Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go_modules group across 1 directory with 6 updates #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the go_modules group across 1 directory with 6 updates #2

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 25, 2025

Bumps the go_modules group with 1 update in the / directory: github.com/coredns/coredns.

Updates github.com/coredns/coredns from 1.11.1 to 1.11.2

Commits

Updates github.com/quic-go/quic-go from 0.37.4 to 0.40.1

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.40.1

This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:

Full Changelog: quic-go/quic-go@v0.40.0...v0.40.1

v0.40.0

API Changes

  • Connection.{Send,Receive}Message was renamed to {Send,Receive}Datagram: #4116
  • Closing a Listener created from a Transport doesn't close already established QUIC connections: #4072
  • http3: the ResponseWriter now automatically discards the response body for HEAD requests: #4115

Other Changes / Fixes

  • When using Dial (not DialEarly) now doesn't perform 0-RTT handshake, even if the session ticket allows 0-RTT: #4125
  • ClientHellos offering TLS versions older than 1.3 are now reject (when using Go 1.20): #4130
  • EPERM sendmsg errors (see golang/go#63322) are now automatically caught: #4111
  • Sending CONNECTION_REFUSED now doesn't spawn a new Go routine: #4091
  • Sending Retry packets now doesn't spawn a new Go routine: #4092

Please support quic-go!

Is your project / company relying on quic-go? Please consider funding the project. Any support is highly appreciated!

Changelog

... (truncated)

Commits
  • 554d543 don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
  • 3a9c18b limit the number of queued PATH_RESPONSE frames to 256 (#4199)
  • a360354 document what happens to established connections on Listener.Close (#4138)
  • 6eb0cac fix race condition in multiplex integration test (#4136)
  • 5311f81 README: link to webtransport-go repo (#4117)
  • dda63b9 don't close established connections on Listener.Close, when using a Transport...
  • ef800d6 handshake: set MinVersion on the Config returned by GetConfigForClient (#4134)
  • d309060 handshake: clone the tls.Config returned by GetConfigForClient (#4133)
  • e2622bf reject ClientHellos that offer TLS versions older than 1.3 (for Go 1.20) (#4130)
  • 746290b never allow 0-RTT when using Dial, even if the session ticket allows it (#4125)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.13.0 to 0.18.0

Commits
  • dbb6ec1 ssh/test: skip tests on darwin that fail on the darwin-amd64-longtest LUCI bu...
  • 403f699 ssh/test: avoid leaking a net.UnixConn in server.TryDialWithAddr
  • 055043d go.mod: update golang.org/x dependencies
  • 08396bb internal/poly1305: drop Go 1.12 compatibility
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.15.0 to 0.20.0

Commits
  • cb5b10f go.mod: update golang.org/x dependencies
  • 689bbc7 quic: deflake TestStreamsCreateConcurrency
  • f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
  • c136d0c quic: avoid panic when PTO expires and implicitly-created streams exist
  • f9726a9 quic: fix packet size logging
  • c337daf quic: enable qlog output in tests
  • 2b416c3 quic/qlog: create log files with O_EXCL
  • 1e59a7e quic/qlog: correctly write negative durations
  • b0eb4d6 quic: compute pnum len from max ack received, not sent
  • b952594 quic: fix data race in connection close
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.57.0 to 1.61.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.61.0

New Features

  • resolver: provide method, AuthorityOverrider, to allow resolver.Builders to override the default authority for a ClientConn. (EXPERIMENTAL) (#6752)
  • xds: add support for mTLS Credentials in xDS bootstrap (gRFC A65) (#6757)
  • server: add grpc.WaitForHandlers ServerOption to cause Server.Stop to block until method handlers return. (EXPERIMENTAL) (#6922)

Performance Improvements

  • grpc: skip compression of empty messages as an optimization (#6842)
  • orca: use atomic pointer to improve performance in server metrics recorder (#6799)

Bug Fixes

  • client: correctly enable TCP keepalives with OS defaults on windows (#6863)
  • server: change some stream operations to return UNAVAILABLE instead of UNKNOWN when underlying connection is broken (#6891)
  • server: fix GracefulStop to block until all method handlers return (v1.60 regression). (#6922)
  • server: fix two bugs that could lead to panics at shutdown when using NumStreamWorkers (EXPERIMENTAL). (#6856)
  • reflection: do not send invalid descriptors to clients for files that cannot be fully resolved (#6771)
  • xds: don't fail channel/server startup when xds creds is specified, but bootstrap is missing certificate providers (#6848)
  • xds: Atomically read and write xDS security configuration client side (#6796)
  • xds/server: fix RDS handling for non-inline route configs (#6915)

Release v1.60.1

Bug Fixes

  • server: fix two bugs that could lead to panics at shutdown when using NumStreamWorkers (experimental feature).

Release 1.60.0

Security

  • credentials/tls: if not set, set TLS MinVersion to 1.2 and CipherSuites according to supported suites not forbidden by RFC7540.
    • This is a behavior change to bring us into better alignment with RFC 7540.

API Changes

  • resolver: remove deprecated and experimental ClientConn.NewServiceConfig (#6784)
  • client: remove deprecated grpc.WithServiceConfig DialOption (#6800)

... (truncated)

Commits
  • 8167bc3 Change version to 1.61.0 (#6936)
  • 52e2363 test/xds: Use different import path for gRPC Messages (#6933)
  • 67e50be transport: Remove redundant if in handleGoAway (#6930)
  • e96f521 alts: Extract AuthInfo after handshake in ALTS e2e test. (#6931)
  • 987df13 metadata: move FromOutgoingContextRaw() to internal (#6765)
  • 61eab37 server: block GracefulStop on method handlers and make blocking optional for ...
  • ddd377f xds/server: fix RDS handling for non-inline route configs (#6915)
  • 8b455de removing Roots deprecated Subjects field in tests (#6907)
  • 953d12a alts: Forward-fix of ALTS queuing of handshake requests. (#6906)
  • 6ce73bf internal/transport: convert ConnectionError to Unavailable status when wr...
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.32.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the go_modules group across 1 directory with 6 updates
041b018 
Bumps the go_modules group with 1 update in the / directory: [github.com/coredns/coredns](https://github.com/coredns/coredns).


Updates `github.com/coredns/coredns` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/coredns/coredns/releases)
- [Changelog](https://github.com/coredns/coredns/blob/master/Makefile.release)
- [Commits](https://github.com/coredns/coredns/commits)

Updates `github.com/quic-go/quic-go` from 0.37.4 to 0.40.1
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.37.4...v0.40.1)

Updates `golang.org/x/crypto` from 0.13.0 to 0.18.0
- [Commits](golang/crypto@v0.13.0...v0.18.0)

Updates `golang.org/x/net` from 0.15.0 to 0.20.0
- [Commits](golang/net@v0.15.0...v0.20.0)

Updates `google.golang.org/grpc` from 1.57.0 to 1.61.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.57.0...v1.61.0)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.32.0

---
updated-dependencies:
- dependency-name: github.com/coredns/coredns
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/quic-go/quic-go
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 25, 2025
@dependabot dependabot bot mentioned this pull request Feb 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants