dependabot[bot]
6bb15fa7ca
build(deps-dev): bump semver from 6.3.0 to 7.6.2 in /app ( #3898 )
...
Bumps [semver](https://github.com/npm/node-semver ) from 6.3.0 to 7.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases ">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.2</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2 ">7.6.2</a>
(2024-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="6466ba9b54https://redirect.github.com/npm/node-semver/pull/713 ">#713</a>
lru: use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713 ">#713</a>)
(<a href="https://github.com/negezor "><code>@negezor</code></a>, <a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
</ul>
<h2>v7.6.1</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1 ">7.6.1</a>
(2024-05-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="c570a348ffhttps://redirect.github.com/npm/node-semver/pull/704 ">#704</a>
linting: no-unused-vars (<a
href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
<li><a
href="ad8ff11dd2https://redirect.github.com/npm/node-semver/pull/704 ">#704</a>
use internal cache implementation (<a
href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
<li><a
href="ac9b35769ahttps://redirect.github.com/npm/node-semver/pull/682 ">#682</a>
typo in compareBuild debug message (<a
href="https://redirect.github.com/npm/node-semver/issues/682 ">#682</a>)
(<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="988a8deb3ehttps://redirect.github.com/npm/node-semver/pull/709 ">#709</a>
uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709 ">#709</a>)</li>
<li><a
href="3fabe4dbfbhttps://redirect.github.com/npm/node-semver/pull/704 ">#704</a>
remove lru-cache</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="dd09b60da1https://redirect.github.com/npm/node-semver/pull/705 ">#705</a>
bump <code>@npmcli/template-oss</code> to 4.22.0 (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="ec49cdcecehttps://redirect.github.com/npm/node-semver/pull/701 ">#701</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="b236c3d2f3https://redirect.github.com/npm/node-semver/pull/696 ">#696</a>
add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696 ">#696</a>)
(<a href="https://github.com/H4ad "><code>@H4ad</code></a>)</li>
<li><a
href="692451bd6fhttps://redirect.github.com/npm/node-semver/pull/688 ">#688</a>
various improvements to README (<a
href="https://redirect.github.com/npm/node-semver/issues/688 ">#688</a>)
(<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
<li><a
href="5feeb7f4f6https://redirect.github.com/npm/node-semver/pull/705 ">#705</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="074156f64fhttps://redirect.github.com/npm/node-semver/pull/701 ">#701</a>
bump <code>@npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
</ul>
<h2>v7.6.0</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0 ">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462https://redirect.github.com/npm/node-semver/pull/671 ">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671 ">#671</a>)
(<a href="https://github.com/madtisa "><code>@madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbfhttps://redirect.github.com/npm/node-semver/pull/667 ">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="0bd24d943chttps://redirect.github.com/npm/node-semver/pull/667 ">#667</a>
bump <code>@npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a
href="e521932f11https://redirect.github.com/npm/node-semver/pull/652 ">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="8873991808https://redirect.github.com/npm/node-semver/pull/652 ">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="f317dc8689https://redirect.github.com/npm/node-semver/pull/652 ">#652</a>
bump <code>@npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5https://redirect.github.com/npm/node-semver/pull/658 ">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658 ">#658</a>)
(<a
href="https://github.com/jethrodaniel "><code>@jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7chttps://redirect.github.com/npm/node-semver/pull/656 ">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656 ">#656</a>)
(<a href="https://github.com/zyxkad "><code>@zyxkad</code></a>)</li>
<li><a
href="14d263faa1https://redirect.github.com/npm/node-semver/pull/625 ">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1bhttps://redirect.github.com/npm/node-semver/pull/625 ">#625</a>
bump <code>@npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328https://redirect.github.com/npm/node-semver/pull/622 ">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1https://redirect.github.com/npm/node-semver/pull/622 ">#622</a>
bump <code>@npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md ">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2 ">7.6.2</a>
(2024-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="6466ba9b54https://redirect.github.com/npm/node-semver/pull/713 ">#713</a>
lru: use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713 ">#713</a>)
(<a href="https://github.com/negezor "><code>@negezor</code></a>, <a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
</ul>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1 ">7.6.1</a>
(2024-05-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="c570a348ffhttps://redirect.github.com/npm/node-semver/pull/704 ">#704</a>
linting: no-unused-vars (<a
href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
<li><a
href="ad8ff11dd2https://redirect.github.com/npm/node-semver/pull/704 ">#704</a>
use internal cache implementation (<a
href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
<li><a
href="ac9b35769ahttps://redirect.github.com/npm/node-semver/pull/682 ">#682</a>
typo in compareBuild debug message (<a
href="https://redirect.github.com/npm/node-semver/issues/682 ">#682</a>)
(<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="988a8deb3ehttps://redirect.github.com/npm/node-semver/pull/709 ">#709</a>
uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709 ">#709</a>)</li>
<li><a
href="3fabe4dbfbhttps://redirect.github.com/npm/node-semver/pull/704 ">#704</a>
remove lru-cache</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="dd09b60da1https://redirect.github.com/npm/node-semver/pull/705 ">#705</a>
bump <code>@npmcli/template-oss</code> to 4.22.0 (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="ec49cdcecehttps://redirect.github.com/npm/node-semver/pull/701 ">#701</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="b236c3d2f3https://redirect.github.com/npm/node-semver/pull/696 ">#696</a>
add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696 ">#696</a>)
(<a href="https://github.com/H4ad "><code>@H4ad</code></a>)</li>
<li><a
href="692451bd6fhttps://redirect.github.com/npm/node-semver/pull/688 ">#688</a>
various improvements to README (<a
href="https://redirect.github.com/npm/node-semver/issues/688 ">#688</a>)
(<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
<li><a
href="5feeb7f4f6https://redirect.github.com/npm/node-semver/pull/705 ">#705</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="074156f64fhttps://redirect.github.com/npm/node-semver/pull/701 ">#701</a>
bump <code>@npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
</ul>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0 ">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462https://redirect.github.com/npm/node-semver/pull/671 ">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671 ">#671</a>)
(<a href="https://github.com/madtisa "><code>@madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbfhttps://redirect.github.com/npm/node-semver/pull/667 ">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="0bd24d943chttps://redirect.github.com/npm/node-semver/pull/667 ">#667</a>
bump <code>@npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a
href="e521932f11https://redirect.github.com/npm/node-semver/pull/652 ">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="8873991808https://redirect.github.com/npm/node-semver/pull/652 ">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="f317dc8689https://redirect.github.com/npm/node-semver/pull/652 ">#652</a>
bump <code>@npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5https://redirect.github.com/npm/node-semver/pull/658 ">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658 ">#658</a>)
(<a
href="https://github.com/jethrodaniel "><code>@jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7chttps://redirect.github.com/npm/node-semver/pull/656 ">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656 ">#656</a>)
(<a href="https://github.com/zyxkad "><code>@zyxkad</code></a>)</li>
<li><a
href="14d263faa1https://redirect.github.com/npm/node-semver/pull/625 ">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1bhttps://redirect.github.com/npm/node-semver/pull/625 ">#625</a>
bump <code>@npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328https://redirect.github.com/npm/node-semver/pull/622 ">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1https://redirect.github.com/npm/node-semver/pull/622 ">#622</a>
bump <code>@npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a
href="cce61804bahttps://redirect.github.com/npm/node-semver/pull/598 ">#598</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
<li><a
href="b914a3d0d2https://redirect.github.com/npm/node-semver/pull/598 ">#598</a>
bump <code>@npmcli/template-oss</code> from 4.17.0 to 4.18.0 (<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eb1380b1echttps://redirect.github.com/npm/node-semver/issues/714 ">#714</a>)</li>
<li><a
href="6466ba9b54https://redirect.github.com/npm/node-semver/issues/713 ">#713</a>)</li>
<li><a
href="d777418116https://redirect.github.com/npm/node-semver/issues/706 ">#706</a>)</li>
<li><a
href="988a8deb3ehttps://redirect.github.com/npm/node-semver/issues/709 ">#709</a>)</li>
<li><a
href="5feeb7f4f6dd09b60da1c570a348ffad8ff11dd23fabe4dbfbec49cdcecehttps://github.com/npm/node-semver/compare/v6.3.0...v7.6.2 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~npm-cli-ops ">npm-cli-ops</a>, a new
releaser for semver since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/kopia/kopia/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-07 13:40:37 -07:00
Julio López
adedd1ea45
fix(general): avoid panic on computing password hash error ( #3907 )
...
Rationale: this code path is primarily executed from the server. A
potential error, say from a corrupt, unsupported or otherwise invalid
user profile should not cause the server to panic (and crash).
It is possible for `computePasswordHash` to return an error, not just an
impossibility.
Test refactoring:
- use 'require' in user profile tests;
- move test case to TestBadPasswordHashVersion;
- update comments in test.
2024-06-07 13:00:44 -07:00
Julio López
d9b2aab8b9
fix(general): add parameter to log message ( #3904 )
2024-06-06 13:44:48 -07:00
Julio López
68ffb41db8
refactor(server): initialize dummy hash with non-zero value ( #3892 )
...
Motivation: avoid making accidental decisions based on all-zeros content
in the future.
While the dummy hash is a non-zero-value slice, that is it is non-empty
(thus not nil), it is still the default value produced by
`make([]byte, salt + hashLength)`, and it is possible to accidentally
compare and have a positive match against a newly initialized slice.
2024-06-05 16:46:29 -07:00
Kopia Builder [bot]
a335eb6205
feat(ui): upgraded htmlui to the latest version ( #3903 )
...
## Changes
Compare:
c5ffeee0c7...7eb8e55c70https://github.com/kopia/htmlui/commit/bccd89d
dependabot[bot] build(deps-dev): bump ejs from 3.1.8 to 3.1.10
* Thu May 2 21:07 https://github.com/kopia/htmlui/commit/979dd1b
dependabot[bot] build(deps-dev): bump axios-mock-adapter from 1.21.5 to
1.22.0
* Thu May 2 21:08 https://github.com/kopia/htmlui/commit/83a74bf
dependabot[bot] build(deps-dev): bump @testing-library/react from 14.1.2
to 15.0.6
* Sat 22:42 https://github.com/kopia/htmlui/commit/1eea9a8
dependabot[bot] build(deps): bump @fortawesome/react-fontawesome from
0.2.0 to 0.2.2
* 2 minutes ago https://github.com/kopia/htmlui/commit/7eb8e55
dependabot[bot] build(deps): bump bootstrap from 5.3.1 to 5.3.3
*This PR description was
[auto-generated](https://github.com/kopia/htmluibuild/blob/main/.github/workflows/after-push.yaml )
at Wed Jun 5 21:53:20 UTC 2024*
2024-06-05 15:10:39 -07:00
dependabot[bot]
95c38410ac
build(deps): bump golang/govulncheck-action from 1.0.2 to 1.0.3 ( #3896 )
...
Bumps
[golang/govulncheck-action](https://github.com/golang/govulncheck-action )
from 1.0.2 to 1.0.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dd0578b3713a32958c27...dd0578b371https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang/govulncheck-action&package-manager=github_actions&previous-version=1.0.2&new-version=1.0.3 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 17:41:35 -07:00
dependabot[bot]
829cdabe7f
build(deps): bump github/codeql-action from 3.25.6 to 3.25.7 in the github-actions group ( #3895 )
...
Bumps the github-actions group with 1 update:
[github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.25.6 to 3.25.7
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2321 ">#2321</a></li>
</ul>
<h2>3.25.7 - 31 May 2024</h2>
<ul>
<li>We are rolling out a feature in May/June 2024 that will reduce the
Actions cache usage of the Action by keeping only the newest TRAP cache
for each language. <a
href="https://redirect.github.com/github/codeql-action/pull/2306 ">#2306</a></li>
</ul>
<h2>3.25.6 - 20 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2295 ">#2295</a></li>
</ul>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,
and GitHub Enterprise Server versions to the <a
href="https://github.com/github/codeql-action/blob/main/README.md ">https://github.com/github/codeql-action/blob/main/README.md </a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/2273 ">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code>
trigger when the CodeQL Action is triggered via a
<code>workflow_call</code> event. <a
href="https://redirect.github.com/github/codeql-action/pull/2274 ">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action
has been renamed to <code>tools: linked</code>. This option specifies
that the Action should use the tools shipped at the same time as the
Action. The old name will continue to work for backwards compatibility,
but we recommend that new workflows use the new name. <a
href="https://redirect.github.com/github/codeql-action/pull/2281 ">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2270 ">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247 ">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261 ">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes ">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235 ">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245 ">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224 ">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f079b84933https://redirect.github.com/github/codeql-action/issues/2317 ">#2317</a>
from github/update-v3.25.7-a095bf2a1</li>
<li><a
href="e1a42688dba095bf2a16https://redirect.github.com/github/codeql-action/issues/2313 ">#2313</a>
from github/revert-2312-update-bundle/codeql-bundle-...</li>
<li><a
href="bbd4e19f519ab5d16a3dhttps://redirect.github.com/github/codeql-action/issues/2312 ">#2312</a>
from github/update-bundle/codeql-bundle-v2.17.4</li>
<li><a
href="028346e1ff5fe08473f89550da953dhttps://redirect.github.com/github/codeql-action/issues/2311 ">#2311</a>
from github/henrymercer/pack-missing-auth-config-error</li>
<li><a
href="6548a4d65c7927df07e2https://redirect.github.com/github/codeql-action/issues/2310 ">#2310</a>)</li>
<li>Additional commits viewable in <a
href="9fdb3e4972...f079b84933https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.6&new-version=3.25.7 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 17:40:44 -07:00
dependabot[bot]
ff3aaacae6
build(deps): bump the common-golang-dependencies group with 2 updates ( #3897 )
...
Bumps the common-golang-dependencies group with 2 updates:
[github.com/prometheus/common](https://github.com/prometheus/common ) and
[google.golang.org/api](https://github.com/googleapis/google-api-go-client ).
Updates `github.com/prometheus/common` from 0.53.0 to 0.54.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/common/releases ">github.com/prometheus/common's
releases</a>.</em></p>
<blockquote>
<h2>v0.54.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump golang.org/x/net from 0.22.0 to 0.23.0 in /sigv4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/624 ">prometheus/common#624</a></li>
<li>Bump golang.org/x/net from 0.22.0 to 0.23.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/623 ">prometheus/common#623</a></li>
<li>Add HTTP headers support to common HTTP client. by <a
href="https://github.com/roidelapluie "><code>@roidelapluie</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/416 ">prometheus/common#416</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot "><code>@prombot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/633 ">prometheus/common#633</a></li>
<li>Bump github.com/aws/aws-sdk-go from 1.51.11 to 1.51.32 in /sigv4 by
<a href="https://github.com/dependabot "><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/prometheus/common/pull/632 ">prometheus/common#632</a></li>
<li>Bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/628 ">prometheus/common#628</a></li>
<li>Bump golang.org/x/net from 0.23.0 to 0.24.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/630 ">prometheus/common#630</a></li>
<li>Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/631 ">prometheus/common#631</a></li>
<li>Bump google.golang.org/protobuf from 1.33.0 to 1.34.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/629 ">prometheus/common#629</a></li>
<li>Use common interface to fetch secrets in HTTP client config by <a
href="https://github.com/TheSpiritXIII "><code>@TheSpiritXIII</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/538 ">prometheus/common#538</a></li>
<li>Add support for secret refs via a secret manager by <a
href="https://github.com/TheSpiritXIII "><code>@TheSpiritXIII</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/572 ">prometheus/common#572</a></li>
<li>oauth2RoundTripper: Avoid race condition and readability changes. by
<a href="https://github.com/bwplotka "><code>@bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/634 ">prometheus/common#634</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot "><code>@prombot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/636 ">prometheus/common#636</a></li>
<li>Bump github.com/aws/aws-sdk-go from 1.51.32 to 1.53.14 in /sigv4 by
<a href="https://github.com/dependabot "><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/prometheus/common/pull/638 ">prometheus/common#638</a></li>
<li>Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 in
/sigv4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/639 ">prometheus/common#639</a></li>
<li>feat: add time template helpers by <a
href="https://github.com/freak12techno "><code>@freak12techno</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/627 ">prometheus/common#627</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/bwplotka "><code>@bwplotka</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/634 ">prometheus/common#634</a></li>
<li><a
href="https://github.com/freak12techno "><code>@freak12techno</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/627 ">prometheus/common#627</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/prometheus/common/compare/v0.53.0...v0.54.0 ">https://github.com/prometheus/common/compare/v0.53.0...v0.54.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="789222a081https://redirect.github.com/prometheus/common/issues/627 ">#627</a>
from freak12techno/add-time-template-helpers</li>
<li><a
href="b2fc5411e89f1953b45c4f7cf6ead1b9d8f7cedf80e630e1b26846990dc7https://redirect.github.com/prometheus/common/issues/639 ">#639</a>)</li>
<li><a
href="f93a89ea77https://redirect.github.com/prometheus/common/issues/638 ">#638</a>)</li>
<li><a
href="3ddc148d1fhttps://redirect.github.com/prometheus/common/issues/636 ">#636</a>
from prometheus/repo_sync</li>
<li><a
href="2b9d8058f8https://github.com/prometheus/common/compare/v0.53.0...v0.54.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/api` from 0.181.0 to 0.182.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.182.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.181.0...v0.182.0 ">0.182.0</a>
(2024-05-28)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2590 ">#2590</a>)
(<a
href="e95bd57350https://redirect.github.com/googleapis/google-api-go-client/issues/2594 ">#2594</a>)
(<a
href="21295a5acbhttps://redirect.github.com/googleapis/google-api-go-client/issues/2595 ">#2595</a>)
(<a
href="07e71041f2https://redirect.github.com/googleapis/google-api-go-client/issues/2597 ">#2597</a>)
(<a
href="7d46b4d9f1https://redirect.github.com/googleapis/google-api-go-client/issues/2599 ">#2599</a>)
(<a
href="677f53d0fchttps://redirect.github.com/googleapis/google-api-go-client/issues/2600 ">#2600</a>)
(<a
href="2e7cc39953https://redirect.github.com/googleapis/google-api-go-client/issues/2602 ">#2602</a>)
(<a
href="a86c4b6bbdhttps://redirect.github.com/googleapis/google-api-go-client/issues/2603 ">#2603</a>)
(<a
href="ece77271d2https://redirect.github.com/googleapis/google-api-go-client/issues/2604 ">#2604</a>)
(<a
href="f474c8ff7dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2606 ">#2606</a>)
(<a
href="ceaeabf4cehttps://redirect.github.com/googleapis/google-api-go-client/issues/2608 ">#2608</a>)
(<a
href="0e58f747c6https://redirect.github.com/googleapis/google-api-go-client/issues/2609 ">#2609</a>)
(<a
href="c4c51ce9c2https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.181.0...v0.182.0 ">0.182.0</a>
(2024-05-28)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2590 ">#2590</a>)
(<a
href="e95bd57350https://redirect.github.com/googleapis/google-api-go-client/issues/2594 ">#2594</a>)
(<a
href="21295a5acbhttps://redirect.github.com/googleapis/google-api-go-client/issues/2595 ">#2595</a>)
(<a
href="07e71041f2https://redirect.github.com/googleapis/google-api-go-client/issues/2597 ">#2597</a>)
(<a
href="7d46b4d9f1https://redirect.github.com/googleapis/google-api-go-client/issues/2599 ">#2599</a>)
(<a
href="677f53d0fchttps://redirect.github.com/googleapis/google-api-go-client/issues/2600 ">#2600</a>)
(<a
href="2e7cc39953https://redirect.github.com/googleapis/google-api-go-client/issues/2602 ">#2602</a>)
(<a
href="a86c4b6bbdhttps://redirect.github.com/googleapis/google-api-go-client/issues/2603 ">#2603</a>)
(<a
href="ece77271d2https://redirect.github.com/googleapis/google-api-go-client/issues/2604 ">#2604</a>)
(<a
href="f474c8ff7dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2606 ">#2606</a>)
(<a
href="ceaeabf4cehttps://redirect.github.com/googleapis/google-api-go-client/issues/2608 ">#2608</a>)
(<a
href="0e58f747c6https://redirect.github.com/googleapis/google-api-go-client/issues/2609 ">#2609</a>)
(<a
href="c4c51ce9c2b49e3b908ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2591 ">#2591</a>)</li>
<li><a
href="b6f615ba8fhttps://redirect.github.com/googleapis/google-api-go-client/issues/2607 ">#2607</a>)</li>
<li><a
href="c4c51ce9c2https://redirect.github.com/googleapis/google-api-go-client/issues/2609 ">#2609</a>)</li>
<li><a
href="0e58f747c6https://redirect.github.com/googleapis/google-api-go-client/issues/2608 ">#2608</a>)</li>
<li><a
href="ceaeabf4cehttps://redirect.github.com/googleapis/google-api-go-client/issues/2606 ">#2606</a>)</li>
<li><a
href="f474c8ff7dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2604 ">#2604</a>)</li>
<li><a
href="ece77271d2https://redirect.github.com/googleapis/google-api-go-client/issues/2603 ">#2603</a>)</li>
<li><a
href="a86c4b6bbdhttps://redirect.github.com/googleapis/google-api-go-client/issues/2602 ">#2602</a>)</li>
<li><a
href="2e7cc39953https://redirect.github.com/googleapis/google-api-go-client/issues/2600 ">#2600</a>)</li>
<li><a
href="677f53d0fchttps://redirect.github.com/googleapis/google-api-go-client/issues/2599 ">#2599</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.181.0...v0.182.0 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-03 17:36:53 -07:00
Jarek Kowalski
fcb8197f3f
chore(ci): upgraded linter to 1.59.0 ( #3883 )
2024-05-29 20:31:57 -07:00
Julio López
7fd6e5912f
chore(cli): cleanup user profile errors ( #3889 )
2024-05-29 18:02:14 -07:00
dependabot[bot]
ddbd8ede95
build(deps): bump the common-golang-dependencies group with 4 updates ( #3885 )
...
Bumps the common-golang-dependencies group with 4 updates:
[go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go ),
[go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go ),
[go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go )
and
[go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel` from 1.26.0 to 1.27.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel's
changelog</a>.</em></p>
<blockquote>
<h2>[1.27.0/0.49.0/0.3.0] 2024-05-21</h2>
<h3>Added</h3>
<ul>
<li>Add example for
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5242 ">#5242</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/sdk/log/logtest</code> to facilitate
testing exporter and processor implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5258 ">#5258</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5263 ">#5263</a>)</li>
<li>The count of dropped records from the <code>BatchProcessor</code> in
<code>go.opentelemetry.io/otel/sdk/log</code> is logged. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5276 ">#5276</a>)</li>
<li>Add metrics in the <code>otel-collector</code> example. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5283 ">#5283</a>)</li>
<li>Add the synchronous gauge instrument to
<code>go.opentelemetry.io/otel/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5304 ">#5304</a>)
<ul>
<li>An <code>int64</code> or <code>float64</code> synchronous gauge
instrument can now be created from a <code>Meter</code>.</li>
<li>All implementations of the API
(<code>go.opentelemetry.io/otel/metric/noop</code>,
<code>go.opentelemetry.io/otel/sdk/metric</code>) are updated to support
this instrument.</li>
</ul>
</li>
<li>Add logs to <code>go.opentelemetry.io/otel/example/dice</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5349 ">#5349</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>Shutdown</code> method of <code>Exporter</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdouttrace</code>
ignores the context cancellation and always returns <code>nil</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>The <code>ForceFlush</code> and <code>Shutdown</code> methods of the
exporter returned by <code>New</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutmetric</code>
ignore the context cancellation and always return <code>nil</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>Apply the value length limits to <code>Record</code> attributes in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li>De-duplicate map attributes added to a <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li><code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
won't print timestamps when <code>WithoutTimestamps</code> option is
set. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5241 ">#5241</a>)</li>
<li>The <code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
exporter won't print <code>AttributeValueLengthLimit</code> and
<code>AttributeCountLimit</code> fields now, instead it prints the
<code>DroppedAttributes</code> field. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5272 ">#5272</a>)</li>
<li>Improved performance in the <code>Stringer</code> implementation of
<code>go.opentelemetry.io/otel/baggage.Member</code> by reducing the
number of allocations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5286 ">#5286</a>)</li>
<li>Set the start time for last-value aggregates in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5305 ">#5305</a>)</li>
<li>The <code>Span</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code> will record links
without span context if either non-empty <code>TraceState</code> or
attributes are provided. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5315 ">#5315</a>)</li>
<li>Upgrade all dependencies of
<code>go.opentelemetry.io/otel/semconv/v1.24.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.25.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Comparison of unordered maps for
<code>go.opentelemetry.io/otel/log.KeyValue</code> and
<code>go.opentelemetry.io/otel/log.Value</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5306 ">#5306</a>)</li>
<li>Fix the empty output of
<code>go.opentelemetry.io/otel/log.Value</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5311 ">#5311</a>)</li>
<li>Split the behavior of <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> so it behaves as a
<code>LoggerProvider</code> only. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li>Fix wrong package name of the error message when parsing endpoint
URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Identify the <code>Logger</code> returned from the global
<code>LoggerProvider</code> in
<code>go.opentelemetry.io/otel/log/global</code> with its schema URL.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5661ff0dedhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5392 ">#5392</a>)</li>
<li><a
href="0d3dddc17fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5385 ">#5385</a>)</li>
<li><a
href="7aae7a88b08c3120f455d55658e1b0https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5387 ">#5387</a>)</li>
<li><a
href="49c866fbcdhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5382 ">#5382</a>)</li>
<li><a
href="999c6a07b3https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
<li><a
href="14441aefdfhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
<li><a
href="ebd0adee35https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li><a
href="0d1e77c854https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from
1.26.0 to 1.27.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc's
changelog</a>.</em></p>
<blockquote>
<h2>[1.27.0/0.49.0/0.3.0] 2024-05-21</h2>
<h3>Added</h3>
<ul>
<li>Add example for
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5242 ">#5242</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/sdk/log/logtest</code> to facilitate
testing exporter and processor implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5258 ">#5258</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5263 ">#5263</a>)</li>
<li>The count of dropped records from the <code>BatchProcessor</code> in
<code>go.opentelemetry.io/otel/sdk/log</code> is logged. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5276 ">#5276</a>)</li>
<li>Add metrics in the <code>otel-collector</code> example. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5283 ">#5283</a>)</li>
<li>Add the synchronous gauge instrument to
<code>go.opentelemetry.io/otel/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5304 ">#5304</a>)
<ul>
<li>An <code>int64</code> or <code>float64</code> synchronous gauge
instrument can now be created from a <code>Meter</code>.</li>
<li>All implementations of the API
(<code>go.opentelemetry.io/otel/metric/noop</code>,
<code>go.opentelemetry.io/otel/sdk/metric</code>) are updated to support
this instrument.</li>
</ul>
</li>
<li>Add logs to <code>go.opentelemetry.io/otel/example/dice</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5349 ">#5349</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>Shutdown</code> method of <code>Exporter</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdouttrace</code>
ignores the context cancellation and always returns <code>nil</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>The <code>ForceFlush</code> and <code>Shutdown</code> methods of the
exporter returned by <code>New</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutmetric</code>
ignore the context cancellation and always return <code>nil</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>Apply the value length limits to <code>Record</code> attributes in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li>De-duplicate map attributes added to a <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li><code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
won't print timestamps when <code>WithoutTimestamps</code> option is
set. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5241 ">#5241</a>)</li>
<li>The <code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
exporter won't print <code>AttributeValueLengthLimit</code> and
<code>AttributeCountLimit</code> fields now, instead it prints the
<code>DroppedAttributes</code> field. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5272 ">#5272</a>)</li>
<li>Improved performance in the <code>Stringer</code> implementation of
<code>go.opentelemetry.io/otel/baggage.Member</code> by reducing the
number of allocations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5286 ">#5286</a>)</li>
<li>Set the start time for last-value aggregates in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5305 ">#5305</a>)</li>
<li>The <code>Span</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code> will record links
without span context if either non-empty <code>TraceState</code> or
attributes are provided. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5315 ">#5315</a>)</li>
<li>Upgrade all dependencies of
<code>go.opentelemetry.io/otel/semconv/v1.24.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.25.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Comparison of unordered maps for
<code>go.opentelemetry.io/otel/log.KeyValue</code> and
<code>go.opentelemetry.io/otel/log.Value</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5306 ">#5306</a>)</li>
<li>Fix the empty output of
<code>go.opentelemetry.io/otel/log.Value</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5311 ">#5311</a>)</li>
<li>Split the behavior of <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> so it behaves as a
<code>LoggerProvider</code> only. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li>Fix wrong package name of the error message when parsing endpoint
URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Identify the <code>Logger</code> returned from the global
<code>LoggerProvider</code> in
<code>go.opentelemetry.io/otel/log/global</code> with its schema URL.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5661ff0dedhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5392 ">#5392</a>)</li>
<li><a
href="0d3dddc17fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5385 ">#5385</a>)</li>
<li><a
href="7aae7a88b08c3120f455d55658e1b0https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5387 ">#5387</a>)</li>
<li><a
href="49c866fbcdhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5382 ">#5382</a>)</li>
<li><a
href="999c6a07b3https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
<li><a
href="14441aefdfhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
<li><a
href="ebd0adee35https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li><a
href="0d1e77c854https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `go.opentelemetry.io/otel/sdk` from 1.26.0 to 1.27.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel/sdk's
changelog</a>.</em></p>
<blockquote>
<h2>[1.27.0/0.49.0/0.3.0] 2024-05-21</h2>
<h3>Added</h3>
<ul>
<li>Add example for
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5242 ">#5242</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/sdk/log/logtest</code> to facilitate
testing exporter and processor implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5258 ">#5258</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5263 ">#5263</a>)</li>
<li>The count of dropped records from the <code>BatchProcessor</code> in
<code>go.opentelemetry.io/otel/sdk/log</code> is logged. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5276 ">#5276</a>)</li>
<li>Add metrics in the <code>otel-collector</code> example. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5283 ">#5283</a>)</li>
<li>Add the synchronous gauge instrument to
<code>go.opentelemetry.io/otel/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5304 ">#5304</a>)
<ul>
<li>An <code>int64</code> or <code>float64</code> synchronous gauge
instrument can now be created from a <code>Meter</code>.</li>
<li>All implementations of the API
(<code>go.opentelemetry.io/otel/metric/noop</code>,
<code>go.opentelemetry.io/otel/sdk/metric</code>) are updated to support
this instrument.</li>
</ul>
</li>
<li>Add logs to <code>go.opentelemetry.io/otel/example/dice</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5349 ">#5349</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>Shutdown</code> method of <code>Exporter</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdouttrace</code>
ignores the context cancellation and always returns <code>nil</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>The <code>ForceFlush</code> and <code>Shutdown</code> methods of the
exporter returned by <code>New</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutmetric</code>
ignore the context cancellation and always return <code>nil</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>Apply the value length limits to <code>Record</code> attributes in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li>De-duplicate map attributes added to a <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li><code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
won't print timestamps when <code>WithoutTimestamps</code> option is
set. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5241 ">#5241</a>)</li>
<li>The <code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
exporter won't print <code>AttributeValueLengthLimit</code> and
<code>AttributeCountLimit</code> fields now, instead it prints the
<code>DroppedAttributes</code> field. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5272 ">#5272</a>)</li>
<li>Improved performance in the <code>Stringer</code> implementation of
<code>go.opentelemetry.io/otel/baggage.Member</code> by reducing the
number of allocations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5286 ">#5286</a>)</li>
<li>Set the start time for last-value aggregates in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5305 ">#5305</a>)</li>
<li>The <code>Span</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code> will record links
without span context if either non-empty <code>TraceState</code> or
attributes are provided. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5315 ">#5315</a>)</li>
<li>Upgrade all dependencies of
<code>go.opentelemetry.io/otel/semconv/v1.24.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.25.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Comparison of unordered maps for
<code>go.opentelemetry.io/otel/log.KeyValue</code> and
<code>go.opentelemetry.io/otel/log.Value</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5306 ">#5306</a>)</li>
<li>Fix the empty output of
<code>go.opentelemetry.io/otel/log.Value</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5311 ">#5311</a>)</li>
<li>Split the behavior of <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> so it behaves as a
<code>LoggerProvider</code> only. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li>Fix wrong package name of the error message when parsing endpoint
URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Identify the <code>Logger</code> returned from the global
<code>LoggerProvider</code> in
<code>go.opentelemetry.io/otel/log/global</code> with its schema URL.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5661ff0dedhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5392 ">#5392</a>)</li>
<li><a
href="0d3dddc17fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5385 ">#5385</a>)</li>
<li><a
href="7aae7a88b08c3120f455d55658e1b0https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5387 ">#5387</a>)</li>
<li><a
href="49c866fbcdhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5382 ">#5382</a>)</li>
<li><a
href="999c6a07b3https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
<li><a
href="14441aefdfhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
<li><a
href="ebd0adee35https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li><a
href="0d1e77c854https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `go.opentelemetry.io/otel/trace` from 1.26.0 to 1.27.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel/trace's
changelog</a>.</em></p>
<blockquote>
<h2>[1.27.0/0.49.0/0.3.0] 2024-05-21</h2>
<h3>Added</h3>
<ul>
<li>Add example for
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5242 ">#5242</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/sdk/log/logtest</code> to facilitate
testing exporter and processor implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5258 ">#5258</a>)</li>
<li>Add <code>RecordFactory</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5263 ">#5263</a>)</li>
<li>The count of dropped records from the <code>BatchProcessor</code> in
<code>go.opentelemetry.io/otel/sdk/log</code> is logged. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5276 ">#5276</a>)</li>
<li>Add metrics in the <code>otel-collector</code> example. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5283 ">#5283</a>)</li>
<li>Add the synchronous gauge instrument to
<code>go.opentelemetry.io/otel/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5304 ">#5304</a>)
<ul>
<li>An <code>int64</code> or <code>float64</code> synchronous gauge
instrument can now be created from a <code>Meter</code>.</li>
<li>All implementations of the API
(<code>go.opentelemetry.io/otel/metric/noop</code>,
<code>go.opentelemetry.io/otel/sdk/metric</code>) are updated to support
this instrument.</li>
</ul>
</li>
<li>Add logs to <code>go.opentelemetry.io/otel/example/dice</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5349 ">#5349</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>Shutdown</code> method of <code>Exporter</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdouttrace</code>
ignores the context cancellation and always returns <code>nil</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>The <code>ForceFlush</code> and <code>Shutdown</code> methods of the
exporter returned by <code>New</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutmetric</code>
ignore the context cancellation and always return <code>nil</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5189 ">#5189</a>)</li>
<li>Apply the value length limits to <code>Record</code> attributes in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li>De-duplicate map attributes added to a <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5230 ">#5230</a>)</li>
<li><code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
won't print timestamps when <code>WithoutTimestamps</code> option is
set. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5241 ">#5241</a>)</li>
<li>The <code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>
exporter won't print <code>AttributeValueLengthLimit</code> and
<code>AttributeCountLimit</code> fields now, instead it prints the
<code>DroppedAttributes</code> field. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5272 ">#5272</a>)</li>
<li>Improved performance in the <code>Stringer</code> implementation of
<code>go.opentelemetry.io/otel/baggage.Member</code> by reducing the
number of allocations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5286 ">#5286</a>)</li>
<li>Set the start time for last-value aggregates in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5305 ">#5305</a>)</li>
<li>The <code>Span</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code> will record links
without span context if either non-empty <code>TraceState</code> or
attributes are provided. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5315 ">#5315</a>)</li>
<li>Upgrade all dependencies of
<code>go.opentelemetry.io/otel/semconv/v1.24.0</code> to
<code>go.opentelemetry.io/otel/semconv/v1.25.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Comparison of unordered maps for
<code>go.opentelemetry.io/otel/log.KeyValue</code> and
<code>go.opentelemetry.io/otel/log.Value</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5306 ">#5306</a>)</li>
<li>Fix the empty output of
<code>go.opentelemetry.io/otel/log.Value</code> in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5311 ">#5311</a>)</li>
<li>Split the behavior of <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> so it behaves as a
<code>LoggerProvider</code> only. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li>Fix wrong package name of the error message when parsing endpoint
URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Identify the <code>Logger</code> returned from the global
<code>LoggerProvider</code> in
<code>go.opentelemetry.io/otel/log/global</code> with its schema URL.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5661ff0dedhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5392 ">#5392</a>)</li>
<li><a
href="0d3dddc17fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5385 ">#5385</a>)</li>
<li><a
href="7aae7a88b08c3120f455d55658e1b0https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5387 ">#5387</a>)</li>
<li><a
href="49c866fbcdhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5382 ">#5382</a>)</li>
<li><a
href="999c6a07b3https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5374 ">#5374</a>)</li>
<li><a
href="14441aefdfhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5375 ">#5375</a>)</li>
<li><a
href="ebd0adee35https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5365 ">#5365</a>)</li>
<li><a
href="0d1e77c854https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5371 ">#5371</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.26.0...v1.27.0 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 17:06:16 -07:00
Etherealite
1aab37ddcc
docs(server): add repo password in server start example ( #3875 )
...
When starting the server, the typical use case will not involve
responding to interactive prompts. This change better reflects the
expectations of a user given that fact.
---------
Co-authored-by: Julio <1953782+julio-lopez@users.noreply.github.com >
2024-05-24 23:22:04 -07:00
dependabot[bot]
567a4a4eb8
build(deps): bump codecov/codecov-action from 4.3.1 to 4.4.1 ( #3874 )
...
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action ) from
4.3.1 to 4.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases ">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code>
from 7.8.0 to 7.9.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1427 ">codecov/codecov-action#1427</a></li>
<li>fix: prevent xlarge from running on forks by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1432 ">codecov/codecov-action#1432</a></li>
<li>build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1439 ">codecov/codecov-action#1439</a></li>
<li>build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1438 ">codecov/codecov-action#1438</a></li>
<li>fix: isPullRequestFromFork returns false for any PR by <a
href="https://github.com/shahar-h "><code>@shahar-h</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1437 ">codecov/codecov-action#1437</a></li>
<li>chore(release): 4.4.1 by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1441 ">codecov/codecov-action#1441</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/shahar-h "><code>@shahar-h</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1437 ">codecov/codecov-action#1437</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1 ">https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1 </a></p>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code>
from 7.8.0 to 7.9.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1427 ">codecov/codecov-action#1427</a></li>
<li>fix: prevent xlarge from running on forks by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1432 ">codecov/codecov-action#1432</a></li>
<li>build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1439 ">codecov/codecov-action#1439</a></li>
<li>build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1438 ">codecov/codecov-action#1438</a></li>
<li>fix: isPullRequestFromFork returns false for any PR by <a
href="https://github.com/shahar-h "><code>@shahar-h</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1437 ">codecov/codecov-action#1437</a></li>
<li>chore(release): 4.4.1 by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1441 ">codecov/codecov-action#1441</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/shahar-h "><code>@shahar-h</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1437 ">codecov/codecov-action#1437</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1 ">https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1 </a></p>
<h2>v4.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: Clarify isPullRequestFromFork by <a
href="https://github.com/jsoref "><code>@jsoref</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1411 ">codecov/codecov-action#1411</a></li>
<li>build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1423 ">codecov/codecov-action#1423</a></li>
<li>build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1421 ">codecov/codecov-action#1421</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1420 ">codecov/codecov-action#1420</a></li>
<li>feat: remove GPG and run on spawn by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1426 ">codecov/codecov-action#1426</a></li>
<li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from
7.8.0 to 7.9.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1428 ">codecov/codecov-action#1428</a></li>
<li>chore(release): 4.4.0 by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1430 ">codecov/codecov-action#1430</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v4.3.1...v4.4.0 ">https://github.com/codecov/codecov-action/compare/v4.3.1...v4.4.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="125fc84a9ahttps://redirect.github.com/codecov/codecov-action/issues/1441 ">#1441</a>)</li>
<li><a
href="c9dbf6a905https://redirect.github.com/codecov/codecov-action/issues/1437 ">#1437</a>)</li>
<li><a
href="59fc46f14ahttps://redirect.github.com/codecov/codecov-action/issues/1438 ">#1438</a>)</li>
<li><a
href="3889fddabbhttps://redirect.github.com/codecov/codecov-action/issues/1439 ">#1439</a>)</li>
<li><a
href="d42a336584https://redirect.github.com/codecov/codecov-action/issues/1432 ">#1432</a>)</li>
<li><a
href="fd624e50e76d798873dfhttps://redirect.github.com/codecov/codecov-action/issues/1430 ">#1430</a>)</li>
<li><a
href="37364fa731https://redirect.github.com/codecov/codecov-action/issues/1428 ">#1428</a>)</li>
<li><a
href="2791a5c4fehttps://redirect.github.com/codecov/codecov-action/issues/1426 ">#1426</a>)</li>
<li><a
href="b71af43c1ehttps://redirect.github.com/codecov/codecov-action/issues/1420 ">#1420</a>)</li>
<li>Additional commits viewable in <a
href="5ecb98a3c6...125fc84a9ahttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=4.3.1&new-version=4.4.1 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 21:42:19 -07:00
dependabot[bot]
8b63357171
build(deps): bump the github-actions group with 2 updates ( #3873 )
...
Bumps the github-actions group with 2 updates:
[actions/checkout](https://github.com/actions/checkout ) and
[github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4.1.5 to 4.1.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732 ">actions/checkout#1732</a></li>
<li>Update for 4.1.6 release by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1733 ">actions/checkout#1733</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.5...v4.1.6 ">https://github.com/actions/checkout/compare/v4.1.5...v4.1.6 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md ">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732 ">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703 ">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694 ">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696 ">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695 ">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707 ">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692 ">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688 ">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693 ">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643 ">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<ul>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656 ">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685 ">actions/checkout#1685</a></li>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650 ">actions/checkout#1650</a></li>
</ul>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code>
option is not present <a
href="https://github.com/dscho "><code>@dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1598 ">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a
href="https://github.com/peterbe "><code>@peterbe</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1511 ">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1514 ">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396 ">Add
support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1067 ">Support
fetching without the --progress option</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1436 ">Update to
node20</a></li>
</ul>
<h2>v3.6.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1377 ">Fix: Mark
test scripts with Bash'isms to be run via Bash</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/579 ">Add
option to fetch tags even if fetch-depth > 0</a></li>
</ul>
<h2>v3.5.3</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1196 ">Fix:
Checkout fail in self-hosted runners when faulty submodule are
checked-in</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1287 ">Fix
typos found by codespell</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1369 ">Add
support for sparse checkouts</a></li>
</ul>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289 ">Fix
api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a5ac7e51b4https://redirect.github.com/actions/checkout/issues/1733 ">#1733</a>)</li>
<li><a
href="24ed1a3528https://redirect.github.com/actions/checkout/issues/1732 ">#1732</a>)</li>
<li>See full diff in <a
href="44c2b7a8a4...a5ac7e51b4https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.6 - 20 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2295 ">#2295</a></li>
</ul>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,
and GitHub Enterprise Server versions to the <a
href="https://github.com/github/codeql-action/blob/main/README.md ">https://github.com/github/codeql-action/blob/main/README.md </a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/2273 ">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code>
trigger when the CodeQL Action is triggered via a
<code>workflow_call</code> event. <a
href="https://redirect.github.com/github/codeql-action/pull/2274 ">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action
has been renamed to <code>tools: linked</code>. This option specifies
that the Action should use the tools shipped at the same time as the
Action. The old name will continue to work for backwards compatibility,
but we recommend that new workflows use the new name. <a
href="https://redirect.github.com/github/codeql-action/pull/2281 ">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2270 ">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247 ">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261 ">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes ">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235 ">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245 ">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224 ">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows.
For more information, see the release notes for CodeQL Action v3.23.0
and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the
filesystem. <a
href="https://redirect.github.com/github/codeql-action/pull/2229 ">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2232 ">#2232</a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9fdb3e4972https://redirect.github.com/github/codeql-action/issues/2300 ">#2300</a>
from github/update-v3.25.6-63d519c0a</li>
<li><a
href="00792ab1e063d519c0aehttps://redirect.github.com/github/codeql-action/issues/2295 ">#2295</a>
from github/update-bundle/codeql-bundle-v2.17.3</li>
<li><a
href="0d9161ca1chttps://redirect.github.com/github/codeql-action/issues/2293 ">#2293</a>
from github/henrymercer/update-build-mode-autobuild-...</li>
<li><a
href="e9e27290e9de1ac31508a57c67b895https://redirect.github.com/github/codeql-action/issues/2286 ">#2286</a>
from github/koesie10/ghec-dr-db-upload</li>
<li><a
href="b7ef64ecb1https://redirect.github.com/github/codeql-action/issues/2294 ">#2294</a>
from github/dependabot/npm_and_yarn/npm-d3285d5234</li>
<li><a
href="e54dea297a3b42294f03b7cec75265...9fdb3e4972support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 21:41:28 -07:00
dependabot[bot]
a389572280
build(deps): bump the common-golang-dependencies group with 2 updates ( #3872 )
...
Bumps the common-golang-dependencies group with 2 updates:
[google.golang.org/api](https://github.com/googleapis/google-api-go-client )
and [google.golang.org/grpc](https://github.com/grpc/grpc-go ).
Updates `google.golang.org/api` from 0.178.0 to 0.181.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.181.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.180.0...v0.181.0 ">0.181.0</a>
(2024-05-16)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2581 ">#2581</a>)
(<a
href="6923ec8ab7https://redirect.github.com/googleapis/google-api-go-client/issues/2583 ">#2583</a>)
(<a
href="7b18e5d393https://redirect.github.com/googleapis/google-api-go-client/issues/2585 ">#2585</a>)
(<a
href="e35f76f674https://redirect.github.com/googleapis/google-api-go-client/issues/2586 ">#2586</a>)
(<a
href="afc46850a7https://redirect.github.com/googleapis/google-api-go-client/issues/2587 ">#2587</a>)
(<a
href="86c952133chttps://redirect.github.com/googleapis/google-api-go-client/issues/2589 ">#2589</a>)
(<a
href="c3f4828eeehttps://github.com/googleapis/google-api-go-client/compare/v0.179.0...v0.180.0 ">0.180.0</a>
(2024-05-10)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2578 ">#2578</a>)
(<a
href="6604a5deadhttps://github.com/googleapis/google-api-go-client/compare/v0.178.0...v0.179.0 ">0.179.0</a>
(2024-05-09)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2573 ">#2573</a>)
(<a
href="887c564239https://redirect.github.com/googleapis/google-api-go-client/issues/2575 ">#2575</a>)
(<a
href="a784ae096ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2577 ">#2577</a>)
(<a
href="090ff6c589https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.180.0...v0.181.0 ">0.181.0</a>
(2024-05-16)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2581 ">#2581</a>)
(<a
href="6923ec8ab7https://redirect.github.com/googleapis/google-api-go-client/issues/2583 ">#2583</a>)
(<a
href="7b18e5d393https://redirect.github.com/googleapis/google-api-go-client/issues/2585 ">#2585</a>)
(<a
href="e35f76f674https://redirect.github.com/googleapis/google-api-go-client/issues/2586 ">#2586</a>)
(<a
href="afc46850a7https://redirect.github.com/googleapis/google-api-go-client/issues/2587 ">#2587</a>)
(<a
href="86c952133chttps://redirect.github.com/googleapis/google-api-go-client/issues/2589 ">#2589</a>)
(<a
href="c3f4828eeehttps://github.com/googleapis/google-api-go-client/compare/v0.179.0...v0.180.0 ">0.180.0</a>
(2024-05-10)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2578 ">#2578</a>)
(<a
href="6604a5deadhttps://github.com/googleapis/google-api-go-client/compare/v0.178.0...v0.179.0 ">0.179.0</a>
(2024-05-09)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2573 ">#2573</a>)
(<a
href="887c564239https://redirect.github.com/googleapis/google-api-go-client/issues/2575 ">#2575</a>)
(<a
href="a784ae096ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2577 ">#2577</a>)
(<a
href="090ff6c5894b79cc4e7dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2582 ">#2582</a>)</li>
<li><a
href="c3f4828eeehttps://redirect.github.com/googleapis/google-api-go-client/issues/2589 ">#2589</a>)</li>
<li><a
href="7d13175eb5https://redirect.github.com/googleapis/google-api-go-client/issues/2588 ">#2588</a>)</li>
<li><a
href="86c952133chttps://redirect.github.com/googleapis/google-api-go-client/issues/2587 ">#2587</a>)</li>
<li><a
href="afc46850a7https://redirect.github.com/googleapis/google-api-go-client/issues/2586 ">#2586</a>)</li>
<li><a
href="4177d21cachttps://redirect.github.com/googleapis/google-api-go-client/issues/2584 ">#2584</a>)</li>
<li><a
href="e35f76f674https://redirect.github.com/googleapis/google-api-go-client/issues/2585 ">#2585</a>)</li>
<li><a
href="7b18e5d393https://redirect.github.com/googleapis/google-api-go-client/issues/2583 ">#2583</a>)</li>
<li><a
href="6923ec8ab7https://redirect.github.com/googleapis/google-api-go-client/issues/2581 ">#2581</a>)</li>
<li><a
href="6feeaaf250https://redirect.github.com/googleapis/google-api-go-client/issues/2579 ">#2579</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.178.0...v0.181.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/grpc` from 1.63.2 to 1.64.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases ">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.64.0</h2>
<h1>API Changes</h1>
<ul>
<li>stats: Deprecate <code>InPayload.Data</code> and
<code>OutPayload.Data</code>; they were experimental and will be deleted
in the next release (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7121 ">#7121</a>)</li>
</ul>
<h1>Behavior Changes</h1>
<ul>
<li>codec: Remove handling of environment variable
<code>GRPC_GO_ADVERTISE_COMPRESSORS</code> to suppress setting supported
compressors in <code>grpc-accept-encoding</code> header. Compressors
will always be advertised, as they have been by default for some time
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/7203 ">#7203</a>)</li>
</ul>
<h1>New Features</h1>
<ul>
<li>resolver/dns: Add <code>SetMinResolutionInterval</code> to set the
minimum interval at which DNS re-resolutions may occur (<a
href="https://redirect.github.com/grpc/grpc-go/issues/6962 ">#6962</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/HomayoonAlimohammadi "><code>@HomayoonAlimohammadi</code></a></li>
</ul>
</li>
<li>peer/peer: Implement the <code>fmt.Stringer</code> interface for
pretty printing <code>Peer</code>, and</li>
<li>metadata/metadata: Implement the <code>fmt.Stringer</code> interface
for pretty printing <code>MD</code> (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7137 ">#7137</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/AnomalRoil "><code>@AnomalRoil</code></a></li>
</ul>
</li>
</ul>
<h1>Performance Improvements</h1>
<ul>
<li>client: Improve RPC performance by reducing work while holding a
lock (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7132 ">#7132</a>)</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>transport/server: Display the proper timeout value when keepalive
pings are not ack'd in time (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7038 ">#7038</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/BatmanAoD "><code>@BatmanAoD</code></a></li>
</ul>
</li>
<li>channelz: Fix bug that was causing the subchannel's target to be
unset (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7189 ">#7189</a>)</li>
<li>stats: Fix bug where peer was not set in context when calling stats
handler for <code>OutPayload</code>, <code>InPayload</code>, and
<code>End</code> (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7096 ">#7096</a>)</li>
</ul>
<h1>Dependencies</h1>
<ul>
<li>deps: Remove dependency on deprecated
<code>github.com/golang/protobuf</code> module (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7122 ">#7122</a>)</li>
</ul>
<h1>Documentation</h1>
<ul>
<li>grpc: Deprecate <code>WithBlock</code>,
<code>WithReturnConnectionError</code>,
<code>FailOnNonTempDialError</code> which are ignored by
<code>NewClient</code> (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7097 ">#7097</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/pellared "><code>@pellared</code></a></li>
</ul>
</li>
<li>grpc: Deprecate <code>Dial</code> and <code>DialContext</code>.
These will continue to be supported throughout 1.x, but are deprecated
to direct users to <code>NewClient</code> (See <a
href="https://redirect.github.com/grpc/grpc-go/issues/7090 ">#7090</a>
for more information)</li>
<li>examples: Add custom lb example (<a
href="https://redirect.github.com/grpc/grpc-go/issues/6691 ">#6691</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fa274d7790https://redirect.github.com/grpc/grpc-go/issues/7218 ">#7218</a>)</li>
<li><a
href="6b413c83512dbbcefef2https://redirect.github.com/grpc/grpc-go/issues/7217 ">#7217</a>)</li>
<li><a
href="070d9c793ahttps://redirect.github.com/grpc/grpc-go/issues/7188 ">#7188</a>)</li>
<li><a
href="5d24ee2bd1https://redirect.github.com/grpc/grpc-go/issues/7191 ">#7191</a>)</li>
<li><a
href="c76f686c51https://redirect.github.com/grpc/grpc-go/issues/7207 ">#7207</a>)</li>
<li><a
href="f591e3b82fhttps://redirect.github.com/grpc/grpc-go/issues/7 ">#7</a>...</li>
<li><a
href="b4f7947184https://redirect.github.com/grpc/grpc-go/issues/7208 ">#7208</a>)</li>
<li><a
href="0561c78c9dhttps://redirect.github.com/grpc/grpc-go/issues/7206 ">#7206</a>)</li>
<li><a
href="9d9c1fbd60https://redirect.github.com/grpc/grpc-go/issues/7204 ">#7204</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-go/compare/v1.63.2...v1.64.0 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 21:33:07 -07:00
Wyatt Childers
951f126b3c
docs(providers): info about the B2 S3-compatible endpoint ( #3860 )
...
This expands the note about using B2 storage as S3-compatible storage by
providing some additional context on where to get the endpoint value.
It also changes the redundant fully qualified "Backblaze B2" to "B2"
in the note.
2024-05-13 21:36:50 -07:00
Malte Kumlehn
f1072da1d6
docs(server): explain why --insecure cannot be used behind a reverse proxy ( #3861 )
...
The previous wording conveyed that eliding `--insecure` flag was required
by the nginx (config) and not kopia itself.
The new wording expands and explains why the flag is needed. This helps
when setting up kopia behind other reverse proxies, such as traefik.
See https://kopia.discourse.group/t/cant-connect-to-insecure-repository-server/871/4
for additional context.
2024-05-13 21:34:21 -07:00
dependabot[bot]
7c09b70b24
build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 ( #3868 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action )
from 2.3.1 to 2.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases ">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.3</h2>
<blockquote>
<p>[!NOTE]<br />
There is no v2.3.2 release as a step was skipped in the release process.
This was fixed and re-released under the v2.3.3 tag</p>
</blockquote>
<h2>What's Changed</h2>
<ul>
<li>🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1366 ">ossf/scorecard-action#1366</a></li>
<li>🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1374 ">ossf/scorecard-action#1374</a></li>
<li>🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1377 ">ossf/scorecard-action#1377</a></li>
</ul>
<p>For a full changelist of what these include, see the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc1 ">v5.0.0-rc1</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc2 ">v5.0.0-rc2</a>
release notes.</p>
<h3>Documentation</h3>
<ul>
<li>📖 Move token discussion out of main README. by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1279 ">ossf/scorecard-action#1279</a></li>
<li>📖 link to <code>ossf/scorecard</code> workflow instead of
maintaining an example by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1352 ">ossf/scorecard-action#1352</a></li>
<li>📖 update api links to new scorecard.dev site by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1376 ">ossf/scorecard-action#1376</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3 ">https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dc50aa9510🌱 Bump docker tag for v2.3.3 release (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1368 ">#1368</a>)</li>
<li><a
href="8ff5700173🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0....</li>
<li><a
href="8ba5e73d11https://redirect.github.com/ossf/scorecard-action/issues/1376 ">#1376</a>)</li>
<li><a
href="92ddde3eafhttps://redirect.github.com/ossf/scorecard-action/issues/1374 ">#1374</a>)</li>
<li><a
href="6c55905542🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1373 ">#1373</a>)</li>
<li><a
href="09bb953b6a🌱 Bump distroless/base in the docker-images group (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1372 ">#1372</a>)</li>
<li><a
href="1511e1305b🌱 Bump the github-actions group across 1 directory with 6
updates (#...</li>
<li><a
href="df66cd8fd8🌱 Bump the docker-images group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1370 ">#1370</a>)</li>
<li><a
href="fad9a3cc53🌱 Bump distroless/base in the docker-images group (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1364 ">#1364</a>)</li>
<li><a
href="1e01a309c1🌱 Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1365 ">#1365</a>)</li>
<li>Additional commits viewable in <a
href="0864cf1902...dc50aa9510https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.3.1&new-version=2.3.3 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 21:12:39 -07:00
dependabot[bot]
c0cf18fa36
build(deps): bump github/codeql-action from 3.25.3 to 3.25.5 in the github-actions group ( #3867 )
...
Bumps the github-actions group with 1 update:
[github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.25.3 to 3.25.5
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.5 - 13 May 2024</h2>
<ul>
<li>Add a compatibility matrix of supported CodeQL Action, CodeQL CLI,
and GitHub Enterprise Server versions to the <a
href="https://github.com/github/codeql-action/blob/main/README.md ">https://github.com/github/codeql-action/blob/main/README.md </a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/2273 ">#2273</a></li>
<li>Avoid printing out a warning for a missing <code>on.push</code>
trigger when the CodeQL Action is triggered via a
<code>workflow_call</code> event. <a
href="https://redirect.github.com/github/codeql-action/pull/2274 ">#2274</a></li>
<li>The <code>tools: latest</code> input to the <code>init</code> Action
has been renamed to <code>tools: linked</code>. This option specifies
that the Action should use the tools shipped at the same time as the
Action. The old name will continue to work for backwards compatibility,
but we recommend that new workflows use the new name. <a
href="https://redirect.github.com/github/codeql-action/pull/2281 ">#2281</a></li>
</ul>
<h2>3.25.4 - 08 May 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2270 ">#2270</a></li>
</ul>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247 ">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261 ">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes ">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235 ">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245 ">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224 ">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows.
For more information, see the release notes for CodeQL Action v3.23.0
and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the
filesystem. <a
href="https://redirect.github.com/github/codeql-action/pull/2229 ">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2232 ">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the
<code>file</code> program is not installed on a Linux runner, but is
required for Go tracing to succeed. <a
href="https://redirect.github.com/github/codeql-action/pull/2234 ">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7cec75265https://redirect.github.com/github/codeql-action/issues/2287 ">#2287</a>
from github/update-v3.25.5-4a5197247</li>
<li><a
href="6778fe45534a51972477https://redirect.github.com/github/codeql-action/issues/2280 ">#2280</a>
from github/henrymercer/on-demand-ffs</li>
<li><a
href="a8c32fd278https://redirect.github.com/github/codeql-action/issues/2283 ">#2283</a>
from github/henrymercer/disable-fail-fast</li>
<li><a
href="f73b0b70ebc59e05245f33e416c05667f8a36bdb4995c49010https://redirect.github.com/github/codeql-action/issues/2282 ">#2282</a>
from github/henrymercer/no-build-mode-tracing-improv...</li>
<li><a
href="def4d2cd4ehttps://redirect.github.com/github/codeql-action/issues/2273 ">#2273</a>
from github/aeisenberg/specify-versions</li>
<li>Additional commits viewable in <a
href="d39d31e687...b7cec75265https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.3&new-version=3.25.5 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 21:12:00 -07:00
dependabot[bot]
45dad0291e
build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 ( #3866 )
...
Bumps [github.com/fatih/color](https://github.com/fatih/color ) from
1.16.0 to 1.17.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fatih/color/releases ">github.com/fatih/color's
releases</a>.</em></p>
<blockquote>
<h2>v1.17.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix multi-parameter println spacing by <a
href="https://github.com/klauspost "><code>@klauspost</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/228 ">fatih/color#228</a></li>
<li>ci: update Go and Staticcheck versions by <a
href="https://github.com/fatih "><code>@fatih</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/222 ">fatih/color#222</a></li>
<li>Bump golang.org/x/sys from 0.14.0 to 0.17.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/221 ">fatih/color#221</a></li>
<li>Bump actions/setup-go from 4 to 5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/217 ">fatih/color#217</a></li>
<li>Bump golang.org/x/sys from 0.17.0 to 0.18.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/224 ">fatih/color#224</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/klauspost "><code>@klauspost</code></a>
made their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/228 ">fatih/color#228</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fatih/color/compare/v1.16.0...v1.17.0 ">https://github.com/fatih/color/compare/v1.16.0...v1.17.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b6598b12a6https://redirect.github.com/fatih/color/issues/228 ">#228</a> from
klauspost/fix-println-issue-218</li>
<li><a
href="00b1811a3d04994a819dhttps://redirect.github.com/fatih/color/issues/224 ">#224</a> from
fatih/dependabot/go_modules/golang.org/x/sys-0.18.0</li>
<li><a
href="7526cad07e8d058ca54chttps://redirect.github.com/fatih/color/issues/222 ">#222</a> from
fatih/ci-updates</li>
<li><a
href="2ac809fb7351a7bbf7dc799c49c639https://redirect.github.com/fatih/color/issues/217 ">#217</a> from
fatih/dependabot/github_actions/actions/setup-go-5</li>
<li><a
href="f8e0ec9c97298abd8b9ehttps://redirect.github.com/fatih/color/issues/221 ">#221</a> from
fatih/dependabot/go_modules/golang.org/x/sys-0.17.0</li>
<li>Additional commits viewable in <a
href="https://github.com/fatih/color/compare/v1.16.0...v1.17.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 21:11:20 -07:00
dependabot[bot]
f577614baa
build(deps): bump the common-golang-dependencies group with 4 updates ( #3865 )
...
Bumps the common-golang-dependencies group with 4 updates:
[cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ),
[github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ),
[google.golang.org/api](https://github.com/googleapis/google-api-go-client )
and google.golang.org/protobuf.
Updates `cloud.google.com/go/storage` from 1.40.0 to 1.41.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-cloud-go/releases ">cloud.google.com/go/storage's
releases</a>.</em></p>
<blockquote>
<h2>storage: v1.41.0</h2>
<h2><a
href="https://github.com/googleapis/google-cloud-go/compare/storage/v1.40.0...storage/v1.41.0 ">1.41.0</a>
(2024-05-13)</h2>
<h3>Features</h3>
<ul>
<li><strong>storage/control:</strong> Make Managed Folders operations
public (<a
href="264a6dcddbhttps://redirect.github.com/googleapis/google-cloud-go/issues/9520 ">#9520</a>)
(<a
href="985deb2bdd3e250530563b41408445ba31ed5fdahttps://redirect.github.com/googleapis/google-cloud-go/issues/9747 ">#9747</a>)
(<a
href="bbfc0acc27https://redirect.github.com/googleapis/google-cloud-go/issues/9706 ">#9706</a>)
(<a
href="3cfc8eb418https://redirect.github.com/googleapis/google-cloud-go/issues/9705 ">#9705</a></li>
<li><strong>storage:</strong> Retry net.OpError on connection reset (<a
href="https://redirect.github.com/googleapis/google-cloud-go/issues/10154 ">#10154</a>)
(<a
href="54fab107f9https://redirect.github.com/googleapis/google-cloud-go/issues/9478 ">#9478</a></li>
<li><strong>storage:</strong> Wrap error when MaxAttempts is hit (<a
href="https://redirect.github.com/googleapis/google-cloud-go/issues/9767 ">#9767</a>)
(<a
href="9cb262bb65https://redirect.github.com/googleapis/google-cloud-go/issues/9720 ">#9720</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li><strong>storage/control:</strong> Update storage control
documentation and add PHP for publishing (<a
href="1d757c66479fb390d375https://redirect.github.com/googleapis/google-cloud-go/issues/7068 ">#7068</a>)</li>
<li><a
href="7231644e71https://redirect.github.com/googleapis/google-cloud-go/issues/7110 ">#7110</a>)</li>
<li><a
href="4f0456eb3chttps://redirect.github.com/googleapis/google-cloud-go/issues/7085 ">#7085</a>)</li>
<li><a
href="83f12d52fahttps://redirect.github.com/googleapis/google-cloud-go/issues/6990 ">#6990</a>)</li>
<li><a
href="8cd9468e9dhttps://redirect.github.com/googleapis/google-cloud-go/issues/7069 ">#7069</a>)</li>
<li><a
href="756f7bf9cahttps://redirect.github.com/googleapis/google-cloud-go/issues/6987 ">#6987</a>)</li>
<li><a
href="a77ada8a0dhttps://redirect.github.com/googleapis/google-cloud-go/issues/7067 ">#7067</a>)</li>
<li><a
href="d16d9afe8bhttps://redirect.github.com/googleapis/google-cloud-go/issues/7070 ">#7070</a>)</li>
<li><a
href="601c77a69ahttps://redirect.github.com/googleapis/google-cloud-go/issues/7096 ">#7096</a>)</li>
<li><a
href="eddaf71408https://github.com/googleapis/google-cloud-go/compare/spanner/v1.40.0...spanner/v1.41.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `github.com/prometheus/client_golang` from 1.19.0 to 1.19.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/releases ">github.com/prometheus/client_golang's
releases</a>.</em></p>
<blockquote>
<h2>v1.19.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Security patches for <code>golang.org/x/sys</code> and
<code>google.golang.org/protobuf</code></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/lukasauk "><code>@lukasauk</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1494 ">prometheus/client_golang#1494</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1 ">https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md ">github.com/prometheus/client_golang's
changelog</a>.</em></p>
<blockquote>
<h2>Unreleased</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e3f4b1091https://redirect.github.com/prometheus/client_golang/issues/1494 ">#1494</a>)</li>
<li><a
href="cad1bfa2b8https://redirect.github.com/prometheus/client_golang/issues/1454 ">#1454</a>
from prometheus/small-nits</li>
<li><a
href="0aa8c9f68bhttps://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/api` from 0.177.0 to 0.178.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.178.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.177.0...v0.178.0 ">0.178.0</a>
(2024-05-07)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2561 ">#2561</a>)
(<a
href="2d22d11df9https://redirect.github.com/googleapis/google-api-go-client/issues/2564 ">#2564</a>)
(<a
href="b313e4bd70https://redirect.github.com/googleapis/google-api-go-client/issues/2565 ">#2565</a>)
(<a
href="0843d21704https://redirect.github.com/googleapis/google-api-go-client/issues/2567 ">#2567</a>)
(<a
href="76b27f1620https://redirect.github.com/googleapis/google-api-go-client/issues/2568 ">#2568</a>)
(<a
href="d922e3b559https://redirect.github.com/googleapis/google-api-go-client/issues/2570 ">#2570</a>)
(<a
href="f2da582c9fhttps://redirect.github.com/googleapis/google-api-go-client/issues/2571 ">#2571</a>)
(<a
href="0c976dcc8dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2519 ">#2519</a>)
(<a
href="8c74bb83e2https://redirect.github.com/googleapis/google-api-go-client/issues/2563 ">#2563</a>)
(<a
href="fe54ffd923https://redirect.github.com/googleapis/google-api-go-client/issues/2566 ">#2566</a>)
(<a
href="5e44215df6https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.177.0...v0.178.0 ">0.178.0</a>
(2024-05-07)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2561 ">#2561</a>)
(<a
href="2d22d11df9https://redirect.github.com/googleapis/google-api-go-client/issues/2564 ">#2564</a>)
(<a
href="b313e4bd70https://redirect.github.com/googleapis/google-api-go-client/issues/2565 ">#2565</a>)
(<a
href="0843d21704https://redirect.github.com/googleapis/google-api-go-client/issues/2567 ">#2567</a>)
(<a
href="76b27f1620https://redirect.github.com/googleapis/google-api-go-client/issues/2568 ">#2568</a>)
(<a
href="d922e3b559https://redirect.github.com/googleapis/google-api-go-client/issues/2570 ">#2570</a>)
(<a
href="f2da582c9fhttps://redirect.github.com/googleapis/google-api-go-client/issues/2571 ">#2571</a>)
(<a
href="0c976dcc8dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2519 ">#2519</a>)
(<a
href="8c74bb83e2https://redirect.github.com/googleapis/google-api-go-client/issues/2563 ">#2563</a>)
(<a
href="fe54ffd923https://redirect.github.com/googleapis/google-api-go-client/issues/2566 ">#2566</a>)
(<a
href="5e44215df664ed0f864dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2562 ">#2562</a>)</li>
<li><a
href="0c976dcc8dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2571 ">#2571</a>)</li>
<li><a
href="8c74bb83e2https://redirect.github.com/googleapis/google-api-go-client/issues/2519 ">#2519</a>)</li>
<li><a
href="b5ae9460f7https://redirect.github.com/googleapis/google-api-go-client/issues/2569 ">#2569</a>)</li>
<li><a
href="f2da582c9fhttps://redirect.github.com/googleapis/google-api-go-client/issues/2570 ">#2570</a>)</li>
<li><a
href="d922e3b559https://redirect.github.com/googleapis/google-api-go-client/issues/2568 ">#2568</a>)</li>
<li><a
href="76b27f1620https://redirect.github.com/googleapis/google-api-go-client/issues/2567 ">#2567</a>)</li>
<li><a
href="5e44215df6https://redirect.github.com/googleapis/google-api-go-client/issues/2566 ">#2566</a>)</li>
<li><a
href="0843d21704https://redirect.github.com/googleapis/google-api-go-client/issues/2565 ">#2565</a>)</li>
<li><a
href="fe54ffd923https://redirect.github.com/googleapis/google-api-go-client/issues/2563 ">#2563</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.177.0...v0.178.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/protobuf` from 1.34.0 to 1.34.1
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 21:08:38 -07:00
Sirish Bathina
05fedcff60
fix(general): change pbkdf2 min salt length to 16 bytes ( #3864 )
...
Changing the minimum salt length of Pbkdf2 key derivation
algorithm to the NIST recommended minimum of 16 bytes.
This matches the minimum salt for scrypt-based key derivation.
2024-05-13 15:10:37 -07:00
Eugene Sumin
2b92388286
refactor(general): Increase restore progress granularity ( #3655 )
...
When restoring huge file(s), the progress reporting is done in a bit
weird way:
```
kopia_test % kopia snapshot restore ka2084d263182164b6cf3456668e6b6da /Users/eugen.sumin/kopia_test/2
Restoring to local filesystem (/Users/eugen.sumin/kopia_test/2) with parallelism=8...
Processed 6 (5.4 GB) of 5 (5.4 GB) 1.6 MB/s (100.0%) remaining 0s.
Processed 6 (5.4 GB) of 5 (5.4 GB) 1.6 MB/s (100.0%) remaining 0s.
Processed 6 (5.4 GB) of 5 (5.4 GB) 1.6 MB/s (100.0%) remaining 0s.
Processed 6 (5.4 GB) of 5 (5.4 GB) 1.5 MB/s (100.0%) remaining 0s.
Processed 6 (5.4 GB) of 5 (5.4 GB) 1.5 MB/s (100.0%) remaining 0s.
Processed 6 (5.4 GB) of 5 (5.4 GB) 1.5 MB/s (100.0%) remaining 0s.
Restored 5 files, 1 directories and 0 symbolic links (5.4 GB).
```
In fact, the amount of restored data is dumped when particular file
completely restored.
This PR contains the least invasive change, which allows us to see
progress update while file is downloaded from object storage.
```
Restoring to local filesystem (/Users/eugen.sumin/kopia_test/55) with parallelism=8...
Processed 2 (3.1 MB) of 5 (1.8 GB).
Processed 4 (459.6 MB) of 5 (1.8 GB) 270.3 MB/s (25.2%) remaining 4s.
Processed 4 (468.7 MB) of 5 (1.8 GB) 269 MB/s (25.7%) remaining 4s.
Processed 4 (741.6 MB) of 5 (1.8 GB) 269 MB/s (40.6%) remaining 3s.
Processed 4 (1.1 GB) of 5 (1.8 GB) 280 MB/s (57.6%) remaining 2s.
Processed 5 (1.4 GB) of 5 (1.8 GB) 291.1 MB/s (75.2%) remaining 1s.
Processed 5 (1.4 GB) of 5 (1.8 GB) 289.8 MB/s (75.6%) remaining 1s.
Processed 5 (1.6 GB) of 5 (1.8 GB) 270.2 MB/s (85.3%) remaining 0s.
Processed 5 (1.7 GB) of 5 (1.8 GB) 256.3 MB/s (95.0%) remaining 0s.
Processed 6 (1.8 GB) of 5 (1.8 GB) 251 MB/s (100.0%) remaining 0s.
Processed 6 (1.8 GB) of 5 (1.8 GB) 251 MB/s (100.0%) remaining 0s.
Restored 5 files, 1 directories and 0 symbolic links (1.8 GB).
```
---------
Co-authored-by: Shikhar Mall <mall.shikhar.in@gmail.com >
2024-05-10 09:47:13 -07:00
Wyatt Childers
e5790e333a
docs(cli): cache hard limits flags ( #3846 )
2024-05-07 12:02:40 -07:00
dependabot[bot]
6f0e902ece
build(deps): bump codecov/codecov-action from 4.3.0 to 4.3.1 ( #3848 )
...
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action ) from
4.3.0 to 4.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases ">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump typescript from 5.4.4 to 5.4.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1370 ">codecov/codecov-action#1370</a></li>
<li>fix: more verbose log message when failing to import pgp key by <a
href="https://github.com/ReenigneArcher "><code>@ReenigneArcher</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1371 ">codecov/codecov-action#1371</a></li>
<li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code>
from 7.6.0 to 7.7.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1374 ">codecov/codecov-action#1374</a></li>
<li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from
7.6.0 to 7.7.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1375 ">codecov/codecov-action#1375</a></li>
<li>build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1382 ">codecov/codecov-action#1382</a></li>
<li>build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1381 ">codecov/codecov-action#1381</a></li>
<li>build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1380 ">codecov/codecov-action#1380</a></li>
<li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from
7.7.0 to 7.7.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1384 ">codecov/codecov-action#1384</a></li>
<li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code>
from 7.7.0 to 7.7.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1383 ">codecov/codecov-action#1383</a></li>
<li>Update README.md to point to docs about tokenless by <a
href="https://github.com/rohan-at-sentry "><code>@rohan-at-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1395 ">codecov/codecov-action#1395</a></li>
<li>build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1393 ">codecov/codecov-action#1393</a></li>
<li>build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1392 ">codecov/codecov-action#1392</a></li>
<li>build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1391 ">codecov/codecov-action#1391</a></li>
<li>style: Node Packages by <a
href="https://github.com/marcobiedermann "><code>@marcobiedermann</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1394 ">codecov/codecov-action#1394</a></li>
<li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code>
from 7.7.1 to 7.8.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1402 ">codecov/codecov-action#1402</a></li>
<li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from
7.7.1 to 7.8.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1401 ">codecov/codecov-action#1401</a></li>
<li>docs: Type Annotations by <a
href="https://github.com/marcobiedermann "><code>@marcobiedermann</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1397 ">codecov/codecov-action#1397</a></li>
<li>docs: main branch by <a
href="https://github.com/marcobiedermann "><code>@marcobiedermann</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1396 ">codecov/codecov-action#1396</a></li>
<li>fix: bypass token checks for forks and OIDC by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1404 ">codecov/codecov-action#1404</a></li>
<li>chore(release): 4.3.1. by <a
href="https://github.com/thomasrockhu-codecov "><code>@thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1405 ">codecov/codecov-action#1405</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ReenigneArcher "><code>@ReenigneArcher</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1371 ">codecov/codecov-action#1371</a></li>
<li><a
href="https://github.com/rohan-at-sentry "><code>@rohan-at-sentry</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1395 ">codecov/codecov-action#1395</a></li>
<li><a
href="https://github.com/marcobiedermann "><code>@marcobiedermann</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1394 ">codecov/codecov-action#1394</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v4.3.0...v4.3.1 ">https://github.com/codecov/codecov-action/compare/v4.3.0...v4.3.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5ecb98a3c6https://redirect.github.com/codecov/codecov-action/issues/1405 ">#1405</a>)</li>
<li><a
href="5a299d1127https://redirect.github.com/codecov/codecov-action/issues/1404 ">#1404</a>)</li>
<li><a
href="dad251dcafhttps://redirect.github.com/codecov/codecov-action/issues/1396 ">#1396</a>)</li>
<li><a
href="e8bbe5fc01https://redirect.github.com/codecov/codecov-action/issues/1397 ">#1397</a>)</li>
<li><a
href="a6fd87fc19https://redirect.github.com/codecov/codecov-action/issues/1401 ">#1401</a>)</li>
<li><a
href="76c8cd61631290bddc88https://redirect.github.com/codecov/codecov-action/issues/1394 ">#1394</a>)</li>
<li><a
href="951ef79006https://redirect.github.com/codecov/codecov-action/issues/1391 ">#1391</a>)</li>
<li><a
href="bb71c1ba2fhttps://redirect.github.com/codecov/codecov-action/issues/1392 ">#1392</a>)</li>
<li><a
href="acc5d43cadhttps://redirect.github.com/codecov/codecov-action/issues/1393 ">#1393</a>)</li>
<li>Additional commits viewable in <a
href="84508663e9...5ecb98a3c6https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=4.3.0&new-version=4.3.1 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-06 19:34:29 -07:00
dependabot[bot]
94077cd8a2
build(deps): bump the github-actions group with 2 updates ( #3847 )
...
Bumps the github-actions group with 2 updates:
[actions/checkout](https://github.com/actions/checkout ) and
[actions/setup-go](https://github.com/actions/setup-go ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703 ">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694 ">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696 ">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695 ">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707 ">actions/checkout#1707</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 ">https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="44c2b7a8a4https://github.com/users "><code>@users</code></a>.norepl...</li>
<li><a
href="8459bc0c7ehttps://redirect.github.com/actions/checkout/issues/1695 ">#1695</a>)</li>
<li><a
href="3f603f6d5ehttps://redirect.github.com/actions/checkout/issues/1696 ">#1696</a>)</li>
<li><a
href="fd084cde18https://redirect.github.com/actions/checkout/issues/1694 ">#1694</a>)</li>
<li><a
href="9c1e94e0adhttps://redirect.github.com/actions/checkout/issues/1703 ">#1703</a>)</li>
<li>See full diff in <a
href="0ad4b8fada...44c2b7a8a4https://github.com/actions/setup-go/releases ">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> , <a
href="https://github.com/HarithaVattikuti "><code>@HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/465 ">actions/setup-go#465</a></li>
<li>Update documentation with latest V5 release notes by <a
href="https://github.com/ab "><code>@ab</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/459 ">actions/setup-go#459</a></li>
<li>Update version documentation by <a
href="https://github.com/178inaba "><code>@178inaba</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/458 ">actions/setup-go#458</a></li>
<li>Documentation update of <code>actions/setup-go</code> to v5 by <a
href="https://github.com/chenrui333 "><code>@chenrui333</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/449 ">actions/setup-go#449</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ab "><code>@ab</code></a> made their
first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/459 ">actions/setup-go#459</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1 ">https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cdcb360436https://redirect.github.com/actions/setup-go/issues/458 ">#458</a>)</li>
<li><a
href="99176a8f9ahttps://redirect.github.com/actions/setup-go/issues/459 ">#459</a>)</li>
<li><a
href="be1aa1186ehttps://redirect.github.com/actions/setup-go/issues/465 ">#465</a>)</li>
<li><a
href="6c1fd22b67https://redirect.github.com/actions/setup-go/issues/449 ">#449</a>)</li>
<li>See full diff in <a
href="0c52d547c9...cdcb360436support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-07 02:32:54 +00:00
dependabot[bot]
8f96d27c75
build(deps): bump the common-golang-dependencies group with 8 updates ( #3849 )
...
Bumps the common-golang-dependencies group with 8 updates:
| Package | From | To |
| --- | --- | --- |
| [golang.org/x/crypto](https://github.com/golang/crypto ) | `0.22.0` |
`0.23.0` |
| [golang.org/x/net](https://github.com/golang/net ) | `0.24.0` |
`0.25.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2 ) | `0.19.0` |
`0.20.0` |
| [golang.org/x/sys](https://github.com/golang/sys ) | `0.19.0` |
`0.20.0` |
| [golang.org/x/term](https://github.com/golang/term ) | `0.19.0` |
`0.20.0` |
| [golang.org/x/text](https://github.com/golang/text ) | `0.14.0` |
`0.15.0` |
|
[google.golang.org/api](https://github.com/googleapis/google-api-go-client )
| `0.176.1` | `0.177.0` |
| google.golang.org/protobuf | `1.33.0` | `1.34.0` |
Updates `golang.org/x/crypto` from 0.22.0 to 0.23.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="905d78a692ebb717d6300da2a6a1bb5defcc193ahttps://github.com/golang/crypto/compare/v0.22.0...v0.23.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/net` from 0.24.0 to 0.25.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d27919b57fe0324fcdb5b20cd5933af95a3b3a480a24555f5cec05fdcd71b67a0f0535a130fcc1c1https://github.com/golang/net/compare/v0.24.0...v0.25.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/oauth2` from 0.19.0 to 0.20.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="84cb9f7f5c4b7f0bdbc7e11eea88a8https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/sys` from 0.19.0 to 0.20.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d69d983c477580903249a2852479627dc90bcf4https://github.com/golang/sys/compare/v0.19.0...v0.20.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/term` from 0.19.0 to 0.20.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="46c790f81fhttps://github.com/golang/term/compare/v0.19.0...v0.20.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/text` from 0.14.0 to 0.15.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8d533a0c40https://github.com/golang/text/compare/v0.14.0...v0.15.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/api` from 0.176.1 to 0.177.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.177.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.176.1...v0.177.0 ">0.177.0</a>
(2024-04-30)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2548 ">#2548</a>)
(<a
href="32a5d10b18https://redirect.github.com/googleapis/google-api-go-client/issues/2550 ">#2550</a>)
(<a
href="f9bf96df3ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2551 ">#2551</a>)
(<a
href="4418f5fc55https://redirect.github.com/googleapis/google-api-go-client/issues/2553 ">#2553</a>)
(<a
href="2f46e14ff3https://redirect.github.com/googleapis/google-api-go-client/issues/2556 ">#2556</a>)
(<a
href="fb153c030ehttps://redirect.github.com/googleapis/google-api-go-client/issues/2544 ">#2544</a>)
(<a
href="2f2505b83dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2546 ">#2546</a>)
(<a
href="1b6db6c444https://redirect.github.com/googleapis/google-api-go-client/issues/2560 ">#2560</a>)
(<a
href="3eb92f1acfhttps://redirect.github.com/googleapis/google-api-go-client/issues/2543 ">#2543</a>
<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2559 ">#2559</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.176.1...v0.177.0 ">0.177.0</a>
(2024-04-30)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2548 ">#2548</a>)
(<a
href="32a5d10b18https://redirect.github.com/googleapis/google-api-go-client/issues/2550 ">#2550</a>)
(<a
href="f9bf96df3ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2551 ">#2551</a>)
(<a
href="4418f5fc55https://redirect.github.com/googleapis/google-api-go-client/issues/2553 ">#2553</a>)
(<a
href="2f46e14ff3https://redirect.github.com/googleapis/google-api-go-client/issues/2556 ">#2556</a>)
(<a
href="fb153c030ehttps://redirect.github.com/googleapis/google-api-go-client/issues/2544 ">#2544</a>)
(<a
href="2f2505b83dhttps://redirect.github.com/googleapis/google-api-go-client/issues/2546 ">#2546</a>)
(<a
href="1b6db6c444https://redirect.github.com/googleapis/google-api-go-client/issues/2560 ">#2560</a>)
(<a
href="3eb92f1acfhttps://redirect.github.com/googleapis/google-api-go-client/issues/2543 ">#2543</a>
<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2559 ">#2559</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a11ef60f2ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2545 ">#2545</a>)</li>
<li><a
href="e6e5ac51a5https://redirect.github.com/googleapis/google-api-go-client/issues/2552 ">#2552</a>)</li>
<li><a
href="3eb92f1acfhttps://redirect.github.com/googleapis/google-api-go-client/issues/2560 ">#2560</a>)</li>
<li><a
href="1b6db6c444https://redirect.github.com/googleapis/google-api-go-client/issues/2546 ">#2546</a>)</li>
<li><a
href="fb153c030ehttps://redirect.github.com/googleapis/google-api-go-client/issues/2556 ">#2556</a>)</li>
<li><a
href="a5d7734196https://redirect.github.com/googleapis/google-api-go-client/issues/2554 ">#2554</a>)</li>
<li><a
href="2f46e14ff3https://redirect.github.com/googleapis/google-api-go-client/issues/2553 ">#2553</a>)</li>
<li><a
href="4418f5fc55https://redirect.github.com/googleapis/google-api-go-client/issues/2551 ">#2551</a>)</li>
<li><a
href="f9bf96df3ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2550 ">#2550</a>)</li>
<li><a
href="32a5d10b18https://redirect.github.com/googleapis/google-api-go-client/issues/2548 ">#2548</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.176.1...v0.177.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.0
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-06 19:29:28 -07:00
Nick
4cf9582a49
test(server): Decompose base URL to URI to helper and add test ( #3839 )
...
Decompose the logic for parsing base URL into the URI for client dial.
Add a unit test for the new helper.
2024-05-02 18:01:28 +00:00
dependabot[bot]
0fc8b1ba88
build(deps-dev): bump ejs from 3.1.9 to 3.1.10 in /app ( #3841 )
...
Bumps [ejs](https://github.com/mde/ejs ) from 3.1.9 to 3.1.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/mde/ejs/releases ">ejs's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.10</h2>
<p>Version 3.1.10</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d3f807dea99ee26dde5de469741dca715e9507fahttps://redirect.github.com/mde/ejs/issues/756 ">#756</a> from
Jeffrey-mu/main</li>
<li><a
href="cabe3146ad29b076cdbb11503c79af7690404e2ff47d7aedd5828cea1687https://github.com/mde/ejs/compare/v3.1.9...v3.1.10 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/kopia/kopia/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-02 10:34:40 -07:00
Mark Severson
3fcdb9b185
refactor(general): avoid using empty master keys ( #3835 )
...
Previously, empty master keys were passed to the underlying
cryptographic primitives (HKDF, AEAD, etc.).
While this worked because the authentication mechanisms returned an
error, it's best to avoid passing empty master keys to these primitives
in the first place. This refactor avoids passing empty master keys and
enforces this via an assertion in the key derivation function.
2024-05-01 14:50:01 -07:00
Julio López
ad06bb20b1
refactor(general): remove ability to enable compaction on index load ( #3834 )
...
Cleanup.
- Fixes : #3638
- #3639
2024-05-01 14:33:46 -07:00
Julio López
f4b2034898
refactor(general): remove unused receiver ( #3833 )
...
No functional changes
2024-05-01 08:01:22 -07:00
Julio López
065e0adbfd
refactor(general): make key derivers available in tests ( #3826 )
...
- Re-introduces the **insecure**, lightweight key deriver for
testing **only**.
- Makes `scrypt` and `pbkdf2` derivers available in tests as well.
2024-04-30 17:21:11 -07:00
Nick
dc0dea4419
fix(cli): Fix client IPv6 URI generation for gRPC connections ( #3830 )
...
Connecting to gRPC repository API using an IPv6 address does not
correctly configure the URI for the client's dial. Reconstructing the
parsed URL into `hostname + ":" + port` will remove the square brackets
required for IPv6 addressing, resulting in a `too many colons in
address` error.
Fix the issue by instead using the helper `net.JoinHostPort()`, which
will add square brackets for IPv6 hostnames.
Tested by running `TestServer` with `httptest.serve` flag set, forcing
the test server to listen on the IPv6 loopback:
```
cd internal/server
go test -v -run=TestServer$ --httptest.serve=[::1]:0 ./server
```
Fails without fix:
```
server_test.go:48:
Error Trace: /workspaces/kopia/internal/server/server_test.go:48
Error: Received unexpected error:
failed to exit idle mode: invalid target address ::1:45373, error info: address ::1:45373:443: too many colons in address
```
Passes with fix:
```
--- PASS: TestServer (0.81s)
PASS
```
2024-04-29 19:32:59 -07:00
dependabot[bot]
95c38a3de7
build(deps): bump the github-actions group with 3 updates ( #3828 )
...
Bumps the github-actions group with 3 updates:
[actions/checkout](https://github.com/actions/checkout ),
[actions/download-artifact](https://github.com/actions/download-artifact )
and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4.1.3 to 4.1.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692 ">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688 ">actions/checkout#1688</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643 ">actions/checkout#1643</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693 ">actions/checkout#1693</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.3...v4.1.4 ">https://github.com/actions/checkout/compare/v4.1.3...v4.1.4 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md ">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692 ">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688 ">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693 ">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643 ">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<ul>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656 ">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685 ">actions/checkout#1685</a></li>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650 ">actions/checkout#1650</a></li>
</ul>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code>
option is not present <a
href="https://github.com/dscho "><code>@dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1598 ">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a
href="https://github.com/peterbe "><code>@peterbe</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1511 ">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1514 ">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396 ">Add
support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1067 ">Support
fetching without the --progress option</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1436 ">Update to
node20</a></li>
</ul>
<h2>v3.6.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1377 ">Fix: Mark
test scripts with Bash'isms to be run via Bash</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/579 ">Add
option to fetch tags even if fetch-depth > 0</a></li>
</ul>
<h2>v3.5.3</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1196 ">Fix:
Checkout fail in self-hosted runners when faulty submodule are
checked-in</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1287 ">Fix
typos found by codespell</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1369 ">Add
support for sparse checkouts</a></li>
</ul>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289 ">Fix
api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246 ">Fix
slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237 ">Add
new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1209 ">Upgrade
codeql actions to v2</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1210 ">Upgrade
dependencies</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1225 ">Upgrade
<code>@actions/io</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0ad4b8fadahttps://redirect.github.com/actions/checkout/issues/1704 ">#1704</a>)</li>
<li><a
href="43045ae669https://redirect.github.com/actions/checkout/issues/1692 ">#1692</a>)</li>
<li><a
href="37b082107bhttps://redirect.github.com/actions/checkout/issues/1693 ">#1693</a>)</li>
<li><a
href="9839dc14a0https://redirect.github.com/actions/checkout/issues/1688 ">#1688</a>)</li>
<li><a
href="9b4c13b0bfhttps://redirect.github.com/actions/checkout/issues/1643 ">#1643</a>)</li>
<li>See full diff in <a
href="1d96c772d1...0ad4b8fadahttps://github.com/actions/download-artifact/releases ">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@actions/artifact</code> dependency by <a
href="https://github.com/bethanyj28 "><code>@bethanyj28</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/325 ">actions/download-artifact#325</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7 ">https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65a9edc588https://redirect.github.com/actions/download-artifact/issues/325 ">#325</a>
from bethanyj28/main</li>
<li><a
href="fdd1595981c13dba102f0daa75ebeahttps://redirect.github.com/actions/download-artifact/issues/324 ">#324</a>
from actions/eggyhead/use-artifact-v2.1.6</li>
<li>See full diff in <a
href="9c19ed7fe5...65a9edc588https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247 ">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261 ">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes ">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235 ">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245 ">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224 ">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows.
For more information, see the release notes for CodeQL Action v3.23.0
and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the
filesystem. <a
href="https://redirect.github.com/github/codeql-action/pull/2229 ">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2232 ">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the
<code>file</code> program is not installed on a Linux runner, but is
required for Go tracing to succeed. <a
href="https://redirect.github.com/github/codeql-action/pull/2234 ">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2219 ">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5
and earlier. These versions of CodeQL were discontinued on 26 March 2024
alongside GitHub Enterprise Server 3.8, and will be unsupported by
CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2220 ">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.12.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.11.6 and 2.12.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.24.10 </code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.24.10 </code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2203 ">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d39d31e687https://redirect.github.com/github/codeql-action/issues/2262 ">#2262</a>
from github/update-v3.25.3-ac2f82a1f</li>
<li><a
href="a7278252c71efa8597b1ac2f82a1ffhttps://redirect.github.com/github/codeql-action/issues/2261 ">#2261</a>)</li>
<li><a
href="0ad7791640https://redirect.github.com/github/codeql-action/issues/2247 ">#2247</a>
from github/update-bundle/codeql-bundle-v2.17.1</li>
<li><a
href="79d9ee7f07dbf2b1706bhttps://redirect.github.com/github/codeql-action/issues/2255 ">#2255</a>
from github/mergeback/v3.25.2-to-main-8f596b4a</li>
<li><a
href="ff6a3c42a5619dc0c4b839e1e6509e8f596b4ae3...d39d31e687support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 17:27:27 -07:00
dependabot[bot]
7f836f1ca1
build(deps): bump the common-golang-dependencies group with 6 updates ( #3829 )
...
Bumps the common-golang-dependencies group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go ) |
`7.0.69` | `7.0.70` |
|
[go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go )
| `1.25.0` | `1.26.0` |
|
[go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go )
| `1.25.0` | `1.26.0` |
|
[go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go )
| `1.25.0` | `1.26.0` |
|
[go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go )
| `1.25.0` | `1.26.0` |
|
[google.golang.org/api](https://github.com/googleapis/google-api-go-client )
| `0.176.0` | `0.176.1` |
Updates `github.com/minio/minio-go/v7` from 7.0.69 to 7.0.70
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/minio/minio-go/releases ">github.com/minio/minio-go/v7's
releases</a>.</em></p>
<blockquote>
<h2>Bugfix Release</h2>
<h2>What's Changed</h2>
<ul>
<li>add support for authentication with EKS Pod Identities by <a
href="https://github.com/saweber "><code>@saweber</code></a> in <a
href="https://redirect.github.com/minio/minio-go/pull/1944 ">minio/minio-go#1944</a></li>
<li>Allow disabling dual-stack endpoints for Amazon S3 by <a
href="https://github.com/narqo "><code>@narqo</code></a> in <a
href="https://redirect.github.com/minio/minio-go/pull/1945 ">minio/minio-go#1945</a></li>
<li>Added <code>x-minio-replication-actual-object-size</code> to allowed
headers by <a
href="https://github.com/shtripat "><code>@shtripat</code></a> in <a
href="https://redirect.github.com/minio/minio-go/pull/1946 ">minio/minio-go#1946</a></li>
<li>Update vulncheck Go version to 1.22.x by <a
href="https://github.com/klauspost "><code>@klauspost</code></a> in <a
href="https://redirect.github.com/minio/minio-go/pull/1953 ">minio/minio-go#1953</a></li>
<li>fix: non md5 etags by <a
href="https://github.com/niger-prequel "><code>@niger-prequel</code></a>
in <a
href="https://redirect.github.com/minio/minio-go/pull/1952 ">minio/minio-go#1952</a></li>
<li>Bump golang.org/x/net from 0.21.0 to 0.23.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/minio/minio-go/pull/1954 ">minio/minio-go#1954</a></li>
<li>Bump golang.org/x/net from 0.21.0 to 0.23.0 in /examples/minio by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/minio/minio-go/pull/1955 ">minio/minio-go#1955</a></li>
<li>remove sha256-simd support we do not need it anymore by <a
href="https://github.com/harshavardhana "><code>@harshavardhana</code></a>
in <a
href="https://redirect.github.com/minio/minio-go/pull/1958 ">minio/minio-go#1958</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/saweber "><code>@saweber</code></a> made
their first contribution in <a
href="https://redirect.github.com/minio/minio-go/pull/1944 ">minio/minio-go#1944</a></li>
<li><a href="https://github.com/narqo "><code>@narqo</code></a> made
their first contribution in <a
href="https://redirect.github.com/minio/minio-go/pull/1945 ">minio/minio-go#1945</a></li>
<li><a
href="https://github.com/niger-prequel "><code>@niger-prequel</code></a>
made their first contribution in <a
href="https://redirect.github.com/minio/minio-go/pull/1952 ">minio/minio-go#1952</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/minio/minio-go/compare/v7.0.68...v7.0.70 ">https://github.com/minio/minio-go/compare/v7.0.68...v7.0.70 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c2fe17945chttps://redirect.github.com/minio/minio-go/issues/1958 ">#1958</a>)</li>
<li><a
href="0e5a768b1aafa8d5979fhttps://redirect.github.com/minio/minio-go/issues/1955 ">#1955</a>)</li>
<li><a
href="0558c7e653https://redirect.github.com/minio/minio-go/issues/1954 ">#1954</a>)</li>
<li><a
href="bfc8151b74e44abd363bhttps://redirect.github.com/minio/minio-go/issues/1952 ">#1952</a>)</li>
<li><a
href="18e8073b02https://redirect.github.com/minio/minio-go/issues/1953 ">#1953</a>)</li>
<li><a
href="e8ddcf0238https://github.com/minio/minio-go/compare/v7.0.69...v7.0.70 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `go.opentelemetry.io/otel` from 1.25.0 to 1.26.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel's
changelog</a>.</em></p>
<blockquote>
<h2>[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24</h2>
<h3>Added</h3>
<ul>
<li>Add <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
the log bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5134 ">#5134</a>)</li>
<li>Add span flags to OTLP spans and links exported by
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5194 ">#5194</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/sdk/log</code>.
This new module contains the Go implementation of the OpenTelemetry Logs
SDK.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
This new module contains an OTLP exporter that transmits log telemetry
using HTTP.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>.
This new module contains an exporter prints log records to STDOUT.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> package.
The package contains semantic conventions from the <code>v1.25.0</code>
version of the OpenTelemetry Semantic Conventions. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update <code>go.opentelemetry.io/proto/otlp</code> from v1.1.0 to
v1.2.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5177 ">#5177</a>)</li>
<li>Improve performance of baggage member character validation in
<code>go.opentelemetry.io/otel/baggage</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5214 ">#5214</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9656d0afa7https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5260 ">#5260</a>)</li>
<li><a
href="29e1c7e3e4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5237 ">#5237</a>)</li>
<li><a
href="baeb560673ae55e29744https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5256 ">#5256</a>)</li>
<li><a
href="fe8e3a1b42https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
<li><a
href="bf37c5a3a4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5253 ">#5253</a>)</li>
<li><a
href="b34cfc47c4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5239 ">#5239</a>)</li>
<li><a
href="9370c5a01fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5213 ">#5213</a>)</li>
<li><a
href="6e92163d6ahttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5222 ">#5222</a>)</li>
<li><a
href="f88533381bhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5245 ">#5245</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from
1.25.0 to 1.26.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc's
changelog</a>.</em></p>
<blockquote>
<h2>[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24</h2>
<h3>Added</h3>
<ul>
<li>Add <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
the log bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5134 ">#5134</a>)</li>
<li>Add span flags to OTLP spans and links exported by
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5194 ">#5194</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/sdk/log</code>.
This new module contains the Go implementation of the OpenTelemetry Logs
SDK.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
This new module contains an OTLP exporter that transmits log telemetry
using HTTP.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>.
This new module contains an exporter prints log records to STDOUT.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> package.
The package contains semantic conventions from the <code>v1.25.0</code>
version of the OpenTelemetry Semantic Conventions. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update <code>go.opentelemetry.io/proto/otlp</code> from v1.1.0 to
v1.2.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5177 ">#5177</a>)</li>
<li>Improve performance of baggage member character validation in
<code>go.opentelemetry.io/otel/baggage</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5214 ">#5214</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9656d0afa7https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5260 ">#5260</a>)</li>
<li><a
href="29e1c7e3e4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5237 ">#5237</a>)</li>
<li><a
href="baeb560673ae55e29744https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5256 ">#5256</a>)</li>
<li><a
href="fe8e3a1b42https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
<li><a
href="bf37c5a3a4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5253 ">#5253</a>)</li>
<li><a
href="b34cfc47c4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5239 ">#5239</a>)</li>
<li><a
href="9370c5a01fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5213 ">#5213</a>)</li>
<li><a
href="6e92163d6ahttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5222 ">#5222</a>)</li>
<li><a
href="f88533381bhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5245 ">#5245</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `go.opentelemetry.io/otel/sdk` from 1.25.0 to 1.26.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel/sdk's
changelog</a>.</em></p>
<blockquote>
<h2>[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24</h2>
<h3>Added</h3>
<ul>
<li>Add <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
the log bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5134 ">#5134</a>)</li>
<li>Add span flags to OTLP spans and links exported by
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5194 ">#5194</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/sdk/log</code>.
This new module contains the Go implementation of the OpenTelemetry Logs
SDK.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
This new module contains an OTLP exporter that transmits log telemetry
using HTTP.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>.
This new module contains an exporter prints log records to STDOUT.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> package.
The package contains semantic conventions from the <code>v1.25.0</code>
version of the OpenTelemetry Semantic Conventions. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update <code>go.opentelemetry.io/proto/otlp</code> from v1.1.0 to
v1.2.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5177 ">#5177</a>)</li>
<li>Improve performance of baggage member character validation in
<code>go.opentelemetry.io/otel/baggage</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5214 ">#5214</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9656d0afa7https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5260 ">#5260</a>)</li>
<li><a
href="29e1c7e3e4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5237 ">#5237</a>)</li>
<li><a
href="baeb560673ae55e29744https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5256 ">#5256</a>)</li>
<li><a
href="fe8e3a1b42https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
<li><a
href="bf37c5a3a4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5253 ">#5253</a>)</li>
<li><a
href="b34cfc47c4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5239 ">#5239</a>)</li>
<li><a
href="9370c5a01fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5213 ">#5213</a>)</li>
<li><a
href="6e92163d6ahttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5222 ">#5222</a>)</li>
<li><a
href="f88533381bhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5245 ">#5245</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `go.opentelemetry.io/otel/trace` from 1.25.0 to 1.26.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md ">go.opentelemetry.io/otel/trace's
changelog</a>.</em></p>
<blockquote>
<h2>[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24</h2>
<h3>Added</h3>
<ul>
<li>Add <code>Recorder</code> in
<code>go.opentelemetry.io/otel/log/logtest</code> to facilitate testing
the log bridge implementations. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5134 ">#5134</a>)</li>
<li>Add span flags to OTLP spans and links exported by
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5194 ">#5194</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/sdk/log</code>.
This new module contains the Go implementation of the OpenTelemetry Logs
SDK.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
This new module contains an OTLP exporter that transmits log telemetry
using HTTP.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>Make the initial alpha release of
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>.
This new module contains an exporter prints log records to STDOUT.
This module is unstable and breaking changes may be introduced.
See our <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/VERSIONING.md ">versioning
policy</a> for more information about these stability guarantees. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5240 ">#5240</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.25.0</code> package.
The package contains semantic conventions from the <code>v1.25.0</code>
version of the OpenTelemetry Semantic Conventions. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update <code>go.opentelemetry.io/proto/otlp</code> from v1.1.0 to
v1.2.0. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5177 ">#5177</a>)</li>
<li>Improve performance of baggage member character validation in
<code>go.opentelemetry.io/otel/baggage</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5214 ">#5214</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9656d0afa7https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5260 ">#5260</a>)</li>
<li><a
href="29e1c7e3e4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5237 ">#5237</a>)</li>
<li><a
href="baeb560673ae55e29744https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5256 ">#5256</a>)</li>
<li><a
href="fe8e3a1b42https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5254 ">#5254</a>)</li>
<li><a
href="bf37c5a3a4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5253 ">#5253</a>)</li>
<li><a
href="b34cfc47c4https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5239 ">#5239</a>)</li>
<li><a
href="9370c5a01fhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5213 ">#5213</a>)</li>
<li><a
href="6e92163d6ahttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5222 ">#5222</a>)</li>
<li><a
href="f88533381bhttps://redirect.github.com/open-telemetry/opentelemetry-go/issues/5245 ">#5245</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/api` from 0.176.0 to 0.176.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.176.1</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.176.0...v0.176.1 ">0.176.1</a>
(2024-04-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>transport/http:</strong> Pass through base transport (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2541 ">#2541</a>)
(<a
href="8d0b2b5bc5https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.176.0...v0.176.1 ">0.176.1</a>
(2024-04-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>transport/http:</strong> Pass through base transport (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2541 ">#2541</a>)
(<a
href="8d0b2b5bc564f40ff95ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2542 ">#2542</a>)</li>
<li><a
href="8d0b2b5bc5https://redirect.github.com/googleapis/google-api-go-client/issues/2541 ">#2541</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.176.0...v0.176.1 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 17:15:51 -07:00
Julio López
ca1962f6e4
refactor(general): user password hashing and key derivation helpers ( #3821 )
...
Code movement and simplification, no functional changes.
Objectives:
- Allow callers specifying the needed key (or hash) size, instead of
hard-coding it in the registered PBK derivers. Conceptually, the caller
needs to specify the key size, since that is a requirement of the
(encryption) algorithm being used in the caller. Now, the code changes
here do not result in any functional changes since the key size is
always 32 bytes.
- Remove a global definition for the default PB key deriver to use.
Instead, each of the 3 use case sets the default value.
Changes:
- `crypto.DeriveKeyFromPassword` now takes a key size.
- Adds new constants for the key sizes at the callers.
- Removes the global `crypto.MasterKeySize` const.
- Removes the global `crypto.DefaultKeyDerivationAlgorithm` const.
- Adds const for the default derivation algorithms for each use case.
- Adds a const for the salt length in the `internal/user` package, to ensure
the same salt length is used in both hash versions.
- Unexports various functions, variables and constants in the `internal/crypto`
& `internal/user` packages.
- Renames various constants for consistency.
- Removes unused functions and symbols.
- Renames files to be consistent and better reflect the structure of the code.
- Adds a couple of tests to ensure the const values are in sync and supported.
- Fixes a couple of typos
Followups to:
- #3725
- #3770
- #3779
- #3799
- #3816
The individual commits show the code transformations to simplify the
review of the changes.
2024-04-26 23:30:56 -07:00
Julio López
2db8b20ed9
chore(general): rename files for consistency ( #3825 )
2024-04-26 14:47:36 -07:00
Julio López
7d71cc9a97
fix(general): update error message to use defined constant ( #3820 )
2024-04-25 23:10:15 -07:00
Sirish Bathina
1e98511c2e
feat(general): key derivation algorithm for cache encryption ( #3799 )
...
Add an option to select the password-based key derivation algorithm
for the local cache encryption key when connecting to a kopia
repository server.
2024-04-25 17:45:12 -07:00
Sirish Bathina
02463ab118
feat(general): user profile hashing version to algorithm translation ( #3816 )
...
Reverts to using the `PasswordHashVersion` in the user profile.
Adds a simple mechanism for translating between password hash
version and the corresponding password hashing algorithm (key
derivation algorithm).
2024-04-24 17:50:26 -07:00
Sirish Bathina
c71f57d83c
feat(general): allow setting key derivation algorithm for format blob ( #3779 )
...
Adds support to set the algorithm to derive the key used to encrypt
the repository format blob.
2024-04-24 14:07:19 -07:00
Sirish Bathina
0dad3edd72
fix(cli): user add set user-password-hashing-algorithm cli option ( #3815 )
...
Updates the `user-password-hashing-algorithm` option to be
hidden and note that it is an experimental setting.
2024-04-23 17:24:01 -07:00
dependabot[bot]
a1ad8ce442
build(deps): bump the github-actions group with 4 updates ( #3812 )
...
Bumps the github-actions group with 4 updates:
[actions/checkout](https://github.com/actions/checkout ),
[actions/upload-artifact](https://github.com/actions/upload-artifact ),
[actions/download-artifact](https://github.com/actions/download-artifact )
and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4.1.2 to 4.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650 ">actions/checkout#1650</a></li>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656 ">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685 ">actions/checkout#1685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.2...v4.1.3 ">https://github.com/actions/checkout/compare/v4.1.2...v4.1.3 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1d96c772d1https://redirect.github.com/actions/checkout/issues/1685 ">#1685</a>)</li>
<li><a
href="cd7d8d697ehttps://redirect.github.com/actions/checkout/issues/1656 ">#1656</a>)</li>
<li><a
href="8410ad0602https://redirect.github.com/actions/checkout/issues/1650 ">#1650</a>)</li>
<li>See full diff in <a
href="9bb56186c3...1d96c772d1https://github.com/actions/upload-artifact/releases ">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.3</h2>
<h2>What's Changed</h2>
<ul>
<li>updating <code>@actions/artifact</code> dependency to v2.1.6 by <a
href="https://github.com/eggyhead "><code>@eggyhead</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/565 ">actions/upload-artifact#565</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3 ">https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3 </a></p>
<h2>v4.3.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update release-new-action-version.yml by <a
href="https://github.com/konradpabjan "><code>@konradpabjan</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/516 ">actions/upload-artifact#516</a></li>
<li>Minor fix to the migration readme by <a
href="https://github.com/andrewakim "><code>@andrewakim</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/523 ">actions/upload-artifact#523</a></li>
<li>Update readme with v3/v2/v1 deprecation notice by <a
href="https://github.com/robherley "><code>@robherley</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/561 ">actions/upload-artifact#561</a></li>
<li>updating <code>@actions/artifact</code> dependency to v2.1.5 and
<code>@actions/core</code> to v1.0.1 by <a
href="https://github.com/eggyhead "><code>@eggyhead</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/562 ">actions/upload-artifact#562</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/andrewakim "><code>@andrewakim</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/523 ">actions/upload-artifact#523</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2 ">https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65462800fdc004fb4bf690aba496fcb06cde36fchttps://redirect.github.com/actions/upload-artifact/issues/563 ">#563</a>
from actions/eggyhead/release-4.3.2</li>
<li><a
href="1746f4ab6531685d04a018bf333cd2https://redirect.github.com/actions/upload-artifact/issues/562 ">#562</a>
from actions/eggyhead/update-artifact-v215</li>
<li><a
href="dac413befabb3b4a3cdb3e3da837d25d5d22a312...65462800fdhttps://github.com/actions/download-artifact/releases ">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.6</h2>
<h2>What's Changed</h2>
<ul>
<li>updating <code>@actions/artifact</code> dependency to v2.1.6 by <a
href="https://github.com/eggyhead "><code>@eggyhead</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/324 ">actions/download-artifact#324</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6 ">https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6 </a></p>
<h2>v4.1.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Update readme with v3/v2/v1 deprecation notice by <a
href="https://github.com/robherley "><code>@robherley</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/322 ">actions/download-artifact#322</a></li>
<li>Update dependencies <code>@actions/core</code> to v1.10.1 and
<code>@actions/artifact</code> to v2.1.5</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5 ">https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9c19ed7fe53d3ea8741e89af5db821b4aefff88ehttps://redirect.github.com/actions/download-artifact/issues/323 ">#323</a>
from actions/eggyhead/update-artifact-v215</li>
<li><a
href="8caf195ad4d7a2ec411de56a1d48ef1fcda58b3a325a10d8b7f8aaee4a21https://redirect.github.com/actions/download-artifact/issues/322 ">#322</a>
from actions/robherley/deprecation-notice</li>
<li>Additional commits viewable in <a
href="c850b930e6...9c19ed7fe5https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes ">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235 ">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245 ">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224 ">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows.
For more information, see the release notes for CodeQL Action v3.23.0
and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the
filesystem. <a
href="https://redirect.github.com/github/codeql-action/pull/2229 ">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2232 ">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the
<code>file</code> program is not installed on a Linux runner, but is
required for Go tracing to succeed. <a
href="https://redirect.github.com/github/codeql-action/pull/2234 ">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2219 ">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5
and earlier. These versions of CodeQL were discontinued on 26 March 2024
alongside GitHub Enterprise Server 3.8, and will be unsupported by
CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2220 ">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.12.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.11.6 and 2.12.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.24.10 </code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.24.10 </code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2203 ">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<ul>
<li>Improve the ease of debugging extraction issues by increasing the
verbosity of the extractor logs when running in debug mode. <a
href="https://redirect.github.com/github/codeql-action/pull/2195 ">#2195</a></li>
</ul>
<h2>3.24.7 - 12 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2185 ">#2185</a></li>
</ul>
<h2>3.24.6 - 29 Feb 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8f596b4ae3https://redirect.github.com/github/codeql-action/issues/2254 ">#2254</a>
from github/update-v3.25.2-4909c1ffb</li>
<li><a
href="de8916ec5a4909c1ffb9https://redirect.github.com/github/codeql-action/issues/2253 ">#2253</a>)</li>
<li><a
href="f45390cde1https://redirect.github.com/github/codeql-action/issues/2252 ">#2252</a>
from github/henrymercer/failed-external-repo-config-...</li>
<li><a
href="1be8c488eb82edfe29cehttps://redirect.github.com/github/codeql-action/issues/2246 ">#2246</a>
from github/koesie10/remove-incorrect-log</li>
<li><a
href="8786e1f9a1https://redirect.github.com/github/codeql-action/issues/2249 ">#2249</a>
from github/mergeback/v3.25.1-to-main-c7f91257</li>
<li><a
href="3c7ac61481b5bd9be6dac7f9125735https://redirect.github.com/github/codeql-action/issues/2248 ">#2248</a>
from github/update-v3.25.1-c4fb45143</li>
<li>Additional commits viewable in <a
href="df5a14dc28...8f596b4ae3support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-22 18:37:23 -07:00
dependabot[bot]
ec74af8c2c
build(deps): bump the common-golang-dependencies group with 2 updates ( #3813 )
...
Bumps the common-golang-dependencies group with 2 updates:
[github.com/prometheus/common](https://github.com/prometheus/common ) and
[google.golang.org/api](https://github.com/googleapis/google-api-go-client ).
Updates `github.com/prometheus/common` from 0.52.3 to 0.53.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/common/releases ">github.com/prometheus/common's
releases</a>.</em></p>
<blockquote>
<h2>v0.53.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add StatusAt method for Alert struct by <a
href="https://github.com/grobinson-grafana "><code>@grobinson-grafana</code></a>
in <a
href="https://redirect.github.com/prometheus/common/pull/618 ">prometheus/common#618</a></li>
<li>config: allow exposing real secret value through marshal by <a
href="https://github.com/GiedriusS "><code>@GiedriusS</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/487 ">prometheus/common#487</a></li>
<li>Fix up config test by <a
href="https://github.com/SuperQ "><code>@SuperQ</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/621 ">prometheus/common#621</a></li>
<li>LabelSet.String: restore faster sort call by <a
href="https://github.com/bboreham "><code>@bboreham</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/619 ">prometheus/common#619</a></li>
<li>LabelSet: add unit test for String method by <a
href="https://github.com/bboreham "><code>@bboreham</code></a> in <a
href="https://redirect.github.com/prometheus/common/pull/620 ">prometheus/common#620</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/grobinson-grafana "><code>@grobinson-grafana</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/618 ">prometheus/common#618</a></li>
<li><a href="https://github.com/GiedriusS "><code>@GiedriusS</code></a>
made their first contribution in <a
href="https://redirect.github.com/prometheus/common/pull/487 ">prometheus/common#487</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/prometheus/common/compare/v0.52.3...v0.53.0 ">https://github.com/prometheus/common/compare/v0.52.3...v0.53.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e54e4df4b9https://redirect.github.com/prometheus/common/issues/620 ">#620</a>
from bboreham/test-string</li>
<li><a
href="e25b951c21https://redirect.github.com/prometheus/common/issues/619 ">#619</a>
from bboreham/restore-sort</li>
<li><a
href="c1b9b72525https://redirect.github.com/prometheus/common/issues/621 ">#621</a>)</li>
<li><a
href="de5ed88222https://redirect.github.com/prometheus/common/issues/487 ">#487</a>
from GiedriusS/allow_exposing_real_value</li>
<li><a
href="ea817bb07fhttps://redirect.github.com/prometheus/common/issues/618 ">#618</a>
from grobinson-grafana/grobinson/add-status-at</li>
<li><a
href="a1ca958f13be294f140b506a12c25efb6970a7e4https://github.com/prometheus/common/compare/v0.52.3...v0.53.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `google.golang.org/api` from 0.172.0 to 0.176.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.176.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.175.0...v0.176.0 ">0.176.0</a>
(2024-04-22)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2537 ">#2537</a>)
(<a
href="773fe01294https://redirect.github.com/googleapis/google-api-go-client/issues/2538 ">#2538</a>)
(<a
href="30d8c8795chttps://redirect.github.com/googleapis/google-api-go-client/issues/2540 ">#2540</a>)
(<a
href="6825bb8fc9https://redirect.github.com/googleapis/google-api-go-client/issues/2535 ">#2535</a>)
(<a
href="5a78abe30ahttps://github.com/googleapis/google-api-go-client/compare/v0.174.0...v0.175.0 ">0.175.0</a>
(2024-04-19)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2526 ">#2526</a>)
(<a
href="ec3a580290https://redirect.github.com/googleapis/google-api-go-client/issues/2529 ">#2529</a>)
(<a
href="9622a0d432https://redirect.github.com/googleapis/google-api-go-client/issues/2528 ">#2528</a>)
(<a
href="f662ab75f2https://redirect.github.com/googleapis/google-api-go-client/issues/2533 ">#2533</a>)
(<a
href="d64b1d06f0https://github.com/googleapis/google-api-go-client/compare/v0.173.0...v0.174.0 ">0.174.0</a>
(2024-04-17)</h2>
<h3>Features</h3>
<ul>
<li>Add hooks in for new auth library (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2228 ">#2228</a>)
(<a
href="4054271be9https://redirect.github.com/googleapis/google-api-go-client/issues/2524 ">#2524</a>)
(<a
href="f49960dabdhttps://redirect.github.com/googleapis/google-api-go-client/issues/2525 ">#2525</a>)
(<a
href="0f0a2f07ebhttps://redirect.github.com/googleapis/google-api-go-client/issues/2523 ">#2523</a>
<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2522 ">#2522</a></li>
</ul>
<h2>v0.173.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.172.0...v0.173.0 ">0.173.0</a>
(2024-04-16)</h2>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.175.0...v0.176.0 ">0.176.0</a>
(2024-04-22)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2537 ">#2537</a>)
(<a
href="773fe01294https://redirect.github.com/googleapis/google-api-go-client/issues/2538 ">#2538</a>)
(<a
href="30d8c8795chttps://redirect.github.com/googleapis/google-api-go-client/issues/2540 ">#2540</a>)
(<a
href="6825bb8fc9https://redirect.github.com/googleapis/google-api-go-client/issues/2535 ">#2535</a>)
(<a
href="5a78abe30ahttps://github.com/googleapis/google-api-go-client/compare/v0.174.0...v0.175.0 ">0.175.0</a>
(2024-04-19)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2526 ">#2526</a>)
(<a
href="ec3a580290https://redirect.github.com/googleapis/google-api-go-client/issues/2529 ">#2529</a>)
(<a
href="9622a0d432https://redirect.github.com/googleapis/google-api-go-client/issues/2528 ">#2528</a>)
(<a
href="f662ab75f2https://redirect.github.com/googleapis/google-api-go-client/issues/2533 ">#2533</a>)
(<a
href="d64b1d06f0https://github.com/googleapis/google-api-go-client/compare/v0.173.0...v0.174.0 ">0.174.0</a>
(2024-04-17)</h2>
<h3>Features</h3>
<ul>
<li>Add hooks in for new auth library (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2228 ">#2228</a>)
(<a
href="4054271be9https://redirect.github.com/googleapis/google-api-go-client/issues/2524 ">#2524</a>)
(<a
href="f49960dabdhttps://redirect.github.com/googleapis/google-api-go-client/issues/2525 ">#2525</a>)
(<a
href="0f0a2f07ebhttps://redirect.github.com/googleapis/google-api-go-client/issues/2523 ">#2523</a>
<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2522 ">#2522</a></li>
</ul>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.172.0...v0.173.0 ">0.173.0</a>
(2024-04-16)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2494 ">#2494</a>)
(<a
href="a48e9dea05https://redirect.github.com/googleapis/google-api-go-client/issues/2499 ">#2499</a>)
(<a
href="4ebe65e4c4https://redirect.github.com/googleapis/google-api-go-client/issues/2500 ">#2500</a>)
(<a
href="5b9019f282https://redirect.github.com/googleapis/google-api-go-client/issues/2501 ">#2501</a>)
(<a
href="cdac273fa081ccc7e530https://redirect.github.com/googleapis/google-api-go-client/issues/2536 ">#2536</a>)</li>
<li><a
href="6825bb8fc9https://redirect.github.com/googleapis/google-api-go-client/issues/2540 ">#2540</a>)</li>
<li><a
href="30d8c8795chttps://redirect.github.com/googleapis/google-api-go-client/issues/2538 ">#2538</a>)</li>
<li><a
href="773fe01294https://redirect.github.com/googleapis/google-api-go-client/issues/2537 ">#2537</a>)</li>
<li><a
href="5a78abe30ahttps://redirect.github.com/googleapis/google-api-go-client/issues/2535 ">#2535</a>)</li>
<li><a
href="67a5d6d5a6https://redirect.github.com/googleapis/google-api-go-client/issues/2527 ">#2527</a>)</li>
<li><a
href="d64b1d06f0https://redirect.github.com/googleapis/google-api-go-client/issues/2533 ">#2533</a>)</li>
<li><a
href="9622a0d432https://redirect.github.com/googleapis/google-api-go-client/issues/2529 ">#2529</a>)</li>
<li><a
href="f662ab75f2https://redirect.github.com/googleapis/google-api-go-client/issues/2528 ">#2528</a>)</li>
<li><a
href="ec3a580290https://redirect.github.com/googleapis/google-api-go-client/issues/2526 ">#2526</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.172.0...v0.176.0 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-22 17:22:33 -07:00
Julio López
17c3a8d4de
refactor(general): include parameters in pbkdf2 instantiation ( #3811 )
...
Use `pbkdf2-sha256-600000` as the name to be consistent with the scrypt
instantiation.
The format is `pbkdf2-<hash_type>-<number_of_iterations>`
2024-04-19 15:50:45 -07:00
Julio López
ff9f6a8325
refactor(general): change default number of iterations for PBKDF2 ( #3810 )
...
Use the value recommended by NIST
2024-04-19 15:27:38 -07:00
Jarek Kowalski
211e28c98c
chore(repository): BREAKING CHANGE remove support for HTTP-based repository API ( #3745 )
...
Remove support for HTTP-based repository API
2024-04-17 16:23:58 -07:00
dependabot[bot]
2d31c7b2d7
build(deps): bump codecov/codecov-action from 4.2.0 to 4.3.0 ( #3804 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](7afa10ed9b...84508663e9support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-17 05:15:38 +00:00
coderwander
f125f09ddc
chore: fix some typos in comments ( #3805 )
...
Signed-off-by: coderwander <770732124@qq.com >
2024-04-16 14:48:03 -07:00
dependabot[bot]