Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go_modules group across 2 directories with 8 updates #145

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the go_modules group across 2 directories with 8 updates #145

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 13, 2025

Bumps the go_modules group with 6 updates in the / directory:

Package From To
github.com/golang/glog 0.0.0-20160126235308-23def4e6c14b 1.2.4
github.com/prometheus/client_golang 1.11.0 1.11.1
golang.org/x/crypto 0.0.0-20220507011949-2cf3adece122 0.31.0
google.golang.org/protobuf 1.28.0 1.33.0
github.com/cyphar/filepath-securejoin 0.2.3 0.2.4
gopkg.in/yaml.v3 3.0.0-20210107192922-496545a6307b 3.0.0

Bumps the go_modules group with 1 update in the /examples/are-you-alive directory: github.com/prometheus/client_golang.

Updates github.com/golang/glog from 0.0.0-20160126235308-23def4e6c14b to 1.2.4

Release notes

Sourced from github.com/golang/glog's releases.

v1.2.4

What's Changed

  • Fail if log file already exists by @​chressie in golang/glog#74:
    • glog: Don't try to create/rotate a given syncBuffer twice in the same second
    • glog: introduce createInDir function as in internal version
    • glog: have createInDir fail if the file already exists

Full Changelog: golang/glog@v1.2.3...v1.2.4

v1.2.3

What's Changed

Full Changelog: golang/glog@v1.2.2...v1.2.3

v1.2.2

What's Changed

Full Changelog: golang/glog@v1.2.1...v1.2.2

v1.2.1

What's Changed

Full Changelog: golang/glog@v1.2.0...v1.2.1

v1.2.0

What's Changed

Full Changelog: golang/glog@v1.1.2...v1.2.0

v1.1.2

Bugfix release.

What's Changed

Full Changelog: golang/glog@v1.1.1...v1.1.2

v1.1.1

Bugfixes since the larger v1.1.0, which have been addressed.

v1.1.0

... (truncated)

Commits

Updates github.com/prometheus/client_golang from 1.11.0 to 1.11.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

What's Changed

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.21.1 / 2025-03-04

  • [BUGFIX] prometheus: Revert of Inc, Add and Observe cumulative metric CAS optimizations (#1661), causing regressions on low contention cases.
  • [BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.

1.21.0 / 2025-02-17

⚠️ This release contains potential breaking change if you upgrade github.com/prometheus/common to 0.62+ together with client_golang. ⚠️

New common version changes model.NameValidationScheme global variable, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change model.NameValidationScheme to old model.LegacyValidation value in your project init function.

  • [BUGFIX] gocollector: Fix help message for runtime/metric metrics. #1583
  • [BUGFIX] prometheus: Fix Desc.String() method for no labels case. #1687
  • [ENHANCEMENT] prometheus: Optimize popular prometheus.BuildFQName function; now up to 30% faster. #1665
  • [ENHANCEMENT] prometheus: Optimize Inc, Add and Observe cumulative metrics; now up to 50% faster under high concurrent contention. #1661
  • [CHANGE] Upgrade prometheus/common to 0.62.0 which changes model.NameValidationScheme global variable. #1712
  • [CHANGE] Add support for Go 1.23. #1602
  • [FEATURE] process_collector: Add support for Darwin systems. #1600 #1616 #1625 #1675 #1715
  • [FEATURE] api: Add ability to invoke CloseIdleConnections on api.Client using api.Client.(CloseIdler).CloseIdleConnections() casting. #1513
  • [FEATURE] promhttp: Add promhttp.HandlerOpts.EnableOpenMetricsTextCreatedSamples option to create OpenMetrics _created lines. Not recommended unless you want to use opt-in Created Timestamp feature. Community works on OpenMetrics 2.0 format that should make those lines obsolete (they increase cardinality significantly). #1408
  • [FEATURE] prometheus: Add NewConstNativeHistogram function. #1654

1.20.5 / 2024-10-15

  • [BUGFIX] testutil: Reverted #1424; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input.

1.20.4 / 2024-09-07

  • [BUGFIX] histograms: Fix possible data race when appending exemplars vs metrics gather. #1623

1.20.3 / 2024-09-05

  • [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608

1.20.2 / 2024-08-23

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587

1.20.0 / 2024-08-14

  • [CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
  • [FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
  • [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
  • [FEATURE] testutil: Add CollectAndFormat method. #1503

... (truncated)

Commits

Updates golang.org/x/crypto from 0.0.0-20220507011949-2cf3adece122 to 0.31.0

Commits

Updates golang.org/x/net from 0.7.0 to 0.25.0

Commits
  • d27919b go.mod: update golang.org/x dependencies
  • e0324fc http2: use net.ErrClosed
  • b20cd59 quic: initiate key rotation earlier in connections
  • f95a3b3 html: fix typo in package doc
  • 0a24555 http/httpguts: speed up ValidHeaderFieldName
  • ec05fdc http2: don't retry the first request on a connection on GOAWAY error
  • b67a0f0 http2: send correct LastStreamID in stream-caused GOAWAY
  • a130fcc quic: don't consider goroutines running when tests start as leaked
  • 7bbe320 go.mod: update golang.org/x dependencies
  • c48da13 http2: fix TestServerContinuationFlood flakes
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.5.0 to 0.28.0

Commits
  • fe16172 unix: define IfMsghdr2, IfData64, and RtMsghdr2 on darwin
  • 0a57dbc unix: update to kernel Linux 6.12
  • 3cf1e67 unix: don't fail TestPpoll on EINTR
  • d2cea70 windows: add functions to get named pipe process IDs
  • a13946c windows: regenerate zsyscall_windows.go
  • e0753d4 Revert "windows/mkwinsyscall: use syscall.SyscallN instead of syscall.Syscall...
  • c29efe3 windows: add iphlpapi functions for change notifications
  • 8f2aa9f cpu: conditionally re-enable AVX512 support on darwin/amd64
  • 054f1fc README: don't recommend go get
  • ca04041 unix: extend z/OS support
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.33.0

Updates github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.2.4

This release fixes a potential security issue in filepath-securejoin when used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to generate paths outside of the provided rootfs in certain cases), as well as improving the overall behaviour of filepath-securejoin when dealing with Windows paths that contain volume names. Thanks to Paulo Gomes for discovering and fixing these issues.

In addition, we've switched (at long last) to GitHub Actions and have continuous integration testing on Linux, MacOS, and Windows.

Thanks to the following contributors for making this release possible:

Signed-off-by: Aleksa Sarai [email protected]

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.2.4] - 2023-09-06

Security

  • This release fixes a potential security issue in filepath-securejoin when used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to generate paths outside of the provided rootfs in certain cases), as well as improving the overall behaviour of filepath-securejoin when dealing with Windows paths that contain volume names. Thanks to Paulo Gomes for discovering and fixing these issues.

Fixed

  • Switch to GitHub Actions for CI so we can test on Windows as well as Linux and MacOS.
Commits

Updates gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.0

Updates github.com/prometheus/client_golang from 1.6.0 to 1.11.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

What's Changed

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.21.1 / 2025-03-04

  • [BUGFIX] prometheus: Revert of Inc, Add and Observe cumulative metric CAS optimizations (#1661), causing regressions on low contention cases.
  • [BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.

1.21.0 / 2025-02-17

⚠️ This release contains potential breaking change if you upgrade github.com/prometheus/common to 0.62+ together with client_golang. ⚠️

New common version changes model.NameValidationScheme global variable, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change model.NameValidationScheme to old model.LegacyValidation value in your project init function.

  • [BUGFIX] gocollector: Fix help message for runtime/metric metrics. #1583
  • [BUGFIX] prometheus: Fix Desc.String() method for no labels case. #1687
  • [ENHANCEMENT] prometheus: Optimize popular prometheus.BuildFQName function; now up to 30% faster. #1665
  • [ENHANCEMENT] prometheus: Optimize Inc, Add and Observe cumulative metrics; now up to 50% faster under high concurrent contention. #1661
  • [CHANGE] Upgrade prometheus/common to 0.62.0 which changes model.NameValidationScheme global variable. #1712
  • [CHANGE] Add support for Go 1.23. #1602
  • [FEATURE] process_collector: Add support for Darwin systems. #1600 #1616 #1625 #1675 #1715
  • [FEATURE] api: Add ability to invoke CloseIdleConnections on api.Client using api.Client.(CloseIdler).CloseIdleConnections() casting. #1513
  • [FEATURE] promhttp: Add promhttp.HandlerOpts.EnableOpenMetricsTextCreatedSamples option to create OpenMetrics _created lines. Not recommended unless you want to use opt-in Created Timestamp feature. Community works on OpenMetrics 2.0 format that should make those lines obsolete (they increase cardinality significantly). #1408
  • [FEATURE] prometheus: Add NewConstNativeHistogram function. #1654

1.20.5 / 2024-10-15

  • [BUGFIX] testutil: Reverted #1424; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input.

1.20.4 / 2024-09-07

  • [BUGFIX] histograms: Fix possible data race when appending exemplars vs metrics gather. #1623

1.20.3 / 2024-09-05

  • [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608

1.20.2 / 2024-08-23

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587

1.20.0 / 2024-08-14

  • [CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
  • [FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
  • [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
  • [FEATURE] testutil: Add CollectAndFormat method. #1503

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the go_modules group across 2 directories with 8 updates
8eda4d9 
Bumps the go_modules group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/golang/glog](https://github.com/golang/glog) | `0.0.0-20160126235308-23def4e6c14b` | `1.2.4` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.11.0` | `1.11.1` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.0.0-20220507011949-2cf3adece122` | `0.31.0` |
| google.golang.org/protobuf | `1.28.0` | `1.33.0` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.3` | `0.2.4` |
| gopkg.in/yaml.v3 | `3.0.0-20210107192922-496545a6307b` | `3.0.0` |

Bumps the go_modules group with 1 update in the /examples/are-you-alive directory: [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang).


Updates `github.com/golang/glog` from 0.0.0-20160126235308-23def4e6c14b to 1.2.4
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/commits/v1.2.4)

Updates `github.com/prometheus/client_golang` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.11.0...v1.11.1)

Updates `golang.org/x/crypto` from 0.0.0-20220507011949-2cf3adece122 to 0.31.0
- [Commits](https://github.com/golang/crypto/commits/v0.31.0)

Updates `golang.org/x/net` from 0.7.0 to 0.25.0
- [Commits](golang/net@v0.7.0...v0.25.0)

Updates `golang.org/x/sys` from 0.5.0 to 0.28.0
- [Commits](golang/sys@v0.5.0...v0.28.0)

Updates `google.golang.org/protobuf` from 1.28.0 to 1.33.0

Updates `github.com/cyphar/filepath-securejoin` from 0.2.3 to 0.2.4
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.2.3...v0.2.4)

Updates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.0

Updates `github.com/prometheus/client_golang` from 1.6.0 to 1.11.1
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: gopkg.in/yaml.v3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants