Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the go_modules group across 4 directories with 7 updates #37

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the go_modules group across 4 directories with 7 updates #37

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 7, 2024

Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-body directory: github.com/cloudevents/sdk-go/v2 and github.com/dapr/dapr.
Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-uri directory: github.com/cloudevents/sdk-go/v2 and github.com/dapr/dapr.
Bumps the go_modules group with 2 updates in the /t/grpc_server_example directory: golang.org/x/net and google.golang.org/grpc.
Bumps the go_modules group with 1 update in the /t/plugin/grpc-web directory: google.golang.org/grpc.

Updates github.com/cloudevents/sdk-go/v2 from 2.4.1 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

  • Patch for a potential security issue. See CVE-2024-28110.
  • Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

Release v2.15.1

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits
  • de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
  • c5f8d9d Update v2/protocol/http/protocol.go
  • c17d949 Avoid modifying the DefaultClient's Transport
  • 67e3899 Merge pull request #1020 from duglin/oops
  • f0061e0 oops
  • 4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
  • b6949b0 Bump the bundler group across 1 directories with 1 update
  • df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
  • 1af6e06 Bump golangci/golangci-lint-action from 3 to 4
  • 2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
  • Additional commits viewable in compare view

Updates github.com/dapr/dapr from 1.6.0 to 1.10.9

Release notes

Sourced from github.com/dapr/dapr's releases.

Dapr Runtime v1.10.9

Dapr 1.10.9 [security]

This update contains security fixes:

Security: API token authentication bypass in HTTP endpoints

Problem

Security advisory

A moderate-severity vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.

Impact

The vulnerability impacts all users on Dapr <=1.10.9 and <=1.11.2 who are using API token authentication.

Root cause

The Dapr sidecar allowed all requests containing /healthz in the URL (including query string) to bypass API token authentication.

Solution

We have changed the API token authentication middleware to allow bypassing the authentication only for healthcheck endpoints more strictly.

Security: Potential DoS in avro dependency (CVE-2023-37475)

Problem

CVE-2023-37475

An issue in the third-party avro dependency could cause a resource exhaustion and a DoS for Dapr.

Impact

This issue impacts users of Dapr that use the Pulsar components.

Root cause

The issue was in a third-party dependency.

Solution

We have upgraded the avro dependency to version 2.13.0 which contains a fix for the reported issue.

Dapr Runtime v1.10.9-rc.1

This is the release candidate 1.10.9-rc.1

... (truncated)

Commits

Updates golang.org/x/net from 0.0.0-20211015210444-4f30a5c0130f to 0.6.0

Commits
  • c48da13 http2: fix TestServerContinuationFlood flakes
  • 762b58d http2: fix tipos in comment
  • ba87210 http2: close connections when receiving too many headers
  • ebc8168 all: fix some typos
  • 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
  • 448c44f http2: remove clientTester
  • c7877ac http2: convert the remaining clientTester tests to testClientConn
  • d8870b0 http2: use synthetic time in TestIdleConnTimeout
  • d73acff http2: only set up deadline when Server.IdleTimeout is positive
  • 89f602b http2: validate client/outgoing trailers
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.5.0

Commits

Updates golang.org/x/text from 0.3.7 to 0.7.0

Commits
  • 71a9c9a all: fix some comments
  • ec5565b README.md: update documentation of module versioning
  • c8236a6 unicode/bidi: remove unused global
  • ada7473 all: remove redundant type conversion
  • 1bdb400 language: remove compatibility with go < 1.2
  • 252bee0 go.mod: ignore cyclic dependency for tagging
  • ecab6e5 go.mod: ignore cyclic dependency for tagging
  • 369c86b all: fix a few function names on comments
  • 434eadc language: reject excessively large Accept-Language strings
  • 23407e7 go.mod: ignore cyclic dependency for tagging
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.40.0 to 1.52.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.28.1

Updates github.com/cloudevents/sdk-go/v2 from 2.4.1 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

  • Patch for a potential security issue. See CVE-2024-28110.
  • Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

Release v2.15.1

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits
  • de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
  • c5f8d9d Update v2/protocol/http/protocol.go
  • c17d949 Avoid modifying the DefaultClient's Transport
  • 67e3899 Merge pull request #1020 from duglin/oops
  • f0061e0 oops
  • 4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
  • b6949b0 Bump the bundler group across 1 directories with 1 update
  • df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
  • 1af6e06 Bump golangci/golangci-lint-action from 3 to 4
  • 2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
  • Additional commits viewable in compare view

Updates github.com/dapr/dapr from 1.8.3 to 1.10.9

Release notes

Sourced from github.com/dapr/dapr's releases.

Dapr Runtime v1.10.9

Dapr 1.10.9 [security]

This update contains security fixes:

Security: API token authentication bypass in HTTP endpoints

Problem

Security advisory

A moderate-severity vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.

Impact

The vulnerability impacts all users on Dapr <=1.10.9 and <=1.11.2 who are using API token authentication.

Root cause

The Dapr sidecar allowed all requests containing /healthz in the URL (including query string) to bypass API token authentication.

Solution

We have changed the API token authentication middleware to allow bypassing the authentication only for healthcheck endpoints more strictly.

Security: Potential DoS in avro dependency (CVE-2023-37475)

Problem

CVE-2023-37475

An issue in the third-party avro dependency could cause a resource exhaustion and a DoS for Dapr.

Impact

This issue impacts users of Dapr that use the Pulsar components.

Root cause

The issue was in a third-party dependency.

Solution

We have upgraded the avro dependency to version 2.13.0 which contains a fix for the reported issue.

Dapr Runtime v1.10.9-rc.1

This is the release candidate 1.10.9-rc.1

... (truncated)

Commits

Updates golang.org/x/net from 0.0.0-20220621193019-9d032be2e588 to 0.6.0

Commits
  • c48da13 http2: fix TestServerContinuationFlood flakes
  • 762b58d http2: fix tipos in comment
  • ba87210 http2: close connections when receiving too many headers
  • ebc8168 all: fix some typos
  • 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
  • 448c44f http2: remove clientTester
  • c7877ac http2: convert the remaining clientTester tests to testClientConn
  • d8870b0 http2: use synthetic time in TestIdleConnTimeout
  • d73acff http2: only set up deadline when Server.IdleTimeout is positive
  • 89f602b http2: validate client/outgoing trailers
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.0.0-20220520151302-bc2c85ada10a to 0.5.0

Commits

Updates golang.org/x/text from 0.3.7 to 0.7.0

Commits
  • 71a9c9a all: fix some comments
  • ec5565b README.md: update documentation of module versioning
  • c8236a6 unicode/bidi: remove unused global
  • ada7473 all: remove redundant type conversion
  • 1bdb400 language: remove compatibility with go < 1.2
  • 252bee0 go.mod: ignore cyclic dependency for tagging
  • ecab6e5 go.mod: ignore cyclic dependency for tagging
  • 369c86b all: fix a few function names on comments
  • 434eadc language: reject excessively large Accept-Language strings
  • 23407e7 go.mod: ignore cyclic dependency for tagging
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.47.0 to 1.52.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.28.1

Updates golang.org/x/net from 0.7.0 to 0.23.0

Commits
  • c48da13 http2: fix TestServerContinuationFlood flakes
  • 762b58d http2: fix tipos in comment
  • ba87210 http2: close connections when receiving too many headers
  • ebc8168 all: fix some typos
  • 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
  • 448c44f http2: remove clientTester
  • c7877ac http2: convert the remaining clientTester tests to testClientConn
  • d8870b0 http2: use synthetic time in TestIdleConnTimeout
  • d73acff http2: only set up deadline when Server.IdleTimeout is positive
  • 89f602b http2: validate client/outgoing trailers
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.53.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in

@dependabot
chore(deps): bump the go_modules group across 4 directories with 7 up…
b58bee6 
…dates

Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-body directory: [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) and [github.com/dapr/dapr](https://github.com/dapr/dapr).
Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-uri directory: [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) and [github.com/dapr/dapr](https://github.com/dapr/dapr).
Bumps the go_modules group with 2 updates in the /t/grpc_server_example directory: [golang.org/x/net](https://github.com/golang/net) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the go_modules group with 1 update in the /t/plugin/grpc-web directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `github.com/cloudevents/sdk-go/v2` from 2.4.1 to 2.15.2
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](cloudevents/sdk-go@v2.4.1...v2.15.2)

Updates `github.com/dapr/dapr` from 1.6.0 to 1.10.9
- [Release notes](https://github.com/dapr/dapr/releases)
- [Commits](dapr/dapr@v1.6.0...v1.10.9)

Updates `golang.org/x/net` from 0.0.0-20211015210444-4f30a5c0130f to 0.6.0
- [Commits](golang/net@v0.7.0...v0.23.0)

Updates `golang.org/x/sys` from 0.0.0-20211019181941-9d821ace8654 to 0.5.0
- [Commits](https://github.com/golang/sys/commits/v0.5.0)

Updates `golang.org/x/text` from 0.3.7 to 0.7.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.3.7...v0.7.0)

Updates `google.golang.org/grpc` from 1.40.0 to 1.52.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

Updates `google.golang.org/protobuf` from 1.28.0 to 1.28.1

Updates `github.com/cloudevents/sdk-go/v2` from 2.4.1 to 2.15.2
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](cloudevents/sdk-go@v2.4.1...v2.15.2)

Updates `github.com/dapr/dapr` from 1.8.3 to 1.10.9
- [Release notes](https://github.com/dapr/dapr/releases)
- [Commits](dapr/dapr@v1.6.0...v1.10.9)

Updates `golang.org/x/net` from 0.0.0-20220621193019-9d032be2e588 to 0.6.0
- [Commits](golang/net@v0.7.0...v0.23.0)

Updates `golang.org/x/sys` from 0.0.0-20220520151302-bc2c85ada10a to 0.5.0
- [Commits](https://github.com/golang/sys/commits/v0.5.0)

Updates `golang.org/x/text` from 0.3.7 to 0.7.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.3.7...v0.7.0)

Updates `google.golang.org/grpc` from 1.47.0 to 1.52.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

Updates `google.golang.org/protobuf` from 1.28.0 to 1.28.1

Updates `golang.org/x/net` from 0.7.0 to 0.23.0
- [Commits](golang/net@v0.7.0...v0.23.0)

Updates `google.golang.org/grpc` from 1.53.0 to 1.56.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

Updates `google.golang.org/protobuf` from 1.28.1 to 1.30.0

Updates `google.golang.org/grpc` from 1.53.0 to 1.56.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

---
updated-dependencies:
- dependency-name: github.com/cloudevents/sdk-go/v2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/dapr/dapr
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/text
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/cloudevents/sdk-go/v2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/dapr/dapr
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/text
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 7, 2024
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
pypi/[email protected] environment, eval, filesystem, network, shell, unsafe 0 1.05 MB billiejoex, giampaolo.rodola
pypi/[email protected] environment, eval, filesystem, network, unsafe 0 3.64 MB ingy, nitzmahone, tinita
pypi/[email protected] environment, eval, shell, unsafe 0 375 kB JelleZijlstra, ambv, guido, ...5 more

View full report↗︎

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 7, 2024

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.

@github-actions github-actions bot added the stale label Jul 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 5, 2024

This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.

@github-actions github-actions bot closed this Aug 5, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Aug 5, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/go_modules/ci/pod/openfunction/function-example/test-body/go_modules-3f6418e974 branch August 5, 2024 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants