chore(deps): bump the gomod group across 1 directory with 11 updates

[dependabot[bot]]

Bumps the gomod group with 8 updates in the / directory:

Package	From	To
github.com/prometheus/client_golang	1.17.0	1.19.1
github.com/yannh/kubeconform	0.6.4	0.6.6
go.uber.org/zap	1.26.0	1.27.0
github.com/cespare/xxhash/v2	2.2.0	2.3.0
github.com/prometheus/client_model	0.5.0	0.6.1
github.com/prometheus/procfs	0.12.0	0.15.0
github.com/secure-systems-lab/go-securesystemslib	0.7.0	0.8.0
google.golang.org/protobuf	1.33.0	1.34.1

Updates github.com/prometheus/client_golang from 1.17.0 to 1.19.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.19.1

What's Changed

• Security patches for golang.org/x/sys and google.golang.org/protobuf

New Contributors

• @​lukasauk made their first contribution in prometheus/client_golang#1494

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1

v1.19.0

What's Changed

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

• [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
• [FEATURE] collectors: Add version collector. #1422 #1427

New Contributors

• @​michurin made their first contribution in prometheus/client_golang#1423
• @​kavu made their first contribution in prometheus/client_golang#1445
• @​ywwg made their first contribution in prometheus/client_golang#1448

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.0

v1.18.0

What's Changed

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

New Contributors

• @​srenatus made their first contribution in prometheus/client_golang#1350
• @​jadolg made their first contribution in prometheus/client_golang#1342
• @​manas-rust made their first contribution in prometheus/client_golang#1383
• @​bluekeyes made their first contribution in prometheus/client_golang#1378
• @​tsipo made their first contribution in prometheus/client_golang#1387

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.17.0...v1.18.0

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.19.0 / 2023-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

• [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
• [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

Commits

• 6e3f4b1 Cut 1.19.1 (#1494)
• cad1bfa Merge pull request #1454 from prometheus/small-nits
• 0aa8c9f Rephrase incompatibility with common v0.48.0
• 77d4003 Add 1.19.0 changelog (#1451)
• 14259fa Merge pull request #1448 from ywwg/owilliams/content-negotiation
• 6d03920 deps: bump prometheus/common version
• 353395b Remove support for go 1.19 (#1449)
• 9dd5d2a Merge pull request #1445 from kavu/add_go122_metrics_test
• c906a5e Add support for Go 1.22
• 7ac9036 Merge pull request #1440 from prometheus/dependabot/github_actions/github-act...
• Additional commits viewable in compare view

Updates github.com/yannh/kubeconform from 0.6.4 to 0.6.6

Release notes

Sourced from github.com/yannh/kubeconform's releases.

v0.6.6

Changelog

• 142517f fix go.mod

v0.6.5

Changelog

• 13a78eb Avoid unnecessary type conversions (#222)
• a4d74ce Fail early on incorrect version of k8s (#254)
• 452f1fe Fix #130 in a backward-compatible way (#219)
• b6728f1 Fix junit output, also ensure junit output is deterministic (#253)
• ae67bb4 Force Draft version of JsonSchema (#221)
• 71a59d7 Remove deprecated Maintainer tag in Dockerfile (#267)
• ad166c7 Sanitize csv strings (#258)
• 7062384 Slightly improve the coverage of the validator test (#271)
• 20805f6 Stop validating output of closed channel in Validate (#265)
• 808e6d4 Update GH actions and goreleaser (#252)
• 14053aa Update Go & Base images (#268)
• 2e50b79 Update Go and Goreleaser to 1.20, update dependencies (#231)
• d8f00a3 Update Golang to 1.21.4 (#245)
• f0a7d52 Update Readme.md
• b7d7b4d Update Readme.md (#232)
• 278385f Update Readme.md to add fullgroup explanation (#220)
• a8000fd Update kubeconform -h output (#260)
• 9627dd1 Update go version in go.mod (#269)
• 71fd5f8 fix: add missing output formats in error message (#213)
• 6ae8c45 openapi2jsonschema.py now correctly fails if no FILE is passed (#244)

Commits

• 142517f fix go.mod
• 7062384 Slightly improve the coverage of the validator test (#271)
• 20805f6 Stop validating output of closed channel in Validate (#265)
• 9627dd1 Update go version in go.mod (#269)
• 14053aa Update Go & Base images (#268)
• 71a59d7 Remove deprecated Maintainer tag in Dockerfile (#267)
• ad166c7 Sanitize csv strings (#258)
• a8000fd Update kubeconform -h output (#260)
• b6728f1 Fix junit output, also ensure junit output is deterministic (#253)
• a4d74ce Fail early on incorrect version of k8s (#254)
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.26.0 to 1.27.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.0

Enhancements:

• #1378[]: Add WithLazy method for SugaredLogger.
• #1399[]: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility than NewLogger.
• #1406[]: Add Log, Logw, Logln methods for SugaredLogger.
• #1416[]: Add WithPanicHook option for testing panic logs.

Thanks to @​defval, @​dimmo, @​arxeiss, and @​MKrupauskas for their contributions to this release.

#1378: uber-go/zap#1378 #1399: uber-go/zap#1399 #1406: uber-go/zap#1406 #1416: uber-go/zap#1416

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.0 (20 Feb 2024)

Enhancements:

• #1378[]: Add WithLazy method for SugaredLogger.
• #1399[]: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility than NewLogger.
• #1406[]: Add Log, Logw, Logln methods for SugaredLogger.
• #1416[]: Add WithPanicHook option for testing panic logs.

Thanks to @​defval, @​dimmo, @​arxeiss, and @​MKrupauskas for their contributions to this release.

#1378: uber-go/zap#1378 #1399: uber-go/zap#1399 #1406: uber-go/zap#1406 #1416: uber-go/zap#1416

Commits

• fcf8ee5 Release v1.27.0 (#1419)
• e5a56ee Add WithPanicHook logger option for panic log tests (#1416)
• 0e2aa4e assets: Fix logo color profile (#1418)
• 956a21c Add methods for logging with level as argument (#1406)
• 2a893f6 build(deps): bump golangci/golangci-lint-action from 3 to 4 (#1417)
• e5745d6 ci: Test with Go 1.22 (#1409)
• 7db06bc zapslog: rename Option to HandlerOption (#1411)
• 35ded09 zapslog: fix all with slogtest, support inline group, ignore empty group. (#1...
• 27b96e3 Make zaptest.NewTestingWriter public (#1399)
• 70f61bb zapslog: Bump zap from v1.24.0 to v1.26.0 (#1404)
• Additional commits viewable in compare view

Updates github.com/cespare/xxhash/v2 from 2.2.0 to 2.3.0

Commits

• 998dce2 Add initial support for custom seeds
• 21fc82b feat: add badger to the projects using this package on README.md
• 66b1409 feat: add ristretto to the Projects using this package on README.md
• fe2f6e8 Update Go versions for GH action
• See full diff in compare view

Updates github.com/prometheus/client_model from 0.5.0 to 0.6.1

Release notes

Sourced from github.com/prometheus/client_model's releases.

v0.6.1

What's Changed

• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @​dependabot in prometheus/client_model#84

Full Changelog: https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1

v0.6.0

What's Changed

• Add unit field to MetricFamily proto message by @​vesari in prometheus/client_model#75
• add exemplar to native histogram by @​fatsheep9146 in prometheus/client_model#80

New Contributors

• @​vesari made their first contribution in prometheus/client_model#75
• @​fatsheep9146 made their first contribution in prometheus/client_model#80

Full Changelog: https://github.com/prometheus/client_model/compare/v0.5.0...v0.6.0

Commits

• 571429e Merge pull request #86 from prometheus/repo_sync
• cc727ab Update common Prometheus files
• 6fe5007 Merge pull request #85 from prometheus/repo_sync
• bce87c1 Update common Prometheus files
• 64c33c9 Merge pull request #84 from prometheus/dependabot/go_modules/google.golang.or...
• d954a8a Bump google.golang.org/protobuf from 1.32.0 to 1.33.0
• 5c25993 Merge pull request #82 from prometheus/repo_sync
• bb45f95 Update common Prometheus files
• 01ca24c Merge pull request #81 from prometheus/repo_sync
• ccd6823 Update common Prometheus files
• Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.45.0 to 0.48.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.48.0

This release will require changes of code that relies on direct access to content-type format strings. See the PR linked below for work-arounds. Please file an issue if your use case doesn't work anymore.

What's Changed

• Unexport Format strings by @​ywwg in prometheus/common#576

Full Changelog: https://github.com/prometheus/common/compare/v0.47.0...v0.48.0

v0.47.0

What's Changed

• UTF-8 support in validation, and some parsers and formatters by @​ywwg in prometheus/common#537
• Support empty OAuth2 inline secrets by @​TheSpiritXIII in prometheus/common#547
• UTF8: Content negotiation (encoding side) by @​ywwg in prometheus/common#570

New Contributors

• @​ywwg made their first contribution in prometheus/common#537

Full Changelog: https://github.com/prometheus/common/compare/v0.46.0...v0.47.0

v0.46.0

What's Changed

• Add golangci-lint config by @​SuperQ in prometheus/common#517
• model: add metric type values by @​bboreham in prometheus/common#533
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#532
• Bump github.com/aws/aws-sdk-go from 1.45.19 to 1.47.0 in /sigv4 by @​dependabot in prometheus/common#529
• Update modules by @​SuperQ in prometheus/common#534
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#535
• Allow using empty Authorization credentials by @​TheSpiritXIII in prometheus/common#546
• enable errorlint linter by @​mmorel-35 in prometheus/common#550
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#548
• Bump github.com/aws/aws-sdk-go from 1.47.0 to 1.48.10 in /sigv4 by @​dependabot in prometheus/common#539
• Bump github.com/alecthomas/kingpin/v2 from 2.3.2 to 2.4.0 by @​dependabot in prometheus/common#542
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#552
• Bump golang.org/x/net from 0.18.0 to 0.19.0 by @​dependabot in prometheus/common#541
• Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 by @​dependabot in prometheus/common#540
• Add hints for promlog by @​lucacome in prometheus/common#556
• Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 by @​dependabot in prometheus/common#560
• Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 in /sigv4 by @​dependabot in prometheus/common#558
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#555
• Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 by @​dependabot in prometheus/common#559
• Bump github.com/aws/aws-sdk-go from 1.48.10 to 1.49.13 in /sigv4 by @​dependabot in prometheus/common#557
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#561
• Make version getRevision public by @​SuperQ in prometheus/common#563
• enable gofumpt, goimports, testifylint linters by @​mmorel-35 in prometheus/common#551
• version: make GetTegs() public by @​ArthurSens in prometheus/common#565
• switch to protodelim package (which pbutil now calls) by @​stapelberg in prometheus/common#567
• Bump Go modules by @​SuperQ in prometheus/common#568

New Contributors

... (truncated)

Commits

• bd41eb6 Merge pull request #576 from ywwg/owilliams/unexport
• 05d7387 Unexport Format strings
• 773d566 Merge pull request #570 from ywwg/owilliams/quoted-metric-name-02
• 319c62c UTF-8 support in metric and label names
• a3bdb9e Support empty OAuth2 inline secrets (#547)
• bd0376d UTF-8 support in validation, and some parsers and formatters (#537)
• 7e44242 Bump Go modules (#568)
• 0e201e4 Merge pull request #567 from stapelberg/protodelim
• 53f76e7 version: make GetTegs() public (#565)
• 1143fec switch to protodelim package (which pbutil now calls)
• Additional commits viewable in compare view

Updates github.com/prometheus/procfs from 0.12.0 to 0.15.0

Release notes

Sourced from github.com/prometheus/procfs's releases.

v0.15.0 / 2024-05-14

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#635
• enhancement: Use pointer fields for FibreChannel* by @​rexagod in prometheus/procfs#623
• bugfix: Allow multiple xprt fields for NFS stats by @​rexagod in prometheus/procfs#619
• bugfix: s/TrimRight/TrimSuffix for certain cases by @​rexagod in prometheus/procfs#618
• Parse recovery line to be synced blocks by @​SuperQ in prometheus/procfs#637
• feat: Add support for CONFIG_CPU_FREQ_STAT by @​rexagod in prometheus/procfs#627
• Fixup sysfs/system_cpu.go lint errors by @​SuperQ in prometheus/procfs#638
• Update class_thermal.go to ignore only invalid thermal zones which raise fs.PathError by @​miliacristian in prometheus/procfs#634
• Bump golang.org/x/sys from 0.19.0 to 0.20.0 by @​dependabot in prometheus/procfs#639

New Contributors

• @​miliacristian made their first contribution in prometheus/procfs#634

Full Changelog: https://github.com/prometheus/procfs/compare/v0.14.0...v0.15.0

v0.14.0

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#613
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#615
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#616
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#621
• Revert add avgRTT to nfs mountstats #487 by @​SuperQ in prometheus/procfs#625
• style: returns procfs build-in error like other parsing methods by @​weidongkl in prometheus/procfs#630
• update MAINTAINERS.md by @​pgier in prometheus/procfs#629
• *: s/(%v|%s)/%w and use go1.20 by @​rexagod in prometheus/procfs#617
• chore: Use kernel-compliant types for {U,G}IDs by @​rexagod in prometheus/procfs#620
• Update Go versions by @​SuperQ in prometheus/procfs#632
• fix: same TCP connection appears twice by @​weidongkl in prometheus/procfs#631
• Revert "fix: same TCP connection appears twice" by @​SuperQ in prometheus/procfs#633

New Contributors

• @​rexagod made their first contribution in prometheus/procfs#617

Full Changelog: https://github.com/prometheus/procfs/compare/v0.13.0...v0.14.0

v0.13.0

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#578
• fix(meminfo): account for optional unit field so values are accurate by @​tjhop in prometheus/procfs#569
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @​dependabot in prometheus/procfs#584
• Bump golang.org/x/sys from 0.12.0 to 0.13.0 by @​dependabot in prometheus/procfs#583
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#586
• Bump golang.org/x/sync from 0.3.0 to 0.5.0 by @​dependabot in prometheus/procfs#587
• Update crypto.go, fix incorrect spelling by @​linuxgcc in prometheus/procfs#591
• Add udp drops by @​alebsys in prometheus/procfs#538
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#590
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/procfs#595
• meminfo: add Percpu field by @​manas-rust in prometheus/procfs#588

... (truncated)

Commits

• 513f259 Bump golang.org/x/sys from 0.19.0 to 0.20.0 (#639)
• dbe3261 Update class_thermal.go (#634)
• ae2937e Fixup sysfs/system_cpu.go lint errors (#638)
• 51f7d13 feat: Add support for CONFIG_CPU_FREQ_STAT (#627)
• 5a801c6 Parse recovery line to be synced blocks (#637)
• 1adce6b bugfix: s/TrimRight/TrimSuffix for certain cases (#618)
• 2085b8f bugfix: Allow multiple xprt fields for NFS stats (#619)
• 68fb3df enhancement: Use pointer fields for FibreChannel* (#623)
• 5cca38b Update common Prometheus files (#635)
• 6bec248 Revert "fix: same TCP connection appears twice (#631)" (#633)
• Additional commits viewable in compare view

Updates github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0

Commits

• 7e48227 Merge pull request #66 from secure-systems-lab/dependabot/go_modules/golang.o...
• e615bd3 chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
• c55c6a6 Merge pull request #65 from adityasaky/sigstore-support
• a0c6afa Support sigstore fields in public key
• 2eb6599 Merge pull request #64 from secure-systems-lab/dependabot/github_actions/acti...
• 7e04bd5 chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0
• a8e3b1f Merge pull request #63 from secure-systems-lab/dependabot/go_modules/golang.o...
• 7539050 chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0
• 8613a43 Merge pull request #59 from secure-systems-lab/dependabot/github_actions/acti...
• 8402a9f Merge pull request #60 from neilnaveen/neil/signerverifier/utils
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.16.0 to 0.17.0

Commits

• 9d2ee97 ssh: implement strict KEX protocol changes
• 4e5a261 ssh: close net.Conn on all NewServerConn errors
• 152cdb1 x509roots/fallback: update bundle
• fdfe1f8 ssh: defer channel window adjustment
• b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
• 7e6fbd8 ssh: wrap errors from client handshake
• bda2f3f argon2: avoid clobbering BP
• See full diff in compare view

Updates golang.org/x/sys from 0.15.0 to 0.20.0

Commits

• 7d69d98 unix: extend support for z/OS
• 7758090 cpu: add support for sve2 detection
• 9a28524 windows: drop go version tags for unsupported versions
• 27dc90b unix: update to Linux kernel 6.4
• cabba82 windows: use uint32 for serial comm flags for consistency
• 1a50d97 windows: add serial comm functions
• 95f07ec x/sys/windows: add func windows.DisconnectNamedPipe(handle Handle) (err error)
• 4be02d3 unix: expose mmap calls on z/OS
• 360f961 unix: add API for fsconfig system call
• 7ff74af unix: drop go version tags for unsupported versions
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.33.0 to 1.34.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Superseded by #617.