Skip to content

Bump the github-dependencies group across 1 directory with 6 updates #504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the github-dependencies group across 1 directory with 6 updates #504

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 24, 2025
edited
Loading

Bumps the github-dependencies group with 5 updates in the / directory:

Package From To
google.golang.org/grpc 1.71.0 1.72.0
github.com/fxamacker/cbor/v2 2.7.0 2.8.0
github.com/prometheus/client_golang 1.21.1 1.22.0
github.com/prometheus/client_model 0.6.1 0.6.2
github.com/prometheus/procfs 0.15.1 0.16.1

Updates google.golang.org/grpc from 1.71.0 to 1.72.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.72.0

Dependencies

  • Minimum supported Go version is now 1.23 (#8108)

API Changes

  • resolver: add experimental AddressMapV2 with generics to ultimately replace AddressMap. Deprecate AddressMap for deletion (#8187)
  • resolver: convert EndpointMap in place to use generics (#8189)

New Features

  • xds: add grpc.xds_client.server_failure counter metric on xDS client to record connectivity errors (#8203)
  • balancer/rls: allow maxAge to exceed 5 minutes if staleAge is set in the LB policy configuration (#8137)
  • ringhash: implement gRFC A76 improvements. (#8159)

Bug Fixes

  • xds: fix support for circuit breakers and load reporting in LOGICAL_DNS clusters (#8169, #8170)
  • xds/cds: improve RPC error messages when resources are not found (#8122)
  • balancer/priority: fix race that could leak balancers and goroutines during shutdown (#8095)
  • stats/opentelemetry: fix trace attributes message sequence numbers to start from 0 (#8237)
  • balancer/pickfirstleaf: fix panic if deprecated Address.Metadata field is set to a non-comparable value by ignoring the field (#8227)

Behavior Changes

  • transport: make servers send an HTTP/2 RST_STREAM frame to cancel a stream when the deadline expires (#8071)

Documentation

  • stats: clarify the expected sequence of events on a stats handler (#7885)

Release 1.71.1

Bug Fixes

  • grpc: fix a bug causing an extra Read from the compressor if a compressed message is the same size as the limit. This could result in a panic with the built-in gzip compressor (#8178)
  • xds: restore the behavior of reading the bootstrap config before creating the first xDS client instead of at package init time (#8164)
  • stats/opentelemetry: use TextMapPropagator and TracerProvider from TraceOptions instead of OpenTelemetry globals (#8166)
  • client: fix races when an http proxy is configured that could lead to deadlocks or panics (#8195)
  • client: fix bug causing RPC failures with message "no children to pick from" when using a custom resolver that calls the deprecated NewAddress API (#8149)
  • wrr: fix slow processing of address updates that could result in problems including RPC failures for servers with a large number of backends (#8179)
Commits
  • a43eba6 Change version to 1.72.0 (#8218)
  • 48f48c1 balancer/pickfirstleaf: Avoid reading Address.Metadata (#8227) (#8259)
  • fd6f585 Cherry-pick #8159 and #8243 to v1.72.x (#8255)
  • 79ca174 stats/opentelemetry: fix trace attributes message sequence numbers to start f...
  • 57a2605 xdsclient: fix TestServerFailureMetrics_BeforeResponseRecv test to wait for w...
  • 5edab9e xdsclient: add grpc.xds_client.server_failure counter mertric (#8203)
  • 78ba661 regenerate protos (#8208)
  • 6819ed7 delegatingresolver: Stop calls into delegates once the parent resolver is clo...
  • a51009d resolver: convert EndpointMap to use generics (#8189)
  • b0d1203 resolver: create AddressMapV2 with generics to replace AddressMap (#8187)
  • Additional commits viewable in compare view

Updates github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.8.0 adds omitzero struct tag option, fixes and deprecates 3 functions, and bumps requirements to go 1.20+.

Many thanks to @​liggitt for contributing the omitzero support!

The "omitzero" option omits zero values from encoding, matching stdlib encoding/json behavior. When specified in the cbor tag, the option is always honored. When specified in the json tag, the option is honored when building with Go 1.24+.

This release fixes 3 functions (when called directly by user apps) to use same error handling on bad input as cbor.Unmarshal():

  • RawTag.UnmarshalCBOR() (thanks @​thomas-fossati for reporting this!)
  • ByteString.UnmarshalCBOR()
  • SimpleValue.UnmarshalCBOR()

This release also deprecates those 3 functions because they were initially created for internal use. Please use Unmarshal() or UnmarshalFirst() instead.

To preserve backward compatibility, the deprecated functions were added to fuzz tests and will not be removed in v2.x.

What's Changed

Other Changes

... (truncated)

Commits
  • cbe7442 Update docs for cbor v2.8.0 (#649)
  • c9f772d Merge pull request #647 from fxamacker/fxamacker/optimize-unmarshalcbor-for-c...
  • 64fbdbc Optimize calls to UnmarshalCBOR() for RawTag, etc.
  • fe81c11 Merge pull request #645 from fxamacker/fxamacker/port-pr-636-to-master-branch
  • d81ecdd Check CBOR well-formedness in ByteString.UnmarshalCBOR
  • 4f3c6a5 Check CBOR well-formedness in SimpleValue.UnmarshalCBOR
  • 621c666 Check CBOR well-formedness in RawTag.UnmarshalCBOR
  • d34c8ec Merge pull request #644 from liggitt/omitzero
  • 69da12b Adjust OmitZero tests to zero behavior
  • 101dea7 Copy OmitEmpty tests to OmitZero tests
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765
Commits
  • d50be25 Cut 1.22.0 (#1793)
  • 1043db7 Cut 1.22.0-rc.0 (#1768)
  • e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
  • f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
  • 9df772c build(deps): bump peter-evans/create-pull-request
  • a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
  • 60fd2b0 Remove go.work file for now
  • 8f9d0de exp: Add dependabot config
  • c5cf981 Merge pull request #1762 from prometheus/release-1.21
  • e84c305 exp: Reset snappy buf (#1756)
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_model from 0.6.1 to 0.6.2

Release notes

Sourced from github.com/prometheus/client_model's releases.

v0.6.2

What's Changed

Full Changelog: prometheus/client_model@v0.6.1...v0.6.2

Commits
  • eb136e5 Merge pull request #119 from prometheus/superq/google.golang.org/protobuf
  • bf7f2ca Update golanci-lint to v2.
  • 7e9b56c Bump google.golang.org/protobuf from 1.36.5 to 1.36.6
  • ef699ce Merge pull request #116 from prometheus/repo_sync
  • bf8b12e Update common Prometheus files
  • 5b93968 Merge pull request #115 from prometheus/repo_sync
  • ae83ddc Update common Prometheus files
  • afe0b21 Merge pull request #114 from prometheus/repo_sync
  • 75e1daf Update common Prometheus files
  • 73608e2 Merge pull request #113 from prometheus/dependabot/go_modules/google.golang.o...
  • Additional commits viewable in compare view

Updates github.com/prometheus/procfs from 0.15.1 to 0.16.1

Release notes

Sourced from github.com/prometheus/procfs's releases.

v0.16.1

What's Changed

New Contributors

Full Changelog: prometheus/procfs@v0.16.0...v0.16.1

v0.16.0

What's Changed

... (truncated)

Commits

Updates google.golang.org/protobuf from 1.36.5 to 1.36.6

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-dependencies group across 1 directory with 6 updates
b05759e 
Bumps the github-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.71.0` | `1.72.0` |
| [github.com/fxamacker/cbor/v2](https://github.com/fxamacker/cbor) | `2.7.0` | `2.8.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.21.1` | `1.22.0` |
| [github.com/prometheus/client_model](https://github.com/prometheus/client_model) | `0.6.1` | `0.6.2` |
| [github.com/prometheus/procfs](https://github.com/prometheus/procfs) | `0.15.1` | `0.16.1` |



Updates `google.golang.org/grpc` from 1.71.0 to 1.72.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.71.0...v1.72.0)

Updates `github.com/fxamacker/cbor/v2` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/fxamacker/cbor/releases)
- [Commits](fxamacker/cbor@v2.7.0...v2.8.0)

Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.21.1...v1.22.0)

Updates `github.com/prometheus/client_model` from 0.6.1 to 0.6.2
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](prometheus/client_model@v0.6.1...v0.6.2)

Updates `github.com/prometheus/procfs` from 0.15.1 to 0.16.1
- [Release notes](https://github.com/prometheus/procfs/releases)
- [Commits](prometheus/procfs@v0.15.1...v0.16.1)

Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.72.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/fxamacker/cbor/v2
  dependency-version: 2.8.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.22.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/client_model
  dependency-version: 0.6.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/procfs
  dependency-version: 0.16.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. labels Apr 24, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign saad-ali for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 24, 2025
@k8s-ci-robot
Copy link
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Apr 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrishenzie chrishenzie Awaiting requested review from chrishenzie

@sunnylovestiramisu sunnylovestiramisu Awaiting requested review from sunnylovestiramisu

Assignees
No one assigned
Labels
area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@k8s-ci-robot