776' into release-1.1
• 8ec02ea nsexec: retry unshare on EINVAL
• 059d773 merge branch 'pr-3785' into release-1.1
• 0abab45 Prohibit /proc and /sys to be symlinks
• 0e6b818 rootless: fix /sys/fs/cgroup mounts
• c6781d1 Merge pull request #3721 from kinvolk/rata/nsfixes-backport
• f6e2cd3 nsexec: Check for errors in write_log()
• 3775df9 Merge pull request #3731 from kolyshkin/1.1-fix-dev-null
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20211216030914-fe4d6282115f to 0.19.0

Commits

• See full diff in compare view

Updates google.golang.org/protobuf from 1.27.1 to 1.31.0

Updates gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.1

Updates github.com/rancher/wrangler from 0.7.3-0.20210224225730-5ed69efb6ab9 to 0.7.4-security1

Commits

• See full diff in compare view

Updates go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.21.0 to 0.28.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases.

Release v0.24.0

0.24.0 - 2021-09-21

Update dependency on the go.opentelemetry.io/otel project to v1.0.0.

v0.23.0

0.23.0 - 2021-09-09

Added

• Add WithoutSubSpans, WithRedactedHeaders, WithoutHeaders, and WithInsecureHeaders options for otelhttptrace.NewClientTrace. (#879)

Changed

• Split go.opentelemetry.io/contrib/propagators module into b3, jaeger, ot modules. (#985)
• otelmongodb span attributes, name and span status now conform to specification. (#769)
• Migrated EC2 resource detector support from root module go.opentelemetry.io/contrib/detectors/aws to a separate EC2 resource detector module go.opentelemetry.io/contrib/detectors/aws/ec2 (#1017)
• Add cloud.provider and cloud.platform to AWS detectors. (#1043)
• otelhttptrace.NewClientTrace now redacts known sensitive headers by default. (#879)

Fixed

• Fix span not marked as error in otelhttp.Transport when RoundTrip fails with an error. (#950)

Release v0.22.0

Added

• Add the zpages span processor. (#894)

Changed

• The b3.B3 type has been removed. b3.New() and b3.WithInjectEncoding(encoding) are added to replace it. (#868)

Fixed

• Fix deadlocks and race conditions in otelsarama.WrapAsyncProducer. The messaging.message_id and messaging.kafka.partition attributes are now not set if a message was not processed. (#754) (#755) (#881)
• Fix otelsarama.WrapAsyncProducer so that the messages from the Errors channel contain the original Metadata. (#754)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's changelog.

[1.3.0/0.28.0] - 2021-12-10

⚠️ Notice ⚠️

We have updated the project minimum supported Go version to 1.16

Changed

• otelhttptrace.NewClientTrace now uses TracerProvider from the parent context if one exists and none was set with WithTracerProvider (#874)

Fixed

• The "go.opentelemetry.io/contrib/detector/aws/ecs".Detector no longer errors if not running in ECS. (#1428)
• go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux does not require instrumented HTTP handlers to call Write nor WriteHeader anymore. (#1443)

[1.2.0/0.27.0] - 2021-11-15

Changed

• Update dependency on the go.opentelemetry.io/otel project to v1.2.0.
• go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-lambda-go/otellambda/xrayconfig updated to ensure access to the TracerProvider.
  • A NewTracerProvider() function is available to construct a recommended TracerProvider configuration.
  • AllRecommendedOptions() has been renamed to WithRecommendedOptions() and takes a TracerProvider as an argument.
  • EventToCarrier() and Propagator() are now WithEventToCarrier() and WithPropagator() to reflect that they return Option implementations.

[1.1.1/0.26.1] - 2021-11-04

Changed

• The Transport, Handler, and HTTP client convenience wrappers in the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp package now use the TracerProvider from the parent context if one exists and none was explicitly set when configuring the instrumentation. (#873)
• Semantic conventions now use go.opentelemetry.io/otel/semconv/v1.7.0". (#1385)

[1.1.0/0.26.0] - 2021-10-28

Update dependency on the go.opentelemetry.io/otel project to v1.1.0.

Added

• Add instrumentation for the github.com/aws/aws-lambda-go package. (#983)
• Add resource detector for AWS Lambda. (#983)
• Add WithTracerProvider option for otelhttptrace.NewClientTrace. (#1128)
• Add optional AWS X-Ray configuration module for AWS Lambda Instrumentation. (#984)

Fixed

... (truncated)

Commits

• aad3f90 Release prep 1.3.0/0.28.0 (#1477)
• dac6cdb fix: test failure cases on windows (#1047)
• 83de463 build(deps): bump github.com/Shopify/sarama (#1461)
• ee84b06 build(deps): bump golang.org/x/tools from 0.1.7 to 0.1.8 in /tools (#1473)
• 305cbc5 build(deps): bump cloud.google.com/go in /detectors/gcp (#1462)
• fec3ae9 build(deps): bump github.com/aws/aws-sdk-go-v2 (#1464)
• 7dd8052 build(deps): bump github.com/emicklei/go-restful/v3 (#1458)
• e4875ec build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 in /i...
• c579f5d build(deps): bump github.com/Shopify/sarama (#1460)
• ef81aab build(deps): bump github.com/Shopify/sarama (#1465)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.