Skip to content

deps(deps): bump the security-updates group with 5 updates #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps(deps): bump the security-updates group with 5 updates #9

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 19, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the security-updates group with 5 updates:

Package From To
github.com/gorilla/websocket 1.5.1 1.5.3
github.com/oschwald/geoip2-golang 1.9.0 1.13.0
github.com/prometheus/client_golang 1.17.0 1.23.0
github.com/slack-go/slack 0.12.3 0.17.3
github.com/stretchr/testify 1.8.4 1.10.0

Updates github.com/gorilla/websocket from 1.5.1 to 1.5.3

Release notes

Sourced from github.com/gorilla/websocket's releases.

v1.5.3

Important change

This reverts the websockets package back to gorilla/websocket@931041c

What's Changed

New Contributors

Full Changelog: gorilla/websocket@v1.5.1...v1.5.3

v1.5.2

What's Changed

... (truncated)

Commits
  • ce903f6 Reverts to v1.5.0
  • 9ec25ca fixes broken random value generation
  • 1bddf2e bumps go version & removes deprecated module usage
  • 750bf92 adds GHA & Makefile configs
  • b2c246b Revert " Update go version & add verification/testing tools (#840)"
  • 09a6bab removing error handling while closing connections
  • 58af150 return errors instead of printing to logs
  • e5f1a0a excludes errchecks linter
  • b2a86a1 Do not timeout when WriteControl deadline is zero
  • 695e909 Remove hideTempErr to allow downstream users to check for errors like net.Err...
  • Additional commits viewable in compare view

Updates github.com/oschwald/geoip2-golang from 1.9.0 to 1.13.0

Release notes

Sourced from github.com/oschwald/geoip2-golang's releases.

1.13.0

  • Add support for GeoIP-City-Redacted-US and GeoIP-Enterprise-Redacted-US. Requested by Tom Anderson. GitHub #134.

1.11.0

  • Go 1.21 or greater is now required.
  • The new is_anycast output is now supported on the GeoIP2 Country, City, and Enterprise databases. #119.

Note: 1.10.0 was accidentally skipped.

Changelog

Sourced from github.com/oschwald/geoip2-golang's changelog.

2.0.0-beta.3 - 2025-07-07

  • Add support for GeoIP-City-Redacted-US and GeoIP-Enterprise-Redacted-US. Requested by Tom Anderson. GitHub #134.
  • Upgrade github.com/oschwald/maxminddb-golang/v2 to v2.0.0-beta.7.

2.0.0-beta.2 - 2025-06-28

  • BREAKING CHANGE: Replaced IsZero() methods with HasData() methods on all result structs (including Names). The new methods provide clearer semantics: HasData() returns true when GeoIP data is found and false when no data is available. Unlike IsZero(), HasData() excludes Network and IPAddress fields from validation, allowing users to access network topology information even when no GeoIP data is found. The Network and IPAddress fields are now always populated for all lookups, regardless of whether GeoIP data is available.
  • BREAKING CHANGE: Replaced all anonymous nested structs with named types to improve struct initialization ergonomics. All result structs (Enterprise, City, Country) now use named types like EnterpriseCityRecord, CityTraits, CountryRecord, etc. This makes it much easier to initialize structs in user code while maintaining the same JSON serialization behavior.
  • BREAKING CHANGE: Changed Location.Latitude and Location.Longitude from float64 to *float64 to properly distinguish between missing coordinates and the valid location (0, 0). Missing coordinates are now represented as nil and are omitted from JSON output, while valid zero coordinates are preserved. This fixes the ambiguity where (0, 0) was incorrectly treated as "no data". Added Location.HasCoordinates() method for safe coordinate access. Reported by Nick Bruun. GitHub #5.

2.0.0-beta.1 - 2025-06-22

  • BREAKING CHANGE: Updated to use maxminddb-golang/v2 which provides significant performance improvements and a more modern API.
  • BREAKING CHANGE: All lookup methods now accept netip.Addr instead of net.IP. This provides better performance and aligns with modern Go networking practices.
  • BREAKING CHANGE: Renamed IsoCode fields to ISOCode in all structs to follow proper capitalization for the ISO acronym. Closes GitHub issue #4.
  • BREAKING CHANGE: Replaced map[string]string Names fields with structured Names type for significant performance improvements. This eliminates map allocation overhead, reducing memory usage by 34% and allocations by 56%.
  • BREAKING CHANGE: Added JSON tags to all struct fields. JSON tags match the corresponding maxminddb tags where they exist. Custom fields (IPAddress and Network) use snake_case (ip_address and network).
  • BREAKING CHANGE: Removed IsAnonymousProxy and IsSatelliteProvider fields from all Traits structs. These fields have been removed from MaxMind databases. Use the dedicated Anonymous IP database for anonymity detection instead.
  • BREAKING CHANGE: Go 1.24 or greater is now required. This enables the use of omitzero in JSON tags to match MaxMind database behavior where empty values are not included.
  • Added IsZero() method to all result structs (City, Country, Enterprise, ASN,

... (truncated)

Commits
  • b651a19 Upgrade to golangci-lint v2
  • 77feac3 Add support for Redacted US databases
  • 0972ffa Merge pull request #119 from oschwald/greg/add-is-anycast
  • 3d75aca Update maxminddb
  • 4ae4358 Add is_anycast output for location DBs
  • 769ffcd Merge pull request #117 from oschwald/dependabot/github_actions/golangci/gola...
  • bdf366e Bump golangci/golangci-lint-action from 3 to 6
  • 080dd72 Merge pull request #118 from oschwald/greg/lints
  • 6ed528d Update supported Go versions
  • b4eb83a Update golangci-lint config
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.17.0 to 1.23.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.0 - 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.0 / 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

1.21.1 / 2025-03-04

  • [BUGFIX] prometheus: Revert of Inc, Add and Observe cumulative metric CAS optimizations (#1661), causing regressions on low contention cases.
  • [BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.

1.21.0 / 2025-02-17

⚠️ This release contains potential breaking change if you upgrade github.com/prometheus/common to 0.62+ together with client_golang. ⚠️

New common version changes model.NameValidationScheme global variable, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change model.NameValidationScheme to old model.LegacyValidation value in your project init function.

  • [BUGFIX] gocollector: Fix help message for runtime/metric metrics. #1583
  • [BUGFIX] prometheus: Fix Desc.String() method for no labels case. #1687
  • [ENHANCEMENT] prometheus: Optimize popular prometheus.BuildFQName function; now up to 30% faster. #1665
  • [ENHANCEMENT] prometheus: Optimize Inc, Add and Observe cumulative metrics; now up to 50% faster under high concurrent contention. #1661
  • [CHANGE] Upgrade prometheus/common to 0.62.0 which changes model.NameValidationScheme global variable. #1712
  • [CHANGE] Add support for Go 1.23. #1602
  • [FEATURE] process_collector: Add support for Darwin systems. #1600 #1616 #1625 #1675 #1715
  • [FEATURE] api: Add ability to invoke CloseIdleConnections on api.Client using api.Client.(CloseIdler).CloseIdleConnections() casting. #1513

... (truncated)

Commits

Updates github.com/slack-go/slack from 0.12.3 to 0.17.3

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.17.3

What's New

Fixes

  • Parse simple string based errors as part of the response by @​nlopes in slack-go/slack#1452 In the previous version we introduced the ability to parse specific errors (more complex ones) but Slack can still send us a string. string is now the fallback type.

Other

Full Changelog: slack-go/slack@v0.17.2...v0.17.3

v0.17.2

Features added

New Contributors

Full Changelog: slack-go/slack@v0.17.1...v0.17.2

v0.17.1

This has the potential to be a breaking change if and only if you have been building SlackResponse by hand, which you shouldn't 😬. If you are, my apologies for adding this in a minor version, I thought the likelihood of this to be very very low. See slack-go/slack#1443 for more details.

Features added

Detailed list of all of the changes

New Contributors

... (truncated)

Commits
  • e29b7e3 fix: parse simple string based errors as part of the response (#1452)
  • 13c4aec feat(users): add IsEmailConfirmed to User (#1458)
  • 4a2676d feat(users): add IsEmailConfirmed to User
  • 6efef11 feat: bring consistency to examples (#1456)
  • 36472df chore: add generated README to examples/
  • bc1f95f chore: more linting
  • dc611a3 fix(examples): quit if unable to send message
  • dccc5d8 chore: remove a bunch of global vars
  • 369013a chore: better code
  • f89cda5 chore: fix lint in team example
  • Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.8.4 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

Fixes

Documentation, Build & CI

New Contributors

... (truncated)

Commits
  • 89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
  • 07bac60 Merge pull request #1667 from sikehish/flaky
  • 716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
  • 118fb83 NotSame should fail if args are not pointers #1661 (#1664)
  • 7d99b2b attempt 2
  • 05f87c0 more similar
  • ea7129e better fmt
  • a1b9c9e Merge pull request #1663 from ybrustin/master
  • 8302de9 Merge branch 'master' into master
  • 89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the security-updates group with 5 updates
59a01e0 
Bumps the security-updates group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/gorilla/websocket](https://github.com/gorilla/websocket) | `1.5.1` | `1.5.3` |
| [github.com/oschwald/geoip2-golang](https://github.com/oschwald/geoip2-golang) | `1.9.0` | `1.13.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.17.0` | `1.23.0` |
| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.12.3` | `0.17.3` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.10.0` |


Updates `github.com/gorilla/websocket` from 1.5.1 to 1.5.3
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](gorilla/websocket@v1.5.1...v1.5.3)

Updates `github.com/oschwald/geoip2-golang` from 1.9.0 to 1.13.0
- [Release notes](https://github.com/oschwald/geoip2-golang/releases)
- [Changelog](https://github.com/oschwald/geoip2-golang/blob/main/CHANGELOG.md)
- [Commits](oschwald/geoip2-golang@v1.9.0...v1.13.0)

Updates `github.com/prometheus/client_golang` from 1.17.0 to 1.23.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.17.0...v1.23.0)

Updates `github.com/slack-go/slack` from 0.12.3 to 0.17.3
- [Release notes](https://github.com/slack-go/slack/releases)
- [Changelog](https://github.com/slack-go/slack/blob/master/history.go)
- [Commits](slack-go/slack@v0.12.3...v0.17.3)

Updates `github.com/stretchr/testify` from 1.8.4 to 1.10.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.4...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/gorilla/websocket
  dependency-version: 1.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security-updates
- dependency-name: github.com/oschwald/geoip2-golang
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: github.com/slack-go/slack
  dependency-version: 0.17.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 19, 2025

Labels

The following labels could not be found: dependencies, go, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Anipaleja Anipaleja

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Anipaleja