Skip to content

chore(deps): bump the go_modules group across 4 directories with 7 updates #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump the go_modules group across 4 directories with 7 updates #52

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 12, 2025
edited by sourcery-ai bot
Loading

Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-body directory: github.com/cloudevents/sdk-go/v2 and github.com/dapr/dapr.
Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-uri directory: github.com/cloudevents/sdk-go/v2 and github.com/dapr/dapr.
Bumps the go_modules group with 1 update in the /t/grpc_server_example directory: google.golang.org/grpc.
Bumps the go_modules group with 1 update in the /t/plugin/grpc-web directory: google.golang.org/grpc.

Updates github.com/cloudevents/sdk-go/v2 from 2.4.1 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

  • Patch for a potential security issue. See CVE-2024-28110.
  • Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

Release v2.15.1

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits
  • de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
  • c5f8d9d Update v2/protocol/http/protocol.go
  • c17d949 Avoid modifying the DefaultClient's Transport
  • 67e3899 Merge pull request #1020 from duglin/oops
  • f0061e0 oops
  • 4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
  • b6949b0 Bump the bundler group across 1 directories with 1 update
  • df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
  • 1af6e06 Bump golangci/golangci-lint-action from 3 to 4
  • 2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
  • Additional commits viewable in compare view

Updates github.com/dapr/dapr from 1.6.0 to 1.10.9

Release notes

Sourced from github.com/dapr/dapr's releases.

Dapr Runtime v1.10.9

Dapr 1.10.9 [security]

This update contains security fixes:

Security: API token authentication bypass in HTTP endpoints

Problem

Security advisory

A moderate-severity vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.

Impact

The vulnerability impacts all users on Dapr <=1.10.9 and <=1.11.2 who are using API token authentication.

Root cause

The Dapr sidecar allowed all requests containing /healthz in the URL (including query string) to bypass API token authentication.

Solution

We have changed the API token authentication middleware to allow bypassing the authentication only for healthcheck endpoints more strictly.

Security: Potential DoS in avro dependency (CVE-2023-37475)

Problem

CVE-2023-37475

An issue in the third-party avro dependency could cause a resource exhaustion and a DoS for Dapr.

Impact

This issue impacts users of Dapr that use the Pulsar components.

Root cause

The issue was in a third-party dependency.

Solution

We have upgraded the avro dependency to version 2.13.0 which contains a fix for the reported issue.

Dapr Runtime v1.10.9-rc.1

This is the release candidate 1.10.9-rc.1

Commits

Updates golang.org/x/net from 0.0.0-20211015210444-4f30a5c0130f to 0.6.0

Commits

Updates golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.5.0

Commits

Updates golang.org/x/text from 0.3.7 to 0.7.0

Commits
  • 71a9c9a all: fix some comments
  • ec5565b README.md: update documentation of module versioning
  • c8236a6 unicode/bidi: remove unused global
  • ada7473 all: remove redundant type conversion
  • 1bdb400 language: remove compatibility with go < 1.2
  • 252bee0 go.mod: ignore cyclic dependency for tagging
  • ecab6e5 go.mod: ignore cyclic dependency for tagging
  • 369c86b all: fix a few function names on comments
  • 434eadc language: reject excessively large Accept-Language strings
  • 23407e7 go.mod: ignore cyclic dependency for tagging
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.40.0 to 1.52.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.28.1

Updates github.com/cloudevents/sdk-go/v2 from 2.4.1 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

  • Patch for a potential security issue. See CVE-2024-28110.
  • Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

Release v2.15.1

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits
  • de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
  • c5f8d9d Update v2/protocol/http/protocol.go
  • c17d949 Avoid modifying the DefaultClient's Transport
  • 67e3899 Merge pull request #1020 from duglin/oops
  • f0061e0 oops
  • 4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
  • b6949b0 Bump the bundler group across 1 directories with 1 update
  • df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
  • 1af6e06 Bump golangci/golangci-lint-action from 3 to 4
  • 2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
  • Additional commits viewable in compare view

Updates github.com/dapr/dapr from 1.8.3 to 1.10.9

Release notes

Sourced from github.com/dapr/dapr's releases.

Dapr Runtime v1.10.9

Dapr 1.10.9 [security]

This update contains security fixes:

Security: API token authentication bypass in HTTP endpoints

Problem

Security advisory

A moderate-severity vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.

Impact

The vulnerability impacts all users on Dapr <=1.10.9 and <=1.11.2 who are using API token authentication.

Root cause

The Dapr sidecar allowed all requests containing /healthz in the URL (including query string) to bypass API token authentication.

Solution

We have changed the API token authentication middleware to allow bypassing the authentication only for healthcheck endpoints more strictly.

Security: Potential DoS in avro dependency (CVE-2023-37475)

Problem

CVE-2023-37475

An issue in the third-party avro dependency could cause a resource exhaustion and a DoS for Dapr.

Impact

This issue impacts users of Dapr that use the Pulsar components.

Root cause

The issue was in a third-party dependency.

Solution

We have upgraded the avro dependency to version 2.13.0 which contains a fix for the reported issue.

Dapr Runtime v1.10.9-rc.1

This is the release candidate 1.10.9-rc.1

Commits

Updates golang.org/x/net from 0.0.0-20220621193019-9d032be2e588 to 0.6.0

Commits

Updates golang.org/x/sys from 0.0.0-20220520151302-bc2c85ada10a to 0.5.0

Commits

Updates golang.org/x/text from 0.3.7 to 0.7.0

Commits
  • 71a9c9a all: fix some comments
  • ec5565b README.md: update documentation of module versioning
  • c8236a6 unicode/bidi: remove unused global
  • ada7473 all: remove redundant type conversion
  • 1bdb400 language: remove compatibility with go < 1.2
  • 252bee0 go.mod: ignore cyclic dependency for tagging
  • ecab6e5 go.mod: ignore cyclic dependency for tagging
  • 369c86b all: fix a few function names on comments
  • 434eadc language: reject excessively large Accept-Language strings
  • 23407e7 go.mod: ignore cyclic dependency for tagging
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.47.0 to 1.52.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.28.1

Updates google.golang.org/grpc from 1.53.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.1 to 1.30.0

Updates google.golang.org/grpc from 1.53.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nilDescription has been truncated

    Summary by Sourcery

    Bump go modules across multiple directories.

    Chores:

    • Bump github.com/cloudevents/sdk-go/v2 from 2.4.1 to 2.15.2 in /ci/pod/openfunction/function-example/test-body and /ci/pod/openfunction/function-example/test-uri.
    • Bump github.com/dapr/dapr from 1.6.0 to 1.10.9 in /ci/pod/openfunction/function-example/test-body.
    • Bump github.com/dapr/dapr from 1.8.3 to 1.10.9 in /ci/pod/openfunction/function-example/test-uri.
    • Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /t/grpc_server_example and /t/plugin/grpc-web.

@dependabot
chore(deps): bump the go_modules group across 4 directories with 7 up…
e451527 
…dates

Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-body directory: [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) and [github.com/dapr/dapr](https://github.com/dapr/dapr).
Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-uri directory: [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) and [github.com/dapr/dapr](https://github.com/dapr/dapr).
Bumps the go_modules group with 1 update in the /t/grpc_server_example directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the go_modules group with 1 update in the /t/plugin/grpc-web directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `github.com/cloudevents/sdk-go/v2` from 2.4.1 to 2.15.2
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](cloudevents/sdk-go@v2.4.1...v2.15.2)

Updates `github.com/dapr/dapr` from 1.6.0 to 1.10.9
- [Release notes](https://github.com/dapr/dapr/releases)
- [Changelog](https://github.com/dapr/dapr/blob/master/RELEASE.md)
- [Commits](dapr/dapr@v1.6.0...v1.10.9)

Updates `golang.org/x/net` from 0.0.0-20211015210444-4f30a5c0130f to 0.6.0
- [Commits](https://github.com/golang/net/commits/v0.6.0)

Updates `golang.org/x/sys` from 0.0.0-20211019181941-9d821ace8654 to 0.5.0
- [Commits](https://github.com/golang/sys/commits/v0.5.0)

Updates `golang.org/x/text` from 0.3.7 to 0.7.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.3.7...v0.7.0)

Updates `google.golang.org/grpc` from 1.40.0 to 1.52.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

Updates `google.golang.org/protobuf` from 1.28.0 to 1.28.1

Updates `github.com/cloudevents/sdk-go/v2` from 2.4.1 to 2.15.2
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](cloudevents/sdk-go@v2.4.1...v2.15.2)

Updates `github.com/dapr/dapr` from 1.8.3 to 1.10.9
- [Release notes](https://github.com/dapr/dapr/releases)
- [Changelog](https://github.com/dapr/dapr/blob/master/RELEASE.md)
- [Commits](dapr/dapr@v1.6.0...v1.10.9)

Updates `golang.org/x/net` from 0.0.0-20220621193019-9d032be2e588 to 0.6.0
- [Commits](https://github.com/golang/net/commits/v0.6.0)

Updates `golang.org/x/sys` from 0.0.0-20220520151302-bc2c85ada10a to 0.5.0
- [Commits](https://github.com/golang/sys/commits/v0.5.0)

Updates `golang.org/x/text` from 0.3.7 to 0.7.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.3.7...v0.7.0)

Updates `google.golang.org/grpc` from 1.47.0 to 1.52.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

Updates `google.golang.org/protobuf` from 1.28.0 to 1.28.1

Updates `google.golang.org/grpc` from 1.53.0 to 1.56.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

Updates `google.golang.org/protobuf` from 1.28.1 to 1.30.0

Updates `google.golang.org/grpc` from 1.53.0 to 1.56.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.56.3)

---
updated-dependencies:
- dependency-name: github.com/cloudevents/sdk-go/v2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/dapr/dapr
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/text
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/cloudevents/sdk-go/v2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/dapr/dapr
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/text
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 12, 2025
@sourcery-ai
Copy link

sourcery-ai bot commented Mar 12, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request updates several go module dependencies across multiple directories. It includes updates to cloudevents, dapr, golang.org/x, google.golang.org/grpc, google.golang.org/protobuf, and github.com/golang/protobuf.

Updated class diagram for gRPC dependencies

classDiagram
  class grpc {
    -version: string
  }
  note for grpc "Updated from 1.53.0 to 1.56.3"
  class protobuf {
    -version: string
  }
  note for protobuf "Updated from 1.28.1 to 1.30.0 in t/grpc_server_example"
  note for protobuf "Updated from 1.28.0 to 1.28.1"
Loading

File-Level Changes

Change Details Files
Updated the github.com/cloudevents/sdk-go/v2 dependency.
  • Updated from version 2.4.1 to 2.15.2.
 ci/pod/openfunction/function-example/test-body/go.mod
ci/pod/openfunction/function-example/test-uri/go.mod
Updated the github.com/dapr/dapr dependency.
  • Updated from version 1.6.0 to 1.10.9 in the test-body directory.
  • Updated from version 1.8.3 to 1.10.9 in the test-uri directory.
 ci/pod/openfunction/function-example/test-body/go.mod
ci/pod/openfunction/function-example/test-uri/go.mod
Updated multiple golang.org/x dependencies.
  • Updated golang.org/x/net from an earlier version to 0.6.0.
  • Updated golang.org/x/sys from an earlier version to 0.5.0.
  • Updated golang.org/x/text from 0.3.7 to 0.7.0.
 ci/pod/openfunction/function-example/test-body/go.mod
ci/pod/openfunction/function-example/test-uri/go.mod
Updated the google.golang.org/grpc dependency.
  • Updated from version 1.40.0 to 1.52.3 in the test-body directory.
  • Updated from version 1.47.0 to 1.52.3 in the test-uri directory.
  • Updated from version 1.53.0 to 1.56.3 in the grpc_server_example and grpc-web directories.
 ci/pod/openfunction/function-example/test-body/go.mod
ci/pod/openfunction/function-example/test-uri/go.mod
t/grpc_server_example/go.mod
t/plugin/grpc-web/go.mod
Updated the google.golang.org/protobuf dependency.
  • Updated from version 1.28.0 to 1.28.1 in the test-body and test-uri directories.
  • Updated from version 1.28.1 to 1.30.0 in the grpc_server_example directory.
 ci/pod/openfunction/function-example/test-body/go.mod
ci/pod/openfunction/function-example/test-uri/go.mod
t/grpc_server_example/go.mod
Updated the github.com/golang/protobuf dependency.
  • Updated from version 1.5.2 to 1.5.3 in the grpc_server_example and grpc-web directories.
 t/grpc_server_example/go.mod
t/plugin/grpc-web/go.mod
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Mar 12, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

@github-actions
Copy link

github-actions bot commented May 12, 2025

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.

@github-actions github-actions bot added the stale label May 12, 2025
@github-actions
Copy link

github-actions bot commented Jun 9, 2025

This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.

@github-actions github-actions bot closed this Jun 9, 2025
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jun 9, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/go_modules/ci/pod/openfunction/function-example/test-body/go_modules-5860b0824d branch June 9, 2025 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant