search

turkdevops / grafana

The tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More
https://grafana.com
Apache License 2.0
1 stars 0 forks source link

Bump github.com/aws/aws-sdk-go from 1.25.48 to 1.34.0 #759

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/aws/aws-sdk-go from 1.25.48 to 1.34.0.

Changelog

Sourced from github.com/aws/aws-sdk-go's changelog.

Release v1.34.0 (2020-08-07)

Service Client Updates

  • service/glue: Updates service API and documentation
    • AWS Glue now adds support for Network connection type enabling you to access resources inside your VPC using Glue crawlers and Glue ETL jobs.
  • service/organizations: Updates service API and documentation
    • Documentation updates for some new error reasons.
  • service/s3: Updates service documentation and examples
    • Updates Amazon S3 API reference documentation.
  • service/sms: Updates service API and documentation
    • In this release, AWS Server Migration Service (SMS) has added new features: 1. APIs to work with application and instance level validation 2. Import application catalog from AWS Application Discovery Service 3. For an application you can start on-demand replication

SDK Features

  • service/s3/s3crypto: Updates to the Amazon S3 Encryption Client - This change includes fixes for issues that were reported by Sophie Schmieg from the Google ISE team, and for issues that were discovered by AWS Cryptography.

Release v1.33.21 (2020-08-06)

Service Client Updates

  • service/ec2: Updates service API, documentation, and paginators
    • This release supports Wavelength resources, including carrier gateways, and carrier IP addresses.
  • service/lex-models: Updates service API and documentation
  • service/personalize: Updates service API and documentation
  • service/personalize-events: Updates service API and documentation
  • service/personalize-runtime: Updates service API and documentation
  • service/runtime.lex: Updates service API and documentation

Release v1.33.20 (2020-08-05)

Service Client Updates

  • service/appsync: Updates service API and documentation
  • service/fsx: Updates service documentation
  • service/resourcegroupstaggingapi: Updates service documentation
    • Documentation updates for the Resource Group Tagging API namespace.
  • service/sns: Updates service documentation
    • Documentation updates for SNS.
  • service/transcribe: Updates service API, documentation, and paginators

Release v1.33.19 (2020-08-04)

Service Client Updates

  • service/health: Updates service documentation
    • Documentation updates for health

Release v1.33.18 (2020-08-03)

... (truncated)

Commits
  • ae9b9fd Release v1.34.0 (2020-08-07)
  • 1e84382 Merge commit '12ff57a16373dda5a0c22eafdf0fa1c4c224f7c4' into release
  • b811ea8 Release v1.33.21 (2020-08-06) (#3462)
  • 12ff57a Updates to the Amazon S3 Encryption Client - This change includes fixes for i...
  • 2007a98 Release v1.33.20 (2020-08-05) (#3460)
  • 39b4438 Release v1.33.19 (2020-08-04) (#3458)
  • e14cc11 Merge pull request #3432 from diehlaws/common-files-standardization
  • 9a13de7 Release v1.33.18 (2020-08-03) (#3456)
  • 41f3140 Add reference links to readme
  • 29d57fc Implementing suggested changes
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/grafana/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 10 security issues in this pull request:

Mode: paranoid | Total findings: 10 | Considered vulnerability: 10

Vulnerable Libraries (10)
Severity | Details ----- | -------- N/A | [pkg:golang/golang.org/x/net@v0.0.0-20200202094626-16171245cfb2 @v0.0.0-20200202094626-16171245cfb2 ](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.sum#L341) upgrade to: *1.18.9,1.19.4,0.4.0* N/A | [pkg:golang/golang.org/x/net@0.0.0-20200202094626-16171245cfb2@0.0.0-20200202094626-16171245cfb2](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.mod#L74) upgrade to: *1.15.12,1.16.4,0.0.0-20210428140749-89ef3d95e781* N/A | [pkg:golang/gopkg.in/yaml.v2@v2.2.2 @v2.2.2 ](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/vendor/github.com/jmespath/go-jmespath/go.sum#L10) upgrade to: *2.2.3* N/A | [pkg:golang/github.com/aws/aws-sdk-go@v1.34.0@v1.34.0](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.sum#L15) - **no patch available** N/A | [pkg:golang/github.com/aws/aws-sdk-go@v1.34.0@v1.34.0](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.mod#L9) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20200202094626-16171245cfb2@v0.0.0-20200202094626-16171245cfb2](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.sum#L341) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20200202094626-16171245cfb2@v0.0.0-20200202094626-16171245cfb2](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.mod#L74) - **no patch available** N/A | [pkg:golang/github.com/aws/aws-sdk-go@1.34.0@1.34.0](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.mod#L9) - **no patch available** N/A | [pkg:golang/github.com/aws/aws-sdk-go@v1.34.0 @v1.34.0 ](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/go.sum#L15) - **no patch available** N/A | [pkg:golang/gopkg.in/yaml.v2@v2.2.2@v2.2.2](https://github.com/turkdevops/grafana/blob/79255d57b16b4221d93c4cd78b1e9bd82ea043ec/vendor/github.com/jmespath/go-jmespath/go.sum#L10) upgrade to: *2.2.3* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.