Skip to content

Bump the all-deps group with 7 updates#1693

Merged
roger2hk merged 1 commit intomasterfrom
dependabot/go_modules/all-deps-eb3f923eff
May 19, 2025
Merged

Bump the all-deps group with 7 updates#1693
roger2hk merged 1 commit intomasterfrom
dependabot/go_modules/all-deps-eb3f923eff

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github May 1, 2025
edited
Loading

Bumps the all-deps group with 7 updates:

Package From To
github.com/go-sql-driver/mysql 1.9.1 1.9.2
github.com/google/trillian 1.7.1 1.7.2
github.com/mattn/go-sqlite3 1.14.26 1.14.28
github.com/prometheus/client_golang 1.21.1 1.22.0
golang.org/x/crypto 0.36.0 0.37.0
golang.org/x/net 0.38.0 0.39.0
google.golang.org/grpc 1.71.1 1.72.0

Updates github.com/go-sql-driver/mysql from 1.9.1 to 1.9.2

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.9.2

What's Changed

v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.

Full Changelog: go-sql-driver/mysql@v1.9.1...v1.9.2

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.9.2 (2025-04-07)

v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.

Commits

Updates github.com/google/trillian from 1.7.1 to 1.7.2

Release notes

Sourced from github.com/google/trillian's releases.

v1.7.2

What's Changed

  • Recommended go version for development: 1.23
    • This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.

Storage

Election system

Misc

Dependency update

... (truncated)

Changelog

Sourced from github.com/google/trillian's changelog.

v1.7.2

  • Recommended go version for development: 1.23
    • This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.

Storage

Election system

Misc

Dependency update

... (truncated)

Commits
  • e7aca3c Update changelog for v1.7.2 release (#3779)
  • aa93ae3 Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group (#3776)
  • 0ff3874 PostgreSQL is now in beta mode (#3772)
  • e6be87d Add an optimized QueueLeaves implementation for single-leaf batches in the Po...
  • 0678d5c Fix spelling on claimant model landing page (#3777)
  • 9ea8040 Bump github/codeql-action in the github-actions-deps group (#3773)
  • c261354 Bump the docker-deps group across 6 directories with 5 updates (#3774)
  • 84855a0 Improve PostgreSQL functions (#3770)
  • 69f0435 Trust dependabot prs (#3771)
  • fbb59af Bump @​google-cloud/functions-framework in /scripts/gcb2slack (#3764)
  • Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.26 to 1.14.28

Commits

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765
Commits
  • d50be25 Cut 1.22.0 (#1793)
  • 1043db7 Cut 1.22.0-rc.0 (#1768)
  • e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
  • f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
  • 9df772c build(deps): bump peter-evans/create-pull-request
  • a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
  • 60fd2b0 Remove go.work file for now
  • 8f9d0de exp: Add dependabot config
  • c5cf981 Merge pull request #1762 from prometheus/release-1.21
  • e84c305 exp: Reset snappy buf (#1756)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.36.0 to 0.37.0

Commits
  • 959f8f3 go.mod: update golang.org/x dependencies
  • 769bcd6 ssh: use the configured rand in kex init
  • d0a798f cryptobyte: fix typo 'octects' into 'octets' for asn1.go
  • acbcbef acme: remove unnecessary []byte conversion
  • 376eb14 x509roots: support constrained roots
  • b369b72 crypto/internal/poly1305: implement function update in assembly on loong64
  • 6b853fb ssh/knownhosts: check more than one key
  • See full diff in compare view

Updates golang.org/x/net from 0.38.0 to 0.39.0

Commits

Updates google.golang.org/grpc from 1.71.1 to 1.72.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.72.0

Dependencies

  • Minimum supported Go version is now 1.23 (#8108)

API Changes

  • resolver: add experimental AddressMapV2 with generics to ultimately replace AddressMap. Deprecate AddressMap for deletion (#8187)
  • resolver: convert EndpointMap in place to use generics (#8189)

New Features

  • xds: add grpc.xds_client.server_failure counter metric on xDS client to record connectivity errors (#8203)
  • balancer/rls: allow maxAge to exceed 5 minutes if staleAge is set in the LB policy configuration (#8137)
  • ringhash: implement gRFC A76 improvements. (#8159)
  • pickfirst: The new pick first LB policy is made the default. The new LB policy implements the Happy Eyeballs algorithm. To disable the new policy set the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to false (case insensitive).

Bug Fixes

  • xds: fix support for circuit breakers and load reporting in LOGICAL_DNS clusters (#8169, #8170)
  • xds/cds: improve RPC error messages when resources are not found (#8122)
  • balancer/priority: fix race that could leak balancers and goroutines during shutdown (#8095)
  • stats/opentelemetry: fix trace attributes message sequence numbers to start from 0 (#8237)
  • balancer/pickfirstleaf: fix panic if deprecated Address.Metadata field is set to a non-comparable value by ignoring the field (#8227)

Behavior Changes

  • transport: make servers send an HTTP/2 RST_STREAM frame to cancel a stream when the deadline expires (#8071)

Documentation

  • stats: clarify the expected sequence of events on a stats handler (#7885)
Commits
  • a43eba6 Change version to 1.72.0 (#8218)
  • 48f48c1 balancer/pickfirstleaf: Avoid reading Address.Metadata (#8227) (#8259)
  • fd6f585 Cherry-pick #8159 and #8243 to v1.72.x (#8255)
  • 79ca174 stats/opentelemetry: fix trace attributes message sequence numbers to start f...
  • 57a2605 xdsclient: fix TestServerFailureMetrics_BeforeResponseRecv test to wait for w...
  • 5edab9e xdsclient: add grpc.xds_client.server_failure counter mertric (#8203)
  • 78ba661 regenerate protos (#8208)
  • 6819ed7 delegatingresolver: Stop calls into delegates once the parent resolver is clo...
  • a51009d resolver: convert EndpointMap to use generics (#8189)
  • b0d1203 resolver: create AddressMapV2 with generics to replace AddressMap (#8187)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 1, 2025
@dependabot dependabot bot requested a review from a team as a code owner May 1, 2025 18:35
@dependabot dependabot bot requested review from phbnf and removed request for a team May 1, 2025 18:35
@phbnf phbnf force-pushed the dependabot/go_modules/all-deps-eb3f923eff branch 2 times, most recently from ff63a6c to 3202624 Compare May 14, 2025 19:28
@phbnf phbnf mentioned this pull request May 15, 2025
Closed
2 tasks
@mhutchinson mhutchinson mentioned this pull request May 15, 2025
Merged
mhutchinson added a commit to mhutchinson/certificate-transparency-go that referenced this pull request May 15, 2025
@mhutchinson
[Migrillian] Remove unused etcd support
d1b17e8 
The factories used in Trillian are no longer exported, and were never intended to be a public API for dependants. Removing support unless we get a clear signal this is needed.

This unblocks google#1693.
mhutchinson added a commit that referenced this pull request May 15, 2025
@mhutchinson
[Migrillian] Remove unused etcd support (#1699)
b03cea1 
The factories used in Trillian are no longer exported, and were never intended to be a public API for dependants. Removing support unless we get a clear signal this is needed.

This unblocks #1693.
@mhutchinson
Copy link
Copy Markdown
Contributor

mhutchinson commented May 15, 2025

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github May 15, 2025

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@mhutchinson
Copy link
Copy Markdown
Contributor

mhutchinson commented May 15, 2025

@phbnf you'll have to poke this along now that dependabot has disowned maintenance of it.

@dependabot @phbnf
Bump the all-deps group with 7 updates
e16f668 
Bumps the all-deps group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) | `1.9.1` | `1.9.2` |
| [github.com/google/trillian](https://github.com/google/trillian) | `1.7.1` | `1.7.2` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.26` | `1.14.28` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.21.1` | `1.22.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.36.0` | `0.37.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.38.0` | `0.39.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.71.1` | `1.72.0` |


Updates `github.com/go-sql-driver/mysql` from 1.9.1 to 1.9.2
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md)
- [Commits](go-sql-driver/mysql@v1.9.1...v1.9.2)

Updates `github.com/google/trillian` from 1.7.1 to 1.7.2
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](google/trillian@v1.7.1...v1.7.2)

Updates `github.com/mattn/go-sqlite3` from 1.14.26 to 1.14.28
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.26...v1.14.28)

Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.21.1...v1.22.0)

Updates `golang.org/x/crypto` from 0.36.0 to 0.37.0
- [Commits](golang/crypto@v0.36.0...v0.37.0)

Updates `golang.org/x/net` from 0.38.0 to 0.39.0
- [Commits](golang/net@v0.38.0...v0.39.0)

Updates `google.golang.org/grpc` from 1.71.1 to 1.72.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.71.1...v1.72.0)

---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
  dependency-version: 1.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: github.com/google/trillian
  dependency-version: 1.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: golang.org/x/crypto
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: golang.org/x/net
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: google.golang.org/grpc
  dependency-version: 1.72.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@phbnf phbnf force-pushed the dependabot/go_modules/all-deps-eb3f923eff branch from 3202624 to e16f668 Compare May 15, 2025 13:33
@roger2hk
Copy link
Copy Markdown
Contributor

roger2hk commented May 19, 2025

/gcbrun

@roger2hk roger2hk merged commit 96d6d6e into master May 19, 2025
8 checks passed
@roger2hk roger2hk deleted the dependabot/go_modules/all-deps-eb3f923eff branch May 19, 2025 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roger2hk roger2hk roger2hk approved these changes

@phbnf phbnf Awaiting requested review from phbnf phbnf is a code owner automatically assigned from google/certificate-transparency

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mhutchinson @roger2hk