Bump the go_modules group across 2 directories with 1 update #1022

dependabot · 2024-03-06T20:13:31Z

Bumps the go_modules group with 1 update in the /test/sql directory: github.com/cloudevents/sdk-go/v2.

Updates github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

Patch for a potential security issue. See CVE-2024-28110.

Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: v2.15.1...v2.15.2

Release v2.15.1

What's Changed

Bump andstor/file-existence-action from 2 to 3 by @dependabot in cloudevents/sdk-go#1009

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/conformance by @dependabot in cloudevents/sdk-go#993

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/benchmark by @dependabot in cloudevents/sdk-go#994

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/kafka by @dependabot in cloudevents/sdk-go#995

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/integration by @dependabot in cloudevents/sdk-go#996

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/kafka_sarama/v2 by @dependabot in cloudevents/sdk-go#997

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/http by @dependabot in cloudevents/sdk-go#998

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/nats by @dependabot in cloudevents/sdk-go#999

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/stan by @dependabot in cloudevents/sdk-go#1004

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/nats_jetstream by @dependabot in cloudevents/sdk-go#1003

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/nats/v2 by @dependabot in cloudevents/sdk-go#1002

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/nats_jetstream/v2 by @dependabot in cloudevents/sdk-go#1001

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/stan/v2 by @dependabot in cloudevents/sdk-go#1000

Propose the confluent-kafka-go binding for Kafka by @yanmxa in cloudevents/sdk-go#1008

Sync CESQL tck tests by @Cali0707 in cloudevents/sdk-go#1010

Fix docstring typos in nats and jetstream protocol by @jafossum in cloudevents/sdk-go#1013

Bump golangci/golangci-lint-action from 3 to 4 by @dependabot in cloudevents/sdk-go#1016

Bump the bundler group across 1 directories with 1 update by @dependabot in cloudevents/sdk-go#1011

Remove vi swp file by @duglin in cloudevents/sdk-go#1020

New Contributors

@Cali0707 made their first contribution in cloudevents/sdk-go#1010

@jafossum made their first contribution in cloudevents/sdk-go#1013

Full Changelog: v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits

de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
c5f8d9d Update v2/protocol/http/protocol.go
c17d949 Avoid modifying the DefaultClient's Transport
67e3899 Merge pull request #1020 from duglin/oops
f0061e0 oops
4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
b6949b0 Bump the bundler group across 1 directories with 1 update
df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
1af6e06 Bump golangci/golangci-lint-action from 3 to 4
2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 1 update in the /test/sql directory: [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go). Updates `github.com/cloudevents/sdk-go/v2` from 2.14.0 to 2.15.2 - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](v2.14.0...v2.15.2) --- updated-dependencies: - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-type: direct:production dependency-group: go_modules-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 6, 2024

dependabot bot mentioned this pull request Mar 6, 2024

Bump github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.2 in /test/sql #1021

Closed

duglin approved these changes Mar 6, 2024

View reviewed changes

duglin merged commit 0a3095d into main Mar 6, 2024
9 checks passed

duglin deleted the dependabot/go_modules/test/sql/go_modules-security-group-353ba581ac branch March 6, 2024 20:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go_modules group across 2 directories with 1 update #1022

Bump the go_modules group across 2 directories with 1 update #1022

dependabot bot commented on behalf of github Mar 6, 2024

Bump the go_modules group across 2 directories with 1 update #1022

Bump the go_modules group across 2 directories with 1 update #1022

Conversation

dependabot bot commented on behalf of github Mar 6, 2024

Release v2.15.2

What's Changed

Release v2.15.1

What's Changed

New Contributors

Release v2.15.0

Highlights 💫

Breaking 🚨

Commits 📄