fix(deps): update module github.com/sirupsen/logrus to v1.8.3 [security] (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
github.com/sirupsen/logrus	require	minor	v1.5.0 → v1.8.3

GitHub Vulnerability Alerts

CVE-2025-65637

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

---

Release Notes

sirupsen/logrus (github.com/sirupsen/logrus)

v1.8.3

Compare Source

What's Changed

• Add instructions to use different log levels for local and syslog by @​tommyblue in #​1372
• This commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by @​ozfive in #​1376
• Use text when shows the logrus output by @​xieyuschen in #​1339

New Contributors

• @​tommyblue made their first contribution in #​1372
• @​ozfive made their first contribution in #​1376
• @​xieyuschen made their first contribution in #​1339

Full Changelog: sirupsen/logrus@v1.8.2...v1.8.3

v1.8.2

Compare Source

What's Changed

• CI: use GitHub Actions by @​thaJeztah in #​1239
• go.mod: github.com/stretchr/testify v1.7.0 by @​thaJeztah in #​1246
• Change godoc badge to pkg.go.dev badge by @​minizilla in #​1249
• Add support for the logger private buffer pool. by @​edoger in #​1253
• bump golang.org/x/sys depency version by @​dgsb in #​1280
• Update README.md by @​runphp in #​1266
• indicates issues as stale automatically by @​dgsb in #​1281
• ci: add go 1.17 to test matrix by @​anajavi in #​1277
• reduce the list of cross build target by @​dgsb in #​1282
• Improve Log methods documentation by @​dgsb in #​1283
• fix race condition for SetFormatter and SetReportCaller by @​rubensayshi in #​1263
• bump version of golang.org/x/sys dependency by @​nathanejohnson in #​1333
• update gopkg.in/yaml.v3 to v3.0.1 by @​izhakmo in #​1337
• update dependencies by @​dgsb in #​1343
• Fix data race in hooks.test package by @​FrancoisWagner in #​1362

New Contributors

• @​minizilla made their first contribution in #​1249
• @​edoger made their first contribution in #​1253
• @​runphp made their first contribution in #​1266
• @​anajavi made their first contribution in #​1277
• @​rubensayshi made their first contribution in #​1263
• @​nathanejohnson made their first contribution in #​1333
• @​izhakmo made their first contribution in #​1337
• @​FrancoisWagner made their first contribution in #​1362

Full Changelog: sirupsen/logrus@v1.8.1...v1.8.2

v1.8.1

Compare Source

v1.8.0

Compare Source

Correct versioning number replacing v1.7.1

v1.7.1

Compare Source

Code quality:

• use go 1.15 in travis
• use magefile as task runner

Fixes:

• small fixes about new go 1.13 error formatting system
• Fix for long time race condiction with mutating data hooks

Features:

• build support for zos

v1.7.0: Add new BufferPool and LogFunction APIs

Compare Source

• a new buffer pool management API has been added
• a set of <LogLevel>Fn() functions have been added
• the dependency toward a windows terminal library has been removed

v1.6.0

Compare Source

Release v1.6.0

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: examples/go/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
github.com/stretchr/testify	v1.5.1 -> v1.7.0
golang.org/x/sys	v0.0.0-20210423082822-04245dca01da -> v0.0.0-20220715151400-c0bba94af5f8

File name: examples/tutorial/go/part3/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
golang.org/x/sys	v0.0.0-20190422165155-953cdadca894 -> v0.0.0-20220715151400-c0bba94af5f8

File name: examples/tutorial/go/part4/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
golang.org/x/sys	v0.0.0-20190422165155-953cdadca894 -> v0.0.0-20220715151400-c0bba94af5f8

File name: examples/tutorial/go/part6/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/stretchr/testify	v1.5.1 -> v1.7.0

[github-actions]

➖ Are we earthbuild yet?

No change in "earthly" occurrences

📈 Overall Progress

Branch	Total Count
main	5726
This PR	5726
Difference	+0

---

Keep up the great work migrating from Earthly to Earthbuild! 🚀

💡 Tips for finding more occurrences

Run locally to see detailed breakdown:

./.github/scripts/count-earthly.sh

Note that the goal is not to reach 0.
There is anticipated to be at least some occurences of earthly in the source code due to backwards compatibility with config files and language constructs.