Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the go-modules group across 1 directory with 17 updates #796

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 23, 2024

Bumps the go-modules group with 13 updates in the / directory:

Package From To
github.com/Microsoft/hcsshim 0.12.4 0.12.5
github.com/cyphar/filepath-securejoin 0.2.5 0.3.1
github.com/docker/cli 27.0.2+incompatible 27.1.1+incompatible
github.com/google/go-containerregistry 0.19.2 0.20.1
github.com/mattn/go-runewidth 0.0.15 0.0.16
github.com/moby/sys/sequential 0.5.0 0.6.0
github.com/skeema/knownhosts 1.2.2 1.3.0
github.com/sylabs/sif/v2 2.17.0 2.18.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.52.0 0.53.0
golang.org/x/crypto 0.24.0 0.25.0
golang.org/x/mod 0.18.0 0.19.0
golang.org/x/net 0.26.0 0.27.0
google.golang.org/grpc 1.64.1 1.65.0

Updates github.com/Microsoft/hcsshim from 0.12.4 to 0.12.5

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.5

What's Changed

Full Changelog: microsoft/hcsshim@v0.12.4...v0.12.5

Commits
  • e970943 Modifying network flag EnableIov.
  • 4f77a09 Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...
  • 3b5bd8a [release/0.12] vendor: github.com/containerd/containerd v17.18
  • 40cdbc8 Adding state attribute to the HNSEndpoint struct to support hyperv containers...
  • See full diff in compare view

Updates github.com/cyphar/filepath-securejoin from 0.2.5 to 0.3.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.1

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from [libpathrs][1] and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

  • OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

  • Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.1] - 2024-07-23

Changed

  • By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

  • We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

    Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Fixed

  • Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

    These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

[0.3.0] - 2024-07-11

Added

  • A new set of *os.File-based APIs have been added. These are adapted from [libpathrs][] and we strongly suggest using them if possible (as they provide far more protection against attacks than SecureJoin):

    • Open(at)InRoot resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the handle returned is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- [see open(2) for more details][open.2])

    • Reopen takes an O_PATH file handle and safely re-opens it to upgrade it to a regular handle. This can also be used with non-O_PATH handles, but O_PATH is the most obvious application.

    • MkdirAll is an implementation of os.MkdirAll that is safe to use to

... (truncated)

Commits
  • ce7b28a VERSION: release v0.3.1
  • a2c14f8 CHANGELOG: add readlinkat(fd, "") shout-out
  • 4ea279f merge #22 into cyphar/filepath-securejoin:main
  • 16e1bec CHANGELOG: add initial changelog with current history
  • 2404ffb merge #21 into cyphar/filepath-securejoin:main
  • f29b7a4 lookup: handle // and trailing slash components correctly
  • ecd61ca merge #19 into cyphar/filepath-securejoin:main
  • 38b1220 procfs: refactor statx mnt_id logic
  • 45c4415 procfs: use readlink(fd, "") for magic-links
  • edab538 merge #17 into cyphar/filepath-securejoin:main
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 27.0.2+incompatible to 27.1.1+incompatible

Commits
  • 6312585 Merge pull request #5274 from thaJeztah/27.1_backport_compose_oom
  • c599566 Allow for OomScoreAdj
  • fb19def Merge pull request #5271 from thaJeztah/27.1_backport_custom_headers_env_var
  • bccd478 Merge pull request #5270 from thaJeztah/27.1_backport_test_spring_cleaning
  • 8992378 add support for DOCKER_CUSTOM_HEADERS env-var (experimental)
  • f90273c Merge pull request #5269 from thaJeztah/27.1_backport_add_macos_apple_silicon
  • ca9636a test spring-cleaning
  • ad47d2a gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1)
  • a2a0fb7 Merge pull request #5263 from thaJeztah/27.1_backport_relax_pr_check
  • 16d6c90 Merge pull request #5265 from thaJeztah/27.1_backport_bump_buildx_compose
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.19.2 to 0.20.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.1

What's Changed

Full Changelog: google/go-containerregistry@v0.20.0...v0.20.1

v0.20.0

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.19.2...v0.20.0

Commits

Updates github.com/mattn/go-runewidth from 0.0.15 to 0.0.16

Commits

Updates github.com/moby/sys/sequential from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/moby/sys/sequential's releases.

signal/v0.6.0

What's Changed

New Contributors

Full Changelog: moby/sys@signal/v0.5.0...signal/v0.6.0

mountinfo v0.6.0

New functionality

  • Add MountedFast by @​kolyshkin in moby/sys#100 Note: most users should keep using Mounted, which already incorporates all optimizations from MountedFast

Full changelog: moby/sys@mountinfo/v0.5.0...mountinfo/v0.6.0

sequential v0.6.0

What's Changed

  • sequential: remove fileFlagSequentialScan const
  • sequential: consistently use x/sys/windows for consts
  • sequential: open(File)Sequential: remove unused arg
  • sequential: move error-handling to openFileSequential
  • sequential: simplify docs for non-Windows implementations
  • sequential: update docs for Windows-implementation
  • bump golang.org/x/sys to v0.1.0

Full Changelog: moby/sys@sequential/v0.5.0...sequential/v0.6.0

Commits
  • 03b9f8d Merge pull request #94 from thaJeztah/bump_mountinfo
  • bdd898e mount: update github.com/moby/sys/mountinfo v0.5.0
  • fbd276c Merge pull request #93 from kolyshkin/ci-f35
  • afb7f50 Merge pull request #92 from kolyshkin/more-linters
  • 9372d68 ci: bump Fedora to 35
  • 9a90d6d Format code with gofumpt, enable linter
  • 85e4bfd Makefile: update golangci-lint to 1.43.0
  • f0fb439 .gitattributes: add
  • b016007 ci: add unconvert and errorlint linters to golanci
  • 6056970 Fix errorlint warnings
  • Additional commits viewable in compare view

Updates github.com/skeema/knownhosts from 1.2.2 to 1.3.0

Commits
  • 9485bde docs: add PR template and CONTRIBUTING.md guide; minor README tweaks
  • 8b8ca37 host matching: handle wildcards with non-standard port (#10)
  • 7c797a4 Merge pull request #9 from skeema/certs-backwards-compat
  • 53a26cc Minor adjustments based on initial PR feedback
  • 69b4a62 certs: reimplement previous commit to maintain backwards compat
  • d314bf3 Support cert authorities
  • 5832aa8 ci: send coverage to Coveralls; upgrade action versions
  • 7acc57b go.mod: update golang.org/x dependencies
  • See full diff in compare view

Updates github.com/sylabs/sif/v2 from 2.17.0 to 2.18.0

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.18.0

What's Changed

Full Changelog: sylabs/sif@v2.17.1...v2.18.0

v2.17.1

What's Changed

Full Changelog: sylabs/sif@v2.17.0...v2.17.1

Commits
  • a2a8352 Merge pull request #374 from tri-adam/delete-objects
  • 68683b4 feat: add DeleteObjects
  • 94b0b65 build(deps): bump github.com/google/go-containerregistry (#376)
  • 48f265f Merge pull request #373 from tri-adam/compaction
  • e8dad67 refactor: improve delete compaction logic
  • 8783e3b refactor: improve compaction logic for AddObject
  • e3aa617 Merge pull request #375 from tri-adam/update-readme
  • 8f557d5 docs: update links to Go docs
  • de30604 Merge pull request #368 from tri-adam/go-1.23-rc
  • 9ea2328 ci: add testing against Go 1.23 RC
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.52.0 to 0.53.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

Release v1.28.0/v0.53.0/v0.22.0/v0.8.0/v0.3.0/v0.1.0

Overview

Added

  • Add the new go.opentelemetry.io/contrib/detectors/azure/azurevm package to provide a resource detector for Azure VMs. (#5422)
  • Add support to configure views when creating MeterProvider using the config package. (#5654)
  • The go.opentelemetry.io/contrib/config add support to configure periodic reader interval and timeout. (#5661)
  • Add log support for the autoexport package. (#5733)
  • Add support for disabling the old runtime metrics using the OTEL_GO_X_DEPRECATED_RUNTIME_METRICS=false environment variable. (#5747)
  • Add support for signal-specific protocols environment variables (OTEL_EXPORTER_OTLP_TRACES_PROTOCOL, OTEL_EXPORTER_OTLP_LOGS_PROTOCOL, OTEL_EXPORTER_OTLP_METRICS_PROTOCOL) in go.opentelemetry.io/contrib/exporters/autoexport. (#5816)
  • The go.opentelemetry.io/contrib/processors/minsev module is added. This module provides and experimental logging processor with a configurable threshold for the minimum severity records must have to be recorded. (#5817)
  • The go.opentelemetry.io/contrib/processors/baggagecopy module. This module is a replacement of go.opentelemetry.io/contrib/processors/baggage/baggagetrace. (#5824)

Changed

  • Improve performance of go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
  • Improve performance of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
  • Update go.opentelemetry.io/contrib/config to latest released configuration schema which introduces breaking changes where Attributes is now a map[string]interface{}. (#5758)
  • Upgrade all dependencies of go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0. (#5847)

Fixed

  • Custom attributes targeting metrics recorded by the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp are not ignored anymore. (#5129)
  • The double setup in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/example that caused duplicate traces. (#5564)
  • The superfluous response.WriteHeader call in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when the response writer is flushed. (#5634)
  • Use c.FullPath() method to set http.route attribute in go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin. (#5734)
  • Out-of-bounds panic in case of invalid span ID in go.opentelemetry.io/contrib/propagators/b3. (#5754)

Deprecated

  • The go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho package is deprecated. If you would like to become a Code Owner of this module and prevent it from being removed, see #5550. (#5645)
  • The go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron package is deprecated. If you would like to become a Code Owner of this module and prevent it from being removed, see #5552. (#5646)
  • The go.opentelemetry.io/contrib/samplers/aws/xray package is deprecated. If you would like to become a Code Owner of this module and prevent it from being removed, see #5554. (#5647)
  • The go.opentelemetry.io/contrib/processors/baggage/baggagetrace package is deprecated. Use the added go.opentelemetry.io/contrib/processors/baggagecopy package instead. (#5824)
    • Use baggagecopy.NewSpanProcessor as a replacement for baggagetrace.New.
      • NewSpanProcessor accepts a Fitler function type that selects which baggage members are added to a span.
      • NewSpanProcessor returns a *baggagecopy.SpanProcessor instead of a trace.SpanProcessor interface. The returned type still implements the interface.

#5550: open-telemetry/opentelemetry-go-contrib#5550 #5552: open-telemetry/opentelemetry-go-contrib#5552 #5554: open-telemetry/opentelemetry-go-contrib#5554

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's changelog.

[1.28.0/0.53.0/0.22.0/0.8.0/0.3.0/0.1.0] - 2024-07-02

Added

  • Add the new go.opentelemetry.io/contrib/detectors/azure/azurevm package to provide a resource detector for Azure VMs. (#5422)
  • Add support to configure views when creating MeterProvider using the config package. (#5654)
  • The go.opentelemetry.io/contrib/config add support to configure periodic reader interval and timeout. (#5661)
  • Add log support for the autoexport package. (#5733)
  • Add support for disabling the old runtime metrics using the OTEL_GO_X_DEPRECATED_RUNTIME_METRICS=false environment variable. (#5747)
  • Add support for signal-specific protocols environment variables (OTEL_EXPORTER_OTLP_TRACES_PROTOCOL, OTEL_EXPORTER_OTLP_LOGS_PROTOCOL, OTEL_EXPORTER_OTLP_METRICS_PROTOCOL) in go.opentelemetry.io/contrib/exporters/autoexport. (#5816)
  • The go.opentelemetry.io/contrib/processors/minsev module is added. This module provides and experimental logging processor with a configurable threshold for the minimum severity records must have to be recorded. (#5817)
  • The go.opentelemetry.io/contrib/processors/baggagecopy module. This module is a replacement of go.opentelemetry.io/contrib/processors/baggage/baggagetrace. (#5824)

Changed

  • Improve performance of go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
  • Improve performance of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
  • Update go.opentelemetry.io/contrib/config to latest released configuration schema which introduces breaking changes where Attributes is now a map[string]interface{}. (#5758)
  • Upgrade all dependencies of go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0. (#5847)

Fixed

  • Custom attributes targeting metrics recorded by the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp are not ignored anymore. (#5129)
  • The double setup in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/example that caused duplicate traces. (#5564)
  • The superfluous response.WriteHeader call in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when the response writer is flushed. (#5634)
  • Use c.FullPath() method to set http.route attribute in go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin. (#5734)
  • Out-of-bounds panic in case of invalid span ID in go.opentelemetry.io/contrib/propagators/b3. (#5754)

Deprecated

  • The go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho package is deprecated. If you would like to become a Code Owner of this module and prevent it from being removed, see #5550. (#5645)
  • The go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron package is deprecated. If you would like to become a Code Owner of this module and prevent it from being removed, see #5552. (#5646)
  • The go.opentelemetry.io/contrib/samplers/aws/xray package is deprecated. If you would like to become a Code Owner of this module and prevent it from being removed, see #5554. (#5647)
  • The go.opentelemetry.io/contrib/processors/baggage/baggagetrace package is deprecated. Use the added go.opentelemetry.io/contrib/processors/baggagecopy package instead. (#5824)
    • Use baggagecopy.NewSpanProcessor as a replacement for baggagetrace.New.
      • NewSpanProcessor accepts a Fitler function type that selects which baggage members are added to a span.
      • NewSpanProcessor returns a *baggagecopy.SpanProcessor instead of a trace.SpanProcessor interface. The returned type still implements the interface.

#5550: open-telemetry/opentelemetry-go-contrib#5550 #5552: open-telemetry/opentelemetry-go-contrib#5552 #5554: open-telemetry/opentelemetry-go-contrib#5554

Commits
  • af75717 Release v1.28.0/v0.53.0/v0.22.0/v0.8.0/v0.3.0/v0.1.0 (#5847)
  • b6a9271 fix(deps): update module github.com/aws/aws-sdk-go to v1.54.13 (#5843)
  • 66306fe Add @​XSAM and @​dmathieu as repository maintainers (#5838)
  • f783d1f Upgrade Go versions in CI (#5845)
  • d6e791c fix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.58.0 (...
  • efde831 Remove otelmongo deprecation while we onboard a Code Owner (#5840)
  • 32d3e6a fix(deps): update module google.golang.org/grpc to v1.65.0 (#5837)
  • 1ce0d1c Revert toolchain addition to autoexport (#5841)
  • 53f34f2 fix(deps): update module cloud.google.com/go/compute/metadata to v0.4.0 (#5835)
  • 56e279e fix(deps): update module github.com/aws/aws-sdk-go to v1.54.12 (#5834)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.27.0 to 1.28.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.28.0/0.50.0/0.4.0] 2024-07-02

Added

  • The IsEmpty method is added to the Instrument type in go.opentelemetry.io/otel/sdk/metric. This method is used to check if an Instrument instance is a zero-value. (#5431)
  • Store and provide the emitted context.Context in ScopeRecords of go.opentelemetry.io/otel/sdk/log/logtest. (#5468)
  • The go.opentelemetry.io/otel/semconv/v1.26.0 package. The package contains semantic conventions from the v1.26.0 version of the OpenTelemetry Semantic Conventions. (#5476)
  • The AssertRecordEqual method to go.opentelemetry.io/otel/log/logtest to allow comparison of two log records in tests. (#5499)
  • The WithHeaders option to go.opentelemetry.io/otel/exporters/zipkin to allow configuring custom http headers while exporting spans. (#5530)

Changed

  • Tracer.Start in go.opentelemetry.io/otel/trace/noop no longer allocates a span for empty span context. (#5457)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/example/otel-collector. (#5490)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/example/zipkin. (#5490)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/exporters/zipkin. (#5490)
    • The exporter no longer exports the deprecated "otel.library.name" or "otel.library.version" attributes.
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/sdk/resource. (#5490)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/sdk/trace. (#5490)
  • SimpleProcessor.OnEmit in go.opentelemetry.io/otel/sdk/log no longer allocates a slice which makes it possible to have a zero-allocation log processing using SimpleProcessor. (#5493)
  • Use non-generic functions in the Start method of "go.opentelemetry.io/otel/sdk/trace".Trace to reduce memory allocation. (#5497)
  • service.instance.id is populated for a Resource created with "go.opentelemetry.io/otel/sdk/resource".Default with a default value when OTEL_GO_X_RESOURCE is set. (#5520)
  • Improve performance of metric instruments in go.opentelemetry.io/otel/sdk/metric by removing unnecessary calls to time.Now. (#5545)

Fixed

  • Log a warning to the OpenTelemetry internal logger when a Record in go.opentelemetry.io/otel/sdk/log drops an attribute due to a limit being reached. (#5376)
  • Identify the Tracer returned from the global TracerProvider in go.opentelemetry.io/otel/global with its schema URL. (#5426)
  • Identify the Meter returned from the global MeterProvider in go.opentelemetry.io/otel/global with its schema URL. (#5426)
  • Log a warning to the OpenTelemetry internal logger when a Span in go.opentelemetry.io/otel/sdk/trace drops an attribute, event, or link due to a limit being reached. (#5434)
  • Document instrument name requirements in go.opentelemetry.io/otel/metric. (#5435)
  • Prevent random number generation data-race for experimental rand exemplars in go.opentelemetry.io/otel/sdk/metric. (#5456)
  • Fix counting number of dropped attributes of Record in go.opentelemetry.io/otel/sdk/log. (#5464)
  • Fix panic in baggage creation when a member contains 0x80 char in key or value. (#5494)
  • Correct comments for the priority of the WithEndpoint and WithEndpointURL options and their corresponding environment variables in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#5508)
  • Retry trace and span ID generation if it generated an invalid one in go.opentelemetry.io/otel/sdk/trace. (#5514)
  • Fix stale timestamps reported by the last-value aggregation. (#5517)
  • Indicate the Exporter in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp must be created by the New method. (#5521)
  • Improved performance in all {Bool,Int64,Float64,String}SliceValue functions of go.opentelemetry.io/attributes by reducing the number of allocations. (#5549)
  • Replace invalid percent-encoded octet sequences with replacement char in go.opentelemetry.io/otel/baggage. (#5528)
Commits
  • 81216fb Releases v1.28.0/v0.50.0/v0.4.0 (#5569)
  • 8279a1a Add @​XSAM and @​dmathieu as repository maintainers (#5558)
  • cff1a25 chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.104...
  • 0485de2 Move time.Now call into exemplar reservoir to improve performance (#5545)
  • 1cefb17 chore(deps): update google.golang.org/genproto/googleapis/rpc digest to f6361...
  • 874f2a2 chore(deps): update google.golang.org/genproto/googleapis/api digest to f6361...
  • b477e34 sdk/log: Add filtering Processor example (#5543)
  • d7e5001 sdk/log: Fix ExampleProcessor_redact to clone the record (#5559)
  • 4987a1d Split the span start/end benchmarks and test start with links and attributes ...
  • 82fe9aa Generate internal/transform in otlploggrpc (#5553)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/metric from 1.27.0 to 1.28.0

Changelog

Sourced from go.opentelemetry.io/otel/metric's changelog.

[1.28.0/0.50.0/0.4.0] 2024-07-02

Added

  • The IsEmpty method is added to the Instrument type in go.opentelemetry.io/otel/sdk/metric. This method is used to check if an Instrument instance is a zero-value. (#5431)
  • Store and provide the emitted context.Context in ScopeRecords of go.opentelemetry.io/otel/sdk/log/logtest. (#5468)
  • The go.opentelemetry.io/otel/semconv/v1.26.0 package. The package contains semantic conventions from the v1.26.0 version of the OpenTelemetry Semantic Conventions. (#5476)
  • The AssertRecordEqual method to go.opentelemetry.io/otel/log/logtest to allow comparison of two log records in tests. (#5499)
  • The WithHeaders option to go.opentelemetry.io/otel/exporters/zipkin to allow configuring custom http headers while exporting spans. (#5530)

Changed

  • Tracer.Start in go.opentelemetry.io/otel/trace/noop no longer allocates a span for empty span context. (#5457)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/example/otel-collector. (#5490)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/example/zipkin. (#5490)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/exporters/zipkin. (#5490)
    • The exporter no longer exports the deprecated "otel.library.name" or "otel.library.version" attributes.
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/sdk/resource. (#5490)
  • Upgrade go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0 in go.opentelemetry.io/otel/sdk/trace. (#5490)
  • SimpleProcessor.OnEmit in go.opentelemetry.io/otel/sdk/log no longer allocates a slice which makes it possible to have a zero-allocation log processing using SimpleProcessor. (#5493)
  • Use non-generic functions in the Start method of "go.opentelemetry.io/otel/sdk/trace".Trace to reduce memory allocation. (#5497)
  • service.instance.id is populated for a Resource created with "go.opentelemetry.io/otel/sdk/resource".Default with a default value when OTEL_GO_X_RESOURCE is set. (#5520)
  • Improve performance of metric instruments in go.opentelemetry.io/otel/sdk/metric by removing unnecessary calls to time.Now. (#5545)

Fixed

  • Log a warning to the OpenTelemetry internal logger when a...

    Description has been truncated

Bumps the go-modules group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) | `0.12.4` | `0.12.5` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.5` | `0.3.1` |
| [github.com/docker/cli](https://github.com/docker/cli) | `27.0.2+incompatible` | `27.1.1+incompatible` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.19.2` | `0.20.1` |
| [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.15` | `0.0.16` |
| [github.com/moby/sys/sequential](https://github.com/moby/sys) | `0.5.0` | `0.6.0` |
| [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.2.2` | `1.3.0` |
| [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) | `2.17.0` | `2.18.0` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.52.0` | `0.53.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.24.0` | `0.25.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.18.0` | `0.19.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.26.0` | `0.27.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.64.1` | `1.65.0` |



Updates `github.com/Microsoft/hcsshim` from 0.12.4 to 0.12.5
- [Release notes](https://github.com/Microsoft/hcsshim/releases)
- [Commits](microsoft/hcsshim@v0.12.4...v0.12.5)

Updates `github.com/cyphar/filepath-securejoin` from 0.2.5 to 0.3.1
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.2.5...v0.3.1)

Updates `github.com/docker/cli` from 27.0.2+incompatible to 27.1.1+incompatible
- [Commits](docker/cli@v27.0.2...v27.1.1)

Updates `github.com/google/go-containerregistry` from 0.19.2 to 0.20.1
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.19.2...v0.20.1)

Updates `github.com/mattn/go-runewidth` from 0.0.15 to 0.0.16
- [Commits](mattn/go-runewidth@v0.0.15...v0.0.16)

Updates `github.com/moby/sys/sequential` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](moby/sys@signal/v0.5.0...signal/v0.6.0)

Updates `github.com/skeema/knownhosts` from 1.2.2 to 1.3.0
- [Commits](skeema/knownhosts@v1.2.2...v1.3.0)

Updates `github.com/sylabs/sif/v2` from 2.17.0 to 2.18.0
- [Release notes](https://github.com/sylabs/sif/releases)
- [Changelog](https://github.com/sylabs/sif/blob/main/.goreleaser.yml)
- [Commits](sylabs/sif@v2.17.0...v2.18.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.52.0 to 0.53.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.52.0...zpages/v0.53.0)

Updates `go.opentelemetry.io/otel` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.27.0...v1.28.0)

Updates `go.opentelemetry.io/otel/metric` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.27.0...v1.28.0)

Updates `go.opentelemetry.io/otel/trace` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.27.0...v1.28.0)

Updates `golang.org/x/crypto` from 0.24.0 to 0.25.0
- [Commits](golang/crypto@v0.24.0...v0.25.0)

Updates `golang.org/x/mod` from 0.18.0 to 0.19.0
- [Commits](golang/mod@v0.18.0...v0.19.0)

Updates `golang.org/x/net` from 0.26.0 to 0.27.0
- [Commits](golang/net@v0.26.0...v0.27.0)

Updates `golang.org/x/sys` from 0.21.0 to 0.22.0
- [Commits](golang/sys@v0.21.0...v0.22.0)

Updates `google.golang.org/grpc` from 1.64.1 to 1.65.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.64.1...v1.65.0)

---
updated-dependencies:
- dependency-name: github.com/Microsoft/hcsshim
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/docker/cli
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/google/go-containerregistry
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/mattn/go-runewidth
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/moby/sys/sequential
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/skeema/knownhosts
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/sylabs/sif/v2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: go.opentelemetry.io/otel
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/mod
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner July 23, 2024 23:20
@dependabot dependabot bot added the failure:update-dependencies An issue filed automatically when updating buildpack.toml dependencies fails in a workflow label Jul 23, 2024
@paketo-bot paketo-bot added the semver:patch A change requiring a patch version bump label Jul 23, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 25, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jul 25, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/go-modules-7231fc8d02 branch July 25, 2024 23:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
failure:update-dependencies An issue filed automatically when updating buildpack.toml dependencies fails in a workflow semver:patch A change requiring a patch version bump
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant