search

ossf / package-analysis

Open Source Package Analysis
Apache License 2.0
714 stars 51 forks source link

Bump the gomod-minor-updates group with 6 updates #1036

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the gomod-minor-updates group with 6 updates:

Package From To
cloud.google.com/go/pubsub 1.36.2 1.37.0
gocloud.dev 0.36.0 0.37.0
gocloud.dev/pubsub/kafkapubsub 0.36.0 0.37.0
golang.org/x/crypto 0.19.0 0.21.0
google.golang.org/api 0.166.0 0.169.0
google.golang.org/grpc 1.61.1 1.62.1

Updates cloud.google.com/go/pubsub from 1.36.2 to 1.37.0

Commits
  • a75c8b6 chore(main): release pubsub 1.37.0 (#9517)
  • e2c9a95 chore(internal/protoveneer): support custom field converters (#9456)
  • 86ec5c0 chore: release main (#9511)
  • a74cbbe docs(netapp): mark optional fields explicitly in Storage Pool (#9513)
  • 9bba269 feat(pubsub): support kinesis ingestion admin (#9458)
  • 5ca0271 feat(logging/logadmin): allow logging PageSize to override (#9409)
  • e68777c chore(main): release spanner 1.58.0 (#9423)
  • 6deb969 docs(pubsub): check for nil responses for receive examples (#9516)
  • e54989e chore: remove old samples that no longer compile (#9510)
  • 1cf28f6 docs(run): clarify some defaults and required or optional values (#9505)
  • Additional commits viewable in compare view


Updates gocloud.dev from 0.36.0 to 0.37.0

Release notes

Sourced from gocloud.dev's releases.

v0.37.0

  • blob

    • s3blob: Support S3 server side encryption headers for Write and Copy.
    • gcsblob: Ensure driver sets Content-Type auto-detection properly.

  • pubsub

    • azpubsub: Ensure 401s are not retryable.
    • azpubsub: Allow configuring max_recv_batch_size in via URL.
    • mongodocstore: Fix error when calling the update function with no 'set' operations.

  • docstore

    • all: Add Offset method, useful for pagination
Commits


Updates gocloud.dev/pubsub/kafkapubsub from 0.36.0 to 0.37.0

Release notes

Sourced from gocloud.dev/pubsub/kafkapubsub's releases.

v0.37.0

  • blob

    • s3blob: Support S3 server side encryption headers for Write and Copy.
    • gcsblob: Ensure driver sets Content-Type auto-detection properly.

  • pubsub

    • azpubsub: Ensure 401s are not retryable.
    • azpubsub: Allow configuring max_recv_batch_size in via URL.
    • mongodocstore: Fix error when calling the update function with no 'set' operations.

  • docstore

    • all: Add Offset method, useful for pagination
Commits


Updates golang.org/x/crypto from 0.19.0 to 0.21.0

Commits
  • 7067223 go.mod: update golang.org/x dependencies
  • 0d2316b ssh/test: work around for TestCiphers failures on macOS
  • 0aab8d0 all: update go.mod x/net dependency
  • 5bead59 ocsp: don't use iota for externally defined constants
  • 1a86580 x/crypto/internal/poly1305: improve sum_ppc64le.s
  • 1c981e6 ssh/test: don't use DSA keys in integrations tests, update test RSA key
  • 62c9f17 x509roots/nss: manually exclude a confusingly constrained root
  • See full diff in compare view


Updates google.golang.org/api from 0.166.0 to 0.169.0

Release notes

Sourced from google.golang.org/api's releases.

v0.169.0

0.169.0 (2024-03-07)

Features

v0.168.0

0.168.0 (2024-03-04)

Features

v0.167.0

0.167.0 (2024-02-23)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.169.0 (2024-03-07)

Features

0.168.0 (2024-03-04)

Features

0.167.0 (2024-02-23)

Features

Commits


Updates google.golang.org/grpc from 1.61.1 to 1.62.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.62.1

Bug Fixes

  • xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
  • server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)
  • grpc: the experimental RecvBufferPool DialOption and ServerOption are now active during unary RPCs with compression (#6766)
  • grpc: trim whitespaces in accept-encoding header before determining compressors

Release 1.62.0

New Features

  • grpc: Add StaticMethod CallOption as a signal to stats handler that a method is safe to use as an instrument key (#6986)

Behavior Changes

  • grpc: Return canonical target string from ClientConn.Target() and resolver.Address.String() (#6923)

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

Performance Improvements

  • *: Allow building without x/net/trace by using grpcnotrace to enable dead code elimination (#6954)
  • rand: improve performance and simplify implementation of grpcrand by adopting math/rand's top-level functions for go version 1.21.0 and newer. (#6925)

Dependencies

  • *: Use google.golang.org/protobuf/proto instead of github.com/golang/protobuf. (#6919)

[!NOTE] The above change in proto library usage introduces a minor behavior change within those libraries. The old github.com/golang/protobuf library would error if given a nil message to Marshal, while the new google.golang.org/protobuf library will successfully output zero bytes in this case. This means server method handlers that did return nil, nil will now return an empty message and no error, while it used to return an error. This also affects the client side, where clients sending nil messages used to fail without sending the RPC, and now they will send an empty message.

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions