search

tillkuhn / angkor

🌅(Mostly) educational app to manage favorite locations and recipes. Techstack Frontend: Angular 16 (TypeScript, Mapbox GL), Backend: Spring Boot 3.2 (JDK 21, Kotlin, PostgreSQL, Kafka, Cognito), Go Microservices, Docker, Terraform managed AWS Infrastructure
Apache License 2.0
16 stars 4 forks source link

Bump the everything group across 1 directory with 6 updates #747

Open dependabot[bot] opened 6 days ago

dependabot[bot] commented 6 days ago

Bumps the everything group with 6 updates in the /go/imagine directory:

Package From To
github.com/aws/aws-sdk-go 1.54.8 1.55.5
github.com/golang-jwt/jwt/v4 4.5.0 4.5.1
github.com/jellydator/ttlcache/v3 3.2.0 3.3.0
github.com/prometheus/client_golang 1.19.1 1.20.5
github.com/rs/xid 1.5.0 1.6.0
github.com/stretchr/testify 1.9.0 1.10.0

Updates github.com/aws/aws-sdk-go from 1.54.8 to 1.55.5

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.55.5 (2024-07-30)

Service Client Updates

  • service/appstream: Updates service API and documentation
    • Added support for Red Hat Enterprise Linux 8 on Amazon AppStream 2.0
  • service/autoscaling: Updates service API and documentation
    • Increase the length limit for VPCZoneIdentifier from 2047 to 5000
  • service/codepipeline: Updates service API, documentation, and paginators
    • AWS CodePipeline V2 type pipelines now support stage level conditions to enable development teams to safely release changes that meet quality and compliance requirements.
  • service/elasticache: Updates service documentation
    • Doc only update for changes to deletion API.
  • service/elasticloadbalancing: Updates service API
  • service/eventbridge: Updates service API
  • service/logs: Updates service API
    • Add v2 smoke tests and smithy smokeTests trait for SDK testing.
  • service/models.lex.v2: Updates service API and documentation
  • service/rolesanywhere: Updates service API and documentation
  • service/tnb: Updates service API and documentation
  • service/workspaces: Updates service documentation
    • Removing multi-session as it isn't supported for pools

Release v1.55.4 (2024-07-29)

Service Client Updates

  • service/elasticache: Updates service documentation
    • Renaming full service name as it appears in developer documentation.
  • service/memorydb: Updates service API and documentation

Release v1.55.3 (2024-07-25)

Service Client Updates

  • service/application-autoscaling: Updates service API
  • service/application-signals: Updates service API and documentation
  • service/bedrock-runtime: Updates service API and documentation
  • service/codecommit: Updates service API and documentation
    • CreateRepository API now throws OperationNotAllowedException when the account has been restricted from creating a repository.
  • service/datazone: Updates service API and documentation
  • service/ec2: Updates service API and documentation
    • EC2 Fleet now supports using custom identifiers to reference Amazon Machine Images (AMI) in launch requests that are configured to choose from a diversified list of instance types.
  • service/ecr: Updates service API, documentation, paginators, and examples
    • API and documentation updates for Amazon ECR, adding support for creating, updating, describing and deleting ECR Repository Creation Template.
  • service/eks: Updates service API and documentation
  • service/elasticloadbalancingv2: Updates service API, documentation, and examples
  • service/network-firewall: Updates service API and documentation
  • service/outposts: Updates service API and documentation
  • service/states: Updates service API and documentation
    • This release adds support to customer managed KMS key encryption in AWS Step Functions.

... (truncated)

Commits


Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1

Commits


Updates github.com/jellydator/ttlcache/v3 from 3.2.0 to 3.3.0

Release notes

Sourced from github.com/jellydator/ttlcache/v3's releases.

v3.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/jellydator/ttlcache/compare/v3.2.1...v3.3.0

v3.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/jellydator/ttlcache/compare/v3.2.0...v3.2.1

Commits
  • 09bb8f4 Optimize Len method by counting expired items in expiration queue
  • 923d329 Add RangeBackwards method
  • d22fb9e Exclude expired keys in data retrieval methods
  • 1e6fd11 remove size when initializing map
  • f4a6991 use value directly when range map
  • 2371d93 Fix data race in Items()
  • 66d8e52 Bump golang.org/x/sync from 0.7.0 to 0.8.0
  • 62c3733 fix double insertion into expiration queue
  • 9ca4fc0 add test for update of expired items
  • d62194a add thread safety to features list (#137)
  • Additional commits viewable in compare view


Updates github.com/prometheus/client_golang from 1.19.1 to 1.20.5

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.5 / 2024-10-15

We decided to revert the testutil change that made our util functions less error-prone, but created a lot of work for our downstream users. Apologies for the pain! This revert should not cause any major breaking change, even if you already did the work--unless you depend on the exact error message.

Going forward, we plan to reinforce our release testing strategy [1],[2] and deliver an enhanced testutil package/module with more flexible and safer APIs.

Thanks to @​dashpole @​dgrisonnet @​kakkoyun @​ArthurSens @​vesari @​logicalhan @​krajorama @​bwplotka who helped in this patch release! 🤗

Changelog

[BUGFIX] testutil: Reverted #1424; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input. #1645

v1.20.4

  • [BUGFIX] histograms: Fix a possible data race when appending exemplars vs metrics gather. #1623

v1.20.3

  • [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608

v1.20.2

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

v1.20.1

This release contains the critical fix for the issue. Thanks to @​geberl, @​CubicrootXYZ, @​zetaab and @​timofurrer for helping us with the investigation!

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on Linux machines. #1587

v1.20.0

Thanks everyone for contributions!

:warning: In this release we remove one (broken anyway, given Go runtime changes) metric and add three new (representing GOGC, GOMEMLIMIT and GOMAXPROCS flags) to the default collectors.NewGoCollector() collector. Given its popular usage, expect your binary to expose two additional metric.

Changes

  • [CHANGE] :warning: go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
  • [FEATURE] :warning: go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
  • [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
  • [FEATURE] testutil: Add CollectAndFormat method. #1503
  • [FEATURE] histograms: Add support for exemplars in native histograms. #1471
  • [FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496
  • [FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544
  • [FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537
  • [FEATURE] process-collectors: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555
  • [FEATURE] promlint: Add duplicated metric lint rule. #1472
  • [BUGFIX] promlint: Relax metric type in name linter rule. #1455
  • [BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480
  • [BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.5 / 2024-10-15

  • [BUGFIX] testutil: Reverted #1424; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input.

1.20.4 / 2024-09-07

  • [BUGFIX] histograms: Fix possible data race when appending exemplars vs metrics gather. #1623

1.20.3 / 2024-09-05

  • [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608

1.20.2 / 2024-08-23

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

  • [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587

1.20.0 / 2024-08-14

  • [CHANGE] :warning: go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577
  • [FEATURE] :warning: go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559
  • [FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578
  • [FEATURE] testutil: Add CollectAndFormat method. #1503
  • [FEATURE] histograms: Add support for exemplars in native histograms. #1471
  • [FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496
  • [FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544
  • [FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537
  • [FEATURE] process-collector: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555
  • [FEATURE] promlint: Add duplicated metric lint rule. #1472
  • [BUGFIX] promlint: Relax metric type in name linter rule. #1455
  • [BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480
  • [BUGFIX] breaking testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424 (reverted in 1.20.5)

1.19.0 / 2024-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

  • [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
  • [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

  • [FEATURE] promlint: Allow creation of custom metric validations. #1311
  • [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
  • [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
  • [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
  • [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

... (truncated)

Commits
  • 48e12a1 Merge pull request #1645 from prometheus/cut-1204-pr1424
  • 504ad9b Cut 1.20.5; update comments.
  • 584a7ce Revert "testutil compareMetricFamilies: make less error-prone (#1424)"
  • 05fcde9 Merge pull request #1623 from krajorama/data-race-in-histogram-write
  • 209f4c0 Add changelog
  • 1e398cc native histogram: Fix race between Write and addExemplar
  • ef2f87e Merge pull request #1620 from prometheus/arthursens/prepare-1.20.3
  • 937ac63 Add changelog entry for 1.20.3
  • 6e9914d Merge pull request #1608 from krajorama/index-out-of-range-native-histogram-e...
  • d6b8c89 Update comments with more explanations
  • Additional commits viewable in compare view


Updates github.com/rs/xid from 1.5.0 to 1.6.0

Commits


Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

Fixes

Documantation, Build & CI

New Contributors

... (truncated)

Commits
  • 89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
  • 07bac60 Merge pull request #1667 from sikehish/flaky
  • 716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
  • 118fb83 NotSame should fail if args are not pointers #1661 (#1664)
  • 7d99b2b attempt 2
  • 05f87c0 more similar
  • ea7129e better fmt
  • a1b9c9e Merge pull request #1663 from ybrustin/master
  • 8302de9 Merge branch 'master' into master
  • 89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
  • Additional commits viewable in compare view


You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions