build(deps): bump the go_modules group with 4 updates by dependabot[bot] · Pull Request #21 · kanwalpreetd/go

dependabot · 2024-08-09T19:09:16Z

Bumps the go_modules group with 4 updates: github.com/gorilla/schema, github.com/rs/cors, github.com/docker/docker and google.golang.org/grpc.

Updates github.com/gorilla/schema from 1.2.0 to 1.4.1

Release notes

Sourced from github.com/gorilla/schema's releases.

v1.4.1

Security Release

Fixes an issue where sparse slice deserialization can cause memory exhaustion CVE-2024-37298

Thanks to @AlexVasiluta for the report and following responsible disclosure.

Full Changelog: gorilla/schema@v1.4.0...v1.4.1

v1.4.0

What's Changed

feat: if a different type in slice, raise error by @lll-lll-lll-lll in gorilla/schema#212

fixed panic: reflect: indirection through nil pointer to embedded struct by @morus12 in gorilla/schema#211

New Contributors

@lll-lll-lll-lll made their first contribution in gorilla/schema#212

Full Changelog: gorilla/schema@v1.3.0...v1.3.1

v1.3.0

What's Changed

Remove log.Fatal() usage in encoder.go by @h2570su in gorilla/schema#207

Add default tag by @zak905 in gorilla/schema#183

update readme: add informations about the default tag option usage by @zak905 in gorilla/schema#209

New Contributors

@h2570su made their first contribution in gorilla/schema#207

@zak905 made their first contribution in gorilla/schema#183

Full Changelog: gorilla/schema@v1.2.1...v1.3.0

Release v1.2.1

What's Changed

build: use build matrix; drop Go <= 1.10 by @elithrar in gorilla/schema#147

doc: Update README CI badge by @elithrar in gorilla/schema#148

docs: remove travis badge by @elithrar in gorilla/schema#149

build: fix config.yml by @elithrar in gorilla/schema#150

[bug] Registered encoder doesn't work for struct pointer types by @tkhametov in gorilla/schema#174

Update README.md by @coreydaley in gorilla/schema#197

[GPT-98] Update go version & add verification/testing tools by @apoorvajagtap in gorilla/schema#200

fix misspell by @YuyaAbo in gorilla/schema#192

Update issues.yml by @coreydaley in gorilla/schema#201

update GitHub workflows by @coreydaley in gorilla/schema#205

New Contributors

@tkhametov made their first contribution in gorilla/schema#174

@coreydaley made their first contribution in gorilla/schema#197

@apoorvajagtap made their first contribution in gorilla/schema#200

@YuyaAbo made their first contribution in gorilla/schema#192

Full Changelog: gorilla/schema@v1.2.0...v1.2.1

Commits

cd59f2f Merge pull request from GHSA-3669-72x9-r9p3
180f71e fix: indirection through nil pointer to embedded struct (#211)
a377fd6 fix: fix assertion test
be699f4 fix delete pointer slice test
50924ff fix:test: fix comment
c44c90d fix:test: add assertion
7d1c58e fix: decode error message
4548527 fix: test data
993e5b1 fix: add test
7487651 fix: if default element type of value are setted in slice , raise error
Additional commits viewable in compare view

Updates github.com/rs/cors from 1.10.1 to 1.11.0

Commits

4c32059 Normalize allowed request headers and store them in a sorted set (fixes #170)...
8d33ca4 Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...
af821ae Merge branch 'jub0bs-master'
0bcf73f Update benchmark
eacc8e8 Fix skewed middleware benchmarks (#165)
9297f15 Respect the documented precedence of options (#163)
73f81b4 Fix readme benchmark rendering (#161)
See full diff in compare view

Updates github.com/docker/docker from 27.0.3+incompatible to 27.1.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.1.1

27.1.1

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control. No other changes are included in this release, and this release is otherwise identical for users not using AuthZ plugins.

Packaging updates

Update Compose to v2.29.1. moby/docker-ce-packaging#1041

Full Changelog: moby/moby@v27.1.0...v27.1.1

v27.1.0

27.1.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 27.1.0 milestone

moby/moby, 27.1.0 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Bug fixes and enhancements

rootless: add Requires=dbus.socket to prevent errors when starting the daemon on a cgroup v2 host with systemd moby/moby#48141

containerd integration: image tag event is now properly emitted when building images with BuildKit moby/moby#48182

CLI: enable shell completion for docker image rm, docker image history, and docker image inspect moby/moby#5261

CLI: add and improve shell completions for various flags moby/moby#5261

CLI: add OOMScoreAdj to docker service create and docker stack docker/cli#5274

CLI: add support for DOCKER_CUSTOM_HEADERS environment variable (experimental) docker/cli#5271

CLI: containerd-integration: Fix docker push defaulting the --platform flag to a value of DOCKER_DEFAULT_PLATFORM environment variable on unsupported API versions docker/cli#5248

CLI: fix: context cancellation on login prompt docker/cli#5260

CLI: fix: wait for the container to exit before closing the stream when sending a termination request to the CLI while attached to a container docker/cli#5250

Deprecated

The pkg/rootless/specconv package is deprecated, and will be removed in the next release moby/moby#48185

The pkg/containerfs package is deprecated, and will be removed in the next release moby/moby#48185

The pkg/directory package is deprecated, and will be removed in the next release moby/moby#48185

api/types/system: remove deprecated Info.ExecutionDriver moby/moby#48184

Packaging updates

Update Buildx to v0.16.1. moby/docker-ce-packaging#1039

Update Compose to v2.29.0. moby/docker-ce-packaging#1038

Update Containerd (static binaries only) to v1.7.20. moby/moby#48191

... (truncated)

Commits

cc13f95 Merge commit from fork
a21b1a2 Merge pull request #48196 from thaJeztah/27.1_backport_vendor_containerd_1.7.20
1bc907c vendor: github.com/containerd/containerd v1.7.20
4bb4575 Merge pull request #48191 from thaJeztah/27.1_backport_update_containerd_bina...
df7f275 Merge pull request #48195 from thaJeztah/27.1_backport_fix_pr_title_check
1c0885d gha: check-pr-branch: fix branch check regression
fb3ec9f Merge pull request #48187 from thaJeztah/27.1_backport_bump_buildx_compose
ed83a9e update containerd binary to v1.7.20
71b59bf Merge pull request #48178 from thaJeztah/27.1_backport_relax_pr_check
f8f926b Merge pull request #48185 from thaJeztah/27.1_backport_internalize_pkg_directory
Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.64.0 to 1.64.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.64.1

Dependencies

Update x/net/http2 to address CVE-2023-45288 (#7352)

metadata: remove String method from MD to make printing consistent (#7374)

Commits

4d833de Change version to 1.64.1 (#7381)
e9193a4 *: update deps (#7375)
ab29241 metadata: remove String method (#7374)
355b9a5 Change version to 1.64.1-dev (#7219)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 4 updates: [github.com/gorilla/schema](https://github.com/gorilla/schema), [github.com/rs/cors](https://github.com/rs/cors), [github.com/docker/docker](https://github.com/docker/docker) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `github.com/gorilla/schema` from 1.2.0 to 1.4.1 - [Release notes](https://github.com/gorilla/schema/releases) - [Commits](gorilla/schema@v1.2.0...v1.4.1) Updates `github.com/rs/cors` from 1.10.1 to 1.11.0 - [Commits](rs/cors@v1.10.1...v1.11.0) Updates `github.com/docker/docker` from 27.0.3+incompatible to 27.1.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v27.0.3...v27.1.1) Updates `google.golang.org/grpc` from 1.64.0 to 1.64.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.0...v1.64.1) --- updated-dependencies: - dependency-name: github.com/gorilla/schema dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/rs/cors dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/docker/docker dependency-type: direct:production dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the go_modules group with 4 updates#21

build(deps): bump the go_modules group with 4 updates#21
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/go_modules-5441c2458c

dependabot bot commented on behalf of github Aug 9, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Aug 9, 2024

v1.4.1

Security Release

v1.4.0

What's Changed

New Contributors

v1.3.0

What's Changed

New Contributors

Release v1.2.1

What's Changed

New Contributors

v27.1.1

27.1.1

Security

Packaging updates

v27.1.0

27.1.0

Bug fixes and enhancements

Deprecated

Packaging updates

Release 1.64.1

Dependencies

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants