search

stellar / stellar-disbursement-platform-backend

Stellar Disbursement Platform Backend
Apache License 2.0
37 stars 22 forks source link

Bump the minor-and-patch group across 1 directory with 5 updates #411

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the minor-and-patch group with 5 updates in the / directory:

Package From To
github.com/go-chi/httprate 0.14.0 0.14.1
github.com/prometheus/client_golang 1.20.2 1.20.3
github.com/rs/cors 1.11.0 1.11.1
github.com/twilio/twilio-go 1.22.3 1.23.0
golang.org/x/crypto 0.26.0 0.27.0

Updates github.com/go-chi/httprate from 0.14.0 to 0.14.1

Commits


Updates github.com/prometheus/client_golang from 1.20.2 to 1.20.3

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.3

  • [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608
Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.3 / 2024-09-05

  • [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608
Commits
  • ef2f87e Merge pull request #1620 from prometheus/arthursens/prepare-1.20.3
  • 937ac63 Add changelog entry for 1.20.3
  • 6e9914d Merge pull request #1608 from krajorama/index-out-of-range-native-histogram-e...
  • d6b8c89 Update comments with more explanations
  • 504566f Use simplified solution from #1609 for the data race
  • dc8e9a4 fix: native histogram: Simplify and fix addExemplar
  • dc819ce Use a trivial solution to #1605
  • e061dfa native histogram: use exemplars in concurrency test
  • See full diff in compare view


Updates github.com/rs/cors from 1.11.0 to 1.11.1

Commits
  • a814d79 Re-add support for multiple Access-Control-Request-Headers field (fixes #184)...
  • 1562b17 Removed redundant log nil checks (#178)
  • 3d336ea Update all dependencies to latest in examples (#175)
  • 85fc0ca Make Gin wrapper's status configurable and use 204 as default (fixes #145) (#...
  • See full diff in compare view


Updates github.com/twilio/twilio-go from 1.22.3 to 1.23.0

Release notes

Sourced from github.com/twilio/twilio-go's releases.

v1.23.0

Release Notes

Iam

  • updated library_visibility public for new public apikeys

Numbers

  • Add new field in Error Codes for Regulatory Compliance.
  • Change typing of Port In Request date_created field to date_time instead of date (breaking change)

Docs

v1.22.4

Release Notes

Api

  • Update documentation of error_code and error_message on the Message resource.
  • Remove generic parameters from transcription resource
  • Added public documentation for Payload Data retrieval API

Flex

  • Adding update Flex User api

Insights

  • Added 'branded', 'business_profile' and 'voice_integrity' fields in List Call Summary

Intelligence

  • Add words array information to the Sentences v2 entity.
  • Add X-Rate-Limit-Limit, X-Rate-Limit-Remaining, and X-Rate-Limit-Config headers for Operator Results.
  • Change the path parameter when fetching an /OperatorType/{} from sid<EY> to string to support searching by SID or by name
  • Add X-Rate-Limit-Limit, X-Rate-Limit-Remaining, and X-Rate-Limit-Config headers for Transcript and Service endpoints.

Messaging

  • Adds two new channel senders api to add/remove channel senders to/from a messaging service
  • Extend ERC api to accept an optional attribute in request body to indicate CNP migration for an ERC

Numbers

  • Modify visibility to public in bundle clone API
  • Add port_date field to Port In Request and Port In Phone Numbers Fetch APIs
  • Change properties docs for port in phone numbers api
  • Add is_test body param to the Bundle Create API
  • Change properties docs for port in api

Trusthub

  • Add new field in themeSetId in compliance_inquiry.

Verify

  • Update custom_code_enabled description on verification docs

... (truncated)

Changelog

Sourced from github.com/twilio/twilio-go's changelog.

[2024-09-05] Version 1.23.0

Iam

  • updated library_visibility public for new public apikeys

Numbers

  • Add new field in Error Codes for Regulatory Compliance.
  • Change typing of Port In Request date_created field to date_time instead of date (breaking change)

[2024-08-26] Version 1.22.4

Api

  • Update documentation of error_code and error_message on the Message resource.
  • Remove generic parameters from transcription resource
  • Added public documentation for Payload Data retrieval API

Flex

  • Adding update Flex User api

Insights

  • Added 'branded', 'business_profile' and 'voice_integrity' fields in List Call Summary

Intelligence

  • Add words array information to the Sentences v2 entity.
  • Add X-Rate-Limit-Limit, X-Rate-Limit-Remaining, and X-Rate-Limit-Config headers for Operator Results.
  • Change the path parameter when fetching an /OperatorType/{} from sid<EY> to string to support searching by SID or by name
  • Add X-Rate-Limit-Limit, X-Rate-Limit-Remaining, and X-Rate-Limit-Config headers for Transcript and Service endpoints.

Messaging

  • Adds two new channel senders api to add/remove channel senders to/from a messaging service
  • Extend ERC api to accept an optional attribute in request body to indicate CNP migration for an ERC

Numbers

  • Modify visibility to public in bundle clone API
  • Add port_date field to Port In Request and Port In Phone Numbers Fetch APIs
  • Change properties docs for port in phone numbers api
  • Add is_test body param to the Bundle Create API
  • Change properties docs for port in api

Trusthub

  • Add new field in themeSetId in compliance_inquiry.

Verify

  • Update custom_code_enabled description on verification docs
Commits
  • 06470bf Release v1.23.0
  • 861a795 [Librarian] Regenerated @ 78bf2bbef74e4846ca8353fbdee038a6b8080c59 2250ef3ba0...
  • 97e1a80 Release v1.22.4
  • 0ed56ec [Librarian] Regenerated @ c8ce9820730ef3b2a48912311d45afb8c26b9ee7 2ee5b1fa49...
  • See full diff in compare view


Updates golang.org/x/crypto from 0.26.0 to 0.27.0

Commits
  • c9da6b9 all: fix printf(var) mistakes detected by latest printf checker
  • b35ab4f go.mod: update golang.org/x dependencies
  • bcb0f91 internal/poly1305: Port sum_amd64.s to Avo
  • 7eace71 chacha20poly1305: Avo port of chacha20poly1305_amd64.s
  • 620dfbc salsa20/salsa: Port salsa20_amd64.s to Avo
  • 82942cf blake2b: port blake2b_amd64.s to Avo
  • 0484c26 blake2b: port blake2bAVX2_amd64.s to Avo
  • 38ed1bc blake2s: port blake2s_amd64.s to Avo
  • 38a0b5d argon2: Avo port of blamka_amd64.s
  • bf5f14f x509roots/fallback: update bundle
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
socket-security[bot] commented 2 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
golang/github.com/go-chi/httprate@v0.14.1 network 0 39.7 kB
golang/github.com/prometheus/client_golang@v1.20.3 filesystem, network, unsafe 0 1.15 MB
golang/github.com/rs/cors@v1.11.1 network 0 64.6 kB
golang/github.com/twilio/twilio-go@v1.23.0 environment, network, unsafe 0 9.34 MB
golang/golang.org/x/crypto@v0.27.0 environment, filesystem, network, shell, unsafe 0 4.16 MB

🚮 Removed packages: golang/github.com/go-chi/httprate@v0.14.0, golang/github.com/prometheus/client_golang@v1.20.2, golang/github.com/rs/cors@v1.11.0, golang/github.com/twilio/twilio-go@v1.22.3, golang/golang.org/x/crypto@v0.26.0

View full report↗︎

socket-security[bot] commented 2 months ago

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: golang/github.com/go-chi/httprate@v0.14.1, golang/github.com/prometheus/client_golang@v1.20.3, golang/github.com/rs/cors@v1.11.1, golang/github.com/twilio/twilio-go@v1.23.0, golang/golang.org/x/crypto@v0.27.0, golang/golang.org/x/sys@v0.25.0, golang/golang.org/x/term@v0.24.0, golang/golang.org/x/text@v0.18.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

marcelosalloum commented 2 months ago

@dependabot rebase

marcelosalloum commented 2 months ago

@dependabot rebase

dependabot[bot] commented 2 months ago

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

marcelosalloum commented 2 months ago

@SocketSecurity ignore-all

marcelosalloum commented 2 months ago

@dependabot squash and merge