Skip to content

dev: bump the safe group with 9 updates #7590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

dev: bump the safe group with 9 updates #7590

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 14, 2025
edited
Loading

Bumps the safe group with 9 updates:

Package From To
github.com/getsentry/sentry-go 0.31.1 0.32.0
github.com/gorilla/csrf 1.7.2 1.7.3
github.com/nats-io/nats-server/v2 2.11.0 2.11.1
github.com/nats-io/nats.go 1.41.0 1.41.1
github.com/prometheus/client_golang 1.21.1 1.22.0
golang.org/x/crypto 0.36.0 0.37.0
golang.org/x/net 0.38.0 0.39.0
golang.org/x/oauth2 0.28.0 0.29.0
golang.org/x/sync 0.12.0 0.13.0

Updates github.com/getsentry/sentry-go from 0.31.1 to 0.32.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.32.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.32.0.

Breaking Changes

  • Bump the minimum Go version to 1.22. The supported versions are 1.22, 1.23 and 1.24. (#967)
  • Setting any values on span.Extra has no effect anymore. Use SetData(name string, value interface{}) instead. (#864)

Features

  • Add a MockTransport and MockScope. (#972)

Bug Fixes

  • Fix writing *http.Request in the Logrus JSONFormatter. (#955)

Misc

  • Transaction data attributes are now seralized as trace context data attributes, allowing you to query these attributes in the Trace Explorer.
Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.32.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.32.0.

Breaking Changes

  • Bump the minimum Go version to 1.22. The supported versions are 1.22, 1.23 and 1.24. (#967)
  • Setting any values on span.Extra has no effect anymore. Use SetData(name string, value interface{}) instead. (#864)

Features

  • Add a MockTransport and MockScope. (#972)

Bug Fixes

  • Fix writing *http.Request in the Logrus JSONFormatter. (#955)

Misc

  • Transaction data attributes are now seralized as trace context data attributes, allowing you to query these attributes in the Trace Explorer.
Commits
  • 530f74d release: 0.32.0
  • e068944 Prepare 0.32.0 (#992)
  • 32c062f Add transaction.data to contexts.trace.data (#864)
  • 6019770 Fix lint issues (#981)
  • cfbfc6b Expose MockTransport, MockScope in root sentry package (#972)
  • a4e0ea8 Remove github token in lint (#982)
  • 031ec47 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 (#975)
  • bdbb6be build(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 (#974)
  • 3d8d0e1 build(deps): bump actions/create-github-app-token from 1.11.2 to 1.11.5 (#973)
  • e56ac30 build(deps): bump codecov/codecov-action from 5.1.2 to 5.3.1 (#962)
  • Additional commits viewable in compare view

Updates github.com/gorilla/csrf from 1.7.2 to 1.7.3

Release notes

Sourced from github.com/gorilla/csrf's releases.

v1.7.3

This Release fixes the following:

Full Changelog: gorilla/csrf@v1.7.2...v1.7.3

Commits

Updates github.com/nats-io/nats-server/v2 from 2.11.0 to 2.11.1

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.1

Changelog

Go Version

  • 1.24.1

CVEs

  • This release contains fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27.

Fixed

JetStream

  • Correctly validate the calling account on a number of system API calls
  • Check system and account limits when processing a stream restore

Complete Changes

nats-io/nats-server@v2.11.0...v2.11.1

Release v2.11.1-binary

Changelog

Go Version

  • 1.24.1

CVEs

  • This is a binary-only release containing fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27. Public disclosure of the details, including the source code, will be made available no sooner than a week from the release date. All environments should update as soon as possible. For workflows that rely on building from source, we recommend using the binary in the interim.
Commits
  • d78523b Release v2.11.1
  • 6cebef9 Release v2.11.1-binary
  • 06e8537 Improved request account validation
  • e94fec4 Check server and account limits on stream restore
  • 1d60dce Import GitHub Actions, goreleaser and golangci-lint workflow changes from main
  • See full diff in compare view

Updates github.com/nats-io/nats.go from 1.41.0 to 1.41.1

Release notes

Sourced from github.com/nats-io/nats.go's releases.

Release v1.41.1

Changelog

FIXED

  • ObjectStore:
    • Use default timeout for ObjectStore.Get when no deadline is set on ctx (#1850)

IMPROVED

  • Remove golang.org/x/text dependency (#1849)

Complete Changes

nats-io/nats.go@v1.41.0...v1.41.1

Commits
  • 50e6153 Release v1.41.1 (#1851)
  • e04728e [FIXED] Use default timeout for ObjectStore.Get when no deadline is set on ct...
  • 8a2bd73 [IMPROVED] Remove golang.org/x/text dependency (#1849)
  • See full diff in compare view

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765
Commits
  • d50be25 Cut 1.22.0 (#1793)
  • 1043db7 Cut 1.22.0-rc.0 (#1768)
  • e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
  • f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
  • 9df772c build(deps): bump peter-evans/create-pull-request
  • a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
  • 60fd2b0 Remove go.work file for now
  • 8f9d0de exp: Add dependabot config
  • c5cf981 Merge pull request #1762 from prometheus/release-1.21
  • e84c305 exp: Reset snappy buf (#1756)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.36.0 to 0.37.0

Commits
  • 959f8f3 go.mod: update golang.org/x dependencies
  • 769bcd6 ssh: use the configured rand in kex init
  • d0a798f cryptobyte: fix typo 'octects' into 'octets' for asn1.go
  • acbcbef acme: remove unnecessary []byte conversion
  • 376eb14 x509roots: support constrained roots
  • b369b72 crypto/internal/poly1305: implement function update in assembly on loong64
  • 6b853fb ssh/knownhosts: check more than one key
  • See full diff in compare view

Updates golang.org/x/net from 0.38.0 to 0.39.0

Commits

Updates golang.org/x/oauth2 from 0.28.0 to 0.29.0

Commits

Updates golang.org/x/sync from 0.12.0 to 0.13.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
dev: bump the safe group with 9 updates
f94b225 
Bumps the safe group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.31.1` | `0.32.0` |
| [github.com/gorilla/csrf](https://github.com/gorilla/csrf) | `1.7.2` | `1.7.3` |
| [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) | `2.11.0` | `2.11.1` |
| [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) | `1.41.0` | `1.41.1` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.21.1` | `1.22.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.36.0` | `0.37.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.38.0` | `0.39.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.28.0` | `0.29.0` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.12.0` | `0.13.0` |


Updates `github.com/getsentry/sentry-go` from 0.31.1 to 0.32.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.31.1...v0.32.0)

Updates `github.com/gorilla/csrf` from 1.7.2 to 1.7.3
- [Release notes](https://github.com/gorilla/csrf/releases)
- [Commits](gorilla/csrf@v1.7.2...v1.7.3)

Updates `github.com/nats-io/nats-server/v2` from 2.11.0 to 2.11.1
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/.goreleaser.yml)
- [Commits](nats-io/nats-server@v2.11.0...v2.11.1)

Updates `github.com/nats-io/nats.go` from 1.41.0 to 1.41.1
- [Release notes](https://github.com/nats-io/nats.go/releases)
- [Commits](nats-io/nats.go@v1.41.0...v1.41.1)

Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.21.1...v1.22.0)

Updates `golang.org/x/crypto` from 0.36.0 to 0.37.0
- [Commits](golang/crypto@v0.36.0...v0.37.0)

Updates `golang.org/x/net` from 0.38.0 to 0.39.0
- [Commits](golang/net@v0.38.0...v0.39.0)

Updates `golang.org/x/oauth2` from 0.28.0 to 0.29.0
- [Commits](golang/oauth2@v0.28.0...v0.29.0)

Updates `golang.org/x/sync` from 0.12.0 to 0.13.0
- [Commits](golang/sync@v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/gorilla/csrf
  dependency-version: 1.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: github.com/nats-io/nats.go
  dependency-version: 1.41.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: golang.org/x/crypto
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: golang.org/x/net
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: golang.org/x/sync
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 14, 2025
@dependabot dependabot bot requested a review from a team as a code owner April 14, 2025 22:20
@dependabot dependabot bot requested a review from halimi April 14, 2025 22:20
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 21, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Apr 21, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/safe-167bc38d12 branch April 21, 2025 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@halimi halimi Awaiting requested review from halimi halimi is a code owner automatically assigned from TheThingsNetwork/stack-reviewers-1

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant