Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the github-dependencies group across 1 directory with 19 updates #1336

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the github-dependencies group across 1 directory with 19 updates #1336

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 27, 2025

Bumps the github-dependencies group with 13 updates in the / directory:

Package From To
github.com/miekg/dns 1.1.62 1.1.63
google.golang.org/grpc 1.69.2 1.70.0
google.golang.org/protobuf 1.36.2 1.36.4
cel.dev/expr 0.19.1 0.19.2
github.com/cyphar/filepath-securejoin 0.3.6 0.4.0
github.com/grpc-ecosystem/grpc-gateway/v2 2.25.1 2.26.0
go.etcd.io/etcd/api/v3 3.5.17 3.5.18
go.etcd.io/etcd/client/pkg/v3 3.5.17 3.5.18
go.etcd.io/etcd/client/v3 3.5.17 3.5.18
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc 0.58.0 0.59.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.58.0 0.59.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace 1.33.0 1.34.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc 1.33.0 1.34.0

Updates github.com/miekg/dns from 1.1.62 to 1.1.63

Commits

Updates google.golang.org/grpc from 1.69.2 to 1.70.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.70.0

Behavior Changes

  • client: reject service configs containing an invalid retryPolicy in accordance with gRFCs A21 and A6. (#7905)
    • Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.

New Features

  • xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable GRPC_EXPERIMENTAL_XDS_FALLBACK to false. (#7949)
  • experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (#7980)
    • These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.

Bug Fixes

  • xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (#8011)

Performance

  • server: for unary requests, free raw request message data as soon as parsing is finished instead of waiting until the method handler returns. (#7998)

Documentation

  • examples/features/gracefulstop: add example to demonstrate server graceful stop. (#7865)

Release 1.69.4

Bug Fixes

  • rbac: fix support for :path header matchers, which would previously never successfully match (#7965).

Documentation

  • examples/features/csm_observability: update example client and server to use the helloworld service instead of echo service (#7945).

Release 1.69.3 was accidentally tagged on the master branch and will be deleted. Please update to 1.69.4 instead.

Commits
  • 98a0092 Change version to 1.70.0 (#7984)
  • bf380de Cherrypick #7998, #8011, #8010 into 1.70.x (#8028)
  • 54b3eb9 experimental/credentials: Add credentials that don't enforce ALPN (#7980) (#8...
  • 62b9185 clustetresolver: Copy endpoints.Addresses slice from DNS updates to avoid dat...
  • 724f450 examples/features/csm_observability: use helloworld client and server instead...
  • e8d5feb rbac: add method name to :path in headers (#7965)
  • e912015 cleanup: Fix usages of non-constant format strings (#7959)
  • 681334a cleanup: replace dial with newclient (#7943)
  • 063d352 internal/resolver: introduce a new resolver to handle target URI and proxy ad...
  • 10c7e13 outlierdetection: Support health listener for ejection updates (#7908)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.2 to 1.36.4

Updates cel.dev/expr from 0.19.1 to 0.19.2

Release notes

Sourced from cel.dev/expr's releases.

v0.19.2

What's Changed

Full Changelog: google/cel-spec@v0.19.1...v0.19.2

Commits

Updates github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.0

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.4.0

This release primarily includes a few minor breaking changes to make the MkdirAll and SecureJoin interfaces more robust against accidental misuse.

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

Thanks to the following contributors for helping make this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.4.0] - 2025-01-13

Breaking

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

Commits
  • 9a17e6b VERSION: release v0.4.0
  • e410d4a merge #44 into cyphar/filepath-securejoin:main
  • ea4e5b6 gha: add GOARCH=386 build check
  • 0c2fbe6 mkdirall: switch to os.FileMode argument
  • f3a512c merge #43 into cyphar/filepath-securejoin:main
  • bc750ad join: return an error if root is unclean path
  • 1be4136 gha: always check for latest Go release
  • b498783 merge #38 into cyphar/filepath-securejoin:main
  • 682d3ad VERSION: back to development
  • See full diff in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.25.1 to 2.26.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.26.0

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.25.1...v2.26.0

Commits
  • f042173 build(deps): bump just-the-docs from 0.10.0 to 0.10.1 in /docs (#5112)
  • 3098c6a chore(deps): update dependency com_github_bazelbuild_buildtools to v8 (#5126)
  • c51073c chore(deps): update googleapis digest to 318818b (#5156)
  • 5dfd063 Only write Content-Length if the runtime.WithWriteContentLength() option is s...
  • e1364b5 protoc-gen-openapiv2: Do not add invisible enum values as default (#5129)
  • 3b7b760 chore(deps): update googleapis digest to 5c2ccb6 (#5155)
  • 0663fba chore(deps): update googleapis digest to 07737e5 (#5154)
  • 3ef2ee0 chore(deps): update dependency bazel to v8.0.1 (#5153)
  • 12a233b chore(deps): update googleapis digest to 3776db1 (#5152)
  • 4da1653 chore(deps): update dependency rules_python to v1.1.0 (#5150)
  • Additional commits viewable in compare view

Updates go.etcd.io/etcd/api/v3 from 3.5.17 to 3.5.18

Release notes

Sourced from go.etcd.io/etcd/api/v3's releases.

v3.5.18

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux
ETCD_VER=v3.5.18
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)
ETCD_VER=v3.5.18
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits
  • 5bca08e version: bump up to 3.5.18
  • 3c04b6c Merge pull request #19258 from ahrtr/race-20250117_3.5
  • 0c8e7b1 Ensure all goroutines created by StartEtcd to exit before closing the errc
  • a7ab766 Merge pull request #19249 from fuweid/35-fix-19179
  • c6fcd27 mvcc: restore tombstone index if it's first revision
  • eade1fa Merge pull request #19211 from ivanvc/release-3.5-bump-go-to-1.22.11
  • 3ff20e6 Bump go toolchain to 1.22.11
  • 5d22781 Merge pull request #19167 from joshuazh-x/fix-embed-close-deadlock-3.5
  • 80b0a73 Avoid deadlock in etcd.Close when stopping during bootstrapping
  • 6349cb8 Merge pull request #19164 from fuweid/v35_check_v2store_followup
  • Additional commits viewable in compare view

Updates go.etcd.io/etcd/client/pkg/v3 from 3.5.17 to 3.5.18

Release notes

Sourced from go.etcd.io/etcd/client/pkg/v3's releases.

v3.5.18

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux
ETCD_VER=v3.5.18
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)
ETCD_VER=v3.5.18
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits
  • 5bca08e version: bump up to 3.5.18
  • 3c04b6c Merge pull request #19258 from ahrtr/race-20250117_3.5
  • 0c8e7b1 Ensure all goroutines created by StartEtcd to exit before closing the errc
  • a7ab766 Merge pull request #19249 from fuweid/35-fix-19179
  • c6fcd27 mvcc: restore tombstone index if it's first revision
  • eade1fa Merge pull request #19211 from ivanvc/release-3.5-bump-go-to-1.22.11
  • 3ff20e6 Bump go toolchain to 1.22.11
  • 5d22781 Merge pull request #19167 from joshuazh-x/fix-embed-close-deadlock-3.5
  • 80b0a73 Avoid deadlock in etcd.Close when stopping during bootstrapping
  • 6349cb8 Merge pull request #19164 from fuweid/v35_check_v2store_followup
  • Additional commits viewable in compare view

Updates go.etcd.io/etcd/client/v3 from 3.5.17 to 3.5.18

Release notes

Sourced from go.etcd.io/etcd/client/v3's releases.

v3.5.18

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux
ETCD_VER=v3.5.18
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)
ETCD_VER=v3.5.18
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits
  • 5bca08e version: bump up to 3.5.18
  • 3c04b6c Merge pull request #19258 from ahrtr/race-20250117_3.5
  • 0c8e7b1 Ensure all goroutines created by StartEtcd to exit before closing the errc
  • a7ab766 Merge pull request #19249 from fuweid/35-fix-19179
  • c6fcd27 mvcc: restore tombstone index if it's first revision
  • eade1fa Merge pull request #19211 from ivanvc/release-3.5-bump-go-to-1.22.11
  • 3ff20e6 Bump go toolchain to 1.22.11
  • 5d22781 Merge pull request #19167 from joshuazh-x/fix-embed-close-deadlock-3.5
  • 80b0a73 Avoid deadlock in etcd.Close when stopping during bootstrapping
  • 6349cb8 Merge pull request #19164 from fuweid/v35_check_v2store_followup
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.58.0 to 0.59.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases.

Release v1.34.0/v0.59.0/v0.28.0/v0.14.0/v0.9.0/v0.7.0/v0.6.0

Overview

Added

  • Generate server metrics with semantic conventions v1.26.0 in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when OTEL_SEMCONV_STABILITY_OPT_IN is set to http/dup. (#6411)
  • Generate client metrics with semantic conventions v1.26.0 in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when OTEL_SEMCONV_STABILITY_OPT_IN is set to http/dup. (#6607)

Fixed

  • Fix error logged by Jaeger remote sampler on empty or unset OTEL_TRACES_SAMPLER_ARG environment variable (#6511)
  • Relax minimum Go version to 1.22.0 in various modules. (#6595)
  • NewSDK handles empty OpenTelemetryConfiguration.Resource properly in go.opentelemetry.io/contrib/config/v0.3.0. (#6606)
  • Fix a possible nil dereference panic in NewSDK of go.opentelemetry.io/contrib/config/v0.3.0. (#6606)

What's Changed

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's changelog.

[1.34.0/0.59.0/0.28.0/0.14.0/0.9.0/0.7.0/0.6.0] - 2025-01-17

Added

  • Generate server metrics with semantic conventions v1.26.0 in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when OTEL_SEMCONV_STABILITY_OPT_IN is set to http/dup. (#6411)
  • Generate client metrics with semantic conventions v1.26.0 in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when OTEL_SEMCONV_STABILITY_OPT_IN is set to http/dup. (#6607)

Fixed

  • Fix error logged by Jaeger remote sampler on empty or unset OTEL_TRACES_SAMPLER_ARG environment variable (#6511)
  • Relax minimum Go version to 1.22.0 in various modules. (#6595)
  • NewSDK handles empty OpenTelemetryConfiguration.Resource properly in go.opentelemetry.io/contrib/config/v0.3.0. (#6606)
  • Fix a possible nil dereference panic in NewSDK of go.opentelemetry.io/contrib/config/v0.3.0. (#6606)
Commits
  • e6e7902 Release v1.34.0/v0.59.0/v0.28.0/v0.14.0/v0.9.0/v0.7.0/v0.6.0 (#6641)
  • 21dad7f chore(deps): update module github.com/goccy/go-yaml to v1.15.15 (#6640)
  • 751de09 config: Add fuzz tests (#6604)
  • dafdad1 Templatize the otelhttp semconv module (#6626)
  • df8e435 fix(deps): update aws-sdk-go-v2 monorepo (#6631)
  • ad47796 chore(deps): update module github.com/prometheus/common to v0.62.0 (#6634)
  • 3657d50 chore(deps): update module github.com/goccy/go-yaml to v1.15.14 (#6628)
  • 512218b fix(deps): update aws-sdk-go-v2 monorepo (#6623)
  • f271d55 fix(deps): update aws-sdk-go-v2 monorepo (#6622)
  • 820aa80 fix(deps): update module github.com/aws/aws-sdk-go to v1.55.6 (#6619)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.58.0 to 0.59.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

Release v1.34.0/v0.59.0/v0.28.0/v0.14.0/v0.9.0/v0.7.0/v0.6.0

Overview

Added

  • Generate server metrics with semantic conventions v1.26.0 in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when OTEL_SEMCONV_STABILITY_OPT_IN is set to http/dup. (#6411)
  • Generate client metrics with semantic conventions v1.26.0 in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when OTEL_SEMCONV_STABILITY_OPT_IN is set to http/dup. (#6607)

Fixed

  • Fix error logged by Jaeger remote sampler on empty or unset OTEL_TRACES_SAMPLER_ARG environment variable (#6511)
  • Relax minimum Go version to 1.22.0 in various modules. (#6595)
  • NewSDK handles empty OpenTelemetryConfiguration.Resource properly in go.opentelemetry.io/contrib/config/v0.3.0. (#6606)
  • Fix a possible nil dereference panic in NewSDK of go.opentelemetry.io/contrib/config/v0.3.0. (#6606)

What's Changed

@dependabot
build(deps): bump the github-dependencies group across 1 directory wi…
1a9937f 
…th 19 updates

Bumps the github-dependencies group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.62` | `1.1.63` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.69.2` | `1.70.0` |
| google.golang.org/protobuf | `1.36.2` | `1.36.4` |
| [cel.dev/expr](https://github.com/google/cel-spec) | `0.19.1` | `0.19.2` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.3.6` | `0.4.0` |
| [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) | `2.25.1` | `2.26.0` |
| [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd) | `3.5.17` | `3.5.18` |
| [go.etcd.io/etcd/client/pkg/v3](https://github.com/etcd-io/etcd) | `3.5.17` | `3.5.18` |
| [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) | `3.5.17` | `3.5.18` |
| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.58.0` | `0.59.0` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.58.0` | `0.59.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.33.0` | `1.34.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.33.0` | `1.34.0` |



Updates `github.com/miekg/dns` from 1.1.62 to 1.1.63
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](miekg/dns@v1.1.62...v1.1.63)

Updates `google.golang.org/grpc` from 1.69.2 to 1.70.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.69.2...v1.70.0)

Updates `google.golang.org/protobuf` from 1.36.2 to 1.36.4

Updates `cel.dev/expr` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/google/cel-spec/releases)
- [Commits](google/cel-spec@v0.19.1...v0.19.2)

Updates `github.com/cyphar/filepath-securejoin` from 0.3.6 to 0.4.0
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.3.6...v0.4.0)

Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.25.1 to 2.26.0
- [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases)
- [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml)
- [Commits](grpc-ecosystem/grpc-gateway@v2.25.1...v2.26.0)

Updates `go.etcd.io/etcd/api/v3` from 3.5.17 to 3.5.18
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.17...v3.5.18)

Updates `go.etcd.io/etcd/client/pkg/v3` from 3.5.17 to 3.5.18
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.17...v3.5.18)

Updates `go.etcd.io/etcd/client/v3` from 3.5.17 to 3.5.18
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.17...v3.5.18)

Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.58.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.58.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.58.0 to 0.59.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.58.0...zpages/v0.59.0)

Updates `go.opentelemetry.io/otel` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/metric` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/trace` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.34.0)

Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20250106144421-5f5ef82da422 to 0.0.0-20250115164207-1a7da9e5054f
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250106144421-5f5ef82da422 to 0.0.0-20250115164207-1a7da9e5054f
- [Commits](https://github.com/googleapis/go-genproto/commits)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: cel.dev/expr
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.etcd.io/etcd/api/v3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: go.etcd.io/etcd/client/pkg/v3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: google.golang.org/genproto/googleapis/api
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. labels Jan 27, 2025
@k8s-ci-robot k8s-ci-robot requested a review from humblec January 27, 2025 05:07
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign msau42 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 27, 2025
@k8s-ci-robot
Copy link
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jan 27, 2025
@k8s-ci-robot
Copy link
Contributor

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kubernetes-csi-external-provisioner-unit 1a9937f link true /test pull-kubernetes-csi-external-provisioner-unit
pull-kubernetes-csi-external-provisioner-1-32-on-kubernetes-1-32 1a9937f link false /test pull-kubernetes-csi-external-provisioner-1-32-on-kubernetes-1-32
pull-kubernetes-csi-external-provisioner-1-30-on-kubernetes-1-30 1a9937f link true /test pull-kubernetes-csi-external-provisioner-1-30-on-kubernetes-1-30
pull-kubernetes-csi-external-provisioner-1-31-on-kubernetes-1-31 1a9937f link true /test pull-kubernetes-csi-external-provisioner-1-31-on-kubernetes-1-31
pull-kubernetes-csi-external-provisioner-distributed-on-kubernetes-1-26 1a9937f link true /test pull-kubernetes-csi-external-provisioner-distributed-on-kubernetes-1-26

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@humblec humblec Awaiting requested review from humblec

@RaunakShah RaunakShah Awaiting requested review from RaunakShah

Assignees
No one assigned
Labels
area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@k8s-ci-robot