Bump the minor-dependencies group with 6 updates

[dependabot]

Bumps the minor-dependencies group with 6 updates:

Package	From	To
github.com/sirupsen/logrus	1.9.0	1.9.3
github.com/spf13/cobra	1.6.1	1.7.0
github.com/stretchr/testify	1.8.0	1.8.4
golang.org/x/sync	0.3.0	0.4.0
golang.org/x/sys	0.5.0	0.13.0
google.golang.org/grpc	1.51.0	1.58.3

Updates github.com/sirupsen/logrus from 1.9.0 to 1.9.3

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.3

• Fix a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines sirupsen/logrus@f9291a5 (re-apply sirupsen/logrus#1376)
• Fix panic in Writer sirupsen/logrus@d40e25c

Full Changelog: sirupsen/logrus@v1.9.2...v1.9.3

v1.9.2

• Revert sirupsen/logrus#1376, which introduced a regression in v1.9.1

Full Changelog: sirupsen/logrus@v1.9.1...v1.9.2

v1.9.1

What's Changed

• Fix data race in hooks.test package by @​FrancoisWagner in sirupsen/logrus#1362
• Add instructions to use different log levels for local and syslog by @​tommyblue in sirupsen/logrus#1372
• This commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by @​ozfive in sirupsen/logrus#1376
• Use text when shows the logrus output by @​xieyuschen in sirupsen/logrus#1339

New Contributors

• @​FrancoisWagner made their first contribution in sirupsen/logrus#1362
• @​tommyblue made their first contribution in sirupsen/logrus#1372
• @​ozfive made their first contribution in sirupsen/logrus#1376
• @​xieyuschen made their first contribution in sirupsen/logrus#1339

Full Changelog: sirupsen/logrus@v1.9.0...v1.9.1

Commits

• d40e25c fix panic in Writer
• f9291a5 Revert "Revert "Merge pull request #1376 from ozfive/master""
• 352781d Revert "Merge pull request #1376 from ozfive/master"
• b30aa27 Merge pull request #1339 from xieyuschen/patch-1
• 6acd903 Merge pull request #1376 from ozfive/master
• 105e63f Merge pull request #1 from ashmckenzie/ashmckenzie/fix-writer-scanner
• c052ba6 Scan text in 64KB chunks
• e59b167 Merge pull request #1372 from tommyblue/syslog_different_loglevels
• 766cfec This commit fixes a potential denial of service vulnerability in logrus.Write...
• 70234da Add instructions to use different log levels for local and syslog
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.6.1 to 1.7.0

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.7.0

✨ Features

• Allow to preserve ordering of completions in bash, zsh, pwsh, & fish: @​h4ck3rk3y #1903
• Add support for PowerShell 7.2+ in completions: @​oldium #1916
• Allow sourcing zsh completion script: @​marckhouzam #1917

🐛 Bug fixes

• Don't remove flag values that match sub-command name: @​brianpursley #1781
• Fix powershell completions not returning single word: @​totkeks #1850
• Remove masked template import variable name: @​yashLadha #1879
• Correctly detect completions with dash in argument: @​oncilla #1817

🧪 Testing & CI/CD

• Deprecate Go 1.15 in CI: @​umarcor #1866
• Deprecate Go 1.16 in CI: @​umarcor #1926
• Add testing for Go 1.20 in CI: @​umarcor #1925
• Add tests to illustrate unknown flag bug: @​brianpursley #1854

🔧 Maintenance

• Update main image to better handle dark backgrounds: @​Deleplace and @​marckhouzam #1883
• Fix stale.yaml mispellings: @​enrichman #1863
• Remove stale bot from GitHub actions: @​jpmcb #1908
• Add makefile target for installing dependencies: @​umarcor #1865
• Add Sia to projects using Cobra: @​mike76-dev #1844
• Add Vitess and Arewefastyet to projects using cobra: @​frouioui #1932
• Fixup for Kubescape github org: @​dwertent #1874
• Fix route for GitHub workflows badge: @​sh-cho #1884
• Fixup for GoDoc style documentation: @​yashLadha #1885
• Various bash scripting improvements for completion: @​scop #1702
• Add Constellation to projects using Cobra: @​datosh #1829

✏️ Documentation

• Add documentation about disabling completion descriptions: @​Shihta #1901
• Improve MarkFlagsMutuallyExclusive example in user guide: @​janhn #1904
• Update shell_completions.md: @​gusega #1907
• Update copywrite year: @​umarcor #1927
• Document suggested layout of subcommands: @​lcarva #1930
• Replace deprecated ExactValidArgs with MatchAll in doc: @​doniacld #1836

---

This release contains several long running fixes, improvements to powershell completions, and further optimizations for completions.

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you! 🐍

Full changelog: spf13/cobra@v1.6.1...v1.7.0

Commits

• 4dd4b25 Update main image to better handle dark background (#1883)
• 45360a5 Allow sourcing zsh completion script (#1917)
• c8a20a1 Document suggested layout for subcommands (#1930)
• b197a24 Update projects_using_cobra.md (#1932)
• 9e6b58a update copyright year (#1927)
• fb36524 ci: test Golang 1.20 (#1925)
• c7300f0 ci: deprecate go 1.16 (#1926)
• 567ea8e Add support for PowerShell 7.2+ (#1916)
• 3daa4b9 Add keeporder to shell completion (#1903)
• a516d41 Removes stale bot from GitHub action (#1908)
• Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.8.0 to 1.8.4

Commits

• f97607b Create GitHub release when new release tag is pushed (#1354)
• 4c93d8f EqualExportedValues: Handle nested pointer, slice and map fields (#1379)
• 4b2f4d2 add EventuallyWithT assertion (#1264)
• b3106d7 allow testing for functional options (#1023)
• 437071b assert: fix error message formatting for NotContains (#1362)
• c5fc9d6 Compare public elements of struct (#1309)
• f36bfe3 Fix Subset/NotSubset when map is missing keys from the subset (#1261)
• 0ab3ce1 Fix CallerInfo() source file paths (#1288)
• 2b00d33 Fix Call.Unset() panic (issue #1236) (#1250)
• 9acc222 fix: fix bug for check unsafe.Pointer isNil (#1319)
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.3.0 to 0.4.0

Commits

• 22ba207 singleflight: add panicError.Unwrap method
• See full diff in compare view

Updates golang.org/x/sys from 0.5.0 to 0.13.0

Commits

• 2964e1e unix: remove unused readlen and writelen
• 3186bae windows: remove the 8192-codepoint arg limit in FuzzComposeCommandLine
• 807530f unix: remove lists of unimplemented syscalls
• 01c413d windows: document the return type mismatch for CommandLineToArgv
• e649453 windows: convert TestCommandLineRecomposition to a fuzz test and fix discrepa...
• 8858c72 unix: update riscv_hwprobe constants
• 71c9d87 windows: add console ConPTY API
• aa9470e unix/linux: update to Linux kernel 6.5
• c7ff727 unix: fix double copy in (*SockaddrALG).sockaddr
• c7cbcbb unix: add TestSockaddrALG
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.51.0 to 1.58.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release v1.58.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.58.2

Bug Fixes

• balancer/weighted_round_robin: fix ticker leak on update

  A new ticker is created every time there is an update of addresses or configuration, but was not properly stopped. This change stops the ticker when it is no longer needed.

Release 1.58.1

Bug Fixes

• grpc: fix a bug that was decrementing active RPC count too early for streaming RPCs; leading to channel moving to IDLE even though it had open streams
• grpc: fix a bug where transports were not being closed upon channel entering IDLE

Release 1.58.0

API Changes

See #6472 for details about these changes.

• balancer: add StateListener to NewSubConnOptions for SubConn state updates and deprecate Balancer.UpdateSubConnState (#6481)
  • UpdateSubConnState will be deleted in the future.
• balancer: add SubConn.Shutdown and deprecate Balancer.RemoveSubConn (#6493)
  • RemoveSubConn will be deleted in the future.
• resolver: remove deprecated AddressType (#6451)
  • This was previously used as a signal to enable the "grpclb" load balancing policy, and to pass LB addresses to the policy. Instead, balancer/grpclb/state.Set() should be used to add these addresses to the name resolver's output. The built-in "dns" name resolver already does this.
• resolver: add new field Endpoints to State and deprecate Addresses (#6471)
  • Addresses will be deleted in the future.

New Features

• balancer/leastrequest: Add experimental support for least request LB policy and least request configured as a custom xDS policy (#6510, #6517)
  • Set GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST=true to enable
• stats: Add an RPC event for blocking caused by the LB policy's picker (#6422)

Bug Fixes

• clusterresolver: fix deadlock when dns resolver responds inline with update or error at build time (#6563)
• grpc: fix a bug where the channel could erroneously report TRANSIENT_FAILURE when actually moving to IDLE (#6497)
• balancergroup: do not cache closed sub-balancers by default; affects rls, weightedtarget and clustermanager LB policies (#6523)
• client: fix a bug that prevented detection of RPC status in trailers-only RPC responses when using ClientStream.Header(), and prevented retry of the RPC (#6557)

Performance Improvements

• client & server: Add experimental [With]SharedWriteBuffer to improve performance by reducing allocations when sending RPC messages. (Disabled by default.) (#6309)
  • Special Thanks: @​s-matyukevich

... (truncated)

Commits

• bf05b95 Change version.go to v1.58.3 (#6707)
• c40c9ba server: prohibit more than MaxConcurrentStreams handlers from running at once...
• dd9270d update version to 1.58.3-dev (#6656)
• c0aa20a Change version to 1.58.2 (#6654)
• 67a53a6 balancer/weightedroundrobin: fix ticker leak on update (#6655)
• 863de73 update version to 1.58.2-dev (#6633)
• 62726d4 update version to 1.58.1 (#6629)
• fa6d9ab cherry-pick 6610 and 6620 (#6627)
• 467fbf2 Change version to 1.58.1-dev (#6580)
• c2b0797 Change version to 1.58.0 (#6579)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions