Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump the dev-dependencies group with 9 updates #62

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 1, 2024

Bumps the dev-dependencies group with 9 updates:

Package From To
github.com/hashicorp/consul/api 1.29.1 1.29.4
github.com/kubernetes-csi/csi-lib-utils 0.18.1 0.19.0
github.com/prometheus/client_golang 1.19.1 1.20.2
github.com/spf13/cobra 1.8.0 1.8.1
github.com/spf13/viper 1.18.2 1.19.0
golang.org/x/net 0.24.0 0.26.0
google.golang.org/grpc 1.64.0 1.65.0
google.golang.org/protobuf 1.33.0 1.34.2
k8s.io/klog/v2 2.120.1 2.130.1

Updates github.com/hashicorp/consul/api from 1.29.1 to 1.29.4

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.19.2 (August 26, 2024)

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [GH-21588]

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

BUG FIXES:

  • api-gateway: (Enterprise only) ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint [GH-21604]

1.18.4 Enterprise (August 26, 2024)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

1.17.7 Enterprise (August 26, 2024)

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

1.15.14 Enterprise (August 26, 2024)

Enterprise LTS: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [GH-21588]

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

1.19.1 (July 11, 2024)

SECURITY:

... (truncated)

Commits
  • b25a438 api/v1.29.4
  • 3280bc7 Updating go.mods in release/1.19.x after modules have been released. (#21650)
  • ea4cf5e Backport of add build support script to print out the submodule versions requ...
  • 249141d Backport of [NET-10774] Fix Group Reference in GatewayPolcy Docs into release...
  • d5875f4 Backport of remove consul-k8s submodule into release/1.19.x (#21623)
  • b996f99 Backport of fix: use Envoy's default for validate_clusters to fix breaking ro...
  • abefc02 Backport of DOCS: CE-556 Add partition parameter to API endpoint docs into re...
  • c7b9668 Backport of update goldenfile checker for running in ent repo into release/1....
  • 94e3ae7 Backport of [NET-10737] Add CI Checks for Generated Testdata into release/1.1...
  • 45abe96 Backport of Fix TestDNS_ServiceLookup_ARecordLimits so that it only creates t...
  • Additional commits viewable in compare view

Updates github.com/kubernetes-csi/csi-lib-utils from 0.18.1 to 0.19.0

Release notes

Sourced from github.com/kubernetes-csi/csi-lib-utils's releases.

v0.19.0

https://github.com/kubernetes-csi/csi-lib-utils/blob/v0.19.0/CHANGELOG/CHANGELOG-0.19.md

v0.19.0-beta.0

Pre-release with Kubernetes 1.31.0-beta.0 packages.

Commits
  • 5827ba9 Merge pull request #180 from dfajmon/changelog
  • 0186303 Add changelog for v1.19.0
  • 927e34c Merge pull request #179 from dfajmon/bump-1.31
  • 0067cde update kubernetes to 1.31
  • 4b65dcd Merge commit 'c7e0f2e01019270bb4337dd201ec835d7e96587e' into bump-1.31
  • c7e0f2e Squashed 'release-tools/' changes from edd89ad5..988496a1
  • 1884850 Merge pull request #178 from dfajmon/kubernetes-bump
  • 0363106 update kubernetes deps to 1.31.0-beta
  • See full diff in compare view

Updates github.com/prometheus/client_golang from 1.19.1 to 1.20.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.2

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

v1.20.1

This release contains the critical fix for the issue. Thanks to @​geberl, @​CubicrootXYZ, @​zetaab and @​timofurrer for helping us with the investigation!

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on Linux machines. #1587

v1.20.0

Thanks everyone for contributions!

⚠️ In this release we remove one (broken anyway, given Go runtime changes) metric and add three new (representing GOGC, GOMEMLIMIT and GOMAXPROCS flags) to the default collectors.NewGoCollector() collector. Given its popular usage, expect your binary to expose two additional metric.

Changes

  • [CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
  • [FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
  • [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
  • [FEATURE] testutil: Add CollectAndFormat method. #1503
  • [FEATURE] histograms: Add support for exemplars in native histograms. #1471
  • [FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496
  • [FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544
  • [FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537
  • [FEATURE] process-collectors: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555
  • [FEATURE] promlint: Add duplicated metric lint rule. #1472
  • [BUGFIX] promlint: Relax metric type in name linter rule. #1455
  • [BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480
  • [BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.2 / 2024-08-23

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587

1.20.0 / 2024-08-14

  • [CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
  • [FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
  • [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
  • [FEATURE] testutil: Add CollectAndFormat method. #1503
  • [FEATURE] histograms: Add support for exemplars in native histograms. #1471
  • [FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496
  • [FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544
  • [FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537
  • [FEATURE] process-collector: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555
  • [FEATURE] promlint: Add duplicated metric lint rule. #1472
  • [BUGFIX] promlint: Relax metric type in name linter rule. #1455
  • [BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480
  • [BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424

1.19.0 / 2024-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

  • [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
  • [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

  • [FEATURE] promlint: Allow creation of custom metric validations. #1311
  • [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
  • [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
  • [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
  • [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

1.17.0 / 2023-09-27

  • [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
  • [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
  • [ENHANCEMENT] Enable detection of a native histogram without observations. #1314

1.16.0 / 2023-06-15

  • [BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. #1252
  • [BUGFIX] api: Fix undefined execution order in return statements. #1260
  • [BUGFIX] native histograms: Fix bug in bucket key calculation. #1279

... (truncated)

Commits
  • 67121dc Merge pull request #1596 from mrueg/fix-uncompressed-content-header
  • 187acd4 Cut 1.20.2
  • f7f8f3a fix: Unset Content-Encoding header when uncompressed
  • 2254d6c Merge pull request #1587 from prometheus/fix-processcollector
  • 4a15d05 Cut 1.20.1
  • f2dd7b3 Use pedantic registry in other places too, to double check.
  • 261fe84 bugfix: Pass network metrics to processCollector's Describe() function
  • 5bf3341 Use NewPedanticRegistry in Process' Collector tests
  • 73b811c Cut 1.20.0 release. (#1580)
  • 7ce5089 gocollector: Attach original runtime/metrics metric name to help. (#1578)
  • Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.1

✨ Features

🐛 Bug fixes

🔧 Maintenance

🧪 Testing & CI/CD

✏️ Documentation

... (truncated)

Commits

Updates github.com/spf13/viper from 1.18.2 to 1.19.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.19.0

What's Changed

Bug Fixes 🐛

Dependency Updates ⬆️

... (truncated)

Commits
  • b9733f0 build(deps): bump actions/checkout from 4.1.4 to 4.1.6
  • 6ecc5c8 build(deps): bump cachix/install-nix-action from 26 to 27
  • 248c6fd build(deps): bump github/codeql-action from 3.25.4 to 3.25.7
  • abea773 Update references to bketelsen/crypt
  • f17acb4 build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1
  • 8e285a5 build(deps): bump github/codeql-action from 3.25.2 to 3.25.4
  • 4017620 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
  • b67e814 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2
  • 4a182c7 build(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.2
  • 45a0e12 build(deps): bump mheap/github-action-required-labels
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.24.0 to 0.26.0

Commits
  • 66e838c go.mod: update golang.org/x dependencies
  • 6249541 http2: avoid race in server handler SetReadDeadine/SetWriteDeadline
  • 603e3e6 quic: disable X25519Kyber768Draft00 in tests
  • 67e8d0c http2: report an error if goroutines outlive serverTester tests
  • 5608279 http2: avoid corruption in priority write scheduler
  • 0d515a5 http2: factor out frame read/write test functions
  • 9f5b79b http2: drop unused retry function
  • 03c24c2 http2: use synthetic time in server tests
  • 022530c http2: add a more full-featured test net.Conn
  • 410d19e http2: avoid racy access to clientStream.requestedGzip
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.64.0 to 1.65.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.65.0

Dependencies

  • Change support policy to cover only the latest TWO releases of Go, matching the policy for Go itself. See #7249 for more information. (#7250)
  • Update x/net/http2 to address CVE-2023-45288 (#7282)

Behavior Changes

  • credentials/tls: clients and servers will now reject connections that don't support ALPN when environment variable GRPC_ENFORCE_ALPN_ENABLED is set to "true" (case insensitive). (#7184)
    • NOTE: this behavior will become the default in a future release.
  • metadata: remove String method from MD to make printing more consistent (#7373)

New Features

  • grpc: add WithMaxCallAttempts to configure gRPC's retry behavior per-channel. (#7229)

Bug Fixes

  • ringhash: properly apply endpoint weights instead of ignoring them (#7156)
  • xds: fix a bug that could cause xds-enabled servers to stop accepting new connections after handshaking errors (#7128)

Release 1.64.1

Dependencies

  • Update x/net/http2 to address CVE-2023-45288 (#7352)
  • metadata: remove String method from MD to make printing consistent (#7374)
Commits
  • 2da9769 Change version to 1.65.0 (#7306)
  • ede96b7 metadata: remove String method (#7373)
  • 64be203 grpc: Readd pick first name (#7336) (#7341)
  • 25e33a6 examples: Add CSM Observability example (#7302) (#7318)
  • 04a5f46 xds/internal/xdsclient: Emit unknown for CSM Labels if not present in CDS (#7...
  • cff5c3e stats/opentelemetry: Add e2e testing for CSM Observability (#7279) (#7316)
  • 9b970fd dns: fix constant 30s backoff for re-resolution (#7262) (#7311)
  • 6d23620 documentation: on server, use FromIncomingContext for retrieving context and...
  • 7e5898e xds: unify xDS client creation APIs meant for testing (#7268)
  • 5d7bd7a interop/xds: Interop client and server changes for CSM Observability (#7280)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.33.0 to 1.34.2

Updates k8s.io/klog/v2 from 2.120.1 to 2.130.1

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.31 (Take 2)

What's Changed

Full Changelog: kubernetes/klog@v2.130.0...v2.130.1

Prepare klog release for Kubernetes v1.31 (Take 1)

What's Changed

New Contributors

Full Changelog: kubernetes/klog@v2.120.1...v2.130.0

Commits
  • 75663bb Merge pull request #408 from pohly/klog-flush-sync-fix
  • 2327d4c data race: avoid unprotected access to sb.file
  • 16c7d26 Merge pull request #401 from pohly/ktesting-warning-delay
  • cd24012 ktesting: tone down warning about leaked test goroutine
  • 2ee202a Merge pull request #404 from 1978629634/fsync-freelock
  • 79575d8 Do not acquire lock for file.Sync() fsync call
  • 7af45d6 Merge pull request #406 from pohly/linter
  • d008cfe examples: fix linter warning
  • ab53041 Merge pull request #402 from pohly/linter-issues
  • ff7c070 build: fix some linter warnings
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dev-dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul) | `1.29.1` | `1.29.4` |
| [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils) | `0.18.1` | `0.19.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.19.1` | `1.20.2` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.0` | `1.8.1` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.18.2` | `1.19.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.24.0` | `0.26.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.64.0` | `1.65.0` |
| google.golang.org/protobuf | `1.33.0` | `1.34.2` |
| [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.120.1` | `2.130.1` |


Updates `github.com/hashicorp/consul/api` from 1.29.1 to 1.29.4
- [Release notes](https://github.com/hashicorp/consul/releases)
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md)
- [Commits](hashicorp/consul@api/v1.29.1...api/v1.29.4)

Updates `github.com/kubernetes-csi/csi-lib-utils` from 0.18.1 to 0.19.0
- [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases)
- [Commits](kubernetes-csi/csi-lib-utils@v0.18.1...v0.19.0)

Updates `github.com/prometheus/client_golang` from 1.19.1 to 1.20.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.19.1...v1.20.2)

Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.8.0...v1.8.1)

Updates `github.com/spf13/viper` from 1.18.2 to 1.19.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.18.2...v1.19.0)

Updates `golang.org/x/net` from 0.24.0 to 0.26.0
- [Commits](golang/net@v0.24.0...v0.26.0)

Updates `google.golang.org/grpc` from 1.64.0 to 1.65.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.64.0...v1.65.0)

Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.2

Updates `k8s.io/klog/v2` from 2.120.1 to 2.130.1
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](kubernetes/klog@v2.120.1...v2.130.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/kubernetes-csi/csi-lib-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 1, 2024

The following labels could not be found: dependencies.

Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 1, 2024

Superseded by #63.

@dependabot dependabot bot closed this Oct 1, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/dev-dependencies-e5cc187aa1 branch October 1, 2024 08:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants