Bump the go_modules group across 37 directories with 6 updates

[dependabot]

Bumps the go_modules group with 5 updates in the / directory:

Package	From	To
github.com/docker/docker	20.10.18+incompatible	25.0.6+incompatible
github.com/golang-jwt/jwt/v4	4.2.0	4.5.1
github.com/hashicorp/go-retryablehttp	0.7.1	0.7.7
github.com/mostynb/go-grpc-compression	1.1.17	1.2.3
github.com/opencontainers/runc	1.1.3	1.1.14

Bumps the go_modules group with 1 update in the /exporter/coralogixexporter directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /exporter/datadogexporter directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /exporter/f5cloudexporter directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /exporter/googlecloudexporter directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /exporter/googlecloudpubsubexporter directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /exporter/googlemanagedprometheusexporter directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /exporter/jaegerexporter directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /exporter/loadbalancingexporter directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /exporter/opencensusexporter directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /exporter/skywalkingexporter directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /extension/jaegerremotesampling directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /extension/oauth2clientauthextension directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /extension/oidcauthextension directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /internal/containertest directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /internal/docker directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /internal/metadataproviders directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /internal/tools directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /processor/resourcedetectionprocessor directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /processor/routingprocessor directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /processor/servicegraphprocessor directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /receiver/aerospikereceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/apachereceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/awscontainerinsightreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/dockerstatsreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/elasticsearchreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/flinkmetricsreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/googlecloudpubsubreceiver directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /receiver/googlecloudspannerreceiver directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /receiver/jaegerreceiver directory: github.com/mostynb/go-grpc-compression.
Bumps the go_modules group with 1 update in the /receiver/jmxreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/kafkametricsreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/memcachedreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/mongodbreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/mysqlreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/nginxreceiver directory: github.com/docker/docker.
Bumps the go_modules group with 1 update in the /receiver/opencensusreceiver directory: github.com/mostynb/go-grpc-compression.

Updates github.com/docker/docker from 20.10.18+incompatible to 25.0.6+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.6

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.6 milestone
• moby/moby, 25.0.6 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements

• [25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695
• [25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759
• [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
• [25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869
• [25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890
• [25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987

Packaging updates

• Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. moby/moby#47724
• Update Go runtime to 1.21.12, which contains security fixes for CVE-2024-24791 moby/moby#48146
• Update Containerd (static binaries only) to v1.7.20. moby/moby#48199

Full Changelog: moby/moby@v25.0.5...v25.0.6

v25.0.5

25.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.5 milestone
• moby/moby, 25.0.5 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

Bug fixes and enhancements

• CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589

• plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588

• rootless: fix open /etc/docker/plugins: permission denied. moby/moby#47587

• Fix multiple parallel docker build runs leaking disk space. moby/moby#47527

... (truncated)

Commits

• b08a51f Merge pull request #48231 from austinvazquez/backport-vendor-otel-v0.46.1-to-...
• d151b0f vendor: OTEL v0.46.1 / v1.21.0
• c6ba9a5 Merge pull request #48225 from austinvazquez/backport-workflow-artifact-reten...
• 4673a3c Merge pull request #48227 from austinvazquez/backport-backport-branch-check-t...
• 30f8908 github/ci: Check if backport is opened against the expected branch
• 7454d6a ci: update workflow artifacts retention
• 65cc597 Merge commit from fork
• b722836 Merge pull request #48199 from austinvazquez/update-containerd-binary-to-1.7.20
• e8ecb9c update containerd binary to v1.7.20
• e6cae1f update containerd binary to v1.7.19
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.2.0 to 4.5.1

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

• Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

v4.5.0

What's Changed

• Allow strict base64 decoding by @​AlexanderYastrebov in golang-jwt/jwt#259

Full Changelog: golang-jwt/jwt@v4.4.3...v4.5.0

v4.4.3

What's Changed

• fix: link update for README.md for v4 by @​krokite in golang-jwt/jwt#217
• Implement a BearerExtractor by @​WhyNotHugo in golang-jwt/jwt#226
• Bump matrix to support latest go version (go1.19) by @​mfridman in golang-jwt/jwt#231
• Include https://github.com/golang-jwt/jwe in README by @​oxisto in golang-jwt/jwt#229
• Add doc comment to ParseWithClaims by @​jkopczyn in golang-jwt/jwt#232
• Refactor: removed the unneeded if statement by @​Krout0n in golang-jwt/jwt#241
• No pointer embedding in the example by @​oxisto in golang-jwt/jwt#255

New Contributors

• @​krokite made their first contribution in golang-jwt/jwt#217
• @​WhyNotHugo made their first contribution in golang-jwt/jwt#226
• @​jkopczyn made their first contribution in golang-jwt/jwt#232
• @​Krout0n made their first contribution in golang-jwt/jwt#241

Full Changelog: golang-jwt/jwt@v4.4.2...v4.4.3

v4.4.2

What's Changed

• Added MicahParks/keyfunc to extensions by @​oxisto in golang-jwt/jwt#194
• Update link to v4 on pkg.go.dev page by @​polRk in golang-jwt/jwt#195
• add installation guidelines to the README file by @​morelmiles in golang-jwt/jwt#204
• chore: replace ioutil with io and os by @​estensen in golang-jwt/jwt#198
• CI check for Go code formatting by @​mfridman in golang-jwt/jwt#206
• Create SECURITY.md by @​mfridman in golang-jwt/jwt#171
• Update SECURITY.md by @​oxisto in golang-jwt/jwt#207

... (truncated)

Commits

• 7b1c1c0 Merge commit from fork
• 9358574 Allow strict base64 decoding (#259)
• 2f0984a Using tparse for nicer CI test display (#251)
• 2101c1f No pointer embedding in the example (#255)
• 35053d4 Removed unneeded if statement (#241)
• 0c4e387 Add doc comment to ParseWithClaims (#232)
• bfea432 Include https://github.com/golang-jwt/jwe in README (#229)
• d81acbf Bump matrix to support latest go version (go1.19) (#231)
• fdaf0eb Implement a BearerExtractor (#226)
• f2878bb fix: link update for README.md for v4 (#217)
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.7

Changelog

Sourced from github.com/hashicorp/go-retryablehttp's changelog.

0.7.7 (May 30, 2024)

BUG FIXES:

• client: avoid potentially leaking URL-embedded basic authentication credentials in logs (#158)

0.7.6 (May 9, 2024)

ENHANCEMENTS:

• client: support a RetryPrepare function for modifying the request before retrying (#216)
• client: support HTTP-date values for Retry-After header value (#138)
• client: avoid reading entire body when the body is a *bytes.Reader (#197)

BUG FIXES:

• client: fix a broken check for invalid server certificate in go 1.20+ (#210)

0.7.5 (Nov 8, 2023)

BUG FIXES:

• client: fixes an issue where the request body is not preserved on temporary redirects or re-established HTTP/2 connections (#207)

0.7.4 (Jun 6, 2023)

BUG FIXES:

• client: fixing an issue where the Content-Type header wouldn't be sent with an empty payload when using HTTP/2 (#194)

0.7.3 (May 15, 2023)

Initial release

Commits

• 1542b31 v0.7.7
• defb9f4 v0.7.7
• a99f07b Merge pull request #158 from dany74q/danny/redacted-url-in-logs
• 8a28c57 Merge branch 'main' into danny/redacted-url-in-logs
• 86e852d Merge pull request #227 from hashicorp/dependabot/github_actions/actions/chec...
• 47fe99e Bump actions/checkout from 4.1.5 to 4.1.6
• 490fc06 Merge pull request #226 from testwill/ioutil
• f3e9417 chore: remove refs to deprecated io/ioutil
• d969eaa Merge pull request #225 from hashicorp/manicminer-patch-2
• 2ad8ed4 v0.7.6
• Additional commits viewable in compare view

Updates github.com/mostynb/go-grpc-compression from 1.1.17 to 1.2.3

Release notes

Sourced from github.com/mostynb/go-grpc-compression's releases.

v1.2.3

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/ GHSA-c74f-6mfw-mm4v

v1.2.2

Update go modules, for some security fixes.

v1.2.1

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

• Zstd: use a more appropriate window size for RPC.

v1.1.18

• Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
• Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
• Require go >= 1.17

Commits

• 52f5bb7 Update go modules
• 629c44d Do not use zstd.Decoder.DecodeAll on untrusted data
• af2cdd2 Update go modules
• 5efc9be Fix lz4 import
• 59e0975 Update the new deptest to use the new nonclobbering imports
• 7b42e42 Add tests for non-clobbering codec registration
• 673fd2f Add nonclobbering packages that only register if no other compressor has been...
• 9905190 Update dependencies
• 1ca9138 Remove unnecessary options
• 2543958 Set friendlier zstd options
• Additional commits viewable in compare view

Updates github.com/opencontainers/runc from 1.1.3 to 1.1.14

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc v1.1.14 -- "年を取っていいことは、驚かなくなることね。"

This is the fourteenth patch release in the 1.1.z release branch of runc. It includes a fix for a low severity security issue (CVE-2024-45310) as well as some minor build-related fixes (including Go 1.23 support).

• Fix CVE-2024-45310, a low-severity attack that allowed maliciously configured containers to create empty files and directories on the host.
• Add support for Go 1.23. (#4360, #4372)
• Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION. (#4370, #4382)
• rootfs: consolidate mountpoint creation logic. (#4359)

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

• libseccomp

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

• Akihiro Suda [email protected]
• Aleksa Sarai [email protected]
• Kir Kolyshkin [email protected]
• Rodrigo Campos [email protected]
• Sebastiaan van Stijn [email protected]
• lifubang [email protected]

Signed-off-by: Aleksa Sarai [email protected]

runc 1.1.12 -- "Now you're thinking with Portals™!"

This is the twelfth patch release in the 1.1.z release branch of runc.

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.14] - 2024-09-03

年を取っていいことは、驚かなくなることね。

Security

• Fix CVE-2024-45310, a low-severity attack that allowed maliciously configured containers to create empty files and directories on the host.

Added

• Add support for Go 1.23. (#4360, #4372)

Fixed

• Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION. (#4370, #4382)
• rootfs: consolidate mountpoint creation logic. (#4359)

[1.1.13] - 2024-06-13

There is no certainty in the world. This is the only certainty I have.

Important Notes

• If building with Go 1.22.x, make sure to use 1.22.4 or a later version. (see #4233 for more details)

Fixed

• Support go 1.22.4+. (#4313)
• runc list: fix race with runc delete. (#4231)
• Fix set nofile rlimit error. (#4277, #4299)
• libct/cg/fs: fix setting rt_period vs rt_runtime. (#4284)
• Fix a debug msg for user ns in nsexec. (#4315)
• script/*: fix gpg usage wrt keyboxd. (#4316)
• CI fixes and misc backports. (#4241)
• Fix codespell warnings. (#4300)

Changed

• Silence security false positives from golang/net. (#4244)
• libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4257)
• allow overriding VERSION value in Makefile. (#4270)
• Vagrantfile.fedora: bump Fedora to 39. (#4261)
• ci/cirrus: rm centos stream 8. (#4305, #4308)

... (truncated)

Commits

• 2c9f560 VERSION: release 1.1.14
• a86c3d8 Merge commit from fork
• f0b652e [1.1] rootfs: try to scope MkdirAll to stay inside the rootfs
• 8781993 [1.1] rootfs: consolidate mountpoint creation logic
• 6419fba Merge pull request #4382 from rata/Makefile-override-fixes
• 0514204 Makefile: Add EXTRA_VERSION
• 18cdc34 Revert "allow overriding VERSION value in Makefile"
• f3f71a9 Merge pull request #4372 from kolyshkin/1.1-go123
• 7f75aec [1.1] Add Go 1.23, drop 1.21
• 931f463 Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.24.0

Commits

• See full diff in compare view

Updates github.com/mostynb/go-grpc-compression from 1.1.17 to 1.2.3

Release notes

Sourced from github.com/mostynb/go-grpc-compression's releases.

v1.2.3

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/ GHSA-c74f-6mfw-mm4v

v1.2.2

Update go modules, for some security fixes.

v1.2.1

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

• Zstd: use a more appropriate window size for RPC.

v1.1.18

• Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
• Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
• Require go >= 1.17

Commits

• 52f5bb7 Update go modules
• 629c44d Do not use zstd.Decoder.DecodeAll on untrusted data
• af2cdd2 Update go modules
• 5efc9be Fix lz4 import
• 59e0975 Update the new deptest to use the new nonclobbering imports
• 7b42e42 Add tests for non-clobbering codec registration
• 673fd2f Add nonclobbering packages that only register if no other compressor has been...
• 9905190 Update dependencies
• 1ca9138 Remove unnecessary options
• 2543958 Set friendlier zstd options
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220624214902-1bab6f366d9e to 0.22.0

Commits

• See full diff in compare view

Updates github.com/docker/docker from 20.10.18+incompatible to 25.0.6+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.6

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.6 milestone
• moby/moby, 25.0.6 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements

• [25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695
• [25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759
• [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
• [25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869
• [25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890
• [25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987

Packaging updates

• Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. moby/moby#47724
• Update Go runtime to 1.21.12, which contains security fixes for CVE-2024-24791 moby/moby#48146
• Update Containerd (static binaries only) to v1.7.20. moby/moby#48199

Full Changelog: moby/moby@v25.0.5...v25.0.6

v25.0.5

25.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.5 milestone
• moby/moby, 25.0.5 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

Bug fixes and enhancements

• CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589

• plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588

• rootless: fix open /etc/docker/plugins: permission denied. moby/moby#47587

• Fix multiple parallel docker build runs leaking disk space. moby/moby#47527

... (truncated)

Commits

• b08a51f Merge pull request #48231 from austinvazquez/backport-vendor-otel-v0.46.1-to-...
• d151b0f vendor: OTEL v0.46.1 / v1.21.0
• c6ba9a5 Merge pull request #48225 from austinvazquez/backport-workflow-artifact-reten...
• 4673a3c Merge pull request #48227 from austinvazquez/backport-backport-branch-check-t...
• 30f8908 github/ci: Check if backport is opened against the expected branch
• 7454d6a ci: update workflow artifacts retention
• 65cc597 Merge commit from fork
• b722836 Merge pull request #48199 from austinvazquez/update-containerd-binary-to-1.7.20
• e8ecb9c update containerd binary to v1.7.20
• e6cae1f update containerd binary to v1.7.19
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.30.0

Commits

• See full diff in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.23.0

Commits

• See full diff in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.23.0

Commits

• See full diff in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.23.0

Commits

• See full diff in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.23.0

Commits

• See full diff in compare view

Updates github.com/mostynb/go-grpc-compression from 1.1.17 to 1.2.3

Release notes

Sourced from github.com/mostynb/go-grpc-compression's releases.

v1.2.3

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/ GHSA-c74f-6mfw-mm4v

v1.2.2

Update go modules, for some security fixes.

v1.2.1

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

• Zstd: use a more appropriate window size for RPC.

v1.1.18

• Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
• Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
• Require go >= 1.17

Commits

• 52f5bb7 Update go modules
• 629c44d Do not use zstd.Decoder.DecodeAll on untrusted data
• af2cdd2 Update go modules
• 5efc9be Fix lz4 import
• 59e0975 Update the new deptest to use the new nonclobbering imports
• 7b42e42 Add tests for non-clobbering codec registration
• 673fd2f Add nonclobbering packages that only register if no other compressor has been...
• 9905190 Update dependencies
• 1ca9138 Remove unnecessary options
• 2543958 Set friendlier zstd options
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220624214902-1bab6f366d9e to 0.22.0

Commits

• See full diff in compare view

Updates github.com/mostynb/go-grpc-compression from 1.1.17 to 1.2.3

Release notes

Sourced from github.com/mostynb/go-grpc-compression's releases.

v1.2.3

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/ GHSA-c74f-6mfw-mm4v

v1.2.2

Update go modules, for some security fixes.

v1.2.1

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

• Zstd: use a more appropriate window size for RPC.

v1.1.18

• Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
• Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
• Require go >= 1.17

Commits

• 52f5bb7 Update go modules
• 629c44d Do not use zstd.Decoder.DecodeAll on untrusted data
• af2cdd2 Update go modules
• 5efc9be Fix lz4 import
• 59e0975 Update the new deptest to use the new nonclobbering imports
• 7b42e42 Add tests for non-clobbering codec registration
• 673fd2f Add nonclobbering packages that only register if no other compressor has been...
• 9905190 Update dependencies
• 1ca9138 Remove unnecessary options
• 2543958 Set friendlier zstd options
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.22.0

Commits

• See full diff in compare view

Updates github.com/mostynb/go-grpc-compression from 1.1.17 to 1.2.3

Release notes

Sourced from github.com/mostynb/go-grpc-compression's releases.

v1.2.3

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/ GHSA-c74f-6mfw-mm4v

v1.2.2

Update go modules, for some security fixes.

v1.2.1

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

• Zstd: use a more appropriate window size for RPC.

v1.1.18

• Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
• Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
• Require go >= 1.17

Commits

• 52f5bb7 Update go modules
• 629c44d Do not use zstd.Decoder.DecodeAll on untrusted data
• af2cdd2 Update go modules
• 5efc9be Fix lz4 import
• 59e0975 Update the new deptest to use the new nonclobbering imports
• 7b42e42 Add tests for non-clobbering codec registration
• 673fd2f Add nonclobbering packages that only register if no other compressor has been...
• 9905190 Update dependencies
• 1ca9138 Remove unnecessary options
• 2543958 Set friendlier zstd options
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.22.0

Commits

• See full diff in compare view

Updates github.com/mostynb/go-grpc-compression from 1.1.17 to 1.2.3

Release notes

Sourced from github.com/mostynb/go-grpc-compression's releases.

v1.2.3

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/ GHSA-c74f-6mfw-mm4v

v1.2.2

Update go modules, for some security fixes.

v1.2.1

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

• Zstd: use a more appropriate window size for RPC.

v1.1.18

• Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
• Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
• Require go >= 1.17

CommitsDescription has been truncated

[github-actions]

This PR was marked stale due to lack of activity. It will be closed in 14 days.

[github-actions]

Closed as inactive. Feel free to reopen if this PR is still being worked on.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml