build(deps): bump the dependencies group with 3 updates

[dependabot[bot]]

Bumps the dependencies group with 3 updates: github.com/prometheus/common, github.com/xtls/xray-core and google.golang.org/grpc.

Updates github.com/prometheus/common from 0.48.0 to 0.52.2

Release notes

Sourced from github.com/prometheus/common's releases.

v0.52.2

What's Changed

• Drop support for Go older than 1.18 by @​SuperQ in prometheus/common#612
• fix(protobuf): Correctly decode multi-messages streams by @​srebhan in prometheus/common#616
• Bump github.com/aws/aws-sdk-go from 1.50.31 to 1.51.11 in /sigv4 by @​dependabot in prometheus/common#615

New Contributors

• @​srebhan made their first contribution in prometheus/common#616

Full Changelog: https://github.com/prometheus/common/compare/v0.51.1...v0.52.2

v0.51.1

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#606
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#609
• Retract v0.50.0 by @​SuperQ in prometheus/common#610

Full Changelog: https://github.com/prometheus/common/compare/v0.51.0...v0.51.1

v0.51.0

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#604
• expfmt: Add a way to generate different OpenMetrics Formats by @​ywwg in prometheus/common#596
• Fix string slice definition for FormatFlagOptions. by @​gizmoguy in prometheus/common#607
• Correct logic in sample naming for counters, add new test by @​vesari in prometheus/common#608

New Contributors

• @​gizmoguy made their first contribution in prometheus/common#607

Full Changelog: https://github.com/prometheus/common/compare/v0.50.0...v0.51.0

v0.50.0

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#594
• Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 in /sigv4 by @​dependabot in prometheus/common#593
• Bump github.com/aws/aws-sdk-go from 1.50.27 to 1.50.29 in /sigv4 by @​dependabot in prometheus/common#592
• Bump github.com/aws/aws-sdk-go from 1.50.29 to 1.50.31 in /sigv4 by @​dependabot in prometheus/common#595
• Remove unused 'Host' member from HTTPClientConfig by @​bboreham in prometheus/common#597
• Add OpenMetrics unit support by @​vesari in prometheus/common#544
• Remove deprecated version function by @​SuperQ in prometheus/common#591
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#599
• Bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by @​dependabot in prometheus/common#600
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @​dependabot in prometheus/common#601

Full Changelog: https://github.com/prometheus/common/compare/v0.49.0...v0.50.0

v0.49.0

What's Changed

... (truncated)

Commits

• 4433931 Merge pull request #615 from prometheus/dependabot/go_modules/sigv4/github.co...
• 728e910 Merge pull request #616 from srebhan/fix_protobuf_decode
• 78585cf fix(protobuf): Correctly decode multi-messages streams
• 5fef1df Bump github.com/aws/aws-sdk-go from 1.50.31 to 1.51.11 in /sigv4
• 3dec13c Drop support for Go older than 1.18 (#612)
• 95edf51 Update common Prometheus files (#613)
• e821827 Retract v0.50.0 (#610)
• 2807775 Update common Prometheus files (#609)
• 617b51d Synchronize common files from prometheus/prometheus (#606)
• 057bec8 Merge pull request #608 from vesari/avoid-total-suffix-repetition
• Additional commits viewable in compare view

Updates github.com/xtls/xray-core from 1.8.9 to 1.8.10

Release notes

Sourced from github.com/xtls/xray-core's releases.

Xray-core v1.8.10

HTTPUpgrade 0-RTT

#3152 @​RPRX

现在在 HTTPUpgrade path 后加上 ?ed=2560 才会启用 0-RTT

现在起 WebSocket ed 建议填 2560 而不是 2048

Features

• gRPC API 现支持增删路由规则 #3189 @​hossinasaadi
• leastPing 与 roundRobin 负载均衡器策略现支持 fallbackTag，允许定义回落出站 69e1734e3a129414db1ca12147cf51c05ffa25ba @​yuhan6665
• sendThrough 现支持 IPv6 CIDR，允许使用随机 IPv6 地址出站 #3169 @​Fangliding
• HTTPUpgrade 现支持自定义头 #3170 @​Fangliding

Fixes

• 将默认 DoQ 端口从 784 改为 853 @​simpleandstupid
• 配置文件中的 burstObservatory 现可被覆盖 #3179 @​lelemka0
• HTTPUpgrade 无 TLS 时不再 panic @​RPRX Fixes #3218
• HTTPUpgrade 现正确注册为一个 transport #3153 @​Fangliding
• HTTPUpgrade 现可正确读取 X-Forwarded-For 头 #3172 @​chise0713
• HTTPUpgrade，WebSocket 中的自定义 Host 头现正常工作 @​Fangliding Fixes #3191 并重构代码 @​yuhan6665

Chores

• 统一 HTTPUpgrade 拼写 @​yuhan6665
• 移除路由中未使用的 field @​chise0713
• 优化负载均衡器信息 @​hossinasaadi
• 在 README 中移除 Mango 一个已不存在的 GUI 客户端 @​upbeat-backbone-bose
• 更新依赖

Commits

• 07ed094 v1.8.10
• 685e66e Fix TestXrayConfig in xray_test.go
• 7e3a8d3 Add separate host config for websocket
• e2302b4 Update proto file for websocket and httpupgrade (breaking)
• 53e5814 API - Add | Remove Routing Rules (#3189)
• 8a439bf Fix host in headers field does not work XTLS#3191
• e2439c0 fix: config burstObservatory override
• fac3836 Bump github.com/sagernet/sing from 0.3.6 to 0.3.8
• 9a619f9 Add support for HTTPupgrade custom headers
• bd38578 improve balancer_info.go
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.62.1 to 1.63.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.63.0

Behavior Changes

• grpc: Return canonical target string from resolver.Address.String() (experimental) (#6923)
• client & server: when using write buffer pooling, use input value for buffer size instead of size*2 (#6983)
  • Special Thanks: @​raghav-stripe

New Features

• grpc: add ClientConn.CanonicalTarget() to return the canonical target string. (#7006)
• xds: implement LRS named metrics support (gRFC A64) (#7027)
  • Special Thanks: @​danielzhaotongliu
• grpc: introduce grpc.NewClient to allow users to create new clients in idle mode and with "dns" as the default resolver (#7010)
  • Special Thanks: @​bruuuuuuuce

API Changes

• grpc: stabilize experimental method ClientConn.Target() (#7006)

Bug Fixes

• xds: fix an issue that would cause the client to send an empty list of resources for LDS/CDS upon reconnecting with the management server (#7026)
• server: Fix some errors returned by a server when using a grpc.Server as an http.Handler with the Go stdlib HTTP server (#6989)
• resolver/dns: add SetResolvingTimeout to allow configuring the DNS resolver's global timeout (#6917)
  • Special Thanks: @​and1truong
• Set the security level of Windows named pipes to NoSecurity (#6956)
  • Special Thanks: @​irsl

Release 1.62.2

Dependencies

• Update http2 library to address vulnerability CVE-2023-45288

Commits

• c68f456 Change version to 1.63.0 (#7050)
• 6369167 *: update http2 dependency (#7082)
• 8854761 cherry-pick: channelz: fix race accessing channelMap without lock (#7079) (#7...
• e62770d channelz: add LocalAddr to listen sockets and test (#7062) (#7063)
• 4ffccf1 googlec2p: use xdstp style template for client LDS resource name (#7048)
• faf9964 gracefulswitch: add ParseConfig and make UpdateClientConnState call SwitchTo ...
• 800a8e0 channelz: re-add state for subchannels (#7046)
• dadbbfa channelz: re-add target and state (#7042)
• 55cd7a6 channelz: major cleanup / reorganization (#6969)
• a1033b1 xds: add LRS named metrics support (#7027)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Superseded by #321.