chore: production deploy#5414
Open
supabase-cli-releaser[bot] wants to merge 8 commits into
Open
Conversation
Contributor
supabase-cli-releaser
Bot
commented
Jun 1, 2026
supabase-cli-releaser
Bot
commented
- fix(cli): suppress spinner on stdout for legacy -o machine formats (fix(cli): suppress spinner on stdout for legacy -o machine formats #5410)
- feat(cli): port postgres config (feat(cli): port postgres config #5404)
- fix(cli): telemetry json parse crash (fix(cli): telemetry json parse crash #5405)
- fix(cli): route TS telemetry to production PostHog (fix(cli): route TS telemetry to production PostHog #5411)
- fix(cli): schema-decode telemetry config (fix(cli): schema-decode telemetry config #5412)
- feat(cli): port encryption commands to native TypeScript (feat(cli): port encryption commands to native TypeScript #5409)
- fix(deps): bump the go_modules group across 1 directory with 9 updates (fix(deps): bump the go_modules group across 1 directory with 9 updates #5398)
- fix(cli): status gating (fix(cli): status gating #5335)
…5410) ## What changed `supabase branches list -o json` (and any legacy command run with `-o json|yaml|toml|env`) wrote a clack progress-spinner ANSI sequence — the hide-cursor `\x1b[?25l` plus a spinner frame — to **stdout** ahead of the machine payload, so `JSON.parse` of the captured output threw. Regressed in v2.102.0 when `branches` was ported to TypeScript. ### Why it happened The legacy shell has two independent output-format flags: - `--output-format` (TS-native) — drives **output-layer selection**. - `-o`/`--output` (Go-compat: `env|pretty|json|toml|yaml`) — consumed inside handlers. `legacy/cli/root.ts` selected the output layer using only `--output-format`, ignoring `-o`. So `-o json` (with no `--output-format`) left `output.format === "text"` and the spinner-emitting `textOutputLayer` active. The handler's `output.task(...)` gate (`output.format === "text"`) was `true`, so clack rendered a spinner to stdout, and the Go JSON encoder (`output.raw(encodeGoJson(...))`) appended the JSON — corrupting it. This affected every legacy command that wraps API calls in `output.task` (~32 commands), not just `branches list`. ### The fix Added a legacy-only `legacyQuietProgressTextOutputLayer` (`legacy/output/`) that wraps the shared `textOutputLayer` and no-ops **only** `task`/`progress`. `legacy/cli/root.ts` selects it for any Go machine format (`-o json|yaml|toml|env`). Because the text layer stays active, everything else delegates unchanged: - errors still render as red text on **stderr** (`withJsonErrorHandling` re-fails on `format === "text"`), - the handler still emits its Go-byte-exact payload via `output.raw` (checked before the `output.format` branch). So stdout output is **byte-identical to before, minus the spinner** — Go output parity is preserved exactly. No `shared/` or `next/` changes, so the `next/` shell's text rendering is untouched. Also documents the `-o` vs `--output-format` layer-selection invariant in `apps/cli/AGENTS.md`. Fixes #5397
## TL;DR ports `supabase postgres-config get`, `update`, and `delete` from the legacy go proxy to ts ## What's Introduced here This replaces the `LegacyGoProxy` path for `postgres-config` with native handlers in the existing legacy cli flow keeps the current behavior for reading config, handling repeated `--config key=value` flags, and running `delete` through the same `get` then `put` flow cause `update` can accept arbitrary config keys, it uses raw HTTP here instead of the generated typed client..... and also added tests around this! :D ## ref: closes CLI-1298 --------- Co-authored-by: Colum Ferry <cferry09@gmail.com>
fixes `supabase start` crashing with `JSON Parse error: Unexpected EOF` from a malformed `telemetry.json` by recovering and regenerating unreadable telemetry state - closes #5395 --------- Co-authored-by: Colum Ferry <cferry09@gmail.com>
## Summary Both TypeScript CLI shells defaulted their PostHog write key to a hard-coded staging-project key, so released binaries sent `cli_command_executed` (and other CLI events) to the staging PostHog project instead of production. As commands were ported from the Go binary to native TypeScript handlers, their telemetry silently moved off production. This injects the PostHog key at build time from the existing `POSTHOG_API_KEY` release secret (the same one the Go binary already consumes via `-ldflags`), so released TS binaries report to production. Outside a release build the key is empty and telemetry no-ops, mirroring the Go binary. ## Changes - `posthog-config.ts` (legacy shell) and `cli-config.layer.ts` (next shell): the PostHog key default now reads a build-injected `process.env.SUPABASE_CLI_POSTHOG_KEY`, empty when not injected. The runtime `SUPABASE_TELEMETRY_POSTHOG_KEY` override is unchanged. - `build.ts`: inject the key via `bun build --define` on both the standard and musl compile paths, sourced from `POSTHOG_API_KEY` (already present in the release build env). - `analytics.layer.ts` and `legacy-analytics.layer.ts`: return a no-op analytics client when the key is empty, so local and source builds emit nothing. - Updated the cli-config unit test to expect the empty no-op default. ## Linear - fixes GROWTH-895 --------- Co-authored-by: Julien Goux <hi@jgoux.dev>
## Summary Telemetry config loading now uses an Effect Schema boundary instead of a raw `JSON.parse` cast. Invalid, unreadable, or malformed `telemetry.json` is treated as absent local telemetry state, so telemetry state cannot crash unrelated CLI commands. The telemetry config type is now derived from the runtime schema, and internal absence is represented with `Option` rather than `null`. `telemetry status` still serializes missing persisted consent as `null` at the output boundary. ## Context PR #5405 fixed the immediate empty JSON crash by catching parse errors, but structurally invalid JSON could still be accepted as `TelemetryConfig`. This follows the existing repo pattern of `Schema.fromJsonString(...)` for local state files and keeps malformed telemetry state best-effort and silent.
Promotes `supabase encryption get-root-key` and `encryption
update-root-key` from Go-proxy handlers to native Phase 1+ TypeScript
Effect handlers in the legacy shell. The command is still exposed in the
Go CLI (`cmd/encryption.go`, `GroupID: groupManagementAPI`), so this is
an in-scope strict 1:1 port. Closes CLI-1300.
## What changed
- **`get-root-key`** — resolves the project ref, calls `GET
/v1/projects/{ref}/pgsodium`, and prints the bare root key + `\n` to
**stdout** (Go `fmt.Println` parity). JSON/stream-json modes emit a
structured `result`.
- **`update-root-key`** — reads the new key from stdin (masked clack
prompt on a TTY, trimmed piped bytes otherwise; empty/whitespace → `""`,
matching Go's `io.Copy` + `strings.TrimSpace`), calls `PUT
/v1/projects/{ref}/pgsodium`, and prints `Finished supabase root-key
update.` to **stderr** (Go's `utils.Aqua` rendered as plain text per the
legacy convention).
- **`encryption.errors.ts`** — new family-root error module with
`mapLegacyEncryptionHttpError({ networkVerb, statusVerb })` over the
shared `mapLegacyHttpError`. Go uses different verbs for the network vs
status message of each subcommand, so the factory takes both.
- **`SIDE_EFFECTS.md`** — consolidates the two per-subcommand docs into
one group-level file and **corrects the API route**: the old proxy docs
listed `/v1/projects/{ref}/config/database/vault`; the real route is
`/v1/projects/{ref}/pgsodium`.
- **Telemetry** — both commands wrap with
`withLegacyCommandInstrumentation`; `--project-ref` is intentionally
**not** telemetry-safe here (no `markFlagTelemetrySafe` on the Go
`encryption` group), so it is redacted. PersistentPostRun parity
(linked-project cache + telemetry flush on success **and** failure) via
the `Effect.ensuring` pair.
- **Status tracker** — both subcommands flipped `wrapped` → `ported`.
## Reviewer notes
- `update-root-key` is the first legacy command to wire the `Stdin`
service. Because `Layer.provide` does not share to siblings inside
`Layer.mergeAll`, the command composes `stdinLayer` with its `Tty` +
`Stdio` deps explicitly so the layer is self-contained. Verified against
the bundled binary (`./dist/supabase-legacy …`) to rule out a `Service
not found` panic that in-process tests miss.
- Known divergence (documented in `SIDE_EFFECTS.md`): the TTY masked
prompt uses clack's framing rather than Go's bare `Enter a new root key:
` stderr write; the label text matches. Piped mode reads stdin directly
without printing the prompt, mirroring Go's `io.Copy` branch.
#5398) Bumps the go_modules group with 6 updates in the /apps/cli-go directory: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.5.2+incompatible` | `29.2.0+incompatible` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.17.2` | `5.19.1` | | [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) | `2.1.5` | `2.2.4` | | [github.com/in-toto/in-toto-golang](https://github.com/in-toto/in-toto-golang) | `0.9.0` | `0.11.0` | | [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.25.1` | `0.28.1` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.39.0` | `1.43.0` | Updates `github.com/docker/cli` from 28.5.2+incompatible to 29.2.0+incompatible <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/cli/commit/0b9d1985dbf919678745f122b12b46f730b97d87"><code>0b9d198</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6764">#6764</a> from vvoland/update-docker</li> <li><a href="https://github.com/docker/cli/commit/9c9ec7358833bb3e5622a166673744fca7fefac4"><code>9c9ec73</code></a> vendor: github.com/moby/moby/client v0.2.2</li> <li><a href="https://github.com/docker/cli/commit/bab3e81e1d8874a2d4f26afc02225ee537d0b15d"><code>bab3e81</code></a> vendor: github.com/moby/moby/api v1.53.0</li> <li><a href="https://github.com/docker/cli/commit/2e64fc162ab632a530f7191cc6af65c22356ea0d"><code>2e64fc1</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6367">#6367</a> from thaJeztah/template_slicejoin</li> <li><a href="https://github.com/docker/cli/commit/1f2ba2ac9d8c92870f7cce89dfa17d89d3375c19"><code>1f2ba2a</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6760">#6760</a> from thaJeztah/container_create_fix_error</li> <li><a href="https://github.com/docker/cli/commit/e34a3422cc32c808d2e8b0e0ef51112d53fa896d"><code>e34a342</code></a> templates: make "join" work with non-string slices and map values</li> <li><a href="https://github.com/docker/cli/commit/a86356d42f918968579e670b51bc85dc45982a33"><code>a86356d</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6763">#6763</a> from thaJeztah/bump_mapstructure</li> <li><a href="https://github.com/docker/cli/commit/771660a17e56116eb32677a6d83c5210e5092194"><code>771660a</code></a> vendor: github.com/go-viper/mapstructure/v2 v2.5.0</li> <li><a href="https://github.com/docker/cli/commit/9cff36b35a828be8d137bc5de4983b7e3fef1614"><code>9cff36b</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6762">#6762</a> from thaJeztah/bump_x_deps</li> <li><a href="https://github.com/docker/cli/commit/08ed2bc6e8bc49ad988ecd44633620a48fb10967"><code>08ed2bc</code></a> cli/command/container: make injecting config.json failures a warning</li> <li>Additional commits viewable in <a href="https://github.com/docker/cli/compare/v28.5.2...v29.2.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/go-git/go-git/v5` from 5.17.2 to 5.19.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.19.1</h2> <h2>What's Changed</h2> <ul> <li>v5: plumbing: transport/ssh, Shell-quote path by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2068">go-git/go-git#2068</a></li> <li>v5: git: submodule, Fix relative URL resolution by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2070">go-git/go-git#2070</a></li> <li>v5: git: submodule, canonical remote for relative URLs by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2074">go-git/go-git#2074</a></li> <li>v5: git: submodule, error on remote without URLs by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2078">go-git/go-git#2078</a></li> <li>v5: plumbing: format/idxfile, Validate offset64 indices by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2084">go-git/go-git#2084</a></li> <li>v5: *: Reject malformed variable-length integers by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2092">go-git/go-git#2092</a></li> <li>v5: plumbing: format/packfile, Tighten delta validation by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2091">go-git/go-git#2091</a></li> <li>v5: Add <code>worktreeFilesystem</code> wrapper for worktree and hardening by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2100">go-git/go-git#2100</a></li> <li>v5: config: validate submodule names by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2082">go-git/go-git#2082</a></li> <li>build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/2111">go-git/go-git#2111</a></li> <li>v5: git: Allow MkdirAll on worktree-root paths by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2117">go-git/go-git#2117</a></li> <li>v5: git: Stop validating symlink target paths by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2116">go-git/go-git#2116</a></li> <li>v5: plumbing: format decoder input bounds and contracts by <a href="https://github.com/hiddeco"><code>@hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2125">go-git/go-git#2125</a></li> <li>plumbing: format/packfile, cap delta chain depth in parser by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2137">go-git/go-git#2137</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1">https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1</a></p> <h2>v5.19.0</h2> <h2>What's Changed</h2> <ul> <li>build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/2010">go-git/go-git#2010</a></li> <li>v5: Bump sha1cd and go-billy by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2060">go-git/go-git#2060</a></li> <li>v5: Align object encoding with upstream by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2065">go-git/go-git#2065</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0">https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0</a></p> <h2>v5.18.0</h2> <h2>What's Changed</h2> <ul> <li>plumbing: transport/http, Add support for followRedirects policy by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2004">go-git/go-git#2004</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0">https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/3c3be601aa6c0fd0d536c0d1e4f898b4c60e65fe"><code>3c3be60</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2137">#2137</a> from go-git/validate-v5</li> <li><a href="https://github.com/go-git/go-git/commit/3fba897bd9e84b1aec170fa708b80e297b7d6cf6"><code>3fba897</code></a> plumbing: format/packfile, cap delta chain depth in parser</li> <li><a href="https://github.com/go-git/go-git/commit/a97d6601c85e017bb64c2b0f2e3169f6ef6a6709"><code>a97d660</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2125">#2125</a> from hiddeco/v5/format-input-bounds</li> <li><a href="https://github.com/go-git/go-git/commit/aeaa125c8af8e4c4c95b574c22c5633e97fc436e"><code>aeaa125</code></a> plumbing: format/objfile, require Header before Read</li> <li><a href="https://github.com/go-git/go-git/commit/1f38e171218526ea254a73187a52f0648253c1b8"><code>1f38e17</code></a> plumbing: format/packfile, bound inflate size</li> <li><a href="https://github.com/go-git/go-git/commit/f7545a02529e03998d6a7219140dc0e6644ad337"><code>f7545a0</code></a> plumbing: format/idxfile, bound nr by file size</li> <li><a href="https://github.com/go-git/go-git/commit/170b88181f385913a457a08b68c88956fb3f8e4f"><code>170b881</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2116">#2116</a> from pjbgf/symlink-v5</li> <li><a href="https://github.com/go-git/go-git/commit/7b6d994467f06630268904aa3c441b6de7248b31"><code>7b6d994</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2117">#2117</a> from hiddeco/v5/worktree-fs-mkdirall-root-noop</li> <li><a href="https://github.com/go-git/go-git/commit/f0709b32f8fbb87c16cd63c6762d2cd515f36541"><code>f0709b3</code></a> git: Stop validating symlink target paths</li> <li><a href="https://github.com/go-git/go-git/commit/776d00f11d336f26862d0f2bab987b217f3a7844"><code>776d00f</code></a> git: Allow MkdirAll on worktree-root paths</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.17.2...v5.19.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/containerd/containerd/v2` from 2.1.5 to 2.2.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/containerd/containerd/releases">github.com/containerd/containerd/v2's releases</a>.</em></p> <blockquote> <h2>containerd 2.2.4</h2> <p>Welcome to the v2.2.4 release of containerd!</p> <p>The fourth patch release for containerd 2.2 contains various fixes and updates including security patches.</p> <ul> <li> <p><strong>containerd</strong></p> <ul> <li><a href="https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w"><strong>CVE-2026-46680</strong></a></li> </ul> </li> <li> <p><strong>go-jose</strong></p> <ul> <li><a href="https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"><strong>CVE-2026-34986</strong></a></li> </ul> </li> <li> <p>Use mount manager during image volume processing to support snapshotters that require writable block volumes (e.g., EROFS) (<a href="https://redirect.github.com/containerd/containerd/pull/13242">#13242</a>)</p> </li> <li> <p>Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (<a href="https://redirect.github.com/containerd/containerd/pull/13448">#13448</a>)</p> </li> <li> <p>Apply hardening to block AF_ALG in default socket policy (<a href="https://redirect.github.com/containerd/containerd/pull/13408">#13408</a>)</p> </li> <li> <p>Fix bugs in sandbox service affecting sandbox creation configuration and event publishing (<a href="https://redirect.github.com/containerd/containerd/pull/13266">#13266</a>)</p> </li> <li> <p>Set AppArmor abi conditionally to support versions < 3.0 (<a href="https://redirect.github.com/containerd/containerd/pull/13275">#13275</a>)</p> </li> <li> <p>Disable overlay "rebase" capability when running in a user namespace to fix layer extraction failures (<a href="https://redirect.github.com/containerd/containerd/pull/13393">#13393</a>)</p> </li> <li> <p>Support both "volatile" and "fsync=volatile" mount options for volatile snapshotter (<a href="https://redirect.github.com/containerd/containerd/pull/13296">#13296</a>)</p> </li> </ul> <p>Please try out the release binaries and report any issues at <a href="https://github.com/containerd/containerd/issues">https://github.com/containerd/containerd/issues</a>.</p> <ul> <li>Wei Fu</li> <li>Akihiro Suda</li> <li>Chris Henzie</li> <li>Paweł Gronowski</li> <li>Samuel Karp</li> <li>Brian Goff</li> <li>Champ-Goblem</li> <li>Chris Chang</li> <li>LEI WANG</li> <li>Phil Estes</li> <li>William Myers</li> </ul> <!-- raw HTML omitted --> <ul> <li>oci: return explicit error for out-of-range USER values (<a href="https://redirect.github.com/containerd/containerd/pull/13448">#13448</a>) <ul> <li><a href="https://github.com/containerd/containerd/commit/d20c6267b88bfd52277337184916e293c627542a"><code>d20c6267b</code></a> oci: return explicit error for out-of-range USER values</li> </ul> </li> <li>seccomp: Block AF_ALG in default socket policy (<a href="https://redirect.github.com/containerd/containerd/pull/13408">#13408</a>) <ul> <li><a href="https://github.com/containerd/containerd/commit/db34dc4b4a111883d21ebf088d0fd0db48d82558"><code>db34dc4b4</code></a> seccomp: Block AF_ALG in default socket policy</li> <li><a href="https://github.com/containerd/containerd/commit/214b141ee94410058db80602efdfa47d21d77513"><code>214b141ee</code></a> seccomp: Document socket rule scope and socketcall limitation</li> </ul> </li> <li>update Go to 1.25.10, 1.26.3 (<a href="https://redirect.github.com/containerd/containerd/pull/13375">#13375</a>) <ul> <li><a href="https://github.com/containerd/containerd/commit/c2b1856fae4f237cda30f59f879b7a0f15ad6033"><code>c2b1856fa</code></a> update Go to 1.25.10, 1.26.3</li> </ul> </li> <li>overlay: disable "rebase" capability when running in UserNS (<a href="https://redirect.github.com/containerd/containerd/pull/13393">#13393</a>) <ul> <li><a href="https://github.com/containerd/containerd/commit/63874d262ca46871ff291ef5005e739e55702d07"><code>63874d262</code></a> overlay: disable "rebase" capability when running in UserNS</li> </ul> </li> <li>Support both styles of volatile mount option (<a href="https://redirect.github.com/containerd/containerd/pull/13296">#13296</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/containerd/containerd/commit/193637f7ee8ae5f5aa5248f49e7baa3e6164966e"><code>193637f</code></a> Merge pull request <a href="https://redirect.github.com/containerd/containerd/issues/13457">#13457</a> from samuelkarp/prepare-release-2.2.4</li> <li><a href="https://github.com/containerd/containerd/commit/05e97b445e84e8a5123fee3d051974c95487a13b"><code>05e97b4</code></a> Prepare release notes for v2.2.4</li> <li><a href="https://github.com/containerd/containerd/commit/0a8f65bef19b451ce037ecb8c4870f2b70d0744a"><code>0a8f65b</code></a> Merge pull request <a href="https://redirect.github.com/containerd/containerd/issues/13448">#13448</a> from samuelkarp/oci-withuser-errrange-2.2</li> <li><a href="https://github.com/containerd/containerd/commit/7287de2e6c3d312f1b7acaaa5397ed73f9600c6b"><code>7287de2</code></a> Merge pull request <a href="https://redirect.github.com/containerd/containerd/issues/13408">#13408</a> from k8s-infra-cherrypick-robot/cherry-pick-13327-t...</li> <li><a href="https://github.com/containerd/containerd/commit/db34dc4b4a111883d21ebf088d0fd0db48d82558"><code>db34dc4</code></a> seccomp: Block AF_ALG in default socket policy</li> <li><a href="https://github.com/containerd/containerd/commit/214b141ee94410058db80602efdfa47d21d77513"><code>214b141</code></a> seccomp: Document socket rule scope and socketcall limitation</li> <li><a href="https://github.com/containerd/containerd/commit/105ca971f40aacda7e41e7b0a9cfaa863bfe2773"><code>105ca97</code></a> Merge pull request <a href="https://redirect.github.com/containerd/containerd/issues/13375">#13375</a> from AkihiroSuda/release-2.2-go-1.25.10</li> <li><a href="https://github.com/containerd/containerd/commit/ba7b58506957a3931f4c70409ff457609f76af2e"><code>ba7b585</code></a> Merge pull request <a href="https://redirect.github.com/containerd/containerd/issues/13393">#13393</a> from k8s-infra-cherrypick-robot/cherry-pick-13389-t...</li> <li><a href="https://github.com/containerd/containerd/commit/63874d262ca46871ff291ef5005e739e55702d07"><code>63874d2</code></a> overlay: disable "rebase" capability when running in UserNS</li> <li><a href="https://github.com/containerd/containerd/commit/c2b1856fae4f237cda30f59f879b7a0f15ad6033"><code>c2b1856</code></a> update Go to 1.25.10, 1.26.3</li> <li>Additional commits viewable in <a href="https://github.com/containerd/containerd/compare/v2.1.5...v2.2.4">compare view</a></li> </ul> </details> <br /> Updates `github.com/go-git/go-billy/v5` from 5.8.0 to 5.9.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-billy/releases">github.com/go-git/go-billy/v5's releases</a>.</em></p> <blockquote> <h2>v5.9.0</h2> <h2>What's Changed</h2> <ul> <li>Use path.Clean instead of filepath.Clean in iofs.Open by <a href="https://github.com/puerco"><code>@puerco</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/197">go-git/go-billy#197</a></li> <li>Deprecate ChrootOS in favour of BoundOS by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/201">go-git/go-billy#201</a></li> <li>General Improvements by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/203">go-git/go-billy#203</a></li> <li>osfs: ChrootOS eval baseDir on creation by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/205">go-git/go-billy#205</a></li> <li>Run go-git tests as part of integration tests by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/206">go-git/go-billy#206</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-billy/compare/v5.8.0...v5.9.0">https://github.com/go-git/go-billy/compare/v5.8.0...v5.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-billy/commit/237e529bb8de61704047f71a5ab1c8e6676492f1"><code>237e529</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/206">#206</a> from pjbgf/v5-improvements</li> <li><a href="https://github.com/go-git/go-billy/commit/04edb394b39979b5cbdec30ded6abdcb9f7786c5"><code>04edb39</code></a> build: Add go-git integration test</li> <li><a href="https://github.com/go-git/go-billy/commit/d8efefd33b2e8eeea1030e317bb0d71c5e918270"><code>d8efefd</code></a> osfs: preserve empty ChrootOS base</li> <li><a href="https://github.com/go-git/go-billy/commit/07f2a0bf50e42d438d1d9d263c3c8a22598985b8"><code>07f2a0b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/205">#205</a> from pjbgf/v5-improvements</li> <li><a href="https://github.com/go-git/go-billy/commit/25207c8468f1af656953cb5db7030aad5df1fe99"><code>25207c8</code></a> build: Bump Go versions in workflows</li> <li><a href="https://github.com/go-git/go-billy/commit/2fda229d9ac0cb5ba654ebc824cfbb90248f82d9"><code>2fda229</code></a> osfs: ChrootOS eval baseDir on creation</li> <li><a href="https://github.com/go-git/go-billy/commit/427b27f32f22de11498a682c65cd5060a01ec168"><code>427b27f</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/203">#203</a> from pjbgf/v5-improvements</li> <li><a href="https://github.com/go-git/go-billy/commit/7d5a23ece03edc171c1f63c8fa73f84c8428bf17"><code>7d5a23e</code></a> chroot: Reject symlink loops</li> <li><a href="https://github.com/go-git/go-billy/commit/2c2287a233d2ee1e6cdce8956141f6d10505f3bf"><code>2c2287a</code></a> util: avoid following symlinks in RemoveAll fallback</li> <li><a href="https://github.com/go-git/go-billy/commit/cbd88e9a9a2d7fe1065bbe083d8bf0c5fd7290de"><code>cbd88e9</code></a> Fix mount path handling</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-billy/compare/v5.8.0...v5.9.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/in-toto/in-toto-golang` from 0.9.0 to 0.11.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/in-toto/in-toto-golang/releases">github.com/in-toto/in-toto-golang's releases</a>.</em></p> <blockquote> <h2>v0.11.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump the all group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/453">in-toto/in-toto-golang#453</a></li> <li>chore(deps): bump the all group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/452">in-toto/in-toto-golang#452</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/457">in-toto/in-toto-golang#457</a></li> <li>chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/459">in-toto/in-toto-golang#459</a></li> <li>match: Replace ^ with ! for negation in character classes by <a href="https://github.com/adityasaky"><code>@adityasaky</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/462">in-toto/in-toto-golang#462</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/in-toto/in-toto-golang/compare/v0.10.0...v0.11.0">https://github.com/in-toto/in-toto-golang/compare/v0.10.0...v0.11.0</a></p> <h2>v0.10.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/232">in-toto/in-toto-golang#232</a></li> <li>Update maintainers and governance by <a href="https://github.com/adityasaky"><code>@adityasaky</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/233">in-toto/in-toto-golang#233</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/234">in-toto/in-toto-golang#234</a></li> <li>chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/235">in-toto/in-toto-golang#235</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/236">in-toto/in-toto-golang#236</a></li> <li>Fix expired signature in test by <a href="https://github.com/adityasaky"><code>@adityasaky</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/241">in-toto/in-toto-golang#241</a></li> <li>chore(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/240">in-toto/in-toto-golang#240</a></li> <li>chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/239">in-toto/in-toto-golang#239</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/242">in-toto/in-toto-golang#242</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/243">in-toto/in-toto-golang#243</a></li> <li>Update GitHub Actions workflows by <a href="https://github.com/adityasaky"><code>@adityasaky</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/246">in-toto/in-toto-golang#246</a></li> <li>chore(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/245">in-toto/in-toto-golang#245</a></li> <li>remove linters that are no longer supported and add to make file by <a href="https://github.com/pxp928"><code>@pxp928</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/249">in-toto/in-toto-golang#249</a></li> <li>Add match products feature by <a href="https://github.com/adityasaky"><code>@adityasaky</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/237">in-toto/in-toto-golang#237</a></li> <li>Remove unfinished link on record stop by <a href="https://github.com/PradyumnaKrishna"><code>@PradyumnaKrishna</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/248">in-toto/in-toto-golang#248</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/250">in-toto/in-toto-golang#250</a></li> <li>chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/251">in-toto/in-toto-golang#251</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/255">in-toto/in-toto-golang#255</a></li> <li>Add tests for coverage in envelope.go by <a href="https://github.com/adityasaky"><code>@adityasaky</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/256">in-toto/in-toto-golang#256</a></li> <li>chore(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/257">in-toto/in-toto-golang#257</a></li> <li>chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/258">in-toto/in-toto-golang#258</a></li> <li>chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/259">in-toto/in-toto-golang#259</a></li> <li>Fixes filepath pattern matching in windows by <a href="https://github.com/PradyumnaKrishna"><code>@PradyumnaKrishna</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/254">in-toto/in-toto-golang#254</a></li> <li>chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/261">in-toto/in-toto-golang#261</a></li> <li>chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/262">in-toto/in-toto-golang#262</a></li> <li>chore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/263">in-toto/in-toto-golang#263</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/264">in-toto/in-toto-golang#264</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/266">in-toto/in-toto-golang#266</a></li> <li>Deprecate Provenance v1 struct in favor of /attestation protobufs by <a href="https://github.com/marcelamelara"><code>@marcelamelara</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/267">in-toto/in-toto-golang#267</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/269">in-toto/in-toto-golang#269</a></li> <li>chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/270">in-toto/in-toto-golang#270</a></li> <li>Drop use of <code>any</code> for hash objects by <a href="https://github.com/adityasaky"><code>@adityasaky</code></a> in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/238">in-toto/in-toto-golang#238</a></li> <li>chore(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/271">in-toto/in-toto-golang#271</a></li> <li>chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/273">in-toto/in-toto-golang#273</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/272">in-toto/in-toto-golang#272</a></li> <li>chore(deps): bump golang.org/x/net from 0.12.0 to 0.17.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/274">in-toto/in-toto-golang#274</a></li> <li>chore(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/in-toto/in-toto-golang/pull/275">in-toto/in-toto-golang#275</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/in-toto/in-toto-golang/commit/36d782ffb2ca3adbffcdce1fd971c23319dd4469"><code>36d782f</code></a> Merge pull request <a href="https://redirect.github.com/in-toto/in-toto-golang/issues/462">#462</a> from in-toto/fix-negation-character</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/4a09e3bbc44bc687577b6532e57e8a4abfa5ddf4"><code>4a09e3b</code></a> match: Replace ^ with ! for negation in character classes</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/c3302e8bc36e46119f7ae17c07eb879ff3507caa"><code>c3302e8</code></a> Merge pull request <a href="https://redirect.github.com/in-toto/in-toto-golang/issues/459">#459</a> from in-toto/dependabot/go_modules/github.com/go-jose...</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/016e87efbb55c6dd8772ce227002eeb1b6e3f593"><code>016e87e</code></a> chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/5b9df76e685eaa0a950ea9ba3f4a5561e87e13ad"><code>5b9df76</code></a> Merge pull request <a href="https://redirect.github.com/in-toto/in-toto-golang/issues/457">#457</a> from in-toto/dependabot/go_modules/google.golang.org/...</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/595b3fe0a13f481eb0ef898ccaff5e345e492a2f"><code>595b3fe</code></a> chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/e396d248c9cf19f9e144f4e90c476af88742bf35"><code>e396d24</code></a> Merge pull request <a href="https://redirect.github.com/in-toto/in-toto-golang/issues/452">#452</a> from in-toto/dependabot/github_actions/all-502588e1ca</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/142b779059713332fe5c7856e98f1c564c6d6a09"><code>142b779</code></a> Merge pull request <a href="https://redirect.github.com/in-toto/in-toto-golang/issues/453">#453</a> from in-toto/dependabot/go_modules/all-d8ef5820aa</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/f741bcc43330554606b813fa0f8fe0c284fcdaea"><code>f741bcc</code></a> chore(deps): bump the all group with 2 updates</li> <li><a href="https://github.com/in-toto/in-toto-golang/commit/c374dc9808137651fe8754eed363ec816cd59d2a"><code>c374dc9</code></a> chore(deps): bump the all group across 1 directory with 2 updates</li> <li>Additional commits viewable in <a href="https://github.com/in-toto/in-toto-golang/compare/v0.9.0...v0.11.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/moby/buildkit` from 0.25.1 to 0.28.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/moby/buildkit/releases">github.com/moby/buildkit's releases</a>.</em></p> <blockquote> <h2>v0.28.1</h2> <p>Welcome to the v0.28.1 release of buildkit!</p> <p>Please try out the release binaries and report any issues at <a href="https://github.com/moby/buildkit/issues">https://github.com/moby/buildkit/issues</a>.</p> <h3>Contributors</h3> <ul> <li>Tõnis Tiigi</li> <li>CrazyMax</li> <li>Sebastiaan van Stijn</li> </ul> <h3>Notable Changes</h3> <ul> <li>Fix insufficient validation of Git URL <code>#ref:subdir</code> fragments that could allow access to restricted files outside the checked-out repository root. <a href="https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg">GHSA-4vrq-3vrq-g6gg</a></li> <li>Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. <a href="https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj">GHSA-4c29-8rgm-jvjj</a></li> <li>Fix a panic when processing invalid <code>.dockerignore</code> patterns during <code>COPY</code>. <a href="https://redirect.github.com/moby/buildkit/issues/6610">#6610</a> <a href="https://redirect.github.com/moby/patternmatcher/issues/9">moby/patternmatcher#9</a></li> </ul> <h3>Dependency Changes</h3> <ul> <li><strong>github.com/moby/patternmatcher</strong> v0.6.0 -> v0.6.1</li> </ul> <p>Previous release can be found at <a href="https://github.com/moby/buildkit/releases/tag/v0.28.0">v0.28.0</a></p> <h2>v0.28.0</h2> <p>buildkit 0.28.0</p> <p>Welcome to the v0.28.0 release of buildkit!</p> <p>Please try out the release binaries and report any issues at <a href="https://github.com/moby/buildkit/issues">https://github.com/moby/buildkit/issues</a>.</p> <h3>Contributors</h3> <ul> <li>Tõnis Tiigi</li> <li>CrazyMax</li> <li>Sebastiaan van Stijn</li> <li>Jonathan A. Sternberg</li> <li>Akihiro Suda</li> <li>Amr Mahdi</li> <li>Dan Duvall</li> <li>David Karlsson</li> <li>Jonas Geiler</li> <li>Kevin L.</li> <li>rsteube</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/buildkit/commit/45b038cd0b2ec2d34013ce0f085522276f7ee0d8"><code>45b038c</code></a> git: normalize and validate subdir paths</li> <li><a href="https://github.com/moby/buildkit/commit/f5462c216098af766f97ea4cb328e65c6d8f7256"><code>f5462c2</code></a> git: harden ref arg handling</li> <li><a href="https://github.com/moby/buildkit/commit/71577a5da7a2b3ab75a90c2cfedfda0c27d1ef40"><code>71577a5</code></a> source: extract SafeFileName into shared pathutil package</li> <li><a href="https://github.com/moby/buildkit/commit/df4378316f3b000403d097551a8139a700bd823d"><code>df43783</code></a> source/http: use os.Root for saved file operations</li> <li><a href="https://github.com/moby/buildkit/commit/9ce6f62aca0653657047ee613cdef22f38b31244"><code>9ce6f62</code></a> source/http: sanitize downloaded filenames</li> <li><a href="https://github.com/moby/buildkit/commit/099cf80f5ebc935c48d2925499bffe703a54cff4"><code>099cf80</code></a> executor: validate container IDs centrally</li> <li><a href="https://github.com/moby/buildkit/commit/2642113bbc9d969d223c37aaabca4b50613fddf9"><code>2642113</code></a> Merge pull request <a href="https://redirect.github.com/moby/buildkit/issues/6610">#6610</a> from thaJeztah/0.28_backport_bump_patternmatcher</li> <li><a href="https://github.com/moby/buildkit/commit/802da78332d9f2c6c9d856c1648ab52c701076fa"><code>802da78</code></a> vendor: github.com/moby/patternmatcher v0.6.1</li> <li><a href="https://github.com/moby/buildkit/commit/5245d869d85d9c98f986b600584c332a3b001986"><code>5245d86</code></a> Merge pull request <a href="https://redirect.github.com/moby/buildkit/issues/6551">#6551</a> from tonistiigi/v0.28-cherry-picks</li> <li><a href="https://github.com/moby/buildkit/commit/90ee5deef6c6efcb82358eb48d76235191196db1"><code>90ee5de</code></a> vendor: update x/net to v0.51.0</li> <li>Additional commits viewable in <a href="https://github.com/moby/buildkit/compare/v0.25.1...v0.28.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/moby/spdystream` from 0.5.0 to 0.5.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/moby/spdystream/releases">github.com/moby/spdystream's releases</a>.</em></p> <blockquote> <h2>v0.5.1</h2> <h2>What's Changed</h2> <h3>Security</h3> <p>Fix memory amplification in SPDY frame parsing leads to denial of service (<a href="https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2">CVE-2026-35469</a> / <a href="https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2">GHSA-pc3f-x583-g7j2</a>)</p> <h3>Changes</h3> <ul> <li>spdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE <a href="https://redirect.github.com/moby/spdystream/pull/106">moby/spdystream#106</a></li> <li>ci: update actions and test against latest Go versions <a href="https://redirect.github.com/moby/spdystream/pull/107">moby/spdystream#107</a></li> <li>use ioutil.Discard for go1.13 compatibility <a href="https://redirect.github.com/moby/spdystream/pull/109">moby/spdystream#109</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1">https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2"><code>c59e5d7</code></a> Merge pull request <a href="https://redirect.github.com/moby/spdystream/issues/109">#109</a> from thaJeztah/use_ioutil</li> <li><a href="https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84"><code>2fd0155</code></a> use ioutil.Discard for go1.13 compatibility</li> <li><a href="https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f"><code>ef6121f</code></a> Merge commit from fork</li> <li><a href="https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739"><code>241cec9</code></a> compare with signed Int for 32-bit Arm</li> <li><a href="https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935"><code>21c3864</code></a> Add options to customize limits</li> <li><a href="https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd"><code>acf9b45</code></a> spdy: update godoc for MaxDataLength</li> <li><a href="https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690"><code>eb63605</code></a> spdy: limit header-size and header-count</li> <li><a href="https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6"><code>2f21da4</code></a> spdy: fix header block byte accounting</li> <li><a href="https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50"><code>5976b66</code></a> spdy: enforce 24-bit frame length limits</li> <li><a href="https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13"><code>cf0ec5d</code></a> Guard against oversized SPDY frames</li> <li>Additional commits viewable in <a href="https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.39.0 to 1.43.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog</a>.</em></p> <blockquote> <h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2> <h3>Added</h3> <ul> <li>Add <code>IsRandom</code> and <code>WithRandom</code> on <code>TraceFlags</code>, and <code>IsRandom</code> on <code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code> for <a href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C Trace Context Level 2 Random Trace ID Flag</a> support. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li> <li>Add service detection with <code>WithService</code> in <code>go.opentelemetry.io/otel/sdk/resource</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li> <li>Add <code>DefaultWithContext</code> and <code>EnvironmentWithContext</code> in <code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing <code>context.Context</code> through default and environment detectors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Add support for per-series start time tracking for cumulative metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li> <li>Add <code>WithCardinalityLimitSelector</code> for metric reader for configuring cardinality limits specific to the instrument kind. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Introduce the <code>EMPTY</code> Type in <code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty value is now a valid value, with <code>INVALID</code> remaining as a deprecated alias of <code>EMPTY</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Improve slice handling in <code>go.opentelemetry.io/otel/attribute</code> to optimize short slice values with fixed-size fast paths. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li> <li>Improve performance of span metric recording in <code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if self-observability is not enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li> <li>Improve formatting of metric data diffs in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecate <code>INVALID</code> in <code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Return spec-compliant <code>TraceIdRatioBased</code> description. This is a breaking behavioral change, but it is necessary to make the implementation <a href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li> <li>Fix a race condition in <code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><code>WithHostID</code> detector in <code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for <code>kenv</code> command on BSD. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li>Fix missing <code>request.GetBody</code> in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to correctly handle HTTP2 GOAWAY frame. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> </ul> <h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2> <h3>Added</h3> <ul> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package. The package contains semantic conventions from the <code>v1.40.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a> Release v1.43.0 / v0.65.0 / v0.19.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a> chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a> chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a> limit response body size for OTLP HTTP exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a> Use an absolute path when calling bsd kenv (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a> fix(deps): update module google.golang.org/grpc to v1.80.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a> fix: support getBody in otelploghttp (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a> fix(deps): update googleapis to 9d38bb4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a> chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a> chore(deps): update fossas/fossa-action action to v1.9.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.44.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/sdk's changelog</a>.</em></p> <blockquote> <h2>[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27</h2> <h3>Added</h3> <ul> <li>Add <code>ByteSlice</code> and <code>ByteSliceValue</code> functions for new <code>BYTESLICE</code> attribute type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7948">#7948</a>)</li> <li>Apply attribute value limit to the <code>KindBytes</code> attribute type in <code>go.opentelemetry.io/otel/sdk/log</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li> <li>Apply attribute value limit to the <code>BYTESLICE</code> attribute type in <code>go.opentelemetry.io/otel/sdk/trace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/trace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Add <code>String</code> method for <code>Value</code> type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8142">#8142</a>)</li> <li>Add <code>Slice</code> and <code>SliceValue</code> functions for new <code>SLICE</code> attribute type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8166">#8166</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Apply <code>AttributeValueLengthLimit</code> to <code>attribute.SLICE</code> type attribute values in <code>go.opentelemetry.io/otel/sdk/trace</code>, recursively truncating contained string values. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8217">#8217</a>)</li> <li>Add <code>Error</code> field on <code>Record</code> type in <code>go.opentelemetry.io/otel/log/logtest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8148">#8148</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>Settable</code> to <code>go.opentelemetry.io/otel/metric/x</code> to allow reusing attribute options. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8178">#8178</a>)</li> <li>Add experimental support for splitting metric data across multiple batches in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=<max_size></code> to enable for all periodic readers. See <code>go.opentelemetry.io/otel/sdk/metric/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8071">#8071</a>)</li> <li>Add experimental self-observability metrics in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment variable. See <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8192">#8192</a>)</li> <li>Add experimental self-observability metrics in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment variable. See <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8194">#8194</a>)</li> <li>Add experimental self-observability metrics in <code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment variable. See <code>go.opentelemetry.io/otel/stdout/stdoutlog/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8263">#8263</a>)</li> <li>Add <code>WithDefaultAttributes</code> to <code>go.opentelemetry.io/otel/metric/x</code> to support setting default attributes on instruments. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8135">#8135</a>)</li> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.41.0</code> package. The package contains semantic conventions from the <code>v1.41.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.41.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.40.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8324">#8324</a>)</li> <li>Add Observable variants of instruments to <code>go.opentelemetry.io/otel/semconv/v1.41.0</code> package. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8350">#8350</a>)</li> <li>Generate explicit histogram bucket boundaries from weaver configuration for HTTP and RPC duration instruments in <code>go.opentelemetry.io/otel/semconv/v1.41.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8002">#8002</a>)</li> </ul> <h3>Changed</h3> <ul> <li>⚠️ <strong>Breaking Change:</strong> <code>go.opentelemetry.io/otel/sdk/metric</code> now applies a default cardinality limit of 2000 to comply with the Metrics SDK specification recommendation. New attribute sets are dropped when the cardinality limit is reached. The measurement of these sets are aggregated into a special attribute set containing <code>attribute.Bool("otel.metric.overflow", true)</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b62d92831b2dd142f5a0cc89c828270274196877"><code>b62d928</code></a> Release 1.44.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8376">#8376</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/94132a0a729e94c5aa6e9e1ce7640c0f802dcfea"><code>94132a0</code></a> chore(deps): update golang.org/x/telemetry digest to 5997936 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8379">#8379</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/6fdcf82adfebc3becfb5d357957546d6d7258469"><code>6fdcf82</code></a> feat: add self-observability metrics to otlpmetricgrpc metric exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8192">#8192</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/761bbfc2f4ae002f4a54f8c57c12b8a58135a741"><code>761bbfc</code></a> fix(deps): update golang.org/x (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8377">#8377</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/3a91dc62d3852313bab40ff151bb3e11fae1745e"><code>3a91dc6</code></a> fix(deps): update googleapis to 3dc84a4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8375">#8375</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/f593185679130f56e14bed3c337fa7f8f60756b1"><code>f593185</code></a> exporters/otlp: default max request size to 64 MiB (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8365">#8365</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/f02feacf8652b69c051851cfa2945d2ed5f0d568"><code>f02feac</code></a> Merge commit from fork</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/36c2f1bfd1a6a789dc575f8886399093d7600586"><code>36c2f1b</code></a> semconvkit: add invariant test for histogram-exclusion rule (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8370">#8370</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d0b6cbdff5346557923fd05bd3f5f34df002aeee"><code>d0b6cbd</code></a> sdk/metric: document unit-sensitivity of DefaultAggregationSelector (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8224">#8224</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9a68034bd45c6f24c481d9f9c87ebbee0a61482f"><code>9a68034</code></a> add self observability for stdout exporter (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8263">#8263</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.44.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it …
## TL;DR fixes `supabase status -o json` so excluding postgrest no longer hides `api_url`, while `rest_url` and `graphql_url` remain tied to postgrest availability... ## ref: - closes #5332 Co-authored-by: Colum Ferry <cferry09@gmail.com>
Coverage Report for CI Build 26761615175Warning No base build found for commit Coverage: 63.766%Details
Uncovered ChangesNo uncovered changes found. Coverage RegressionsRequires a base build to compare against. How to fix this → Coverage Stats
💛 - Coveralls |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.