mirror of
https://github.com/open-telemetry/opentelemetry-go.git
synced 2026-06-03 18:35:08 +02:00
624f64631b9464015ce3f3e07c2e9c1d75e08ff4
1124 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 renovate[bot]
|
624f64631b |
chore(deps): update module github.com/go-git/go-git/v5 to v5.17.1 (#8106)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-git/go-git/v5](https://redirect.github.com/go-git/go-git) | `v5.17.0` → `v5.17.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.17.1`](https://redirect.github.com/go-git/go-git/releases/tag/v5.17.1) [Compare Source](https://redirect.github.com/go-git/go-git/compare/v5.17.0...v5.17.1) #### What's Changed - build: Update module github.com/cloudflare/circl to v1.6.3 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://redirect.github.com/go-git-renovate)\[bot] in [#​1930](https://redirect.github.com/go-git/go-git/pull/1930) - \[v5] plumbing: format/index, Improve v4 entry name validation by [@​pjbgf](https://redirect.github.com/pjbgf) in [#​1935](https://redirect.github.com/go-git/go-git/pull/1935) - \[v5] plumbing: format/idxfile, Fix version and fanout checks by [@​pjbgf](https://redirect.github.com/pjbgf) in [#​1937](https://redirect.github.com/go-git/go-git/pull/1937) **Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45NC4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
099a8d1263 |
chore(deps): update module github.com/butuzov/ireturn to v0.4.1 (#8100)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/butuzov/ireturn](https://redirect.github.com/butuzov/ireturn) | `v0.4.0` → `v0.4.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>butuzov/ireturn (github.com/butuzov/ireturn)</summary> ### [`v0.4.1`](https://redirect.github.com/butuzov/ireturn/releases/tag/v0.4.1) [Compare Source](https://redirect.github.com/butuzov/ireturn/compare/v0.4.0...v0.4.1) #### Changelog - [`e838a2d`](https://redirect.github.com/butuzov/ireturn/commit/e838a2dee944f8b38eeea39a468ab685156da7b2) Update Go version requirement to 1.25 ([#​127](https://redirect.github.com/butuzov/ireturn/issues/127)) - [`e203b16`](https://redirect.github.com/butuzov/ireturn/commit/e203b1697899911b6afd54491f99bb79e33289cf) Update readme.md ([#​107](https://redirect.github.com/butuzov/ireturn/issues/107)) - [`0db6434`](https://redirect.github.com/butuzov/ireturn/commit/0db6434fcd64f04bb69eb6dd88d2350a2e8df65c) build(deps): bump actions/checkout from 4 to 6 ([#​115](https://redirect.github.com/butuzov/ireturn/issues/115)) - [`ea5d5d3`](https://redirect.github.com/butuzov/ireturn/commit/ea5d5d3ee2b749ed88ffaa89a37138cc4098d5c5) chore: update CI ([#​119](https://redirect.github.com/butuzov/ireturn/issues/119)) - [`c7bfd5b`](https://redirect.github.com/butuzov/ireturn/commit/c7bfd5b308585d806737475cbb00095fbc52b6ef) chore: update dependencies ([#​122](https://redirect.github.com/butuzov/ireturn/issues/122)) - [`46c7ed6`](https://redirect.github.com/butuzov/ireturn/commit/46c7ed6151b68be7eabd4f3ae3b7d17b831568cc) chore: use an interface ([#​123](https://redirect.github.com/butuzov/ireturn/issues/123)) - [`ae28990`](https://redirect.github.com/butuzov/ireturn/commit/ae289905dc117bce0bfebf7e2839af15d58db286) chores: improve code coverage reporting ([#​125](https://redirect.github.com/butuzov/ireturn/issues/125)) - [`8ddfd4a`](https://redirect.github.com/butuzov/ireturn/commit/8ddfd4a79889fe3f588050767652d46ca6389548) chres: update std to go1.26 ([#​124](https://redirect.github.com/butuzov/ireturn/issues/124)) - [`901815d`](https://redirect.github.com/butuzov/ireturn/commit/901815d0fb666519794019de9c9bd8e521f6d8f5) fix: remove found field ([#​120](https://redirect.github.com/butuzov/ireturn/issues/120)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45My4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
0d3cd1d917 |
chore(deps): update module github.com/tetafro/godot to v1.5.6 (#8099)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/tetafro/godot](https://redirect.github.com/tetafro/godot) | `v1.5.4` → `v1.5.6` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>tetafro/godot (github.com/tetafro/godot)</summary> ### [`v1.5.6`](https://redirect.github.com/tetafro/godot/releases/tag/v1.5.6) [Compare Source](https://redirect.github.com/tetafro/godot/compare/v1.5.5...v1.5.6) #### Changelog - [`88cf245`](https://redirect.github.com/tetafro/godot/commit/88cf24521d87cf1a946c5b876f10713945dec6fd) Fix working with //line directive - [`c1ee1ed`](https://redirect.github.com/tetafro/godot/commit/c1ee1eda4d664955c4f54d35fc4e6f68db1710cb) Update golangci-lint to v2. - [`fd5b12e`](https://redirect.github.com/tetafro/godot/commit/fd5b12eeb894312c97bcb8cc422587df6cd88a5e) Update golangci-lint to v2.8. ### [`v1.5.5`](https://redirect.github.com/tetafro/godot/releases/tag/v1.5.5) [Compare Source](https://redirect.github.com/tetafro/godot/compare/v1.5.4...v1.5.5) #### Changelog - [`f4f097a`](https://redirect.github.com/tetafro/godot/commit/f4f097a009c5934967e3ff425693418c1a8e3a76) Fix goreleaser configs. - [`a7be78a`](https://redirect.github.com/tetafro/godot/commit/a7be78ae484e14ad889c30f9342f12ff80767831) Fix inline comments replacements. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45MS41IiwidXBkYXRlZEluVmVyIjoiNDMuOTEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
853704bf99 |
chore(deps): update module github.com/pelletier/go-toml/v2 to v2.3.0 (#8095)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/pelletier/go-toml/v2](https://redirect.github.com/pelletier/go-toml) | `v2.2.4` → `v2.3.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>pelletier/go-toml (github.com/pelletier/go-toml/v2)</summary> ### [`v2.3.0`](https://redirect.github.com/pelletier/go-toml/compare/v2.2.4...v2.3.0) [Compare Source](https://redirect.github.com/pelletier/go-toml/compare/v2.2.4...v2.3.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
717c1b3505 |
fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.4 (#8092)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/golangci/golangci-lint/v2](https://redirect.github.com/golangci/golangci-lint) | `v2.11.3` → `v2.11.4` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>golangci/golangci-lint (github.com/golangci/golangci-lint/v2)</summary> ### [`v2.11.4`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2114) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.11.3...v2.11.4) *Released on 2026-03-22* 1. Linters bug fixes - `govet-modernize`: from 0.42.0 to 0.43.0 - `noctx`: from 0.5.0 to 0.5.1 - `sqlclosecheck`: from 0.5.1 to 0.6.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
8742ba9cdc |
chore(deps): update golang.org/x/telemetry digest to b6b0c46 (#8076)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [golang.org/x/telemetry](https://pkg.go.dev/golang.org/x/telemetry) | indirect | digest | `1546bf4` → `b6b0c46` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
e6120a6f77 |
chore(deps): update module github.com/fatih/color to v1.19.0 (#8087)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/fatih/color](https://redirect.github.com/fatih/color) | `v1.18.0` → `v1.19.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>fatih/color (github.com/fatih/color)</summary> ### [`v1.19.0`](https://redirect.github.com/fatih/color/releases/tag/v1.19.0) [Compare Source](https://redirect.github.com/fatih/color/compare/v1.18.0...v1.19.0) #### What's Changed - Bump golang.org/x/sys from 0.25.0 to 0.28.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​246](https://redirect.github.com/fatih/color/pull/246) - Fix for issue [#​230](https://redirect.github.com/fatih/color/issues/230) set/unsetwriter symmetric wrt color support detection by [@​ataypamart](https://redirect.github.com/ataypamart) in [#​243](https://redirect.github.com/fatih/color/pull/243) - chore: go mod cleanup by [@​sashamelentyev](https://redirect.github.com/sashamelentyev) in [#​244](https://redirect.github.com/fatih/color/pull/244) - Bump golang.org/x/sys from 0.28.0 to 0.30.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​249](https://redirect.github.com/fatih/color/pull/249) - Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​248](https://redirect.github.com/fatih/color/pull/248) - Update CI and go deps by [@​fatih](https://redirect.github.com/fatih) in [#​254](https://redirect.github.com/fatih/color/pull/254) - Bump golang.org/x/sys from 0.31.0 to 0.37.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​268](https://redirect.github.com/fatih/color/pull/268) - fix: include escape codes in byte counts from `Fprint`, `Fprintf` by [@​qualidafial](https://redirect.github.com/qualidafial) in [#​282](https://redirect.github.com/fatih/color/pull/282) - Bump golang.org/x/sys from 0.37.0 to 0.40.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​277](https://redirect.github.com/fatih/color/pull/277) - fix: add nil check for os.Stdout to prevent panic on Windows services by [@​majiayu000](https://redirect.github.com/majiayu000) in [#​275](https://redirect.github.com/fatih/color/pull/275) - Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​259](https://redirect.github.com/fatih/color/pull/259) - Bump actions/checkout from 4 to 6 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​273](https://redirect.github.com/fatih/color/pull/273) - Optimize Color.Equals performance (O(n²) → O(n)) by [@​UnSubble](https://redirect.github.com/UnSubble) in [#​269](https://redirect.github.com/fatih/color/pull/269) - Bump actions/setup-go from 5 to 6 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​266](https://redirect.github.com/fatih/color/pull/266) #### New Contributors - [@​ataypamart](https://redirect.github.com/ataypamart) made their first contribution in [#​243](https://redirect.github.com/fatih/color/pull/243) - [@​sashamelentyev](https://redirect.github.com/sashamelentyev) made their first contribution in [#​244](https://redirect.github.com/fatih/color/pull/244) - [@​qualidafial](https://redirect.github.com/qualidafial) made their first contribution in [#​282](https://redirect.github.com/fatih/color/pull/282) - [@​majiayu000](https://redirect.github.com/majiayu000) made their first contribution in [#​275](https://redirect.github.com/fatih/color/pull/275) - [@​UnSubble](https://redirect.github.com/UnSubble) made their first contribution in [#​269](https://redirect.github.com/fatih/color/pull/269) **Full Changelog**: <https://github.com/fatih/color/compare/v1.18.0...v1.19.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
68f28d61db |
chore(deps): update module github.com/protonmail/go-crypto to v1.4.1 (#8081)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/ProtonMail/go-crypto](https://redirect.github.com/ProtonMail/go-crypto) | `v1.4.0` → `v1.4.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>ProtonMail/go-crypto (github.com/ProtonMail/go-crypto)</summary> ### [`v1.4.1`](https://redirect.github.com/ProtonMail/go-crypto/releases/tag/v1.4.1) [Compare Source](https://redirect.github.com/ProtonMail/go-crypto/compare/v1.4.0...v1.4.1) ##### What's Changed - Properly handle ECC keys with invalid points in [#​304](https://redirect.github.com/ProtonMail/go-crypto/pull/304) **Full Changelog**: <https://github.com/ProtonMail/go-crypto/compare/v1.4.0...v1.4.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
47509accbc |
chore(deps): update module github.com/securego/gosec/v2 to v2.25.0 (#8084)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | `v2.24.8-0.20260316110558-744bfb5ef06e` → `v2.25.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>securego/gosec (github.com/securego/gosec/v2)</summary> ### [`v2.25.0`](https://redirect.github.com/securego/gosec/releases/tag/v2.25.0) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.7...v2.25.0) #### Changelog - [`223e19b`](https://redirect.github.com/securego/gosec/commit/223e19b8856e00f02cc67804499a83f77e208f3c) chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 ([#​1617](https://redirect.github.com/securego/gosec/issues/1617)) - [`b23a9e5`](https://redirect.github.com/securego/gosec/commit/b23a9e534822ec656207d6d33116b9c48fcde6c7) fix: allow barry action to access secrets on fork PRs ([#​1616](https://redirect.github.com/securego/gosec/issues/1616)) - [`355cfa5`](https://redirect.github.com/securego/gosec/commit/355cfa5a43916c57b7727eece120dd54665c1427) fix: reduce G117 false positives for custom marshalers and transformed values ([#​1614](https://redirect.github.com/securego/gosec/issues/1614)) ([#​1615](https://redirect.github.com/securego/gosec/issues/1615)) - [`744bfb5`](https://redirect.github.com/securego/gosec/commit/744bfb5ef06e24230087a2470dd1eda8cf5ac48a) Add barry security scanner as a step in the CI ([#​1612](https://redirect.github.com/securego/gosec/issues/1612)) - [`4fde15d`](https://redirect.github.com/securego/gosec/commit/4fde15d2287caa7ba8480e14d3ccd49579d17f42) chore(deps): update all dependencies ([#​1611](https://redirect.github.com/securego/gosec/issues/1611)) - [`dec52c4`](https://redirect.github.com/securego/gosec/commit/dec52c4101b534ac9bc8cf22ac051a65c90d75e0) fix: prevent taint analysis hang on packages with many CHA call graph edges ([#​1608](https://redirect.github.com/securego/gosec/issues/1608)) ([#​1610](https://redirect.github.com/securego/gosec/issues/1610)) - [`a0de8b6`](https://redirect.github.com/securego/gosec/commit/a0de8b6aab054e0fe97bec94d1f5e635dc5dc495) Add some skills for claude code to automate some tasks ([#​1609](https://redirect.github.com/securego/gosec/issues/1609)) - [`c2dfcec`](https://redirect.github.com/securego/gosec/commit/c2dfcec7f34bdbb3591c1dccd4aafde1d49c5bd6) Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries ([#​1606](https://redirect.github.com/securego/gosec/issues/1606)) - [`8aec3f4`](https://redirect.github.com/securego/gosec/commit/8aec3f48a22ee5404185b01ac7667302ba73e51c) fix: skip SSA analysis on ill-typed packages to prevent panic ([#​1607](https://redirect.github.com/securego/gosec/issues/1607)) - [`1ced32d`](https://redirect.github.com/securego/gosec/commit/1ced32df147e2dd7bb9400023c246235bb32be92) Port G120 from SSA-based to taint analysis (fixes [#​1600](https://redirect.github.com/securego/gosec/issues/1600), [#​1603](https://redirect.github.com/securego/gosec/issues/1603)) ([#​1605](https://redirect.github.com/securego/gosec/issues/1605)) - [`befce8d`](https://redirect.github.com/securego/gosec/commit/befce8de5da965121ad143b3c1eba58b0c3941bb) fix(G118): eliminate false positive for package-level cancel variables ([#​1602](https://redirect.github.com/securego/gosec/issues/1602)) - [`b7b2c7b`](https://redirect.github.com/securego/gosec/commit/b7b2c7b668f3f2bef8a8ae04d72f0eb60492322c) feat: add G124 rule for insecure HTTP cookie configuration ([#​1599](https://redirect.github.com/securego/gosec/issues/1599)) - [`6e66a94`](https://redirect.github.com/securego/gosec/commit/6e66a943db54eb8d235ac766fa2fd414d44e8821) feat: add G709 rule for unsafe deserialization of untrusted data ([#​1598](https://redirect.github.com/securego/gosec/issues/1598)) - [`e7ea237`](https://redirect.github.com/securego/gosec/commit/e7ea2377aa2138d550e6d466ceef7a3164b4d7ea) feat: add G708 rule for server-side template injection via text/template ([#​1597](https://redirect.github.com/securego/gosec/issues/1597)) - [`8895462`](https://redirect.github.com/securego/gosec/commit/889546214c90564feb348e14fd1bf526295e0b2d) fix(G118): eliminate false positive when cancel is called via struct field in a closure ([#​1596](https://redirect.github.com/securego/gosec/issues/1596)) - [`619ce21`](https://redirect.github.com/securego/gosec/commit/619ce2117e086b696f9357dc3422c18c2d0262bf) Fix infinite recursion in interprocedural taint analysis ([#​1594](https://redirect.github.com/securego/gosec/issues/1594)) - [`0e0eb17`](https://redirect.github.com/securego/gosec/commit/0e0eb1792f3ced1edfe332daa388f088d4bd2f08) Fix G118 false positive when cancel is stored in returned struct field ([#​1593](https://redirect.github.com/securego/gosec/issues/1593)) - [`59a9da0`](https://redirect.github.com/securego/gosec/commit/59a9da022f37d928b5c26c2b720e5f43f4a3e9b4) Fix G118 false positive on cancel called inside goroutine closure ([#​1592](https://redirect.github.com/securego/gosec/issues/1592)) - [`cbf46b8`](https://redirect.github.com/securego/gosec/commit/cbf46b8771cfe2f02d3f935469c7898198d901f4) fix(analyzer): per-package rule instantiation eliminates concurrent map crash ([#​1589](https://redirect.github.com/securego/gosec/issues/1589)) - [`c6c3ba8`](https://redirect.github.com/securego/gosec/commit/c6c3ba865980cf3333c8bcaa93b4b9b7a4858bba) chore(deps): update all dependencies ([#​1588](https://redirect.github.com/securego/gosec/issues/1588)) - [`c709ed8`](https://redirect.github.com/securego/gosec/commit/c709ed8be30a01d52ef51a099f5da6fc23dd3e31) fix(G118): treat returned cancel func as called (fixes [#​1584](https://redirect.github.com/securego/gosec/issues/1584)) ([#​1585](https://redirect.github.com/securego/gosec/issues/1585)) - [`fa74dd7`](https://redirect.github.com/securego/gosec/commit/fa74dd7069d482a37b1207afbeffbfc7681a47f8) chore(go): update supported Go versions to 1.25.8 and 1.26.1 ([#​1583](https://redirect.github.com/securego/gosec/issues/1583)) - [`cd1f29e`](https://redirect.github.com/securego/gosec/commit/cd1f29ec710ed24a305edf5908f52240addb1811) Update the README with the correct version of the Github action for gosec ([#​1582](https://redirect.github.com/securego/gosec/issues/1582)) - [`5887aee`](https://redirect.github.com/securego/gosec/commit/5887aee36f8b982ecb71885fde827ec0e84d98a2) chore(deps): update all dependencies ([#​1579](https://redirect.github.com/securego/gosec/issues/1579)) - [`6641fcf`](https://redirect.github.com/securego/gosec/commit/6641fcf966593bf52ed426aa262839b340d56375) Fix G115 false positives for guarded int64-to-byte conversions ([#​1578](https://redirect.github.com/securego/gosec/issues/1578)) - [`3c9c3da`](https://redirect.github.com/securego/gosec/commit/3c9c3da6924bb1daeea428e28ec9ac5fa5a09c25) Update the container image migration notice ([#​1576](https://redirect.github.com/securego/gosec/issues/1576)) - [`973e94e`](https://redirect.github.com/securego/gosec/commit/973e94e8fc181de08ab86b212e6475221e777069) chore(action): bump gosec to 2.24.7 ([#​1575](https://redirect.github.com/securego/gosec/issues/1575)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
ec4a15962c |
chore(deps): update module github.com/ryanrolds/sqlclosecheck to v0.6.0 (#8083)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/ryanrolds/sqlclosecheck](https://redirect.github.com/ryanrolds/sqlclosecheck) | `v0.5.1` → `v0.6.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>ryanrolds/sqlclosecheck (github.com/ryanrolds/sqlclosecheck)</summary> ### [`v0.6.0`](https://redirect.github.com/ryanrolds/sqlclosecheck/releases/tag/v0.6.0) [Compare Source](https://redirect.github.com/ryanrolds/sqlclosecheck/compare/v0.5.1...v0.6.0) #### What's Changed - \[WIP] Support correct non-defer usage by [@​ryanrolds](https://redirect.github.com/ryanrolds) in [#​28](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/28) - Add support for deferred closer functions which are not methods by [@​vanntile](https://redirect.github.com/vanntile) in [#​33](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/33) - (cont) Add support for deferred closer functions which are not methods by [@​vanntile](https://redirect.github.com/vanntile) in [#​34](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/34) - bump golang.org/x/tools to v0.13.0 to fix panic in tests by [@​alexandear](https://redirect.github.com/alexandear) in [#​38](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/38) - CVE-2024-27304 with vendoring by [@​ryanrolds](https://redirect.github.com/ryanrolds) in [#​41](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/41) - Bump golang.org/x/crypto from 0.17.0 to 0.35.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​42](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/42) - fix: Referrers() may return nil by [@​didebughu](https://redirect.github.com/didebughu) in [#​46](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/46) - Upgrade for Go 1.25 compatibility, and upgrade crypto dependency for CVE by [@​LeMikaelF](https://redirect.github.com/LeMikaelF) in [#​47](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/47) #### New Contributors - [@​vanntile](https://redirect.github.com/vanntile) made their first contribution in [#​33](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/33) - [@​alexandear](https://redirect.github.com/alexandear) made their first contribution in [#​38](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/38) - [@​dependabot](https://redirect.github.com/dependabot)\[bot] made their first contribution in [#​42](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/42) - [@​didebughu](https://redirect.github.com/didebughu) made their first contribution in [#​46](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/46) - [@​LeMikaelF](https://redirect.github.com/LeMikaelF) made their first contribution in [#​47](https://redirect.github.com/ryanrolds/sqlclosecheck/pull/47) **Full Changelog**: <https://github.com/ryanrolds/sqlclosecheck/compare/v0.5.1...v0.6.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
7e13b024d4 | chore(deps): update github.com/securego/gosec/v2 digest to 744bfb5 (#8064) | ||
|
renovate[bot]
|
fc02fe0927 |
chore(deps): update github.com/securego/gosec/v2 digest to dec52c4 (#8063)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | indirect | digest | `c2dfcec` → `dec52c4` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
bdc1b511c8 |
chore(deps): update github.com/securego/gosec/v2 digest to c2dfcec (#8055)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | indirect | digest | `befce8d` → `c2dfcec` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
9c5a5df1a5 |
chore(deps): update github.com/securego/gosec/v2 digest to befce8d (#8053)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | indirect | digest | `b7b2c7b` → `befce8d` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
362bd1f360 |
fix(deps): update golang.org/x (#8052)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [golang.org/x/exp](https://pkg.go.dev/golang.org/x/exp) | require | digest | `3dfff04` → `7ab1446` | | [golang.org/x/exp/typeparams](https://pkg.go.dev/golang.org/x/exp/typeparams) | indirect | digest | `3dfff04` → `7ab1446` | | [golang.org/x/telemetry](https://pkg.go.dev/golang.org/x/telemetry) | indirect | digest | `579e4da` → `1546bf4` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6d79ac3936 |
fix(deps): update golang.org/x (#8045)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | Type | Update | |---|---|---|---|---|---| | [golang.org/x/crypto](https://pkg.go.dev/golang.org/x/crypto) | [`v0.48.0` → `v0.49.0`](https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.48.0...refs/tags/v0.49.0) |  |  | indirect | minor | | [golang.org/x/mod](https://pkg.go.dev/golang.org/x/mod) | [`v0.33.0` → `v0.34.0`](https://cs.opensource.google/go/x/mod/+/refs/tags/v0.33.0...refs/tags/v0.34.0) |  |  | indirect | minor | | [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | [`v0.51.0` → `v0.52.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.51.0...refs/tags/v0.52.0) |  |  | indirect | minor | | [golang.org/x/telemetry](https://pkg.go.dev/golang.org/x/telemetry) | `e526e8a` → `579e4da` |  |  | indirect | digest | | [golang.org/x/text](https://pkg.go.dev/golang.org/x/text) | [`v0.34.0` → `v0.35.0`](https://cs.opensource.google/go/x/text/+/refs/tags/v0.34.0...refs/tags/v0.35.0) |  |  | indirect | minor | | [golang.org/x/tools](https://pkg.go.dev/golang.org/x/tools) | [`v0.42.0` → `v0.43.0`](https://cs.opensource.google/go/x/tools/+/refs/tags/v0.42.0...refs/tags/v0.43.0) |  |  | require | minor | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dmathieu <damien.mathieu@elastic.co> |
||
|
renovate[bot]
|
45173ad648 |
chore(deps): update github.com/securego/gosec/v2 digest to b7b2c7b (#8044)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | indirect | digest | `6e66a94` → `b7b2c7b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
 Robert Pająk
|
f4da59e651 |
attribute: change INVALID Type to EMPTY and mark INVALID as deprecated (#8038)
Fixes https://github.com/open-telemetry/opentelemetry-go/issues/7932 Noticeable comment from previous PR: https://github.com/open-telemetry/opentelemetry-go/pull/7942#discussion_r2913179215 Print the empty value as empty string per https://opentelemetry.io/docs/specs/otel/common/#empty-values |
||
|
renovate[bot]
|
3447d093ca |
chore(deps): update github.com/securego/gosec/v2 digest to 6e66a94 (#8043)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | indirect | digest | `8895462` → `6e66a94` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6eb9d64fb7 |
chore(deps): update module github.com/sonatard/noctx to v0.5.1 (#8040)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/sonatard/noctx](https://redirect.github.com/sonatard/noctx) | `v0.5.0` → `v0.5.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>sonatard/noctx (github.com/sonatard/noctx)</summary> ### [`v0.5.1`](https://redirect.github.com/sonatard/noctx/releases/tag/v0.5.1) [Compare Source](https://redirect.github.com/sonatard/noctx/compare/v0.5.0...v0.5.1) #### Changelog - [`00a6009`](https://redirect.github.com/sonatard/noctx/commit/00a60094e8643655c5e1e2fdeb4f8bfcc096d8d0) Merge pull request [#​52](https://redirect.github.com/sonatard/noctx/issues/52) from sonatard/fix-release - [`1166346`](https://redirect.github.com/sonatard/noctx/commit/11663463cf24b731fcae80ec7370ae0a18d7389a) Remove windows/arm </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
eee0fe32cb |
chore(deps): update github.com/securego/gosec/v2 digest to 8895462 (#8036)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | indirect | digest | `619ce21` → `8895462` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
8d19296aff |
chore(deps): update module github.com/prometheus/procfs to v0.20.1 (#8034)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/prometheus/procfs](https://redirect.github.com/prometheus/procfs) | `v0.19.2` → `v0.20.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>prometheus/procfs (github.com/prometheus/procfs)</summary> ### [`v0.20.1`](https://redirect.github.com/prometheus/procfs/releases/tag/v0.20.1) [Compare Source](https://redirect.github.com/prometheus/procfs/compare/v0.20.0...v0.20.1) #### What's Changed - nvme: Parse NVMe namespace details by [@​ShashwatHiregoudar](https://redirect.github.com/ShashwatHiregoudar) in [#​765](https://redirect.github.com/prometheus/procfs/pull/765) - Fix bcachefs parsing by [@​ananthb](https://redirect.github.com/ananthb) in [#​789](https://redirect.github.com/prometheus/procfs/pull/789) - Synchronize common files from prometheus/prometheus by [@​prombot](https://redirect.github.com/prombot) in [#​788](https://redirect.github.com/prometheus/procfs/pull/788) - Update sysfs/class\_thermal: continue on EINVAL in parseClassThermalZone to ignore only invalid thermal zones which raise "invalid argument" by [@​ccastiglione-reply](https://redirect.github.com/ccastiglione-reply) in [#​763](https://redirect.github.com/prometheus/procfs/pull/763) #### New Contributors - [@​ccastiglione-reply](https://redirect.github.com/ccastiglione-reply) made their first contribution in [#​763](https://redirect.github.com/prometheus/procfs/pull/763) **Full Changelog**: <https://github.com/prometheus/procfs/compare/v0.20.0...v0.20.1> ### [`v0.20.0`](https://redirect.github.com/prometheus/procfs/releases/tag/v0.20.0) [Compare Source](https://redirect.github.com/prometheus/procfs/compare/v0.19.2...v0.20.0) #### What's Changed - Synchronize common files from prometheus/prometheus by [@​prombot](https://redirect.github.com/prombot) in [#​747](https://redirect.github.com/prometheus/procfs/pull/747) - Synchronize common files from prometheus/prometheus by [@​prombot](https://redirect.github.com/prombot) in [#​766](https://redirect.github.com/prometheus/procfs/pull/766) - build(deps): bump golang.org/x/sync from 0.17.0 to 0.19.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​773](https://redirect.github.com/prometheus/procfs/pull/773) - build(deps): bump golang.org/x/sys from 0.37.0 to 0.39.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​772](https://redirect.github.com/prometheus/procfs/pull/772) - Synchronize common files from prometheus/prometheus by [@​prombot](https://redirect.github.com/prombot) in [#​774](https://redirect.github.com/prometheus/procfs/pull/774) - Fix /proc/interrupts by [@​ffyuanda](https://redirect.github.com/ffyuanda) in [#​775](https://redirect.github.com/prometheus/procfs/pull/775) - Synchronize common files from prometheus/prometheus by [@​prombot](https://redirect.github.com/prombot) in [#​778](https://redirect.github.com/prometheus/procfs/pull/778) - Synchronize common files from prometheus/prometheus by [@​prombot](https://redirect.github.com/prombot) in [#​779](https://redirect.github.com/prometheus/procfs/pull/779) - Migrate to GitHub actions by [@​SuperQ](https://redirect.github.com/SuperQ) in [#​780](https://redirect.github.com/prometheus/procfs/pull/780) - build(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​782](https://redirect.github.com/prometheus/procfs/pull/782) - Synchronize common files from prometheus/prometheus by [@​prombot](https://redirect.github.com/prombot) in [#​785](https://redirect.github.com/prometheus/procfs/pull/785) - bcachefs support by [@​ananthb](https://redirect.github.com/ananthb) in [#​750](https://redirect.github.com/prometheus/procfs/pull/750) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​781](https://redirect.github.com/prometheus/procfs/pull/781) - feat: parse capabilities in /proc/pid/status by [@​biscout42](https://redirect.github.com/biscout42) in [#​784](https://redirect.github.com/prometheus/procfs/pull/784) - class\_cooling\_device: ignore EINVAL (etc) when reading files. by [@​malcolmr](https://redirect.github.com/malcolmr) in [#​783](https://redirect.github.com/prometheus/procfs/pull/783) - Add type and name to the DRM parser class by [@​Deezzir](https://redirect.github.com/Deezzir) in [#​672](https://redirect.github.com/prometheus/procfs/pull/672) #### New Contributors - [@​ffyuanda](https://redirect.github.com/ffyuanda) made their first contribution in [#​775](https://redirect.github.com/prometheus/procfs/pull/775) - [@​ananthb](https://redirect.github.com/ananthb) made their first contribution in [#​750](https://redirect.github.com/prometheus/procfs/pull/750) - [@​biscout42](https://redirect.github.com/biscout42) made their first contribution in [#​784](https://redirect.github.com/prometheus/procfs/pull/784) - [@​malcolmr](https://redirect.github.com/malcolmr) made their first contribution in [#​783](https://redirect.github.com/prometheus/procfs/pull/783) - [@​Deezzir](https://redirect.github.com/Deezzir) made their first contribution in [#​672](https://redirect.github.com/prometheus/procfs/pull/672) **Full Changelog**: <https://github.com/prometheus/procfs/compare/v0.19.2...v0.20.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Damien Mathieu <42@dmathieu.com> |
||
|
renovate[bot]
|
5e8decca16 |
fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 (#8032)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/golangci/golangci-lint/v2](https://redirect.github.com/golangci/golangci-lint) | `v2.11.2` → `v2.11.3` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>golangci/golangci-lint (github.com/golangci/golangci-lint/v2)</summary> ### [`v2.11.3`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2113) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.11.2...v2.11.3) *Released on 2026-03-10* 1. Linters bug fixes - `gosec`: from v2.24.7 to [`619ce21`](https://redirect.github.com/golangci/golangci-lint/commit/619ce2117e08) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
4b025b4cf0 |
chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 (#8019)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [codeberg.org/chavacava/garif](https://codeberg.org/chavacava/garif) | `v0.2.0` → `v0.2.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>chavacava/garif (codeberg.org/chavacava/garif)</summary> ### [`v0.2.1`](https://codeberg.org/chavacava/garif/compare/v0.2.0...v0.2.1) [Compare Source](https://codeberg.org/chavacava/garif/compare/v0.2.0...v0.2.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
d8504fb254 |
chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 (#8017)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/mattn/go-runewidth](https://redirect.github.com/mattn/go-runewidth) | `v0.0.20` → `v0.0.21` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>mattn/go-runewidth (github.com/mattn/go-runewidth)</summary> ### [`v0.0.21`](https://redirect.github.com/mattn/go-runewidth/compare/v0.0.20...v0.0.21) [Compare Source](https://redirect.github.com/mattn/go-runewidth/compare/v0.0.20...v0.0.21) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6258792350 |
fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 (#8020)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/golangci/golangci-lint/v2](https://redirect.github.com/golangci/golangci-lint) | `v2.11.1` → `v2.11.2` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>golangci/golangci-lint (github.com/golangci/golangci-lint/v2)</summary> ### [`v2.11.2`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2112) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.11.1...v2.11.2) *Released on 2026-03-07* 1. Fixes - `fmt`: fix error when using the `fmt` command with explicit paths. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
1f39f186db |
fix(deps): update golang.org/x (#8023)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/sync](https://pkg.go.dev/golang.org/x/sync) | [`v0.19.0` → `v0.20.0`](https://cs.opensource.google/go/x/sync/+/refs/tags/v0.19.0...refs/tags/v0.20.0) |  |  | | [golang.org/x/sys](https://pkg.go.dev/golang.org/x/sys) | [`v0.41.0` → `v0.42.0`](https://cs.opensource.google/go/x/sys/+/refs/tags/v0.41.0...refs/tags/v0.42.0) |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
8b05173581 |
fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.1 (#8011)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/golangci/golangci-lint/v2](https://redirect.github.com/golangci/golangci-lint) | `v2.8.0` → `v2.11.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>golangci/golangci-lint (github.com/golangci/golangci-lint/v2)</summary> ### [`v2.11.1`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2111) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.11.0...v2.11.1) *Released on 2026-03-06* Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published. This release contains the same things as v2.11.0. ### [`v2.11.0`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2110) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.10.1...v2.11.0) *Released on 2026-03-06* 1. Linters new features or changes - `errcheck`: from 1.9.0 to 1.10.0 (exclude `crypto/rand.Read` by default) - `gosec`: from 2.23.0 to 2.24.6 (new rules: `G113`, `G118`, `G119`, `G120`, `G121`, `G122`, `G123`, `G408`, `G707`) - `noctx`: from 0.4.0 to 0.5.0 (new detection: `httptest.NewRequestWithContext`) - `prealloc`: from 1.0.2 to 1.1.0 - `revive`: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from `var-naming` to a new rule `package-naming`) 2. Linters bug fixes - `gocognit`: from 1.2.0 to 1.2.1 - `gosec`: from 2.24.6 to 2.24.7 - `unqueryvet`: from 1.5.3 to 1.5.4 ### [`v2.10.1`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2101) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.10.0...v2.10.1) *Released on 2026-02-17* 1. Fixes - buildssa panic ### [`v2.10.0`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v2100) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.9.0...v2.10.0) *Released on 2026-02-17* 1. Linters new features or changes - `ginkgolinter`: from 0.22.0 to 0.23.0 - `gosec`: from 2.22.11 to 2.23.0 (new rules: `G117`, `G602`, `G701`, `G702`, `G703`, `G704`, `G705`, `G706`) - `staticcheck`: from 0.6.1 to 0.7.0 2. Linters bug fixes - `godoclint`: from 0.11.1 to 0.11.2 ### [`v2.9.0`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v290) [Compare Source](https://redirect.github.com/golangci/golangci-lint/compare/v2.8.0...v2.9.0) *Released on 2026-02-10* 1. Enhancements - 🎉 go1.26 support 2. Linters new features or changes - `arangolint`: from 0.3.1 to 0.4.0 (new rule: detect potential query injections) - `ginkgolinter`: from 0.21.2 to 0.22.0 (support for wrappers) - `golines`: from 0.14.0 to 0.15.0 - `misspell`: from 0.7.0 to 0.8.0 - `unqueryvet`: from 1.4.0 to 1.5.3 (new options: `check-n1`, `check-sql-injection`, `check-tx-leaks`, `allow`, `custom-rules`) - `wsl`: from 5.3.0 to 5.6.0 (new rule: `after-block`) 3. Linters bug fixes - `modernize`: from 0.41.0 to 0.42.0 - `prealloc`: from 1.0.1 to 1.0.2 - `protogetter`: from 0.3.18 to 0.3.20 4. Misc. - Log information about files when configuration verification - Emit an error when no linters enabled - Do not collect VCS information when loading code </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Tyler Yahn <codingalias@gmail.com> |
||
|
renovate[bot]
|
fad8e9080e |
chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 (#8016)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [go.yaml.in/yaml/v2](https://redirect.github.com/yaml/go-yaml) | `v2.4.3` → `v2.4.4` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>yaml/go-yaml (go.yaml.in/yaml/v2)</summary> ### [`v2.4.4`](https://redirect.github.com/yaml/go-yaml/compare/v2.4.3...v2.4.4) [Compare Source](https://redirect.github.com/yaml/go-yaml/compare/v2.4.3...v2.4.4) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
758b5a52d5 |
chore(deps): update module github.com/jgautheron/goconst to v1.9.0 (#8014)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/jgautheron/goconst](https://redirect.github.com/jgautheron/goconst) | `v1.8.2` → `v1.9.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>jgautheron/goconst (github.com/jgautheron/goconst)</summary> ### [`v1.9.0`](https://redirect.github.com/jgautheron/goconst/releases/tag/v1.9.0) [Compare Source](https://redirect.github.com/jgautheron/goconst/compare/v1.8.2...v1.9.0) #### What's Changed - fix(visitor): detect repeated literals inside composite literal elements by [@​TobyTheHutt](https://redirect.github.com/TobyTheHutt) in [#​46](https://redirect.github.com/jgautheron/goconst/pull/46) - ci(go): align module and workflow Go versions by [@​TobyTheHutt](https://redirect.github.com/TobyTheHutt) in [#​48](https://redirect.github.com/jgautheron/goconst/pull/48) - fix(visitor): record string occurrence for accurate position reporting by [@​TobyTheHutt](https://redirect.github.com/TobyTheHutt) in [#​49](https://redirect.github.com/jgautheron/goconst/pull/49) #### New Contributors - [@​TobyTheHutt](https://redirect.github.com/TobyTheHutt) made their first contribution in [#​46](https://redirect.github.com/jgautheron/goconst/pull/46) **Full Changelog**: <https://github.com/jgautheron/goconst/compare/v1.8.2...v1.9.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6059c47bc6 |
chore(deps): update golang.org/x/telemetry digest to e526e8a (#8010)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [golang.org/x/telemetry](https://pkg.go.dev/golang.org/x/telemetry) | indirect | digest | `18da590` → `e526e8a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
44c7edf896 |
chore(deps): update module github.com/mgechev/revive to v1.15.0 (#8009)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/mgechev/revive](https://redirect.github.com/mgechev/revive) | `v1.14.0` → `v1.15.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>mgechev/revive (github.com/mgechev/revive)</summary> ### [`v1.15.0`](https://redirect.github.com/mgechev/revive/releases/tag/v1.15.0) [Compare Source](https://redirect.github.com/mgechev/revive/compare/v1.14.0...v1.15.0) #### What's Changed BREAKING CHANGE: package-related checks moved from [var-naming](https://redirect.github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#var-naming) to a new rule [package-naming](https://redirect.github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#package-naming). var-naming options `skipPackageNameChecks`, `extraBadPackageNames`, and `skipPackageNameCollisionWithGoStd` are deprecated and treated as no-ops. ##### Features - package-naming: move package checks from var-naming by [@​alexandear](https://redirect.github.com/alexandear) in [#​1645](https://redirect.github.com/mgechev/revive/pull/1645) ##### Bug fixes - fix: forbid enabling both enableAllRules and enableDefaultRules by [@​alexandear](https://redirect.github.com/alexandear) in [#​1642](https://redirect.github.com/mgechev/revive/pull/1642) ##### Docs - docs: improve comments by [@​alexandear](https://redirect.github.com/alexandear) in [#​1646](https://redirect.github.com/mgechev/revive/pull/1646) - docs: remove archived Bazel and Neovim links by [@​alexandear](https://redirect.github.com/alexandear) in [#​1652](https://redirect.github.com/mgechev/revive/pull/1652) - docs: add star history to README by [@​alexandear](https://redirect.github.com/alexandear) in [#​1653](https://redirect.github.com/mgechev/revive/pull/1653) ##### Updates - chore(deps): update module golang.org/x/text to v0.34.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​1638](https://redirect.github.com/mgechev/revive/pull/1638) - chore: bump go.mod version to 1.25.0 by [@​denisvmedia](https://redirect.github.com/denisvmedia) in [#​1655](https://redirect.github.com/mgechev/revive/pull/1655) - chore(deps): update golang docker tag to v1.26.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​1667](https://redirect.github.com/mgechev/revive/pull/1667) ##### Other - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.10.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​1640](https://redirect.github.com/mgechev/revive/pull/1640) - chore(deps): update github actions (major) by [@​alexandear](https://redirect.github.com/alexandear) in [#​1635](https://redirect.github.com/mgechev/revive/pull/1635) - chore: enable all revive rules by [@​alexandear](https://redirect.github.com/alexandear) in [#​1639](https://redirect.github.com/mgechev/revive/pull/1639) - chore: use alias `linters.Arguments` instead of `[]any` by [@​alexandear](https://redirect.github.com/alexandear) in [#​1644](https://redirect.github.com/mgechev/revive/pull/1644) - chore: enable unparam.check-exported by [@​alexandear](https://redirect.github.com/alexandear) in [#​1643](https://redirect.github.com/mgechev/revive/pull/1643) - chore: fix panicking benchmarks by [@​alexandear](https://redirect.github.com/alexandear) in [#​1648](https://redirect.github.com/mgechev/revive/pull/1648) - chore: enable reassign linter by [@​alexandear](https://redirect.github.com/alexandear) in [#​1649](https://redirect.github.com/mgechev/revive/pull/1649) - chore: go:fix inline for LintPattern.GetPattern by [@​alexandear](https://redirect.github.com/alexandear) in [#​1658](https://redirect.github.com/mgechev/revive/pull/1658) - test: improve formatters coverage by [@​alexandear](https://redirect.github.com/alexandear) in [#​1661](https://redirect.github.com/mgechev/revive/pull/1661) - chore: upgrade hougesen/mdsf to v0.12.0 by [@​alexandear](https://redirect.github.com/alexandear) in [#​1666](https://redirect.github.com/mgechev/revive/pull/1666) **Full Changelog**: <https://github.com/mgechev/revive/compare/v1.14.0...v1.15.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
78f99042e2 | chore(deps): update golang.org/x/telemetry digest to 18da590 (#8000) | ||
 Oleksandr Redko
|
60161f97c4 |
refactor: replace uint64 and int32 with atomic types in tests (#7941)
Because [atomic types](https://go.dev/doc/go1.19#atomic_types) are easier to use. |
||
 Tyler Yahn
|
a7624f50f7 |
Fix semconv generated error type to check error chain for custom type declaration (#7994)
Fix `ErrorType` detection to work through wrapped error chains. `errorType` previously only checked whether the top-level error value implemented `ErrorType() string`. In common Go usage, errors are often wrapped, so this could miss `ErrorType` implementations behind wrappers. |
||
|
Tyler Yahn
|
5b5c2c5d6d | Upgrade to semconv/v1.40.0 (#7991) | ||
|
renovate[bot]
|
a18614cbc2 |
chore(deps): update module github.com/securego/gosec/v2 to v2.24.7 (#7988)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | `v2.23.0` → `v2.24.7` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>securego/gosec (github.com/securego/gosec/v2)</summary> ### [`v2.24.7`](https://redirect.github.com/securego/gosec/releases/tag/v2.24.7) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.6...v2.24.7) #### Changelog - [`bb17e42`](https://redirect.github.com/securego/gosec/commit/bb17e422fc34bf4c0a2e5cab9d07dc45a68c040c) Ignore nosec comments in action integration workflow to generate some warnings ([#​1573](https://redirect.github.com/securego/gosec/issues/1573)) - [`e1502ad`](https://redirect.github.com/securego/gosec/commit/e1502ad21653d1c6717e33f1221c3ce2d5c8581f) Add a workflow for action integration test ([#​1571](https://redirect.github.com/securego/gosec/issues/1571)) - [`f8691bd`](https://redirect.github.com/securego/gosec/commit/f8691bd77bab5430ccb538e6f253275e82577afc) fix(sarif): avoid invalid null relationships in SARIF output ([#​1569](https://redirect.github.com/securego/gosec/issues/1569)) - [`ade1d0e`](https://redirect.github.com/securego/gosec/commit/ade1d0e0a04ec8ae98da98614d42524621d40df2) chore: migrate gosec container image references to GHCR ([#​1567](https://redirect.github.com/securego/gosec/issues/1567)) ### [`v2.24.6`](https://redirect.github.com/securego/gosec/releases/tag/v2.24.6) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.5...v2.24.6) #### Changelog - [`88835e8`](https://redirect.github.com/securego/gosec/commit/88835e86bba381290c2f60a1c73610995b1502eb) Update gorelease to use the latest cosign bundle argument ([#​1565](https://redirect.github.com/securego/gosec/issues/1565)) ### [`v2.24.5`](https://redirect.github.com/securego/gosec/compare/v2.24.4...v2.24.5) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://redirect.github.com/securego/gosec/compare/v2.24.3...v2.24.4) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://redirect.github.com/securego/gosec/compare/v2.24.2...v2.24.3) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://redirect.github.com/securego/gosec/compare/v2.24.1...v2.24.2) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://redirect.github.com/securego/gosec/compare/v2.24.0...v2.24.1) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://redirect.github.com/securego/gosec/releases/tag/v2.24.0) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.23.0...v2.24.0) #### Changelog - [`271492b`](https://redirect.github.com/securego/gosec/commit/271492bcd930ef72dfb9d00e5bb9544b3b407fb5) fix: G704 false positive on const URL ([#​1551](https://redirect.github.com/securego/gosec/issues/1551)) - [`1341aea`](https://redirect.github.com/securego/gosec/commit/1341aeadb4c334014c4834c745344edb9dcf85b0) fix(G705): eliminate false positive for non-HTTP io.Writer ([#​1550](https://redirect.github.com/securego/gosec/issues/1550)) - [`f2262c8`](https://redirect.github.com/securego/gosec/commit/f2262c88ffdfc9eb7be8444db19caa17cc71810f) G120: avoid false positive when MaxBytesReader is applied in middleware ([#​1547](https://redirect.github.com/securego/gosec/issues/1547)) - [`5b580c7`](https://redirect.github.com/securego/gosec/commit/5b580c76e4714fa553b2ceb8169a071e45bf6428) Fix G602 regression coverage for issue [#​1545](https://redirect.github.com/securego/gosec/issues/1545) and stabilize G117 TOML test dependency ([#​1546](https://redirect.github.com/securego/gosec/issues/1546)) - [`eba2d15`](https://redirect.github.com/securego/gosec/commit/eba2d1582b13e37d5b6c991b643827bc60e58156) taint: skip `context.Context` arguments during taint propagation to fix false positives ([#​1543](https://redirect.github.com/securego/gosec/issues/1543)) - [`a6381c1`](https://redirect.github.com/securego/gosec/commit/a6381c1e2fe9a9a33ef105c76bea3191402ea4b3) test: add missing rules to formatter report tests ([#​1540](https://redirect.github.com/securego/gosec/issues/1540)) - [`fea9725`](https://redirect.github.com/securego/gosec/commit/fea9725934065d3dd5c96352f89f75d117ac12f6) chore(deps): update all dependencies ([#​1541](https://redirect.github.com/securego/gosec/issues/1541)) - [`f3e2fac`](https://redirect.github.com/securego/gosec/commit/f3e2fac4d58b7eca54307cd40ce2a836a12e4d95) Regenrate the TLS config rule ([#​1539](https://redirect.github.com/securego/gosec/issues/1539)) - [`200461f`](https://redirect.github.com/securego/gosec/commit/200461fcf74ed836305bf95f72568c20925730c5) Improve documentation ([#​1538](https://redirect.github.com/securego/gosec/issues/1538)) - [`078a62a`](https://redirect.github.com/securego/gosec/commit/078a62afc3331206fec1cd9a03637983ec4f9fc8) Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration ([#​1537](https://redirect.github.com/securego/gosec/issues/1537)) - [`ffdc620`](https://redirect.github.com/securego/gosec/commit/ffdc6205c82278cee0b62923814141923794219e) Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior ([#​1536](https://redirect.github.com/securego/gosec/issues/1536)) - [`c13a486`](https://redirect.github.com/securego/gosec/commit/c13a48626bc160ef1caa293679044b5667d4d8ef) Add G707 taint analyzer for SMTP command/header injection ([#​1535](https://redirect.github.com/securego/gosec/issues/1535)) - [`f61ed31`](https://redirect.github.com/securego/gosec/commit/f61ed314c2467116ec3a5126150cb2b29a623406) Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk ([#​1534](https://redirect.github.com/securego/gosec/issues/1534)) - [`b568aa1`](https://redirect.github.com/securego/gosec/commit/b568aa1445e110ed12abe5c2433b3cfbcd0a5935) Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks ([#​1532](https://redirect.github.com/securego/gosec/issues/1532)) - [`1735e5a`](https://redirect.github.com/securego/gosec/commit/1735e5a9acd155702b8c6137d323df886c0252b5) fix(G602): avoid false positives for range-over-array indexing ([#​1531](https://redirect.github.com/securego/gosec/issues/1531)) - [`caf93d0`](https://redirect.github.com/securego/gosec/commit/caf93d07f10ef7d07006011b17f1d9bd218b5a9d) Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard ([#​1530](https://redirect.github.com/securego/gosec/issues/1530)) - [`bd11fbe`](https://redirect.github.com/securego/gosec/commit/bd11fbe2bacb0abf1e541df8b6ec6b040bbe2723) fix: taint analysis false positives with G703,G705 ([#​1522](https://redirect.github.com/securego/gosec/issues/1522)) - [`e34e8dd`](https://redirect.github.com/securego/gosec/commit/e34e8dd8e880694cfa801d79977e2d9973df3fa1) Extend the G117 rule to cover other types of serialization such as yaml/xml/toml ([#​1529](https://redirect.github.com/securego/gosec/issues/1529)) - [`b940702`](https://redirect.github.com/securego/gosec/commit/b940702d5e385d1a68def10326b1658e780655fe) Fix the G117 rule to take the JSON serialization into account ([#​1528](https://redirect.github.com/securego/gosec/issues/1528)) - [`4f84627`](https://redirect.github.com/securego/gosec/commit/4f846273804abaf7e040f77b26bf2866336e8af9) (docs) fix justification format ([#​1524](https://redirect.github.com/securego/gosec/issues/1524)) - [`36ba72b`](https://redirect.github.com/securego/gosec/commit/36ba72bb7f91306f5210a821f409696c03dcbf2b) Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection ([#​1521](https://redirect.github.com/securego/gosec/issues/1521)) - [`238f982`](https://redirect.github.com/securego/gosec/commit/238f9823256b1c4a6d7b0ccd7fa0f2ce1123c820) Add G120 SSA analyzer for unbounded form parsing in HTTP handlers ([#​1520](https://redirect.github.com/securego/gosec/issues/1520)) - [`89cde27`](https://redirect.github.com/securego/gosec/commit/89cde277b5e2b4a5dc47eb710911c51a0cb33b63) Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks ([#​1519](https://redirect.github.com/securego/gosec/issues/1519)) - [`14fdd9c`](https://redirect.github.com/securego/gosec/commit/14fdd9cb07c02ab1506fcc336f49c84bf27a5c2d) Fix G115 false positives and negatives (Issue [#​1501](https://redirect.github.com/securego/gosec/issues/1501)) ([#​1518](https://redirect.github.com/securego/gosec/issues/1518)) - [`cec54ec`](https://redirect.github.com/securego/gosec/commit/cec54ec685eda3083e2ab1adf72b6b7ec6cfdb6e) chore(deps): update all dependencies ([#​1517](https://redirect.github.com/securego/gosec/issues/1517)) - [`2b2077e`](https://redirect.github.com/securego/gosec/commit/2b2077e921b56c7ce6545cccceea0556ff8d5d91) Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks ([#​1516](https://redirect.github.com/securego/gosec/issues/1516)) - [`a7666f3`](https://redirect.github.com/securego/gosec/commit/a7666f3c70c94d07dfb03e81613fed34bccc89ae) Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) ([#​1515](https://redirect.github.com/securego/gosec/issues/1515)) - [`47f8b52`](https://redirect.github.com/securego/gosec/commit/47f8b52fb8700c7ba017ffcc0ea6a32c83e33115) Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer ([#​1513](https://redirect.github.com/securego/gosec/issues/1513)) - [`4f1f362`](https://redirect.github.com/securego/gosec/commit/4f1f362671654660f7145c3c8655ffeaed037d55) Add more unit tests to improve coverage ([#​1512](https://redirect.github.com/securego/gosec/issues/1512)) - [`9344582`](https://redirect.github.com/securego/gosec/commit/9344582ee4bd87b8fa5bc2e483d90fa661f8aa71) Improve test coverage in various areas ([#​1511](https://redirect.github.com/securego/gosec/issues/1511)) - [`8d1b2c6`](https://redirect.github.com/securego/gosec/commit/8d1b2c63ae44e315fb0232813e535891ff0568fc) Imprve the test coverage ([#​1510](https://redirect.github.com/securego/gosec/issues/1510)) - [`993c1c4`](https://redirect.github.com/securego/gosec/commit/993c1c4da2d4426f7567591e23f53ee9f613d07c) Fix incorrect detection of fixed iv in G407 ([#​1509](https://redirect.github.com/securego/gosec/issues/1509)) - [`8668b74`](https://redirect.github.com/securego/gosec/commit/8668b748925d8995cf7712d22bde62cbc96f2304) Add support for go 1.26.x and removed support for go 1.24.x ([#​1508](https://redirect.github.com/securego/gosec/issues/1508)) - [`514225c`](https://redirect.github.com/securego/gosec/commit/514225c8cb01a6bab714db1dd557aeb0d7ab9dc9) Fix the sonar report to follow the latest schema ([#​1507](https://redirect.github.com/securego/gosec/issues/1507)) - [`000384e`](https://redirect.github.com/securego/gosec/commit/000384e510a84a1e2a1118e0fbc56518d290113d) fix: broken taint analysis causing false positives ([#​1506](https://redirect.github.com/securego/gosec/issues/1506)) - [`616192c`](https://redirect.github.com/securego/gosec/commit/616192c9d92792998e2ff38530c080cd0fe293a8) fix: panic on float constants in overflow analyzer ([#​1505](https://redirect.github.com/securego/gosec/issues/1505)) - [`79956a3`](https://redirect.github.com/securego/gosec/commit/79956a3b4cdedc9a4cde5f567c57fc8b367448cf) fix: panic when scanning multi-module repos from root ([#​1504](https://redirect.github.com/securego/gosec/issues/1504)) - [`5736e8b`](https://redirect.github.com/securego/gosec/commit/5736e8b88b6ca97fc7e09ef1bf24b205ab35fd9c) fix: G602 false positive for array element access ([#​1499](https://redirect.github.com/securego/gosec/issues/1499)) - [`1b7e1e9`](https://redirect.github.com/securego/gosec/commit/1b7e1e94bc2077fc1adccfc1358399fad2958d5a) Update gosec to version v2.23.0 in the Github action ([#​1496](https://redirect.github.com/securego/gosec/issues/1496)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40OC4xIiwidXBkYXRlZEluVmVyIjoiNDMuNDguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Tyler Yahn <codingalias@gmail.com> Co-authored-by: Tyler Yahn <MrAlias@users.noreply.github.com> |
||
|
renovate[bot]
|
232b9332aa |
fix(deps): update golang.org/x (#7907)
This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [golang.org/x/exp](https://pkg.go.dev/golang.org/x/exp) | require | digest | `2842357` → `3dfff04` |  |  | | [golang.org/x/exp/typeparams](https://pkg.go.dev/golang.org/x/exp/typeparams) | indirect | digest | `2842357` → `3dfff04` |  |  | | [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | indirect | minor | [`v0.50.0` → `v0.51.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.50.0...refs/tags/v0.51.0) |  |  | | [golang.org/x/telemetry](https://pkg.go.dev/golang.org/x/telemetry) | indirect | digest | `9f66fae` → `e0ab670` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44LjUiLCJ1cGRhdGVkSW5WZXIiOiI0My40My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJTa2lwIENoYW5nZWxvZyIsImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Tyler Yahn
|
d5febb955e | Drop support for Go 1.24 (#7984) | ||
|
renovate[bot]
|
0f1a22484e | chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (#7899) | ||
|
renovate[bot]
|
c79ebf43eb | chore(deps): update module github.com/daixiang0/gci to v0.14.0 (#7973) | ||
|
renovate[bot]
|
f758157465 | chore(deps): update module github.com/sonatard/noctx to v0.5.0 (#7968) | ||
|
renovate[bot]
|
3cd7c27e84 | chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (#7969) | ||
|
renovate[bot]
|
e7a7288ccb | chore(deps): update module github.com/kisielk/errcheck to v1.10.0 (#7967) | ||
|
renovate[bot]
|
7966b15c98 | chore(deps): update module github.com/mgechev/revive to v1.14.0 (#7895) | ||
 Sam Xie
|
aa1894e09e |
Comply with W3C Baggage specification limits (#7880)
Updates the baggage implementation to comply with https://www.w3.org/TR/baggage/#limits: - Changed maxMembers from 180 to 64 (the W3C compliance requirement) > The resulting baggage-string contains 64 list-members or less. - Removed maxBytesPerMembers (4096) - this per-member limit was not part of the W3C spec - Added limit checking in extractMultiBaggage for multiple baggage headers: - Checks combined byte size across all headers (max 8192 bytes) - Checks combined member count across all headers (max 64 members) This uses non-deterministic truncation when handling baggage limits. |
||
|
renovate[bot]
|
b3fc975dd9 |
chore(deps): update module github.com/go-git/go-git/v5 to v5.17.0 (#7960)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-git/go-git/v5](https://redirect.github.com/go-git/go-git) | `v5.16.5` → `v5.17.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.17.0`](https://redirect.github.com/go-git/go-git/releases/tag/v5.17.0) [Compare Source](https://redirect.github.com/go-git/go-git/compare/v5.16.5...v5.17.0) #### What's Changed - build: Update module github.com/go-git/go-git/v5 to v5.16.5 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://redirect.github.com/go-git-renovate)\[bot] in [#​1839](https://redirect.github.com/go-git/go-git/pull/1839) - git: worktree, optimize infiles function for very large repos by [@​k-anshul](https://redirect.github.com/k-anshul) in [#​1853](https://redirect.github.com/go-git/go-git/pull/1853) - git: Add strict checks for supported extensions by [@​pjbgf](https://redirect.github.com/pjbgf) in [#​1861](https://redirect.github.com/go-git/go-git/pull/1861) - backport, git: Improve Status() speed with new index.ModTime check by [@​cedric-appdirect](https://redirect.github.com/cedric-appdirect) in [#​1862](https://redirect.github.com/go-git/go-git/pull/1862) - storage: filesystem, Avoid overwriting loose obj files by [@​pjbgf](https://redirect.github.com/pjbgf) in [#​1864](https://redirect.github.com/go-git/go-git/pull/1864) **Full Changelog**: <https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4zNi4yIiwidXBkYXRlZEluVmVyIjoiNDMuMzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
3660753cd6 |
chore(deps): update module github.com/go-git/go-billy/v5 to v5.8.0 (#7953)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-git/go-billy/v5](https://redirect.github.com/go-git/go-billy) | `v5.7.0` → `v5.8.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>go-git/go-billy (github.com/go-git/go-billy/v5)</summary> ### [`v5.8.0`](https://redirect.github.com/go-git/go-billy/releases/tag/v5.8.0) [Compare Source](https://redirect.github.com/go-git/go-billy/compare/v5.7.0...v5.8.0) #### What's Changed - build: Update module golang.org/x/net to v0.45.0 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://redirect.github.com/go-git-renovate)\[bot] in [#​183](https://redirect.github.com/go-git/go-billy/pull/183) - v5: Ensure Chmod behaviour across BoundOS and ChrootOS by [@​pjbgf](https://redirect.github.com/pjbgf) in [#​187](https://redirect.github.com/go-git/go-billy/pull/187) **Full Changelog**: <https://github.com/go-git/go-billy/compare/v5.7.0...v5.8.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4zMi4wIiwidXBkYXRlZEluVmVyIjoiNDMuMzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
1ac96cfa23 |
chore(deps): update module github.com/alexkohler/prealloc to v1.0.3 (#7950)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/alexkohler/prealloc](https://redirect.github.com/alexkohler/prealloc) | `v1.0.2` → `v1.0.3` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>alexkohler/prealloc (github.com/alexkohler/prealloc)</summary> ### [`v1.0.3`](https://redirect.github.com/alexkohler/prealloc/compare/v1.0.2...v1.0.3) [Compare Source](https://redirect.github.com/alexkohler/prealloc/compare/v1.0.2...v1.0.3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4zMi4wIiwidXBkYXRlZEluVmVyIjoiNDMuMzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
5dc4953d12 |
chore(deps): update module github.com/uudashr/gocognit to v1.2.1 (#7947)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/uudashr/gocognit](https://redirect.github.com/uudashr/gocognit) | `v1.2.0` → `v1.2.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>uudashr/gocognit (github.com/uudashr/gocognit)</summary> ### [`v1.2.1`](https://redirect.github.com/uudashr/gocognit/releases/tag/v1.2.1) [Compare Source](https://redirect.github.com/uudashr/gocognit/compare/v1.2.0...v1.2.1) #### What's Changed - Add for-int-range support by [@​uudashr](https://redirect.github.com/uudashr) in [#​41](https://redirect.github.com/uudashr/gocognit/pull/41) - Add for-range over function/iterator support by [@​uudashr](https://redirect.github.com/uudashr) in [#​42](https://redirect.github.com/uudashr/gocognit/pull/42) **Full Changelog**: <https://github.com/uudashr/gocognit/compare/v1.2.0...v1.2.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNi41IiwidXBkYXRlZEluVmVyIjoiNDMuMzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |