chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@types/react (source)	18.2.56 -> 18.2.58					devDependencies	patch
@viz-js/viz (source)	3.2.4 -> 3.3.1					dependencies	minor
eslint (source)	8.56.0 -> 8.57.0					devDependencies	minor
github.com/jellydator/ttlcache/v3	v3.1.1 -> v3.2.0					require	minor
github.com/swaggest/jsonschema-go	v0.3.64 -> v0.3.66					require	patch
github.com/tmc/langchaingo	v0.1.4 -> v0.1.5					require	patch
go.opentelemetry.io/otel	v1.23.1 -> v1.24.0					require	minor
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc	v1.23.1 -> v1.24.0					require	minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.23.1 -> v1.24.0					require	minor
go.opentelemetry.io/otel/metric	v1.23.1 -> v1.24.0					require	minor
go.opentelemetry.io/otel/sdk	v1.23.1 -> v1.24.0					require	minor
go.opentelemetry.io/otel/sdk/metric	v1.23.1 -> v1.24.0					require	minor
go.opentelemetry.io/otel/trace	v1.23.1 -> v1.24.0					require	minor
helm	3.14.1 -> 3.14.2						patch
json-schema-faker (source)	0.5.5 -> 0.5.6					dependencies	patch
kubectl	1.28.1 -> 1.29.2						minor
modernc.org/sqlite	v1.29.1 -> v1.29.2					require	patch
staticcheck	2023.1.6 -> 2023.1.7						patch
yq	4.41.1 -> 4.42.1						minor
org.apache.maven.plugins:maven-shade-plugin	3.5.1 -> 3.5.2					build	patch
org.codehaus.mojo:exec-maven-plugin (source)	3.1.1 -> 3.2.0					build	minor
org.postgresql:postgresql (source)	42.7.1 -> 42.7.2					compile	patch

---

Release Notes

mdaines/viz-js (@​viz-js/viz)

v3.3.1

Compare Source

• Accept "images" entries with duplicate names.

v3.3.0

Compare Source

• Add support for an images option, similar to the previous version.

  Sizes of images referenced by the image attribute can be specified using an "images" render option:

  viz.render("graph { a[image=\"test.png\"] }", {
    images: [
      { name: "test.png", width: 300, height: 200 }
    ]
  });
  

  The property "name" is used instead of "path" to match the Graphviz documentation.

eslint/eslint (eslint)

v8.57.0

Compare Source

Features

• 1120b9b feat: Add loadESLint() API method for v8 (#​18098) (Nicholas C. Zakas)
• dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#​18066) (Nitin Kumar)

Bug Fixes

• 2196d97 fix: handle absolute file paths in FlatRuleTester (#​18064) (Nitin Kumar)
• 69dd1d1 fix: Ensure config keys are printed for config errors (#​18067) (Nitin Kumar)
• 9852a31 fix: deep merge behavior in flat config (#​18065) (Nitin Kumar)
• 4c7e9b0 fix: allow circular references in config (#​18056) (Milos Djermanovic)

Documentation

• 84922d0 docs: Show prerelease version in dropdown (#​18139) (Nicholas C. Zakas)
• 5b8c363 docs: Switch to Ethical Ads (#​18117) (Milos Djermanovic)
• 77dbfd9 docs: show NEXT in version selectors (#​18052) (Milos Djermanovic)

Chores

• 1813aec chore: upgrade @​eslint/js@​8.57.0 (#​18143) (Milos Djermanovic)
• 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
• f4a1fe2 test: add more tests for ignoring files and directories (#​18068) (Nitin Kumar)
• 42c0aef ci: Enable CI for v8.x branch (#​18047) (Milos Djermanovic)

jellydator/ttlcache (github.com/jellydator/ttlcache/v3)

v3.2.0

Compare Source

What's Changed

• Add Support for PreviousTTL by @​ShivamKumar2002 in https://github.com/jellydator/ttlcache/pull/121

Full Changelog: jellydator/ttlcache@v3.1.1...v3.2.0

swaggest/jsonschema-go (github.com/swaggest/jsonschema-go)

v0.3.66

Compare Source

What's Changed

• Use type string for encoding.TextMarshaler by @​vearutop in https://github.com/swaggest/jsonschema-go/pull/108

Full Changelog: swaggest/jsonschema-go@v0.3.65...v0.3.66

v0.3.65

Compare Source

What's Changed

• Update CI by @​vearutop in https://github.com/swaggest/jsonschema-go/pull/106
• Optionally expose embedded structs with allOf by @​vearutop in https://github.com/swaggest/jsonschema-go/pull/107

Full Changelog: swaggest/jsonschema-go@v0.3.64...v0.3.65

tmc/langchaingo (github.com/tmc/langchaingo)

v0.1.5

Compare Source

open-telemetry/opentelemetry-go (go.opentelemetry.io/otel)

v1.24.0: /v0.46.0/v0.0.1-alpha

Compare Source

This release is the last to support Go 1.20. The next release will require at least Go 1.21.

Added

• Support Go 1.22. (#​4890)
• Add exemplar support to go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#​4900)
• Add exemplar support to go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#​4900)
• The go.opentelemetry.io/otel/log module is added. This module includes OpenTelemetry Go's implementation of the Logs Bridge API. This module is in an alpha state, it is subject to breaking changes. See our versioning policy for more info. (#​4961)

Fixed

• Fix registration of multiple callbacks when using the global meter provider from go.opentelemetry.io/otel. (#​4945)
• Fix negative buckets in output of exponential histograms. (#​4956)

New Contributors

• @​kevinburkesegment made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/4920
• @​yizeng made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/4947
• @​ntriamme made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/4945
• @​ericayin made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/4956

Full Changelog: open-telemetry/opentelemetry-go@v1.23.1...v1.24.0

helm/helm (helm)

v3.14.2: Helm v3.14.2

Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Jakub Ciolek with AlphaSense discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.2. The common platform binaries are here:

• MacOS amd64 (checksum / 64c633ae194bde77b7e7b7936a2814a7417817dc8b7bb7d270bd24a7a17b8d12)
• MacOS arm64 (checksum / ff502fd39b06497fa3d5a51ec2ced02b9fcfdb0e9a948d315fb1b2f13ddc39fb)
• Linux amd64 (checksum / 0885a501d586c1e949e9b113bf3fb3290b0bbf74db9444a1d8c2723a143006a5)
• Linux arm (checksum / b70fb6fa2cdf0a5c782320c9d7e7b155fcaec260169218c98316bb3cf0d431d9)
• Linux arm64 (checksum / c65d6a9557bb359abc2c0d26670de850b52327dc3976ad6f9e14c298ea3e1b61)
• Linux i386 (checksum / 0e08cd56cc952ab4646c57c5ec7cde2412c39373aec3df659a14597dd9874461)
• Linux ppc64le (checksum / f3bc8582ff151e619cd285d9cdf9fef1c5733ee5522d8bed2ef680ef07f87223)
• Linux s390x (checksum / 7bda34aa26638e5116b31385f3b781172572175bf4c1ae00c87d8b154458ed94)
• Linux riscv64 (checksum / f6278facd3e2e6af52a5f6d038f2149428d115ba2b4523edbe5889d1170e9203)
• Windows amd64 (checksum / aa094e435da74ad574f96924c37ecd0c75f0be707ac604ef97ed6021d6bc0784)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.3 will contain only bug fixes and be released on March 13, 2024.
• 3.15.0 is the next feature release and will be on May 08, 2024.

json-schema-faker/json-schema-faker (json-schema-faker)

v0.5.6

Compare Source

kubernetes/kubectl (kubectl)

v1.28.7

v1.28.6

cznic/sqlite (modernc.org/sqlite)

v1.29.2

Compare Source

dominikh/go-tools (staticcheck)

v2023.1.7: Staticcheck 2023.1.7 (v0.4.7)

Compare Source

This release fixes some minor issues in Staticcheck’s intermediate representation. Furthermore, it improves the way QF1003 generates suggested fixes, working around constraints in the language server protocol.

The released binaries for this version have been built with Go 1.22 and should no longer panic when checking code targeting Go 1.22.

mikefarah/yq (yq)

v4.42.1

• Can execute yq expression files directly with shebang #​1851
  • Added --csv-separator flag #​1950
  • Added --properties-separator option - thanks @​learnitall #​1864
  • Added --properties-array-brackets flag for properties encoder #​1933
  • Shell completion improvements - thanks @​scop #​1911
  • Bumped dependencies

mojohaus/exec-maven-plugin (org.codehaus.mojo:exec-maven-plugin)

v3.2.0

Compare Source

🚀 New features and improvements

• Enable to exec:java runnables and not only mains with loosely coupled injections (#​408) @​rmannibucau
• Try to get rid of legacy API which can break starting with java 17 (#​409) @​rmannibucau

🐛 Bug Fixes

• Fix #​401 - Maven v4 compatibility (#​414) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 78 to 80 (#​419) @​dependabot
• Bump commons-io:commons-io from 1.1 to 2.7 in /src/it/projects/setup-parent (#​416) @​dependabot
• Bump org.apache.commons:commons-exec from 1.3 to 1.4.0 (#​405) @​dependabot
• Bump org.codehaus.mojo:mojo-parent from 77 to 78 (#​406) @​dependabot
• Bump org.codehaus.plexus:plexus-component-metadata from 2.1.1 to 2.2.0 (#​403) @​dependabot
• Bump org.codehaus.plexus:plexus-component-annotations from 2.1.1 to 2.2.0 (#​404) @​dependabot

👻 Maintenance

• ITs improvement (#​415) @​slawekjaranowski
• Fix documentation formatting, add menu items for new examples (#​412) @​slawekjaranowski
• Execute mexec-137 also on unix family (#​413) @​slawekjaranowski
• Remove unused test (#​410) @​slawekjaranowski

🔧 Build

• Bump release-drafter/release-drafter from 5 to 6 (#​417) @​dependabot

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.2

Security

• security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a -
  such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
  This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

• fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed PR #​3101
• perf: Avoid autoboxing bind indexes by @​bokken in PR #​1244
• refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in PR #​3084

Added

• feat: Add PasswordUtil for encrypting passwords client side PR #​3082

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.