Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go_modules group across 1 directory with 4 updates #3099

Closed
wants to merge 1 commit into from
Closed

Bump the go_modules group across 1 directory with 4 updates #3099

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 6, 2024
edited
Loading

Bumps the go_modules group with 4 updates in the / directory: github.com/docker/docker, go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc, google.golang.org/protobuf and golang.org/x/net.

Updates github.com/docker/docker from 24.0.5-0.20230714235725-36e9e796c6fc+incompatible to 24.0.9+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.9

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity
CVE-2024-21626 runc 1.1.12 High, CVSS 8.6
CVE-2024-24557 Docker Engine 24.0.9 Medium, CVSS 6.9

Important ⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

Packaging updates

v24.0.8

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857

... (truncated)

Commits

Updates go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.45.0 to 0.46.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases.

Release v1.26.0/v0.51.0/v0.20.0/v0.6.0/v0.1.0

Added

  • NewSDK in go.opentelemetry.io/contrib/config now returns a configured SDK with a valid MeterProvider. (#4804)

Changed

  • Change the scope name for the prometheus bridge to go.opentelemetry.io/contrib/bridges/prometheus to match the package. (#5396)

Fixed

  • Fix bug where an empty exemplar was added to counters in go.opentelemetry.io/contrib/bridges/prometheus. (#5395)
  • Fix bug where the last histogram bucket was missing in go.opentelemetry.io/contrib/bridges/prometheus. (#5395)

Full Changelog: open-telemetry/opentelemetry-go-contrib@v1.25.0...v1.26.0

Release v1.25.0/v0.50.0/v0.19.0/v0.5.0/v0.0.1

Added

  • Implemented setting the cloud.resource_id resource attribute in go.opentelemetry.io/detectors/aws/ecs based on the ECS Metadata v4 endpoint. (#5091)
  • The go.opentelemetry.io/contrib/bridges/otelslog module. This module provides an OpenTelemetry logging bridge for "log/slog". (#5335)

Fixed

  • Update all dependencies to address [GO-2024-2687]. (#5359)

Removed

Full Changelog: open-telemetry/opentelemetry-go-contrib@v1.24.0...v1.25.0

Release v1.24.0/v0.49.0/v0.18.0/v0.4.0

This release is the last to support Go 1.20. The next release will require at least [Go 1.21].

Added

  • Support [Go 1.22]. (#5082)
  • Add support for Summary metrics to go.opentelemetry.io/contrib/bridges/prometheus. (#5089)
  • Add support for Exponential (native) Histograms in go.opentelemetry.io/contrib/bridges/prometheus. (#5093)

Removed

  • The deprecated RequestCount constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
  • The deprecated RequestContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
  • The deprecated ResponseContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
  • The deprecated ServerLatency constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's changelog.

[1.21.0/0.46.0/0.15.0/0.1.0] - 2023-11-10

Added

  • Add "go.opentelemetry.io/contrib/samplers/jaegerremote".WithSamplingStrategyFetcher which sets custom fetcher implementation. (#4045)
  • Add "go.opentelemetry.io/contrib/config" package that includes configuration models generated via go-jsonschema. (#4376)
  • Add NewSDK function to "go.opentelemetry.io/contrib/config". The initial implementation only returns noop providers. (#4414)
  • Add metrics support (No-op, OTLP and Prometheus) to go.opentelemetry.io/contrib/exporters/autoexport. (#4229, #4479)
  • Add support for console span exporter and metrics exporter in go.opentelemetry.io/contrib/exporters/autoexport. (#4486)
  • Set unit and description on all instruments in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#4500)
  • Add metric support for grpc.StatsHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4356)
  • Expose the name of the scopes in all instrumentation libraries as ScopeName. (#4448)

Changed

  • Dropped compatibility testing for [Go 1.19]. The project no longer guarantees support for this version of Go. (#4352)
  • Upgrade dependencies of OpenTelemetry Go to use the new v1.20.0/v0.43.0 release. (#4546)
  • In go.opentelemetry.io/contrib/exporters/autoexport, Option was renamed to SpanOption. The old name is deprecated but continues to be supported as an alias. (#4229)

Deprecated

  • The interceptors (UnaryClientInterceptor, StreamClientInterceptor, UnaryServerInterceptor, StreamServerInterceptor, WithInterceptorFilter) are deprecated. Use stats handlers (NewClientHandler, NewServerHandler) instead. (#4534)

Fixed

  • The go.opentelemetry.io/contrib/samplers/jaegerremote sampler does not panic when the default HTTP round-tripper (http.DefaultTransport) is not *http.Transport. (#4045)
  • The UnaryServerInterceptor in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now sets gRPC status code correctly for the rpc.server.duration metric. (#4481)
  • The NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now honor otelgrpc.WithMessageEvents options. (#4536)
  • The net.sock.peer.* and net.peer.* high cardinality attributes are removed from the metrics generated by go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4322)
Commits

Updates google.golang.org/protobuf from 1.33.0 to 1.34.0

Updates golang.org/x/net from 0.23.0 to 0.24.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the go_modules group across 1 directory with 4 updates
2e1f1bd 
Bumps the go_modules group with 4 updates in the / directory: [github.com/docker/docker](https://github.com/docker/docker), [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib), google.golang.org/protobuf and [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/docker/docker` from 24.0.5-0.20230714235725-36e9e796c6fc+incompatible to 24.0.9+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/commits/v24.0.9)

Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.45.0 to 0.46.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.45.0...zpages/v0.46.0)

Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.0

Updates `golang.org/x/net` from 0.23.0 to 0.24.0
- [Commits](golang/net@v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from schristoff as a code owner May 6, 2024 00:12
@dependabot dependabot bot added the dependabot 🤖 Created by the dependabot label May 6, 2024
@dependabot dependabot bot mentioned this pull request May 6, 2024
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github May 10, 2024

Superseded by #3105.

@dependabot dependabot bot closed this May 10, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/go_modules-109a253059 branch May 10, 2024 20:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schristoff schristoff Awaiting requested review from schristoff schristoff is a code owner

@sgettys sgettys Awaiting requested review from sgettys sgettys is a code owner

@bdegeeter bdegeeter Awaiting requested review from bdegeeter bdegeeter is a code owner

@troy0820 troy0820 Awaiting requested review from troy0820 troy0820 is a code owner

Assignees
No one assigned
Labels
dependabot 🤖 Created by the dependabot
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants