Skip to content

Bump the github-dependencies group across 1 directory with 7 updates #351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the github-dependencies group across 1 directory with 7 updates #351

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 17, 2025
edited
Loading

Bumps the github-dependencies group with 6 updates in the / directory:

Package From To
github.com/fxamacker/cbor/v2 2.7.0 2.8.0
github.com/prometheus/client_golang 1.21.1 1.22.0
github.com/prometheus/client_model 0.6.1 0.6.2
github.com/prometheus/common 0.62.0 0.63.0
github.com/prometheus/procfs 0.15.1 0.16.0
google.golang.org/grpc 1.71.0 1.71.1

Updates github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.8.0 adds omitzero struct tag option, fixes and deprecates 3 functions, and bumps requirements to go 1.20+.

Many thanks to @​liggitt for contributing the omitzero support!

The "omitzero" option omits zero values from encoding, matching stdlib encoding/json behavior. When specified in the cbor tag, the option is always honored. When specified in the json tag, the option is honored when building with Go 1.24+.

This release fixes 3 functions (when called directly by user apps) to use same error handling on bad input as cbor.Unmarshal():

  • RawTag.UnmarshalCBOR() (thanks @​thomas-fossati for reporting this!)
  • ByteString.UnmarshalCBOR()
  • SimpleValue.UnmarshalCBOR()

This release also deprecates those 3 functions because they were initially created for internal use. Please use Unmarshal() or UnmarshalFirst() instead.

To preserve backward compatibility, the deprecated functions were added to fuzz tests and will not be removed in v2.x.

What's Changed

Other Changes

... (truncated)

Commits
  • cbe7442 Update docs for cbor v2.8.0 (#649)
  • c9f772d Merge pull request #647 from fxamacker/fxamacker/optimize-unmarshalcbor-for-c...
  • 64fbdbc Optimize calls to UnmarshalCBOR() for RawTag, etc.
  • fe81c11 Merge pull request #645 from fxamacker/fxamacker/port-pr-636-to-master-branch
  • d81ecdd Check CBOR well-formedness in ByteString.UnmarshalCBOR
  • 4f3c6a5 Check CBOR well-formedness in SimpleValue.UnmarshalCBOR
  • 621c666 Check CBOR well-formedness in RawTag.UnmarshalCBOR
  • d34c8ec Merge pull request #644 from liggitt/omitzero
  • 69da12b Adjust OmitZero tests to zero behavior
  • 101dea7 Copy OmitEmpty tests to OmitZero tests
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765
Commits
  • d50be25 Cut 1.22.0 (#1793)
  • 1043db7 Cut 1.22.0-rc.0 (#1768)
  • e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
  • f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
  • 9df772c build(deps): bump peter-evans/create-pull-request
  • a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
  • 60fd2b0 Remove go.work file for now
  • 8f9d0de exp: Add dependabot config
  • c5cf981 Merge pull request #1762 from prometheus/release-1.21
  • e84c305 exp: Reset snappy buf (#1756)
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_model from 0.6.1 to 0.6.2

Release notes

Sourced from github.com/prometheus/client_model's releases.

v0.6.2

What's Changed

Full Changelog: prometheus/client_model@v0.6.1...v0.6.2

Commits
  • eb136e5 Merge pull request #119 from prometheus/superq/google.golang.org/protobuf
  • bf7f2ca Update golanci-lint to v2.
  • 7e9b56c Bump google.golang.org/protobuf from 1.36.5 to 1.36.6
  • ef699ce Merge pull request #116 from prometheus/repo_sync
  • bf8b12e Update common Prometheus files
  • 5b93968 Merge pull request #115 from prometheus/repo_sync
  • ae83ddc Update common Prometheus files
  • afe0b21 Merge pull request #114 from prometheus/repo_sync
  • 75e1daf Update common Prometheus files
  • 73608e2 Merge pull request #113 from prometheus/dependabot/go_modules/google.golang.o...
  • Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.62.0 to 0.63.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.63.0

What's Changed

New Contributors

Full Changelog: prometheus/common@v0.62.0...v0.63.0

Commits
  • cf3c56f Merge pull request #768 from prometheus/otlp-translator
  • b35ad99 Add test case for BuildCompliantMetricName with a metric that starts with a d...
  • 227989c otlptranslator: Add dependency free package that translator OTLP data into Pr...
  • a9cc7f7 Update common Prometheus files (#767)
  • 0decf1f Fix spelling mistake in godoc (#766)
  • 6b9636c model: Clarify the purpose of model.NameValidationScheme (#765)
  • 56f6f38 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 (#762)
  • b516f6d build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#763)
  • 0db99da build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#761)
  • ca40aa0 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#756)
  • Additional commits viewable in compare view

Updates github.com/prometheus/procfs from 0.15.1 to 0.16.0

Release notes

Sourced from github.com/prometheus/procfs's releases.

v0.16.0

What's Changed

New Contributors

Full Changelog: prometheus/procfs@v0.15.1...v0.16.0

Commits
  • 775997f build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 (#703)
  • 672fb0e build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#702)
  • ca691f1 build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#701)
  • 5d8dd55 Add support for per-interface SNMP6 stats
  • 64d7b47 chore: nolint misspell on vulnerability names
  • 3cc6dc9 fix: correct linters-settings typo in .golangci.yml
  • 88acb09 Bump golang.org/x/sys from 0.28.0 to 0.29.0
  • 6185448 refactor: Rename symbol names according to golang conventions
  • 21839df enhancement: Implement classes to read drm subsystem
  • a05af62 Bump golang.org/x/sync from 0.9.0 to 0.10.0 (#690)
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.71.0 to 1.71.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.71.1

Bug Fixes

  • grpc: fix a bug causing an extra Read from the compressor if a compressed message is the same size as the limit. This could result in a panic with the built-in gzip compressor (#8178)
  • xds: restore the behavior of reading the bootstrap config before creating the first xDS client instead of at package init time (#8164)
  • stats/opentelemetry: use TextMapPropagator and TracerProvider from TraceOptions instead of OpenTelemetry globals (#8166)
  • client: fix races when an http proxy is configured that could lead to deadlocks or panics (#8195)
  • client: fix bug causing RPC failures with message "no children to pick from" when using a custom resolver that calls the deprecated NewAddress API (#8149)
  • wrr: fix slow processing of address updates that could result in problems including RPC failures for servers with a large number of backends (#8179)
Commits

Updates google.golang.org/protobuf from 1.36.5 to 1.36.6

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-dependencies group across 1 directory with 7 updates
7f08573 
Bumps the github-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/fxamacker/cbor/v2](https://github.com/fxamacker/cbor) | `2.7.0` | `2.8.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.21.1` | `1.22.0` |
| [github.com/prometheus/client_model](https://github.com/prometheus/client_model) | `0.6.1` | `0.6.2` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.62.0` | `0.63.0` |
| [github.com/prometheus/procfs](https://github.com/prometheus/procfs) | `0.15.1` | `0.16.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.71.0` | `1.71.1` |



Updates `github.com/fxamacker/cbor/v2` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/fxamacker/cbor/releases)
- [Commits](fxamacker/cbor@v2.7.0...v2.8.0)

Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.21.1...v1.22.0)

Updates `github.com/prometheus/client_model` from 0.6.1 to 0.6.2
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](prometheus/client_model@v0.6.1...v0.6.2)

Updates `github.com/prometheus/common` from 0.62.0 to 0.63.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](prometheus/common@v0.62.0...v0.63.0)

Updates `github.com/prometheus/procfs` from 0.15.1 to 0.16.0
- [Release notes](https://github.com/prometheus/procfs/releases)
- [Commits](prometheus/procfs@v0.15.1...v0.16.0)

Updates `google.golang.org/grpc` from 1.71.0 to 1.71.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.71.0...v1.71.1)

Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6

---
updated-dependencies:
- dependency-name: github.com/fxamacker/cbor/v2
  dependency-version: 2.8.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.22.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/client_model
  dependency-version: 0.6.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/common
  dependency-version: 0.63.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/procfs
  dependency-version: 0.16.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: google.golang.org/grpc
  dependency-version: 1.71.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. labels Apr 17, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign jsafrane for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 17, 2025
@k8s-ci-robot
Copy link
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Apr 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jingxu97 jingxu97 Awaiting requested review from jingxu97

@sunnylovestiramisu sunnylovestiramisu Awaiting requested review from sunnylovestiramisu

Assignees
No one assigned
Labels
area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@k8s-ci-robot