Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the go_modules group across 6 directories with 8 updates #17

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the go_modules group across 6 directories with 8 updates #17

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 20, 2024

Bumps the go_modules group with 5 updates in the / directory:

Package From To
github.com/jackc/pgx/v4 4.18.1 4.18.2
google.golang.org/protobuf 1.31.0 1.33.0
github.com/jackc/pgx/v5 5.5.0 5.5.4
github.com/docker/docker 24.0.0+incompatible 24.0.9+incompatible
google.golang.org/grpc 1.59.0 1.62.1
Bumps the go_modules group with 2 updates in the /dev/linters directory: golang.org/x/crypto and github.com/jackc/pgproto3/v2.
Bumps the go_modules group with 2 updates in the /internal/cmd/progress-bot directory: golang.org/x/net and google.golang.org/grpc.
Bumps the go_modules group with 5 updates in the /lib directory:
Package From To
golang.org/x/crypto 0.15.0 0.17.0
golang.org/x/net 0.18.0 0.22.0
google.golang.org/protobuf 1.31.0 1.33.0
github.com/jackc/pgproto3/v2 2.3.2 2.3.3
google.golang.org/grpc 1.59.0 1.62.1
Bumps the go_modules group with 6 updates in the /lib/managedservicesplatform directory:
Package From To
golang.org/x/crypto 0.15.0 0.17.0
golang.org/x/net 0.18.0 0.22.0
google.golang.org/protobuf 1.31.0 1.33.0
github.com/jackc/pgproto3/v2 2.3.2 2.3.3
github.com/jackc/pgx/v5 5.5.0 5.5.4
google.golang.org/grpc 1.59.0 1.62.1
Bumps the go_modules group with 3 updates in the /monitoring directory: golang.org/x/crypto, google.golang.org/protobuf and github.com/jackc/pgproto3/v2.

Updates github.com/jackc/pgx/v4 from 4.18.1 to 4.18.2

Changelog

Sourced from github.com/jackc/pgx/v4's changelog.

4.18.2 (March 4, 2024)

Fix CVE-2024-27289

SQL injection can occur when all of the following conditions are met:

  1. The non-default simple protocol is used.
  2. A placeholder for a numeric value must be immediately preceded by a minus.
  3. There must be a second placeholder for a string value after the first placeholder; both must be on the same line.
  4. Both parameter values must be user-controlled.

Thanks to Paul Gerste for reporting this issue.

Fix CVE-2024-27304

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Thanks to Paul Gerste for reporting this issue.

  • Fix *dbTx.Exec not checking if it is already closed
Commits
  • 14690df Update changelog
  • 779548e Update required Go version to 1.17
  • 80e9662 Update github.com/jackc/pgconn to v1.14.3
  • 0bf9ac3 Fix erroneous test case
  • f94eb0e Always wrap arguments in parentheses in the SQL sanitizer
  • 826a892 Fix SQL injection via line comment creation in simple protocol
  • 7d882f9 Fix *dbTx.Exec not checking if it is already closed
  • 1d07b8b go mod tidy
  • See full diff in compare view

Updates golang.org/x/crypto from 0.15.0 to 0.20.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.18.0 to 0.21.0

Commits

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates github.com/jackc/pgproto3/v2 from 2.3.2 to 2.3.3

Commits
  • 945c212 Backport fixes from pgx v5
  • 0c0f7b0 Add pgx v5 note
  • f59ff94 UnmarshalJSON: removing hex decode
  • fd427c0 Don't panic when receiving zero bytes with "slice bounds out of range"
  • 175856f add GSS authentication to pgproto3
  • c6ccb4b Addressing feedback
  • e145003 Addressing feedback
  • 1d7886b Adding UTs
  • fa2b096 fix: Adding overall format before appending ColumnFormatCodes
  • 40ecac4 Remove unimplemented JSON marshalling for FunctionCall type.
  • Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.5.0 to 5.5.4

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.5.4 (March 4, 2024)

Fix CVE-2024-27304

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Thanks to Paul Gerste for reporting this issue.

  • Fix behavior of CollectRows to return empty slice if Rows are empty (Felix)
  • Fix simple protocol encoding of json.RawMessage
  • Fix *Pipeline.getResults should close pipeline on error
  • Fix panic in TryFindUnderlyingTypeScanPlan (David Kurman)
  • Fix deallocation of invalidated cached statements in a transaction
  • Handle invalid sslkey file
  • Fix scan float4 into sql.Scanner
  • Fix pgtype.Bits not making copy of data from read buffer. This would cause the data to be corrupted by future reads.

5.5.3 (February 3, 2024)

  • Fix: prepared statement already exists
  • Improve CopyFrom auto-conversion of text-ish values
  • Add ltree type support (Florent Viel)
  • Make some properties of Batch and QueuedQuery public (Pavlo Golub)
  • Add AppendRows function (Edoardo Spadolini)
  • Optimize convert UUID [16]byte to string (Kirill Malikov)
  • Fix: LargeObject Read and Write of more than ~1GB at a time (Mitar)

5.5.2 (January 13, 2024)

  • Allow NamedArgs to start with underscore
  • pgproto3: Maximum message body length support (jeremy.spriet)
  • Upgrade golang.org/x/crypto to v0.17.0
  • Add snake_case support to RowToStructByName (Tikhon Fedulov)
  • Fix: update description cache after exec prepare (James Hartig)
  • Fix: pipeline checks if it is closed (James Hartig and Ryan Fowler)
  • Fix: normalize timeout / context errors during TLS startup (Samuel Stauffer)
  • Add OnPgError for easier centralized error handling (James Hartig)

5.5.1 (December 9, 2023)

  • Add CopyFromFunc helper function. (robford)
  • Add PgConn.Deallocate method that uses PostgreSQL protocol Close message.
  • pgx uses new PgConn.Deallocate method. This allows deallocating statements to work in a failed transaction. This fixes a case where the prepared statement map could become invalid.
  • Fix: Prefer driver.Valuer over json.Marshaler for json fields. (Jacopo)
  • Fix: simple protocol SQL sanitizer previously panicked if an invalid $0 placeholder was used. This now returns an error instead. (maksymnevajdev)
  • Add pgtype.Numeric.ScanScientific (Eshton Robateau)
Commits
  • da6f2c9 Update changelog
  • c543134 SQL sanitizer wraps arguments in parentheses
  • 20344df Check for overflow on uint16 sizes in pgproto3
  • adbb38f Do not allow protocol messages larger than ~1GB
  • c1b0a01 Fix behavior of CollectRows to return empty slice if Rows are empty
  • 88dfc22 Fix simple protocol encoding of json.RawMessage
  • 2e84dcc *Pipeline.getResults should close pipeline on error
  • d149d3f Fix panic in TryFindUnderlyingTypeScanPlan
  • 046f497 deallocateInvalidatedCachedStatements now runs in transactions
  • 8896bd6 Handle invalid sslkey file
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.0+incompatible to 24.0.9+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.9

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity
CVE-2024-21626 runc 1.1.12 High, CVSS 8.6
CVE-2024-24557 Docker Engine 24.0.9 Medium, CVSS 6.9

Important ⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

Packaging updates

v24.0.8

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857

... (truncated)

Commits
  • fca702d Merge pull request from GHSA-xw73-rw38-6vjc
  • f78a772 Merge pull request #47281 from thaJeztah/24.0_backport_bump_containerd_binary...
  • 61afffe Merge pull request #47270 from thaJeztah/24.0_backport_bump_runc_binary_1.1.12
  • b38e74c Merge pull request #47276 from thaJeztah/24.0_backport_bump_runc_1.1.12
  • dac5663 update containerd binary to v1.7.13
  • 20e1af3 vendor: github.com/opencontainers/runc v1.1.12
  • 858919d update runc binary to v1.1.12
  • 141ad39 Merge pull request #47266 from vvoland/ci-fix-makeps1-templatefail-24
  • db968c6 hack/make.ps1: Fix go list pattern
  • 61c51fb Merge pull request #47221 from vvoland/pkg-pools-close-noop-24
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.59.0 to 1.62.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.62.1

Bug Fixes

  • xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
  • server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)
  • grpc: the experimental RecvBufferPool DialOption and ServerOption are now active during unary RPCs with compression (#6766)
  • grpc: trim whitespaces in accept-encoding header before determining compressors

Release 1.62.0

New Features

  • grpc: Add StaticMethod CallOption as a signal to stats handler that a method is safe to use as an instrument key (#6986)

Behavior Changes

  • grpc: Return canonical target string from ClientConn.Target() and resolver.Address.String() (#6923)

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

Performance Improvements

  • *: Allow building without x/net/trace by using grpcnotrace to enable dead code elimination (#6954)
  • rand: improve performance and simplify implementation of grpcrand by adopting math/rand's top-level functions for go version 1.21.0 and newer. (#6925)

Dependencies

  • *: Use google.golang.org/protobuf/proto instead of github.com/golang/protobuf. (#6919)

[!NOTE] The above change in proto library usage introduces a minor behavior change within those libraries. The old github.com/golang/protobuf library would error if given a nil message to Marshal, while the new google.golang.org/protobuf library will successfully output zero bytes in this case. This means server method handlers that did return nil, nil will now return an empty message and no error, while it used to return an error. This also affects the client side, where clients sending nil messages used to fail without sending the RPC, and now they will send an empty message.

Release 1.61.1

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

... (truncated)

Commits

Updates golang.org/x/crypto from 0.7.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates github.com/jackc/pgproto3/v2 from 2.1.1 to 2.3.3

Commits
  • 945c212 Backport fixes from pgx v5
  • 0c0f7b0 Add pgx v5 note
  • f59ff94 UnmarshalJSON: removing hex decode
  • fd427c0 Don't panic when receiving zero bytes with "slice bounds out of range"
  • 175856f add GSS authentication to pgproto3
  • c6ccb4b Addressing feedback
  • e145003 Addressing feedback
  • 1d7886b Adding UTs
  • fa2b096 fix: Adding overall format before appending ColumnFormatCodes
  • 40ecac4 Remove unimplemented JSON marshalling for FunctionCall type.
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220127200216-cd36cc0744dd to 0.17.0

Commits

Updates google.golang.org/grpc from 1.44.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.62.1

Bug Fixes

  • xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
  • server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)
  • grpc: the experimental RecvBufferPool DialOption and ServerOption are now active during unary RPCs with compression (#6766)
  • grpc: trim whitespaces in accept-encoding header before determining compressors

Release 1.62.0

New Features

  • grpc: Add StaticMethod CallOption as a signal to stats handler that a method is safe to use as an instrument key (#6986)

Behavior Changes

  • grpc: Return canonical target string from ClientConn.Target() and resolver.Address.String() (#6923)

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

Performance Improvements

  • *: Allow building without x/net/trace by using grpcnotrace to enable dead code elimination (#6954)
  • rand: improve performance and simplify implementation of grpcrand by adopting math/rand's top-level functions for go version 1.21.0 and newer. (#6925)

Dependencies

  • *: Use google.golang.org/protobuf/proto instead of github.com/golang/protobuf. (#6919)

[!NOTE] The above change in proto library usage introduces a minor behavior change within those libraries. The old github.com/golang/protobuf library would error if given a nil message to Marshal, while the new google.golang.org/protobuf library will successfully output zero bytes in this case. This means server method handlers that did return nil, nil will now return an empty message and no error, while it used to return an error. This also affects the client side, where clients sending nil messages used to fail without sending the RPC, and now they will send an empty message.

Release 1.61.1

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

... (truncated)

Commits

Updates golang.org/x/crypto from 0.15.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.18.0 to 0.22.0

Commits

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates github.com/jackc/pgproto3/v2 from 2.3.2 to 2.3.3

Commits
  • 945c212 Backport fixes from pgx v5
  • 0c0f7b0 Add pgx v5 note
  • f59ff94 UnmarshalJSON: removing hex decode
  • fd427c0 Don't panic when receiving zero bytes with "slice bounds out of range"
  • 175856f add GSS authentication to pgproto3
  • c6ccb4b Addressing feedback
  • e145003 Addressing feedback
  • 1d7886b Adding UTs
  • fa2b096 fix: Adding overall format before appending ColumnFormatCodes
  • 40ecac4 Remove unimplemented JSON marshalling for FunctionCall type.
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.59.0 to 1.62.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.62.1

Bug Fixes

  • xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
  • server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)
  • grpc: the experimental RecvBufferPool DialOption and ServerOption are now active during unary RPCs with compression (#6766)
  • grpc: trim whitespaces in accept-encoding header before determining compressors

Release 1.62.0

New Features

  • grpc: Add StaticMethod CallOption as a signal to stats handler that a method is safe to use as an instrument key (#6986)

Behavior Changes

  • grpc: Return canonical target string from ClientConn.Target() and resolver.Address.String() (#6923)

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

Performance Improvements

  • *: Allow building without x/net/trace by using grpcnotrace to enable dead code elimination (#6954)
  • rand: improve performance and simplify implementation of grpcrand by adopting math/rand's top-level functions for go version 1.21.0 and newer. (#6925)

Dependencies

  • *: Use google.golang.org/protobuf/proto instead of github.com/golang/protobuf. (#6919)

[!NOTE] The above change in proto library usage introduces a minor behavior change within those libraries. The old github.com/golang/protobuf library would error if given a nil message to Marshal, while the new google.golang.org/protobuf library will successfully output zero bytes in this case. This means server method handlers that did return nil, nil will now return an empty message and no error, while it used to return an error. This also affects the client side, where clients sending nil messages used to fail without sending the RPC, and now they will send an empty message.

Release 1.61.1

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

... (truncated)

Commits

Updates golang.org/x/crypto from 0.15.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.18.0 to 0.22.0

Commits

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates github.com/jackc/pgproto3/v2 from 2.3.2 to 2.3.3

Commits
  • 945c212 Backport fixes from pgx v5
  • 0c0f7b0 Add pgx v5 note
  • f59ff94 UnmarshalJSON: removing hex decode
  • fd427c0 Don't panic when receiving zero bytes with "slice bounds out of range"
  • 175856f add GSS authentication to pgproto3
  • c6ccb4b Addressing feedback
  • e145003 Addressing feedback
  • 1d7886b Adding UTs
  • fa2b096 fix: Adding overall format before appending ColumnFormatCodes
  • 40ecac4 Remove unimplemented JSON marshalling for FunctionCall type.
  • Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.5.0 to 5.5.4

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.5.4 (March 4, 2024)

Fix CVE-2024-27304

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Thanks to Paul Gerste for reporting this issue.

  • Fix behavior of CollectRows to return empty slice if Rows are empty (Felix)
  • Fix simple protocol encoding of json.RawMessage
  • Fix *Pipeline.getResults should close pipeline on error
  • Fix panic in TryFindUnderlyingTypeScanPlan (David Kurman)
  • Fix deallocation of invalidated cached statements in a transaction
  • Handle invalid sslkey file
  • Fix scan float4 into sql.Scanner
  • Fix pgtype.Bits not making copy of data from read buffer. This would cause the data to be corrupted by future reads.

5.5.3 (February 3, 2024)

  • Fix: prepared statement already exists
  • Improve CopyFrom auto-conversion of text-ish values
  • Add ltree type support (Florent Viel)
  • Make some properties of Batch and QueuedQuery public (Pavlo Golub)
  • Add AppendRows function (Edoardo Spadolini)
  • Optimize convert UUID [16]byte to string (Kirill Malikov)
  • Fix: LargeObject Read and Write of more than ~1GB at a time (Mitar)

5.5.2 (January 13, 2024)

  • Allow NamedArgs to start with underscore
  • pgproto3: Maximum message body length support (jeremy.spriet)
  • Upgrade golang.org/x/crypto to v0.17.0
  • Add snake_case support to RowToStructByName (Tikhon Fedulov)
  • Fix: update description cache after exec prepare (James Hartig)
  • Fix: pipeline checks if it is closed (James Hartig and Ryan Fowler)
  • Fix: normalize timeout / context errors during TLS startup (Samuel Stauffer)
  • Add OnPgError for easier centralized error handling (James Hartig)

5.5.1 (December 9, 2023)

  • Add CopyFromFunc helper function. (robford)
  • Add PgConn.Deallocate method that uses PostgreSQL protocol Close message.
  • pgx uses new PgConn.Deallocate method. This allows deallocating statements to work in a failed transaction. This fixes a case where the prepared statement map could become invalid.
  • Fix: Prefer driver.Valuer over json.Marshaler for json fields. (Jacopo)
  • Fix: simple protocol SQL sanitizer previously panicked if an invalid $0 placeholder was used. This now returns an error instead. (maksymnevajdev)
  • Add pgtype.Numeric.ScanScientific (Eshton Robateau)
Commits
  • da6f2c9 Update changelog
  • c543134 SQL sanitizer wraps arguments in parentheses
  • 20344df Check for overflow on uint16 sizes in pgproto3
  • adbb38f Do not allow protocol messages larger than ~1GB
  • c1b0a01 Fix behavior of CollectRows to return empty slice if Rows are empty
  • 88dfc22 Fix simple protocol encoding of json.RawMessage
  • 2e84dcc *Pipeline.getResults should close pipeline on error
  • d149d3f Fix panic in TryFindUnderlyingTypeScanPlan
  • 046f497 deallocateInvalidatedCachedStatements now runs in transactions
  • 8896bd6 Handle invalid sslkey file
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.59.0 to 1.62.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.62.1

Bug Fixes

  • xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
  • server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)
  • grpc: the experimental RecvBufferPool DialOption and ServerOption are now active during unary RPCs with compression (#6766)
  • grpc: trim whitespaces in accept-encoding header before determining compressors

Release 1.62.0

New Features

  • grpc: Add StaticMethod CallOption as a signal to stats handler that a method is safe to use as an instrument key (#6986)

Behavior Changes

  • grpc: Return canonical target string from ClientConn.Target() and resolver.Address.String() (#6923)

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

Performance Improvements

  • *: Allow building without x/net/trace by using grpcnotrace to enable dead code elimination (#6954)
  • rand: improve performance and simplify implementation of grpcrand by adopting math/rand's top-level functions for go version 1.21.0 and newer. (#6925)

Dependencies

  • *: Use google.golang.org/protobuf/proto instead of github.com/golang/protobuf. (#6919)

[!NOTE] The above change in proto library usage introduces a minor behavior change within those libraries. The old github.com/golang/protobuf library would error if given a nil message to Marshal, while the new google.golang.org/protobuf library will successfully output zero bytes in this case. This means server method handlers that did return nil, nil will now return an empty message and no error, while it used to return an error. This also affects the client side, where clients sending nil messages used to fail without sending the RPC, and now they will send an empty message.

Release 1.61.1

Bug Fixes

  • server: wait to close connection until incoming socket is drained (with timeout) to prevent data loss on client-side (#6977)

... (truncated)

Commits

Updates golang.org/x/crypto from 0.15.0 to 0.17.0

Commits

@dependabot
build(deps): bump the go_modules group across 6 directories with 8 up…
41aba6f 
…dates

Bumps the go_modules group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.18.1` | `4.18.2` |
| google.golang.org/protobuf | `1.31.0` | `1.33.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.0` | `5.5.4` |
| [github.com/docker/docker](https://github.com/docker/docker) | `24.0.0+incompatible` | `24.0.9+incompatible` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.59.0` | `1.62.1` |
Bumps the go_modules group with 2 updates in the /dev/linters directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3).
Bumps the go_modules group with 2 updates in the /internal/cmd/progress-bot directory: [golang.org/x/net](https://github.com/golang/net) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the go_modules group with 5 updates in the /lib directory:

| Package | From | To |
| --- | --- | --- |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.15.0` | `0.17.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.18.0` | `0.22.0` |
| google.golang.org/protobuf | `1.31.0` | `1.33.0` |
| [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3) | `2.3.2` | `2.3.3` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.59.0` | `1.62.1` |
Bumps the go_modules group with 6 updates in the /lib/managedservicesplatform directory:

| Package | From | To |
| --- | --- | --- |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.15.0` | `0.17.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.18.0` | `0.22.0` |
| google.golang.org/protobuf | `1.31.0` | `1.33.0` |
| [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3) | `2.3.2` | `2.3.3` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.0` | `5.5.4` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.59.0` | `1.62.1` |
Bumps the go_modules group with 3 updates in the /monitoring directory: [golang.org/x/crypto](https://github.com/golang/crypto), google.golang.org/protobuf and [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3).


Updates `github.com/jackc/pgx/v4` from 4.18.1 to 4.18.2
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md)
- [Commits](jackc/pgx@v4.18.1...v4.18.2)

Updates `golang.org/x/crypto` from 0.15.0 to 0.20.0
- [Commits](golang/crypto@v0.7.0...v0.17.0)

Updates `golang.org/x/net` from 0.18.0 to 0.21.0
- [Commits](https://github.com/golang/net/commits/v0.17.0)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `github.com/jackc/pgproto3/v2` from 2.3.2 to 2.3.3
- [Commits](jackc/pgproto3@v2.1.1...v2.3.3)

Updates `github.com/jackc/pgx/v5` from 5.5.0 to 5.5.4
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.5.0...v5.5.4)

Updates `github.com/docker/docker` from 24.0.0+incompatible to 24.0.9+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.0...v24.0.9)

Updates `google.golang.org/grpc` from 1.59.0 to 1.62.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.59.0...v1.62.1)

Updates `golang.org/x/crypto` from 0.7.0 to 0.17.0
- [Commits](golang/crypto@v0.7.0...v0.17.0)

Updates `github.com/jackc/pgproto3/v2` from 2.1.1 to 2.3.3
- [Commits](jackc/pgproto3@v2.1.1...v2.3.3)

Updates `golang.org/x/net` from 0.0.0-20220127200216-cd36cc0744dd to 0.17.0
- [Commits](https://github.com/golang/net/commits/v0.17.0)

Updates `google.golang.org/grpc` from 1.44.0 to 1.56.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.59.0...v1.62.1)

Updates `golang.org/x/crypto` from 0.15.0 to 0.17.0
- [Commits](golang/crypto@v0.7.0...v0.17.0)

Updates `golang.org/x/net` from 0.18.0 to 0.22.0
- [Commits](https://github.com/golang/net/commits/v0.17.0)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `github.com/jackc/pgproto3/v2` from 2.3.2 to 2.3.3
- [Commits](jackc/pgproto3@v2.1.1...v2.3.3)

Updates `google.golang.org/grpc` from 1.59.0 to 1.62.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.59.0...v1.62.1)

Updates `golang.org/x/crypto` from 0.15.0 to 0.17.0
- [Commits](golang/crypto@v0.7.0...v0.17.0)

Updates `golang.org/x/net` from 0.18.0 to 0.22.0
- [Commits](https://github.com/golang/net/commits/v0.17.0)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `github.com/jackc/pgproto3/v2` from 2.3.2 to 2.3.3
- [Commits](jackc/pgproto3@v2.1.1...v2.3.3)

Updates `github.com/jackc/pgx/v5` from 5.5.0 to 5.5.4
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.5.0...v5.5.4)

Updates `google.golang.org/grpc` from 1.59.0 to 1.62.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.59.0...v1.62.1)

Updates `golang.org/x/crypto` from 0.15.0 to 0.17.0
- [Commits](golang/crypto@v0.7.0...v0.17.0)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `github.com/jackc/pgproto3/v2` from 2.3.2 to 2.3.3
- [Commits](jackc/pgproto3@v2.1.1...v2.3.3)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/jackc/pgproto3/v2
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/docker/docker
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/jackc/pgproto3/v2
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/jackc/pgproto3/v2
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/jackc/pgproto3/v2
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/jackc/pgproto3/v2
  dependency-type: indirect
  dependency-group: go_modules-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
0 participants