Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go_modules group across 2 directories with 5 updates #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the go_modules group across 2 directories with 5 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 21, 2024

Bumps the go_modules group with 3 updates in the /plugin-redfish directory: golang.org/x/crypto, google.golang.org/grpc and google.golang.org/protobuf.
Bumps the go_modules group with 3 updates in the /plugin-unmanaged-racks directory: github.com/kataras/iris/v12, golang.org/x/crypto and google.golang.org/protobuf.

Updates golang.org/x/crypto from 0.7.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.8.0 to 0.10.0

Commits
  • daac0ce go.mod: update golang.org/x dependencies
  • 82780d6 http2: don't reuse connections that are experiencing errors
  • 0bfab66 ipv4, ipv6: drop redundant skip checks based on GOOS
  • 938ff15 ipv4, ipv6, nettest: skip unsupported tests on wasip1
  • eb1572c html: another shot at security doc
  • 9001ca7 nettest: re-enable unixpacket tests on netbsd/386
  • 3d5a8ee internal/socks: permit authenticating with an empty password
  • 694cff8 go.mod: update golang.org/x dependencies
  • 6960703 http2: log the correct error when retrying in (*Transport).RoundTripOpt
  • 9f24bb4 http2: properly discard data received after request/response body is closed
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.38.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.30.0 to 1.33.0

Updates github.com/kataras/iris/v12 from 12.1.0 to 12.2.0

Release notes

Sourced from github.com/kataras/iris/v12's releases.

v12.2.0

What's Changed

New Contributors

Full Changelog: kataras/iris@v12.1.8...v12.2.0

v12.1.8

Su, 16 February 2020 | v12.1.8

New Features:

Fixes:

New Examples:

v12.1.7

Mo, 10 February 2020

... (truncated)

Changelog

Sourced from github.com/kataras/iris/v12's changelog.

Sa, 11 March 2023 | v12.2.0

This release introduces new features and some breaking changes. The codebase for Dependency Injection, Internationalization and localization and more have been simplified a lot (fewer LOCs and easier to read and follow up).

24 Dec 2022

All new features have been tested in production and seem to work fine. Fixed all reported and reproducible bugs. The v12.2.0-beta7 is the latest beta release of v12.2.0. Expect the final public and stable release of v12.2.0 shortly after February 2023.

Fixes and Improvements

  • Add iris.TrimParamFilePart to handle cases like #2024 and improve the _examples/routing/dynamic-path/main.go example to include that case as well.

  • Breaking-change: HTML template functions yield, part, partial, partial_r and render now accept (and require for some cases) a second argument of the binding data context too. Convert: {{ yield }} to {{ yield . }}, {{ render "templates/mytemplate.html" }} to {{ render "templates/mytemplate.html" . }}, {{ partial "partials/mypartial.html" }} to {{ partial "partials/mypartial.html" . }} and so on.

  • Add new URLParamSeparator to the configuration. Defaults to "," but can be set to an empty string to disable splitting query values on Context.URLParamSlice method.

  • [PR #1992](kataras/iris#1992): Added support for third party packages on httptest. An example using 3rd-party module named Ginkgo can be found here.

  • Add Context.Render method for compatibility.

  • Support of embedded locale files using standard embed.FS with the new LoadFS function.

  • Support of direct embedded view engines (HTML, Blocks, Django, Handlebars, Pug, Jet and Ace) with embed.FS or fs.FS (in addition to string and http.FileSystem types).

  • Add support for embed.FS and fs.FS on app.HandleDir.

  • Add iris.Patches() package-level function to customize Iris Request Context REST (and more to come) behavior.

  • Minor fixes.

  • Enable setting a custom "go-redis" client through SetClient go redis driver method or Client struct field on sessions/database/redis driver as requested at chat.

  • Ignore "csrf.token" form data key when missing on ctx.ReadForm by default as requested at #1941.

  • Fix CVE-2020-5398.

  • New {x:weekday} path parameter type, example code:

// 0 to 7 (leading zeros don't matter) or "Sunday" to "Monday" or "sunday" to "monday".
// http://localhost:8080/schedule/monday or http://localhost:8080/schedule/Monday or
// http://localhost:8080/schedule/1 or http://localhost:8080/schedule/0001.
app.Get("/schedule/{day:weekday}", func(ctx iris.Context) {
    day, _ := ctx.Params().GetWeekday("day")
    ctx.Writef("Weekday requested was: %v\n", day)
})
  • Make the Context.JSON method customizable by modifying the context.WriteJSON package-level function.
  • Add new iris.NewGuide which helps you build a simple and nice JSON API with services as dependencies and better design pattern.
  • Make Context.Domain() customizable by letting developers to modify the Context.GetDomain package-level function.
  • Remove Request Context-based Transaction feature as its usage can be replaced with just the Iris Context (as of go1.7+) and better project structure.
  • Fix #1882

... (truncated)

Commits

Updates golang.org/x/crypto from 0.7.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.8.0 to 0.10.0

Commits
  • daac0ce go.mod: update golang.org/x dependencies
  • 82780d6 http2: don't reuse connections that are experiencing errors
  • 0bfab66 ipv4, ipv6: drop redundant skip checks based on GOOS
  • 938ff15 ipv4, ipv6, nettest: skip unsupported tests on wasip1
  • eb1572c html: another shot at security doc
  • 9001ca7 nettest: re-enable unixpacket tests on netbsd/386
  • 3d5a8ee internal/socks: permit authenticating with an empty password
  • 694cff8 go.mod: update golang.org/x dependencies
  • 6960703 http2: log the correct error when retrying in (*Transport).RoundTripOpt
  • 9f24bb4 http2: properly discard data received after request/response body is closed
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.29.0 to 1.33.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the go_modules group across 2 directories with 5 updates
638d9f6 
Bumps the go_modules group with 3 updates in the /plugin-redfish directory: [golang.org/x/crypto](https://github.com/golang/crypto), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and google.golang.org/protobuf.
Bumps the go_modules group with 3 updates in the /plugin-unmanaged-racks directory: [github.com/kataras/iris/v12](https://github.com/kataras/iris), [golang.org/x/crypto](https://github.com/golang/crypto) and google.golang.org/protobuf.


Updates `golang.org/x/crypto` from 0.7.0 to 0.17.0
- [Commits](golang/crypto@v0.7.0...v0.17.0)

Updates `golang.org/x/net` from 0.8.0 to 0.10.0
- [Commits](golang/net@v0.8.0...v0.10.0)

Updates `google.golang.org/grpc` from 1.38.0 to 1.56.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.38.0...v1.56.3)

Updates `google.golang.org/protobuf` from 1.30.0 to 1.33.0

Updates `github.com/kataras/iris/v12` from 12.1.0 to 12.2.0
- [Release notes](https://github.com/kataras/iris/releases)
- [Changelog](https://github.com/kataras/iris/blob/main/HISTORY.md)
- [Commits](kataras/iris@v12.1.0...v12.2.0)

Updates `golang.org/x/crypto` from 0.7.0 to 0.17.0
- [Commits](golang/crypto@v0.7.0...v0.17.0)

Updates `golang.org/x/net` from 0.8.0 to 0.10.0
- [Commits](golang/net@v0.8.0...v0.10.0)

Updates `google.golang.org/protobuf` from 1.29.0 to 1.33.0

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/kataras/iris/v12
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants