Porter enables you to package your application artifact, client tools, configuration and deployment logic together as an installer that you can distribute, and install with a single command.
For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the
blog post. For details about each vulnerability, see the relevant security advisory:
In go.opentelemetry.io/contrib/exporters/autoexport, Option was renamed to SpanOption. The old name is deprecated but continues to be supported as an alias. (#4229)
Deprecated
The interceptors (UnaryClientInterceptor, StreamClientInterceptor, UnaryServerInterceptor, StreamServerInterceptor, WithInterceptorFilter) are deprecated. Use stats handlers (NewClientHandler, NewServerHandler) instead. (#4534)
Fixed
The go.opentelemetry.io/contrib/samplers/jaegerremote sampler does not panic when the default HTTP round-tripper (http.DefaultTransport) is not *http.Transport. (#4045)
The UnaryServerInterceptor in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now sets gRPC status code correctly for the rpc.server.duration metric. (#4481)
The NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now honor otelgrpc.WithMessageEvents options. (#4536)
The net.sock.peer.* and net.peer.* high cardinality attributes are removed from the metrics generated by go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4322)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getporter/porter/network/alerts).
Bumps the go_modules group with 4 updates in the / directory: github.com/docker/docker, go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc, google.golang.org/protobuf and golang.org/x/net.
Updates
github.com/docker/docker
from 24.0.5-0.20230714235725-36e9e796c6fc+incompatible to 24.0.9+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Commits
Updates
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
from 0.45.0 to 0.46.0Release notes
Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases.
... (truncated)
Changelog
Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's changelog.
Commits
b4b06bc
Release v1.21.0/v0.46.0/v0.15.0/v0.1.0 (#4546)c1ac303
config: Prepare module for release (#4541)fe68fe9
host: fix typo (#4540)016b46f
otelgrpc: Use net.Listen in TestStatsHandler (#4538)23bd4ed
otelgrpc: Deprecate interceptors in favor of stats handlers (#4534)a3b16ae
Expose instrumentation scope name (#4448)2b69029
otelgrpc: Fix stats handlers to honor WithMessageEvents option (#4536)f6aeb0d
otelgrpc: Stablize TestInterceptors (#4535)b44dfc9
otelgrpc: Remove high cardinality metric attributes (#4322)2a5fe23
otelgrpc: Refine tests to use a net socket instead of a buffer (#4503)Updates
google.golang.org/protobuf
from 1.33.0 to 1.34.0Updates
golang.org/x/net
from 0.23.0 to 0.24.0Commits
7bbe320
go.mod: update golang.org/x dependenciesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show