Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: Hash pin sensitive actions and configure Dependabot to automatically update them #899

Merged

Conversation

diogoteles08
Copy link
Contributor

Closes #898

As mentioned on the issue, this PR enhances project security by hash-pinning the dependencies that are called under dangerous permissions. Additionally, it enables dependabot to update them automatically.

I configured dependabot in a way that all of version updates will be collapsed in a single PR sent monthly -- this avoids noisy PRs, which is a common concern haha. Regardless of the frequency chosen, for the case of security updates a PR with the fixed version would be sent right away.

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Copy link
Owner

@klauspost klauspost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@klauspost
Copy link
Owner

Thanks!

@klauspost klauspost merged commit 5f128b2 into klauspost:master Dec 15, 2023
18 checks passed
bogdandrutu referenced this pull request in open-telemetry/opentelemetry-collector Jan 30, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[github.com/klauspost/compress](https://togithub.com/klauspost/compress)
| `v1.17.4` -> `v1.17.5` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fklauspost%2fcompress/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fklauspost%2fcompress/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fklauspost%2fcompress/v1.17.4/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fklauspost%2fcompress/v1.17.4/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

###
[`v1.17.5`](https://togithub.com/klauspost/compress/releases/tag/v1.17.5)

[Compare
Source](https://togithub.com/klauspost/compress/compare/v1.17.4...v1.17.5)

#### What's Changed

- flate: Fix reset with dictionary on custom window encodes by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/912](https://togithub.com/klauspost/compress/pull/912)
- zstd: Limit better/best default window to 8MB by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/913](https://togithub.com/klauspost/compress/pull/913)
- zstd: Shorter and faster asm for decSymbol.newState by
[@&#8203;greatroar](https://togithub.com/greatroar) in
[https://github.com/klauspost/compress/pull/896](https://togithub.com/klauspost/compress/pull/896)
- zstd: Add Frame header encoding and stripping by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/908](https://togithub.com/klauspost/compress/pull/908)
- zstd: Tweak noasm FSE decoder by
[@&#8203;greatroar](https://togithub.com/greatroar) in
[https://github.com/klauspost/compress/pull/910](https://togithub.com/klauspost/compress/pull/910)
- s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for
custom use by [@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)
- s2: Fix incorrect length encoded by writer.AddSkippableBlock by
[@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/klauspost/compress/pull/917](https://togithub.com/klauspost/compress/pull/917)
- s2: Fix up AddSkippableBlock more by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/919](https://togithub.com/klauspost/compress/pull/919)
- s2: Document and test how to peek the stream for skippable blocks by
[@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/klauspost/compress/pull/918](https://togithub.com/klauspost/compress/pull/918)
- internal/race,s2: add some race instrumentation by
[@&#8203;egonelbre](https://togithub.com/egonelbre) in
[https://github.com/klauspost/compress/pull/903](https://togithub.com/klauspost/compress/pull/903)
- build(deps): bump the github-actions group with 4 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/klauspost/compress/pull/900](https://togithub.com/klauspost/compress/pull/900)
- CI: Hash pin sensitive actions and configure Dependabot to
automatically update them by
[@&#8203;diogoteles08](https://togithub.com/diogoteles08) in
[https://github.com/klauspost/compress/pull/899](https://togithub.com/klauspost/compress/pull/899)
- Update generator and executable go.mod by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/904](https://togithub.com/klauspost/compress/pull/904)
- Update README.md by [@&#8203;pelenium](https://togithub.com/pelenium)
in
[https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
- build(deps): bump the github-actions group with 1 update by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/klauspost/compress/pull/906](https://togithub.com/klauspost/compress/pull/906)

#### New Contributors

- [@&#8203;pelenium](https://togithub.com/pelenium) made their first
contribution in
[https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
- [@&#8203;Jille](https://togithub.com/Jille) made their first
contribution in
[https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)

**Full Changelog**:
klauspost/compress@v1.17.4...v1.17.5

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: opentelemetrybot <107717825+opentelemetrybot@users.noreply.github.com>
kodiakhq bot referenced this pull request in cloudquery/filetypes Feb 1, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.17.4` -> `v1.17.5` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

### [`v1.17.5`](https://togithub.com/klauspost/compress/releases/tag/v1.17.5)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.17.4...v1.17.5)

#### What's Changed

-   flate: Fix reset with dictionary on custom window encodes by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/912](https://togithub.com/klauspost/compress/pull/912)
-   zstd: Limit better/best default window to 8MB by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/913](https://togithub.com/klauspost/compress/pull/913)
-   zstd: Shorter and faster asm for decSymbol.newState by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/896](https://togithub.com/klauspost/compress/pull/896)
-   zstd: Add Frame header encoding and stripping by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/908](https://togithub.com/klauspost/compress/pull/908)
-   zstd: Tweak noasm FSE decoder by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/910](https://togithub.com/klauspost/compress/pull/910)
-   s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom use by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)
-   s2: Fix incorrect length encoded by writer.AddSkippableBlock by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/917](https://togithub.com/klauspost/compress/pull/917)
-   s2: Fix up AddSkippableBlock more by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/919](https://togithub.com/klauspost/compress/pull/919)
-   s2: Document and test how to peek the stream for skippable blocks by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/918](https://togithub.com/klauspost/compress/pull/918)
-   internal/race,s2: add some race instrumentation by [@&#8203;egonelbre](https://togithub.com/egonelbre) in [https://github.com/klauspost/compress/pull/903](https://togithub.com/klauspost/compress/pull/903)
-   build(deps): bump the github-actions group with 4 updates by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/900](https://togithub.com/klauspost/compress/pull/900)
-   CI: Hash pin sensitive actions and configure Dependabot to automatically update them by [@&#8203;diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/899](https://togithub.com/klauspost/compress/pull/899)
-   Update generator and executable go.mod by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/904](https://togithub.com/klauspost/compress/pull/904)
-   Update README.md by [@&#8203;pelenium](https://togithub.com/pelenium) in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   build(deps): bump the github-actions group with 1 update by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/906](https://togithub.com/klauspost/compress/pull/906)

#### New Contributors

-   [@&#8203;pelenium](https://togithub.com/pelenium) made their first contribution in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   [@&#8203;Jille](https://togithub.com/Jille) made their first contribution in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)

**Full Changelog**: klauspost/compress@v1.17.4...v1.17.5

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNjMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE2My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
kodiakhq bot referenced this pull request in cloudquery/codegen Feb 1, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.17.4` -> `v1.17.5` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

### [`v1.17.5`](https://togithub.com/klauspost/compress/releases/tag/v1.17.5)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.17.4...v1.17.5)

#### What's Changed

-   flate: Fix reset with dictionary on custom window encodes by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/912](https://togithub.com/klauspost/compress/pull/912)
-   zstd: Limit better/best default window to 8MB by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/913](https://togithub.com/klauspost/compress/pull/913)
-   zstd: Shorter and faster asm for decSymbol.newState by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/896](https://togithub.com/klauspost/compress/pull/896)
-   zstd: Add Frame header encoding and stripping by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/908](https://togithub.com/klauspost/compress/pull/908)
-   zstd: Tweak noasm FSE decoder by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/910](https://togithub.com/klauspost/compress/pull/910)
-   s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom use by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)
-   s2: Fix incorrect length encoded by writer.AddSkippableBlock by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/917](https://togithub.com/klauspost/compress/pull/917)
-   s2: Fix up AddSkippableBlock more by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/919](https://togithub.com/klauspost/compress/pull/919)
-   s2: Document and test how to peek the stream for skippable blocks by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/918](https://togithub.com/klauspost/compress/pull/918)
-   internal/race,s2: add some race instrumentation by [@&#8203;egonelbre](https://togithub.com/egonelbre) in [https://github.com/klauspost/compress/pull/903](https://togithub.com/klauspost/compress/pull/903)
-   build(deps): bump the github-actions group with 4 updates by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/900](https://togithub.com/klauspost/compress/pull/900)
-   CI: Hash pin sensitive actions and configure Dependabot to automatically update them by [@&#8203;diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/899](https://togithub.com/klauspost/compress/pull/899)
-   Update generator and executable go.mod by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/904](https://togithub.com/klauspost/compress/pull/904)
-   Update README.md by [@&#8203;pelenium](https://togithub.com/pelenium) in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   build(deps): bump the github-actions group with 1 update by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/906](https://togithub.com/klauspost/compress/pull/906)

#### New Contributors

-   [@&#8203;pelenium](https://togithub.com/pelenium) made their first contribution in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   [@&#8203;Jille](https://togithub.com/Jille) made their first contribution in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)

**Full Changelog**: klauspost/compress@v1.17.4...v1.17.5

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNjMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE2My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
kodiakhq bot referenced this pull request in cloudquery/plugin-sdk Feb 1, 2024
)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.17.4` -> `v1.17.5` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

### [`v1.17.5`](https://togithub.com/klauspost/compress/releases/tag/v1.17.5)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.17.4...v1.17.5)

#### What's Changed

-   flate: Fix reset with dictionary on custom window encodes by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/912](https://togithub.com/klauspost/compress/pull/912)
-   zstd: Limit better/best default window to 8MB by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/913](https://togithub.com/klauspost/compress/pull/913)
-   zstd: Shorter and faster asm for decSymbol.newState by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/896](https://togithub.com/klauspost/compress/pull/896)
-   zstd: Add Frame header encoding and stripping by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/908](https://togithub.com/klauspost/compress/pull/908)
-   zstd: Tweak noasm FSE decoder by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/910](https://togithub.com/klauspost/compress/pull/910)
-   s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom use by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)
-   s2: Fix incorrect length encoded by writer.AddSkippableBlock by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/917](https://togithub.com/klauspost/compress/pull/917)
-   s2: Fix up AddSkippableBlock more by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/919](https://togithub.com/klauspost/compress/pull/919)
-   s2: Document and test how to peek the stream for skippable blocks by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/918](https://togithub.com/klauspost/compress/pull/918)
-   internal/race,s2: add some race instrumentation by [@&#8203;egonelbre](https://togithub.com/egonelbre) in [https://github.com/klauspost/compress/pull/903](https://togithub.com/klauspost/compress/pull/903)
-   build(deps): bump the github-actions group with 4 updates by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/900](https://togithub.com/klauspost/compress/pull/900)
-   CI: Hash pin sensitive actions and configure Dependabot to automatically update them by [@&#8203;diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/899](https://togithub.com/klauspost/compress/pull/899)
-   Update generator and executable go.mod by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/904](https://togithub.com/klauspost/compress/pull/904)
-   Update README.md by [@&#8203;pelenium](https://togithub.com/pelenium) in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   build(deps): bump the github-actions group with 1 update by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/906](https://togithub.com/klauspost/compress/pull/906)

#### New Contributors

-   [@&#8203;pelenium](https://togithub.com/pelenium) made their first contribution in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   [@&#8203;Jille](https://togithub.com/Jille) made their first contribution in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)

**Full Changelog**: klauspost/compress@v1.17.4...v1.17.5

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNjMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE2My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
kodiakhq bot referenced this pull request in cloudquery/plugin-pb-go Feb 1, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.17.4` -> `v1.17.5` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

### [`v1.17.5`](https://togithub.com/klauspost/compress/releases/tag/v1.17.5)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.17.4...v1.17.5)

#### What's Changed

-   flate: Fix reset with dictionary on custom window encodes by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/912](https://togithub.com/klauspost/compress/pull/912)
-   zstd: Limit better/best default window to 8MB by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/913](https://togithub.com/klauspost/compress/pull/913)
-   zstd: Shorter and faster asm for decSymbol.newState by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/896](https://togithub.com/klauspost/compress/pull/896)
-   zstd: Add Frame header encoding and stripping by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/908](https://togithub.com/klauspost/compress/pull/908)
-   zstd: Tweak noasm FSE decoder by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/910](https://togithub.com/klauspost/compress/pull/910)
-   s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom use by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)
-   s2: Fix incorrect length encoded by writer.AddSkippableBlock by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/917](https://togithub.com/klauspost/compress/pull/917)
-   s2: Fix up AddSkippableBlock more by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/919](https://togithub.com/klauspost/compress/pull/919)
-   s2: Document and test how to peek the stream for skippable blocks by [@&#8203;Jille](https://togithub.com/Jille) in [https://github.com/klauspost/compress/pull/918](https://togithub.com/klauspost/compress/pull/918)
-   internal/race,s2: add some race instrumentation by [@&#8203;egonelbre](https://togithub.com/egonelbre) in [https://github.com/klauspost/compress/pull/903](https://togithub.com/klauspost/compress/pull/903)
-   build(deps): bump the github-actions group with 4 updates by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/900](https://togithub.com/klauspost/compress/pull/900)
-   CI: Hash pin sensitive actions and configure Dependabot to automatically update them by [@&#8203;diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/899](https://togithub.com/klauspost/compress/pull/899)
-   Update generator and executable go.mod by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/904](https://togithub.com/klauspost/compress/pull/904)
-   Update README.md by [@&#8203;pelenium](https://togithub.com/pelenium) in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   build(deps): bump the github-actions group with 1 update by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/klauspost/compress/pull/906](https://togithub.com/klauspost/compress/pull/906)

#### New Contributors

-   [@&#8203;pelenium](https://togithub.com/pelenium) made their first contribution in [https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
-   [@&#8203;Jille](https://togithub.com/Jille) made their first contribution in [https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)

**Full Changelog**: klauspost/compress@v1.17.4...v1.17.5

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNjMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE2My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
mx-psi referenced this pull request in open-telemetry/opentelemetry-collector-contrib Feb 5, 2024
…0855)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[github.com/klauspost/compress](https://togithub.com/klauspost/compress)
| `v1.17.4` -> `v1.17.5` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fklauspost%2fcompress/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fklauspost%2fcompress/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fklauspost%2fcompress/v1.17.4/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fklauspost%2fcompress/v1.17.4/v1.17.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

###
[`v1.17.5`](https://togithub.com/klauspost/compress/releases/tag/v1.17.5)

[Compare
Source](https://togithub.com/klauspost/compress/compare/v1.17.4...v1.17.5)

#### What's Changed

- flate: Fix reset with dictionary on custom window encodes by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/912](https://togithub.com/klauspost/compress/pull/912)
- zstd: Limit better/best default window to 8MB by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/913](https://togithub.com/klauspost/compress/pull/913)
- zstd: Shorter and faster asm for decSymbol.newState by
[@&#8203;greatroar](https://togithub.com/greatroar) in
[https://github.com/klauspost/compress/pull/896](https://togithub.com/klauspost/compress/pull/896)
- zstd: Add Frame header encoding and stripping by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/908](https://togithub.com/klauspost/compress/pull/908)
- zstd: Tweak noasm FSE decoder by
[@&#8203;greatroar](https://togithub.com/greatroar) in
[https://github.com/klauspost/compress/pull/910](https://togithub.com/klauspost/compress/pull/910)
- s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for
custom use by [@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)
- s2: Fix incorrect length encoded by writer.AddSkippableBlock by
[@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/klauspost/compress/pull/917](https://togithub.com/klauspost/compress/pull/917)
- s2: Fix up AddSkippableBlock more by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/919](https://togithub.com/klauspost/compress/pull/919)
- s2: Document and test how to peek the stream for skippable blocks by
[@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/klauspost/compress/pull/918](https://togithub.com/klauspost/compress/pull/918)
- internal/race,s2: add some race instrumentation by
[@&#8203;egonelbre](https://togithub.com/egonelbre) in
[https://github.com/klauspost/compress/pull/903](https://togithub.com/klauspost/compress/pull/903)
- build(deps): bump the github-actions group with 4 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/klauspost/compress/pull/900](https://togithub.com/klauspost/compress/pull/900)
- CI: Hash pin sensitive actions and configure Dependabot to
automatically update them by
[@&#8203;diogoteles08](https://togithub.com/diogoteles08) in
[https://github.com/klauspost/compress/pull/899](https://togithub.com/klauspost/compress/pull/899)
- Update generator and executable go.mod by
[@&#8203;klauspost](https://togithub.com/klauspost) in
[https://github.com/klauspost/compress/pull/904](https://togithub.com/klauspost/compress/pull/904)
- Update README.md by [@&#8203;pelenium](https://togithub.com/pelenium)
in
[https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
- build(deps): bump the github-actions group with 1 update by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/klauspost/compress/pull/906](https://togithub.com/klauspost/compress/pull/906)

#### New Contributors

- [@&#8203;pelenium](https://togithub.com/pelenium) made their first
contribution in
[https://github.com/klauspost/compress/pull/905](https://togithub.com/klauspost/compress/pull/905)
- [@&#8203;Jille](https://togithub.com/Jille) made their first
contribution in
[https://github.com/klauspost/compress/pull/916](https://togithub.com/klauspost/compress/pull/916)

**Full Changelog**:
klauspost/compress@v1.17.4...v1.17.5

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector-contrib).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: opentelemetrybot <107717825+opentelemetrybot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CI: Suggest hash-pinning sensitive workflow dependencies
2 participants