Bump go.uber.org/fx from 1.19.2 to 1.19.3

dependabot[bot] commented 1 year ago

Bumps go.uber.org/fx from 1.19.2 to 1.19.3.

Release notes

Sourced from go.uber.org/fx's releases.

v1.19.3

Changed

Fixed several typos in docs.

WASM build support.

Annotating In and Out structs with From/As annotations generated invalid results. The annotation check now blocks this.

Shutdown: Support calling from Invoke.

Deprecated

Deprecate ShutdownTimeout option.

Fixed

Respect Shutdowner ExitCode from calling Run.

Changelog

Sourced from go.uber.org/fx's changelog.

1.19.3 - 2023-04-17

Changed

Fixed several typos in docs.

WASM build support.

Annotating In and Out structs with From/As annotations generated invalid results. The annotation check now blocks this.

Shutdown: Support calling from Invoke.

Deprecated

Deprecate ShutdownTimeout option.

Fixed

Respect Shutdowner ExitCode from calling Run.

Commits

2fec0b8 Prepare release v1.19.3 (#1069)
7174fde Shutdowner: Support calling from fx.Invoke (#1076)
57e421a [docs] Add the ability to copy code (#1083)
ec9b096 Shutdown: Don't stop receiver, deprecate ShutdownTimeout (#1082)
808956a TestDataRace: Fix leak (#1081)
0316fd3 coverage: Don't count e2e test code (#1078)
8f5597f App.Run: Respect Shutdowner ExitCode (#1075)
590809b typo: getting-started docs (#1072)
475cd1b Disallow using In/Out structs with From/As annotations (#1068)
195960b chore(deps): bump golang.org/x/tools from 0.7.0 to 0.8.0 in /tools (#1065)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

guardrails[bot] commented 1 year ago

:warning: We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity | Details :-: | :-- N/A | [pkg:golang/go.uber.org/fx@v1.19.3@v1.19.3](https://github.com/xmidt-org/webpa-common/blob/18f615b4e47fb8991f1a656b96ade3298ac52f08/go.mod#L38) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.