chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	v3.5.2 -> v3.5.3
actions/dependency-review-action	action	patch	v3.0.4 -> v3.0.7
actions/setup-go	action	minor	v4.0.0 -> v4.1.0
github.com/golangci/golangci-lint	require	minor	v1.52.2 -> v1.54.1
github.com/sirupsen/logrus	require	patch	v1.9.0 -> v1.9.3
github.com/urfave/cli/v2	require	patch	v2.25.3 -> v2.25.7
github/codeql-action	action	minor	v2.3.2 -> v2.21.3
google.golang.org/protobuf	require	minor	v1.30.0 -> v1.31.0
step-security/harden-runner	action	minor	v2.3.1 -> v2.5.1

---

Release Notes

actions/checkout (actions/checkout)

v3.5.3

Compare Source

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

actions/dependency-review-action (actions/dependency-review-action)

v3.0.7: 3.0.7

Compare Source

What's Changed

• Make GHES support / setup more clear by @​rajbos in https://github.com/actions/dependency-review-action/pull/534
• Add an option to deny packages or groups of packages by @​adrienpessu in https://github.com/actions/dependency-review-action/pull/544

New Contributors

• @​rajbos made their first contribution in https://github.com/actions/dependency-review-action/pull/534
• @​adrienpessu made their first contribution in https://github.com/actions/dependency-review-action/pull/544

Full Changelog: actions/dependency-review-action@v3...v3.0.7

v3.0.6: 3.0.6

Compare Source

Fixes a bug introduced in 3.0.5 where we raised PURL errors when Dependency Graph returns an empty package_url.

v3.0.5: 3.0.5

Compare Source

What's Changed

Thanks to @​theztefan, we now have a new allow-dependencies-licenses option that takes a list of dependencies that will be excluded from license checks. See the configuration options for more information on how to use it.

• Exclude dependencies from license checks by @​theztefan in https://github.com/actions/dependency-review-action/pull/423
• Documentation examples by @​theztefan in https://github.com/actions/dependency-review-action/pull/423
• Show snapshot warnings in the summary by @​juxtin in https://github.com/actions/dependency-review-action/pull/439
• Fix default values for fail-on-severity by @​febuiles in https://github.com/actions/dependency-review-action/pull/451
• Updated dependencies.

New Contributors

• @​juxtin made their first contribution in https://github.com/actions/dependency-review-action/pull/439
• @​theztefan made their first contribution in https://github.com/actions/dependency-review-action/pull/423

Full Changelog: actions/dependency-review-action@v3...v3.0.5

actions/setup-go (actions/setup-go)

v4.1.0

Compare Source

What's Changed

In scope of this release, slow installation on Windows was fixed by @​dsame in https://github.com/actions/setup-go/pull/393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (https://github.com/actions/setup-go/pull/383)

This release also includes the following changes:

• Remove implicit dependencies by @​nikolai-laevskii in https://github.com/actions/setup-go/pull/378
• Update action.yml by @​mkelly in https://github.com/actions/setup-go/pull/379
• Added a description that go-version should be specified as a string type by @​n3xem in https://github.com/actions/setup-go/pull/367
• Add note about YAML parsing versions by @​dmitry-shibanov in https://github.com/actions/setup-go/pull/382
• Automatic update of configuration files from 05/23/2023 by @​github-actions in https://github.com/actions/setup-go/pull/377
• Bump tough-cookie and @​azure/ms-rest-js by @​dependabot in https://github.com/actions/setup-go/pull/392
• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in https://github.com/actions/setup-go/pull/397
• Bump semver from 6.3.0 to 6.3.1 by @​dependabot in https://github.com/actions/setup-go/pull/396

New Contributors

• @​mkelly made their first contribution in https://github.com/actions/setup-go/pull/379
• @​n3xem made their first contribution in https://github.com/actions/setup-go/pull/367

Full Changelog: actions/setup-go@v4...v4.1.0

v4.0.1

Compare Source

What's Changed

• Update documentation for v4 by @​dsame in https://github.com/actions/setup-go/pull/354
• Fix glob bug in the package.json scripts section by @​IvanZosimov in https://github.com/actions/setup-go/pull/359
• Bump xml2js dependency by @​dmitry-shibanov in https://github.com/actions/setup-go/pull/370
• Bump @actions/cache dependency to v3.2.1 by @​nikolai-laevskii in https://github.com/actions/setup-go/pull/374

New Contributors

• @​nikolai-laevskii made their first contribution in https://github.com/actions/setup-go/pull/374

Full Changelog: actions/setup-go@v4...v4.0.1

golangci/golangci-lint (github.com/golangci/golangci-lint)

v1.54.1

Compare Source

1. updated linters:
   • go-critic: from 0.8.2 to 0.9.0
2. misc.
   • plugin: temporarily hide warning about using plugins using the old API

v1.54.0

Compare Source

1. updated linters:
   • decorder: from 0.2.3 to 0.4.0
   • dupword: from 0.0.11 to 0.0.12
   • errorlint: from 1.4.2 to 1.4.3
   • exhaustruct: from 2.3.0 to 3.1.0
   • forbidigo: from 1.5.3 to 1.6.0
   • funlen: from 0.0.3 to 0.1.0
   • gci: from 0.10.1 to 0.11.0
   • ginkgolinter: from 0.12.1 to 0.13.3
   • go-critic: from 0.8.1 to 0.8.2
   • go-errorlint: from 1.4.2 to 1.4.3
   • go-exhaustruct: from 2.3.0 to 3.1.0
   • gocognit: from 1.0.6 to 1.0.7
   • gocritic: from 0.8.1 to 0.8.2
   • gofmt: autofix missing newline at EOF
   • misspell: 0.4.0 to 0.4.1
   • musttag: from 0.7.0 to 0.7.1
   • paralleltest: from 1.0.7 to 1.0.8
   • tagalign: from 1.2.2 to 1.3.2
   • typecheck: explain it and remove it from the linter list
   • zerologlint: from 0.1.2 to 0.1.3
2. misc.
   • 🎉 go1.21 support
   • plugin: include custom linters in enable-all
   • plugin: allow to use settings for plugins
3. Documentation
   • Add linter descriptions.

Important

ruleguard (a "rule" inside gocritic) was disabled in this release (v1.54.0) and was enabled again in the next release (v1.54.1).

exhaustruct has breaking changes with regular expressions, more details here.

v1.53.3

Compare Source

1. updated linters:
   • cyclop: from 1.2.0 to 1.2.1
   • exhaustive: from 0.10.0 to 0.11.0
   • forbidigo: from 1.5.1 to 1.5.3
   • ginkgolinter: from 0.12.2 to 0.12.1
   • ineffassign: bump to HEAD
   • nakedret: from 2.0.1 to 2.0.2
   • zerologlint: from 0.1.1 to 0.1.2
2. misc.
   • codeclimate: reduce memory allocation
   • support illumos/amd64

v1.53.2

Compare Source

1. updated linters
   • depguard: from v2.0.1 to 2.1.0
2. misc.
   • depguard: throw error only when the linter is called

v1.53.1

Compare Source

1. misc.
   • depguard: fix GOROOT detection
   • importas: fix duplication detection when aliases use regular expression replacement pattern

v1.53.0

Compare Source

1. new linters
   • gosmopolitan: https://github.com/xen0n/gosmopolitan
   • mirror: https://github.com/butuzov/mirror
   • tagalign: https://github.com/4meepo/tagalign
   • zerologlint: https://github.com/ykadowak/zerologlint
2. updated linters
   • bodyclose: bump to HEAD
   • containedctx: from 1.0.2 to 1.0.3
   • depguard: migrate to v2
   • errname: from 0.1.9 to 0.1.10
   • exhaustive: from 0.9.5 to 0.10.0
   • forbidigo: better support for configuring complex rules
   • gci: improve error message
   • ginkgolinter: add suppress-async-assertion option
   • ginkgolinter: from 0.9.0 to 0.12.0
   • go-critic: from 0.7.0 to 0.8.1
   • go-errorlint: from 1.4.0 to 1.4.2
   • gofumpt: from 0.4.0 to 0.5.0
   • gosec: convert global settings as map with proper key type
   • gosec: from 2.15.0 to 2.16.0
   • importas: detect duplicate alias or package in the configuration
   • importas: fix typo in logs
   • ireturn: from 0.1.1 to 0.2.0
   • musttag: from 0.5.0 to 0.7.0
   • nakedret: to 2.0.1
   • nilnil: from 0.1.3 to 0.1.5
   • paralleltest: from 1.0.6 to 1.0.7
   • revive: from 1.3.1 to 1.3.2
   • tagliatelle: from 0.4.0 to 0.5.0
   • usestdlibvars: fix configuration
3. misc.
   • golang.org/x/tools: from 0.7.0 to 0.9.2
   • add loongarch64 to the install script
   • output: add colored-tab
   • remove warning when the config file is explicitly stdin
   • rules: support inverted path match
4. Documentation
   • mnd: clarify ignore usage examples to be regexps
   • tagliatelle: update documentation
   • improve features section
   • update supported Go versions FAQ

sirupsen/logrus (github.com/sirupsen/logrus)

v1.9.3

Compare Source

• Fix a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines sirupsen/logrus@f9291a5 (re-apply https://github.com/sirupsen/logrus/pull/1376)
• Fix panic in Writer sirupsen/logrus@d40e25c

Full Changelog: sirupsen/logrus@v1.9.2...v1.9.3

v1.9.2

Compare Source

• Revert https://github.com/sirupsen/logrus/pull/1376, which introduced a regression in v1.9.1

Full Changelog: sirupsen/logrus@v1.9.1...v1.9.2

v1.9.1

Compare Source

What's Changed

• Fix data race in hooks.test package by @​FrancoisWagner in https://github.com/sirupsen/logrus/pull/1362
• Add instructions to use different log levels for local and syslog by @​tommyblue in https://github.com/sirupsen/logrus/pull/1372
• This commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by @​ozfive in https://github.com/sirupsen/logrus/pull/1376
• Use text when shows the logrus output by @​xieyuschen in https://github.com/sirupsen/logrus/pull/1339

New Contributors

• @​FrancoisWagner made their first contribution in https://github.com/sirupsen/logrus/pull/1362
• @​tommyblue made their first contribution in https://github.com/sirupsen/logrus/pull/1372
• @​ozfive made their first contribution in https://github.com/sirupsen/logrus/pull/1376
• @​xieyuschen made their first contribution in https://github.com/sirupsen/logrus/pull/1339

Full Changelog: sirupsen/logrus@v1.9.0...v1.9.1

urfave/cli (github.com/urfave/cli/v2)

v2.25.7

Compare Source

What's Changed

• Fix: fix v2 broken tests by @​dearchap in https://github.com/urfave/cli/pull/1757
• Fix:(issue_1755) Ensure that timestamp flag destination is set correctly by @​dearchap in https://github.com/urfave/cli/pull/1756

Full Changelog: urfave/cli@v2.25.6...v2.25.7

v2.25.6

Compare Source

What's Changed

• Fix:(issue_1668) Add test case for sub command of sub command completion by @​dearchap in https://github.com/urfave/cli/pull/1747
• Update dependencies for v2 by @​meatballhat in https://github.com/urfave/cli/pull/1749
• Document slice flags as part of examples (v2) by @​carhartl in https://github.com/urfave/cli/pull/1751

Full Changelog: urfave/cli@v2.25.5...v2.25.6

v2.25.5

Compare Source

What's Changed

• Fix:(issue_1737) Set bool count by taking care of num of aliases by @​dearchap in https://github.com/urfave/cli/pull/1740

Full Changelog: urfave/cli@v2.25.4...v2.25.5

v2.25.4

Compare Source

What's Changed

• Bug/fix issue 1703 by @​jojje in https://github.com/urfave/cli/pull/1728
• Fix:(issue_1734) Show categories for subcommands by @​dearchap in https://github.com/urfave/cli/pull/1735
• Fix:(issue_1610). Keep RunAsSubcommand behaviour as before by @​dearchap in https://github.com/urfave/cli/pull/1736
• Fix:(issue_1731) Add fix for checking if aliases are set by @​dearchap in https://github.com/urfave/cli/pull/1732
• Fix func name referenced in doc comment by @​meatballhat in https://github.com/urfave/cli/pull/1738

New Contributors

• @​jojje made their first contribution in https://github.com/urfave/cli/pull/1728

Full Changelog: urfave/cli@v2.25.3...v2.25.4

github/codeql-action (github/codeql-action)

v2.21.3

Compare Source

v2.21.2

Compare Source

v2.21.1

Compare Source

v2.21.0

Compare Source

v2.20.4

Compare Source

v2.20.3

Compare Source

v2.20.2

Compare Source

v2.20.1

Compare Source

v2.20.0

Compare Source

v2.3.6

Compare Source

v2.3.5

Compare Source

v2.3.4

Compare Source

v2.3.3

Compare Source

protocolbuffers/protobuf-go (google.golang.org/protobuf)

v1.31.0

Compare Source

Notable changes

New Features

• CL/489316: types/dynamicpb: add NewTypes
  • Add a function to construct a dynamic type registry from a protoregistry.Files
• CL/489615: encoding: add MarshalAppend to protojson and prototext

Minor performance improvements

• CL/491596: encoding/protodelim: If UnmarshalFrom gets a bufio.Reader, try to reuse its buffer instead of creating a new one
• CL/500695: proto: store the size of tag to avoid multiple calculations

Bug fixes

• CL/497935: internal/order: fix sorting of synthetic oneofs to be deterministic
• CL/505555: encoding/protodelim: fix handling of io.EOF

step-security/harden-runner (step-security/harden-runner)

v2.5.1

Compare Source

What's Changed

• Updated default allowed endpoints to include *.actions.githubusercontent.com. GitHub Actions recently started making calls to additional sub-domains for this domain. Please update to this latest version of harden-runner to allow these new endpoints.
• Update README.md by @​varunsh-coder in https://github.com/step-security/harden-runner/pull/326
• Bump step-security/harden-runner from 2.4.1 to 2.5.0 by @​dependabot in https://github.com/step-security/harden-runner/pull/327

Full Changelog: step-security/harden-runner@v2...v2.5.1

v2.5.0

Compare Source

What's Changed

Release v2.5.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/325

This release:

1. Adds support for Actions Runner Controller (ARC) environment
2. Improves the job summary markdown

Full Changelog: step-security/harden-runner@v2...v2.5.0

v2.4.1

Compare Source

What's Changed

Release v2.4.1 by @​varunsh-coder and @​Devils-Knight in https://github.com/step-security/harden-runner/pull/309

This release

1. Shows a preview of the network events in the job summary markdown
2. Uses a fallback DNS service from Cloudflare in addition to Google DNS to improve reliability

Full Changelog: step-security/harden-runner@v2...v2.4.1

v2.4.0

Compare Source

What's Changed

• Release v2.4.0 by @​varunsh-coder and @​h0x0er in https://github.com/step-security/harden-runner/pull/292
  Adds support for wildcard domains in block mode. e.g. you can add *.data.mcr.microsoft.com:443 to the allowed list, and egress traffic will be allowed to eastus.data.mcr.microsoft.com:443 and westus.data.mcr.microsoft.com:443.
  Link to documentation.
• Bump actions/checkout from 3.5.0 to 3.5.2 by @​dependabot in https://github.com/step-security/harden-runner/pull/277
• Bump github/codeql-action from 2.2.11 to 2.2.12 by @​dependabot in https://github.com/step-security/harden-runner/pull/278
• Bump step-security/harden-runner from 2.3.0 to 2.3.1 by @​dependabot in https://github.com/step-security/harden-runner/pull/282
• Added a workflow for reviewing code changes using stepsecurity code reviewer by @​boahc077 in https://github.com/step-security/harden-runner/pull/290

Full Changelog: step-security/harden-runner@v2...v2.4.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.