Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 #71

Merged
merged 1 commit into from
Oct 30, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 30, 2023

Bumps github.com/go-logr/logr from 1.2.4 to 1.3.0.

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.3.0

This release adds support for slog in a new, self-contained logr/slogr package. Implementers of a logr.LogSink are encouraged, but not required, to extend their implementation to improve the quality of log output coming from a slog API call.

Breaking change: the call depth for LogSink.Enabled when called via Logger.Enabled was fixed to be the same as for other call paths. Implementers of a LogSink who have worked around this bug will need to remove their workarounds.

Security best practices were improved. Only Go versions >= 1.18 are supported by this release.

What's Changed


New Contributors

... (truncated)

Commits
  • 8adefbe docs: interoperability with slog
  • ebabbb9 build(deps): bump github/codeql-action from 2.22.3 to 2.22.4
  • 9c361f0 build(deps): bump actions/checkout from 4.1.0 to 4.1.1
  • d9b2b78 Merge pull request #229 from go-logr/dependabot/github_actions/github/codeql-...
  • 91cec29 build(deps): bump github/codeql-action from 2.22.0 to 2.22.3
  • 2ea8628 Merge pull request #228 from go-logr/dependabot/github_actions/github/codeql-...
  • 37a4f55 Merge pull request #227 from go-logr/dependabot/github_actions/ossf/scorecard...
  • ecf310c build(deps): bump github/codeql-action from 2.21.9 to 2.22.0
  • d73e05e build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0
  • 1d1c415 Merge pull request #226 from go-logr/dependabot/github_actions/github/codeql-...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.4 to 1.3.0.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.2.4...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 30, 2023
@pohly pohly merged commit 6684601 into master Oct 30, 2023
21 of 22 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/go-logr/logr-1.3.0 branch October 30, 2023 07:17
oguzhand95 referenced this pull request in cerbos/cerbos Nov 6, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/aws/aws-sdk-go](https://togithub.com/aws/aws-sdk-go) |
require | minor | `v1.46.6` -> `v1.47.3` |
|
[github.com/bufbuild/protovalidate-go](https://togithub.com/bufbuild/protovalidate-go)
| require | minor | `v0.3.1` -> `v0.4.0` |
|
[github.com/cerbos/cerbos/api/genpb](https://togithub.com/cerbos/cerbos)
| require | digest | `f134903` -> `761a3dc` |
| [github.com/cerbos/cloud-api](https://togithub.com/cerbos/cloud-api) |
require | patch | `v0.1.8` -> `v0.1.9` |
| [github.com/go-logr/zapr](https://togithub.com/go-logr/zapr) | require
| minor | `v1.2.4` -> `v1.3.0` |
| [github.com/gorilla/mux](https://togithub.com/gorilla/mux) | require |
patch | `v1.8.0` -> `v1.8.1` |
| [github.com/jackc/pgx/v5](https://togithub.com/jackc/pgx) | require |
minor | `v5.4.3` -> `v5.5.0` |
| [github.com/lestrrat-go/jwx/v2](https://togithub.com/lestrrat-go/jwx)
| require | patch | `v2.0.15` -> `v2.0.16` |
| [github.com/pterm/pterm](https://togithub.com/pterm/pterm) | require |
patch | `v0.12.69` -> `v0.12.70` |
| [github.com/rivo/tview](https://togithub.com/rivo/tview) | require |
digest | `8b7bcf9` -> `1b91b81` |
| [github.com/twmb/franz-go](https://togithub.com/twmb/franz-go) |
require | patch | `v1.15.1` -> `v1.15.2` |
| [github.com/vektra/mockery/v2](https://togithub.com/vektra/mockery) |
require | patch | `v2.36.0` -> `v2.36.1` |
| golang.org/x/sync | require | minor | `v0.4.0` -> `v0.5.0` |
|
[google.golang.org/genproto/googleapis/api](https://togithub.com/googleapis/go-genproto)
| require | digest | `49dd2c1` -> `d783a09` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | require |
minor | `v1.26.0` -> `v1.27.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>aws/aws-sdk-go (github.com/aws/aws-sdk-go)</summary>

###
[`v1.47.3`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1473-2023-11-03)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.47.2...v1.47.3)

\===

##### Service Client Updates

-   `service/config`: Updates service API
-   `service/connect`: Updates service API and documentation
-   `service/iotwireless`: Updates service API and documentation
-   `service/launch-wizard`: Adds new service

###
[`v1.47.2`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1472-2023-11-02)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.47.1...v1.47.2)

\===

##### Service Client Updates

-   `service/apprunner`: Updates service API and documentation
-   `service/connect`: Updates service documentation
-   `service/gamelift`: Updates service API and documentation
- Amazon GameLift adds support for shared credentials, which allows
applications that are deployed on managed EC2 fleets to interact with
other AWS resources.
-   `service/glue`: Updates service API and documentation
- This release introduces Google BigQuery Source and Target in AWS Glue
CodeGenConfigurationNode.
-   `service/network-firewall`: Updates service API and documentation
-   `service/quicksight`: Updates service API and documentation
- Got confirmed from qmeixua@ about custom week features, and tested
locally with aws cli and java sdk that the subtypes are showing up.

##### SDK Enhancements

- `aws/ec2metadata`: Added environment and shared config support for
disabling IMDSv1 fallback.
- Use env `AWS_EC2_METADATA_V1_DISABLED` or shared config
`ec2_metadata_v1_disabled` accordingly.

###
[`v1.47.1`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1471-2023-11-01)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.47.0...v1.47.1)

\===

##### Service Client Updates

- `service/connect`: Updates service API, documentation, and paginators
- `service/globalaccelerator`: Updates service API, documentation, and
paginators
- `service/rds`: Updates service API, documentation, waiters,
paginators, and examples
- This release adds support for customized networking resources to
Amazon RDS Custom.
-   `service/redshift`: Updates service API and documentation
- Added support for Multi-AZ deployments for Provisioned RA3 clusters
that provide 99.99% SLA availability.
-   `service/sagemaker`: Updates service API and documentation
    -   Support for batch transform input in Model dashboard

###
[`v1.47.0`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1470-2023-10-31)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.7...v1.47.0)

\===

##### Service Client Updates

- `service/amplify`: Updates service API, documentation, and paginators
- `service/application-insights`: Updates service API and documentation
-   `service/ec2`: Updates service API, documentation, and paginators
- Capacity Blocks for ML are a new EC2 purchasing option for reserving
GPU instances on a future date to support short duration machine
learning (ML) workloads. Capacity Blocks automatically place instances
close together inside Amazon EC2 UltraClusters for low-latency,
high-throughput networking.
-   `service/m2`: Updates service API and documentation
-   `service/neptunedata`: Updates service API and documentation
-   `service/translate`: Updates service API and documentation

##### SDK Features

-   `aws`: Bump minimum go version to 1.19.
- See
https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/.

###
[`v1.46.7`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1467-2023-10-30)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.6...v1.46.7)

\===

##### Service Client Updates

-   `service/connect`: Updates service API and documentation
-   `service/dataexchange`: Updates service API and documentation
-   `service/datasync`: Updates service API and documentation
-   `service/finspace`: Updates service API and documentation
-   `service/mediapackagev2`: Updates service API and documentation
- `service/rds`: Updates service API, documentation, waiters,
paginators, and examples
- This release launches the CreateIntegration, DeleteIntegration, and
DescribeIntegrations APIs to manage zero-ETL Integrations.
- `service/redshift-serverless`: Updates service API, documentation, and
paginators
-   `service/resiliencehub`: Updates service API and documentation
-   `service/s3outposts`: Updates service API and documentation
-   `service/wisdom`: Updates service documentation

</details>

<details>
<summary>bufbuild/protovalidate-go
(github.com/bufbuild/protovalidate-go)</summary>

###
[`v0.4.0`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.4.0)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.4...v0.4.0)

#### What's Changed

- Fix bug where cel expression cannot compile for fields of type
google.protobuf.Any by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/65](https://togithub.com/bufbuild/protovalidate-go/pull/65)
- Link to connect/validate-go by
[@&#8203;emcfarlane](https://togithub.com/emcfarlane) in
[https://github.com/bufbuild/protovalidate-go/pull/66](https://togithub.com/bufbuild/protovalidate-go/pull/66)
- Run CI on Go 1.19 by
[@&#8203;akshayjshah](https://togithub.com/akshayjshah) in
[https://github.com/bufbuild/protovalidate-go/pull/72](https://togithub.com/bufbuild/protovalidate-go/pull/72)
- Use make lint in CI instead of golangci-lint action by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/70](https://togithub.com/bufbuild/protovalidate-go/pull/70)
- Add isIpPrefix by [@&#8203;higebu](https://togithub.com/higebu) in
[https://github.com/bufbuild/protovalidate-go/pull/53](https://togithub.com/bufbuild/protovalidate-go/pull/53)

#### New Contributors

- [@&#8203;higebu](https://togithub.com/higebu) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/53](https://togithub.com/bufbuild/protovalidate-go/pull/53)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.4...v0.4.0

###
[`v0.3.4`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.4)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.3...v0.3.4)

#### What's Changed

- Make DefaultResolver public by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/59](https://togithub.com/bufbuild/protovalidate-go/pull/59)
- Update minimum required Go version from 1.18 to 1.19 by
[@&#8203;nicksnyder](https://togithub.com/nicksnyder) in
[https://github.com/bufbuild/protovalidate-go/pull/62](https://togithub.com/bufbuild/protovalidate-go/pull/62)
- Fix ignore path for resolver.go by
[@&#8203;nicksnyder](https://togithub.com/nicksnyder) in
[https://github.com/bufbuild/protovalidate-go/pull/63](https://togithub.com/bufbuild/protovalidate-go/pull/63)

#### New Contributors

- [@&#8203;nicksnyder](https://togithub.com/nicksnyder) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/62](https://togithub.com/bufbuild/protovalidate-go/pull/62)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.3...v0.3.4

###
[`v0.3.3`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.3)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.2...v0.3.3)

#### What's Changed

- Update benchmarks by [@&#8203;rodaine](https://togithub.com/rodaine)
in
[https://github.com/bufbuild/protovalidate-go/pull/50](https://togithub.com/bufbuild/protovalidate-go/pull/50)
- Bug: transitive field CEL expressions fail to resolve types during
type checking by [@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/51](https://togithub.com/bufbuild/protovalidate-go/pull/51)
- Fix loading field message when dependency is more than one step by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/54](https://togithub.com/bufbuild/protovalidate-go/pull/54)
- Bump github.com/google/cel-go from 0.18.0 to 0.18.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/55](https://togithub.com/bufbuild/protovalidate-go/pull/55)
- Make constraint resolution more flexible to different concrete
extension types by [@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/57](https://togithub.com/bufbuild/protovalidate-go/pull/57)
- Move package `celext` out of internal by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/56](https://togithub.com/bufbuild/protovalidate-go/pull/56)

#### New Contributors

- [@&#8203;oliversun9](https://togithub.com/oliversun9) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/54](https://togithub.com/bufbuild/protovalidate-go/pull/54)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.2...v0.3.3

###
[`v0.3.2`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.2)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.1...v0.3.2)

#### What's Changed

- Build validator copy cache on write by
[@&#8203;emcfarlane](https://togithub.com/emcfarlane) in
[https://github.com/bufbuild/protovalidate-go/pull/31](https://togithub.com/bufbuild/protovalidate-go/pull/31)
- Bump github.com/google/cel-go from 0.17.4 to 0.17.6 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/39](https://togithub.com/bufbuild/protovalidate-go/pull/39)
- Bump github.com/google/cel-go from 0.17.6 to 0.18.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/42](https://togithub.com/bufbuild/protovalidate-go/pull/42)
- Bump buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go from
1.31.0-20230824200731-b9b8148056b9.1 to
1.31.0-20230830185350-7a34d6557349.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/41](https://togithub.com/bufbuild/protovalidate-go/pull/41)
- Bypass deprecation lint warning by
[@&#8203;akshayjshah](https://togithub.com/akshayjshah) in
[https://github.com/bufbuild/protovalidate-go/pull/45](https://togithub.com/bufbuild/protovalidate-go/pull/45)
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/46](https://togithub.com/bufbuild/protovalidate-go/pull/46)
- Cleanup: replace deprecated OptCheckStringFormat by
[@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/48](https://togithub.com/bufbuild/protovalidate-go/pull/48)
- Conformance: support for multiple uniques by
[@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/49](https://togithub.com/bufbuild/protovalidate-go/pull/49)

#### New Contributors

- [@&#8203;emcfarlane](https://togithub.com/emcfarlane) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/31](https://togithub.com/bufbuild/protovalidate-go/pull/31)
- [@&#8203;akshayjshah](https://togithub.com/akshayjshah) made their
first contribution in
[https://github.com/bufbuild/protovalidate-go/pull/45](https://togithub.com/bufbuild/protovalidate-go/pull/45)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.1...v0.3.2

</details>

<details>
<summary>cerbos/cloud-api (github.com/cerbos/cloud-api)</summary>

###
[`v0.1.9`](https://togithub.com/cerbos/cloud-api/compare/v0.1.8...v0.1.9)

[Compare
Source](https://togithub.com/cerbos/cloud-api/compare/v0.1.8...v0.1.9)

</details>

<details>
<summary>go-logr/zapr (github.com/go-logr/zapr)</summary>

### [`v1.3.0`](https://togithub.com/go-logr/zapr/releases/tag/v1.3.0)

[Compare
Source](https://togithub.com/go-logr/zapr/compare/v1.2.4...v1.3.0)

This release adds [support for
slog](https://togithub.com/go-logr/logr#slog-interoperability). zapr
implements `slogr.SlogSink` and therefore can be used through
[`slogr.NewSlogHandler`](https://pkg.go.dev/github.com/go-logr/logr@v1.3.0/slogr#NewSlogHandler)
as backend for slog.

#### What's Changed

- Added dependabot by [@&#8203;Neo2308](https://togithub.com/Neo2308) in
[https://github.com/go-logr/zapr/pull/63](https://togithub.com/go-logr/zapr/pull/63)
- Updated min supported version to go 1.18 by
[@&#8203;Neo2308](https://togithub.com/Neo2308) in
[https://github.com/go-logr/zapr/pull/62](https://togithub.com/go-logr/zapr/pull/62)
- update linter config and fix issues by
[@&#8203;pohly](https://togithub.com/pohly) in
[https://github.com/go-logr/zapr/pull/61](https://togithub.com/go-logr/zapr/pull/61)
- Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/71](https://togithub.com/go-logr/zapr/pull/71)
- support slog by [@&#8203;pohly](https://togithub.com/pohly) in
[https://github.com/go-logr/zapr/pull/60](https://togithub.com/go-logr/zapr/pull/60)

***

- Bump github.com/stretchr/testify from 1.8.0 to 1.8.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/65](https://togithub.com/go-logr/zapr/pull/65)
- Bump actions/checkout from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/66](https://togithub.com/go-logr/zapr/pull/66)
- Bump actions/setup-go from 2 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/67](https://togithub.com/go-logr/zapr/pull/67)
- Bump golangci/golangci-lint-action from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/68](https://togithub.com/go-logr/zapr/pull/68)
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/69](https://togithub.com/go-logr/zapr/pull/69)
- Bump go.uber.org/zap from 1.24.0 to 1.25.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/64](https://togithub.com/go-logr/zapr/pull/64)
- Bump go.uber.org/zap from 1.25.0 to 1.26.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/70](https://togithub.com/go-logr/zapr/pull/70)

#### New Contributors

- [@&#8203;Neo2308](https://togithub.com/Neo2308) made their first
contribution in
[https://github.com/go-logr/zapr/pull/63](https://togithub.com/go-logr/zapr/pull/63)
- [@&#8203;dependabot](https://togithub.com/dependabot) made their first
contribution in
[https://github.com/go-logr/zapr/pull/65](https://togithub.com/go-logr/zapr/pull/65)

**Full Changelog**:
go-logr/zapr@v1.2.4...v1.3.0

</details>

<details>
<summary>google/cel-go (github.com/google/cel-go)</summary>

### [`v0.18.1`](https://togithub.com/google/cel-go/releases/tag/v0.18.1)

[Compare
Source](https://togithub.com/google/cel-go/compare/v0.18.0...v0.18.1)

#### What's Changed

- Add support for a relative offset within ast.SourceInfo by
\[[#&#8203;836](https://togithub.com/google/cel-go/issues/836)]
- Fix last optional element to be retained as an optional index while
folding \[[#&#8203;841](https://togithub.com/google/cel-go/issues/841)]
- Fix deprecation notice for string format validation
\[[#&#8203;840](https://togithub.com/google/cel-go/issues/840)]
- Update cel-spec and enable wrappers conformance tests
\[[#&#8203;842](https://togithub.com/google/cel-go/issues/842)]
- refactor: remove lexer and parser pools
\[[#&#8203;838](https://togithub.com/google/cel-go/issues/838)]

#### New Contributors

- [@&#8203;TulgaCG](https://togithub.com/TulgaCG) made their first
contribution in
[https://github.com/google/cel-go/pull/835](https://togithub.com/google/cel-go/pull/835)
- [@&#8203;aimuz](https://togithub.com/aimuz) made their first
contribution in
[https://github.com/google/cel-go/pull/838](https://togithub.com/google/cel-go/pull/838)

**Full Changelog**:
google/cel-go@v0.18.0...v0.18.1

### [`v0.18.0`](https://togithub.com/google/cel-go/releases/tag/v0.18.0)

[Compare
Source](https://togithub.com/google/cel-go/compare/v0.17.7...v0.18.0)

#### Features

The latest release of CEL introduces validators
([#&#8203;775](https://togithub.com/google/cel-go/issues/775)) and
optimizers
([#&#8203;804](https://togithub.com/google/cel-go/issues/804),
[#&#8203;827](https://togithub.com/google/cel-go/issues/827)) and
migrates the core CEL internals off of the
protobuf expression and type representations
([#&#8203;789](https://togithub.com/google/cel-go/issues/789)).

- String format validator
\[[#&#8203;775](https://togithub.com/google/cel-go/issues/775)]
- Create a Function that Reverses a String
\[[#&#8203;796](https://togithub.com/google/cel-go/issues/796)]
- Introduce pre-order / post-order visitor pattern
\[[#&#8203;813](https://togithub.com/google/cel-go/issues/813)]
- Add Libraries() function to Env
\[[#&#8203;822](https://togithub.com/google/cel-go/issues/822)]
- Static optimizer for constant folding
\[[#&#8203;804](https://togithub.com/google/cel-go/issues/804)]
- Inlining optimizer
\[[#&#8203;827](https://togithub.com/google/cel-go/issues/827)]
- FindStructTypeFields support for types.Provider
\[[#&#8203;814](https://togithub.com/google/cel-go/issues/814)]

#### Breaking Changes

The following PR changes the API signature of the `checker.AstNode`
method `Expr` to return an `ast.Expr`.

- Migrate the checker.Coster to the ast.Expr
\[[#&#8203;798](https://togithub.com/google/cel-go/issues/798)]

#### Fixes

- Nil safety checks for cel.Ast
\[[#&#8203;784](https://togithub.com/google/cel-go/issues/784)]
- Fix cost estimates to propagate result sizes
\[[#&#8203;787](https://togithub.com/google/cel-go/issues/787)]
- Catch invalid literals created from expression factories
\[[#&#8203;810](https://togithub.com/google/cel-go/issues/810)]
- Ensure stable ordering of overload candidates
\[[#&#8203;817](https://togithub.com/google/cel-go/issues/817)]
- Clarify replace with/by empty string
\[[#&#8203;820](https://togithub.com/google/cel-go/issues/820)]
- Fix functional exemptions for homogeneous literal checks
\[[#&#8203;832](https://togithub.com/google/cel-go/issues/832)]
- Fix logical operator folding that only involve literals
\[[#&#8203;833](https://togithub.com/google/cel-go/issues/833)]
- Upgrade go-genproto to latest
\[[#&#8203;831](https://togithub.com/google/cel-go/issues/831)]

#### New Contributors

- [@&#8203;bboogler](https://togithub.com/bboogler) made their first
contribution in
[https://github.com/google/cel-go/pull/796](https://togithub.com/google/cel-go/pull/796)

**Full Changelog**:
google/cel-go@v0.17.1...v0.18.0

### [`v0.17.7`](https://togithub.com/google/cel-go/releases/tag/v0.17.7)

[Compare
Source](https://togithub.com/google/cel-go/compare/v0.17.6...v0.17.7)

#### What's Changed

- Backport [#&#8203;850](https://togithub.com/google/cel-go/issues/850):
Sets cost estimation and tracking options
\[[#&#8203;852](https://togithub.com/google/cel-go/issues/852)]

**Full Changelog**:
google/cel-go@v0.17.6...v0.17.7

</details>

<details>
<summary>gorilla/mux (github.com/gorilla/mux)</summary>

### [`v1.8.1`](https://togithub.com/gorilla/mux/releases/tag/v1.8.1)

[Compare
Source](https://togithub.com/gorilla/mux/compare/v1.8.0...v1.8.1)

#### What's Changed

- build: CircleCI 2.1 + build matrix by
[@&#8203;elithrar](https://togithub.com/elithrar) in
[https://github.com/gorilla/mux/pull/595](https://togithub.com/gorilla/mux/pull/595)
- Include "404" and "405" in the docs by
[@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/gorilla/mux/pull/602](https://togithub.com/gorilla/mux/pull/602)
- docs: update README w.r.t new maintainer ask by
[@&#8203;elithrar](https://togithub.com/elithrar) in
[https://github.com/gorilla/mux/pull/660](https://togithub.com/gorilla/mux/pull/660)
- regexp: use iota instead of hardcoded values for regexType\* by
[@&#8203;michaelgrigoryan25](https://togithub.com/michaelgrigoryan25) in
[https://github.com/gorilla/mux/pull/679](https://togithub.com/gorilla/mux/pull/679)
- Fix `authenticationMiddleware` initialization in the `README.md` file
by [@&#8203;amustaque97](https://togithub.com/amustaque97) in
[https://github.com/gorilla/mux/pull/693](https://togithub.com/gorilla/mux/pull/693)
- Update README.md by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/713](https://togithub.com/gorilla/mux/pull/713)
- \[GPT-95] Update go version, add tools for verification and testing by
[@&#8203;apoorvajagtap](https://togithub.com/apoorvajagtap) in
[https://github.com/gorilla/mux/pull/718](https://togithub.com/gorilla/mux/pull/718)
- Delete release-drafter.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/719](https://togithub.com/gorilla/mux/pull/719)
- Delete stale.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/720](https://togithub.com/gorilla/mux/pull/720)
- Delete AUTHORS by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/721](https://togithub.com/gorilla/mux/pull/721)
- Update LICENSE by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/722](https://togithub.com/gorilla/mux/pull/722)
- Updated the logo in README.md by
[@&#8203;shamkarthik](https://togithub.com/shamkarthik) in
[https://github.com/gorilla/mux/pull/724](https://togithub.com/gorilla/mux/pull/724)
- Update LICENSE by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/723](https://togithub.com/gorilla/mux/pull/723)
- Update issues.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/726](https://togithub.com/gorilla/mux/pull/726)
- Update issues.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/727](https://togithub.com/gorilla/mux/pull/727)
- run go fmt with Go 1.20 by
[@&#8203;shogo82148](https://togithub.com/shogo82148) in
[https://github.com/gorilla/mux/pull/725](https://togithub.com/gorilla/mux/pull/725)
- Fix `Single Page Application` example in `README.md` file by
[@&#8203;amustaque97](https://togithub.com/amustaque97) in
[https://github.com/gorilla/mux/pull/678](https://togithub.com/gorilla/mux/pull/678)
- \[BUG] Inconsistent HTTP status code on query mismatch by
[@&#8203;soheilrt](https://togithub.com/soheilrt) in
[https://github.com/gorilla/mux/pull/712](https://togithub.com/gorilla/mux/pull/712)
- Clarify documentation examples of Route methods by
[@&#8203;andrew-werdna](https://togithub.com/andrew-werdna) in
[https://github.com/gorilla/mux/pull/672](https://togithub.com/gorilla/mux/pull/672)
- changed the routeVariables text content. by
[@&#8203;sumanpaikdev](https://togithub.com/sumanpaikdev) in
[https://github.com/gorilla/mux/pull/708](https://togithub.com/gorilla/mux/pull/708)
- Add GetVarNames() by [@&#8203;eh-steve](https://togithub.com/eh-steve)
in
[https://github.com/gorilla/mux/pull/676](https://togithub.com/gorilla/mux/pull/676)
- fix SPA handler in README.md by
[@&#8203;sy9](https://togithub.com/sy9) in
[https://github.com/gorilla/mux/pull/733](https://togithub.com/gorilla/mux/pull/733)
- update GitHub workflows by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/734](https://togithub.com/gorilla/mux/pull/734)

#### New Contributors

- [@&#8203;Jille](https://togithub.com/Jille) made their first
contribution in
[https://github.com/gorilla/mux/pull/602](https://togithub.com/gorilla/mux/pull/602)
- [@&#8203;michaelgrigoryan25](https://togithub.com/michaelgrigoryan25)
made their first contribution in
[https://github.com/gorilla/mux/pull/679](https://togithub.com/gorilla/mux/pull/679)
- [@&#8203;amustaque97](https://togithub.com/amustaque97) made their
first contribution in
[https://github.com/gorilla/mux/pull/693](https://togithub.com/gorilla/mux/pull/693)
- [@&#8203;coreydaley](https://togithub.com/coreydaley) made their first
contribution in
[https://github.com/gorilla/mux/pull/713](https://togithub.com/gorilla/mux/pull/713)
- [@&#8203;apoorvajagtap](https://togithub.com/apoorvajagtap) made their
first contribution in
[https://github.com/gorilla/mux/pull/718](https://togithub.com/gorilla/mux/pull/718)
- [@&#8203;shamkarthik](https://togithub.com/shamkarthik) made their
first contribution in
[https://github.com/gorilla/mux/pull/724](https://togithub.com/gorilla/mux/pull/724)
- [@&#8203;shogo82148](https://togithub.com/shogo82148) made their first
contribution in
[https://github.com/gorilla/mux/pull/725](https://togithub.com/gorilla/mux/pull/725)
- [@&#8203;soheilrt](https://togithub.com/soheilrt) made their first
contribution in
[https://github.com/gorilla/mux/pull/712](https://togithub.com/gorilla/mux/pull/712)
- [@&#8203;andrew-werdna](https://togithub.com/andrew-werdna) made their
first contribution in
[https://github.com/gorilla/mux/pull/672](https://togithub.com/gorilla/mux/pull/672)
- [@&#8203;sumanpaikdev](https://togithub.com/sumanpaikdev) made their
first contribution in
[https://github.com/gorilla/mux/pull/708](https://togithub.com/gorilla/mux/pull/708)
- [@&#8203;eh-steve](https://togithub.com/eh-steve) made their first
contribution in
[https://github.com/gorilla/mux/pull/676](https://togithub.com/gorilla/mux/pull/676)
- [@&#8203;sy9](https://togithub.com/sy9) made their first contribution
in
[https://github.com/gorilla/mux/pull/733](https://togithub.com/gorilla/mux/pull/733)

**Full Changelog**:
gorilla/mux@v1.8.0...v1.8.1

</details>

<details>
<summary>jackc/pgx (github.com/jackc/pgx/v5)</summary>

### [`v5.5.0`](https://togithub.com/jackc/pgx/compare/v5.4.3...v5.5.0)

[Compare Source](https://togithub.com/jackc/pgx/compare/v5.4.3...v5.5.0)

</details>

<details>
<summary>lestrrat-go/jwx (github.com/lestrrat-go/jwx/v2)</summary>

###
[`v2.0.16`](https://togithub.com/lestrrat-go/jwx/releases/tag/v2.0.16)

[Compare
Source](https://togithub.com/lestrrat-go/jwx/compare/v2.0.15...v2.0.16)

    v2.0.16 31 Oct 2023
    [Security]
* [jws] ECDSA signature verification requires us to check if the
signature
is of the desired length of bytes, but this check that used to exist
before
had been removed in #&#8203;65, resulting in certain malformed
signatures to pass
        verification.

One of the ways this could happen if R is a 31 byte integer and S is 32
byte integer,
both containing the correct signature values, but R is not zero-padded.

           Correct = R: [ 0 , ... ] (32 bytes) S: [ ... ] (32 bytes)
           Wrong   = R: [ ... ] (31 bytes)     S: [ ... ] (32 bytes)

In order for this check to pass, you would still need to have all 63
bytes
populated with the correct signature. The only modification a bad actor
may be able to do is to add one more byte at the end, in which case the
first 32 bytes (including what would have been S's first byte) is used
for R,
and S would contain the rest. But this will only result in the
verification to
fail. Therefore this in itself should not pose any security risk, albeit
        allowing some illegally formated messages to be verified.

* [jwk] `jwk.Key` objects now have a `Validate()` method to validate the
data
stored in the keys. However, this still does not necessarily mean that
the key's
are valid for use in cryptographic operations. If `Validate()` is
successful,
it only means that the keys are in the right _format_, including the
presence
of required fields and that certain fields have proper length, etc.

    [New Features]
* [jws] Added `jws.WithValidateKey()` to force calling `key.Validate()`
before
        signing or verification.

* [jws] `jws.Sign()` now returns a special type of error that can hold
the
individual errors from the signers. The stringification is still the
same
        as before to preserve backwards compatibility.

* [jwk] Added `jwk.IsKeyValidationError` that checks if an error is an
error
        from `key.Validate()`.

    [Bug Fixes]
* [jwt] `jwt.ParseInsecure()` was running verification if you provided a
key
        via `jwt.WithKey()` or `jwt.WithKeySet()` (#&#8203;1007)

</details>

<details>
<summary>pterm/pterm (github.com/pterm/pterm)</summary>

###
[`v0.12.70`](https://togithub.com/pterm/pterm/releases/tag/v0.12.70):
Heatmap Printer 🎉

[Compare
Source](https://togithub.com/pterm/pterm/compare/v0.12.69...v0.12.70)

<!-- Release notes generated using configuration in .github/release.yml
at master -->

#### What's Changed

##### Exciting New Features 🎉

- Feature: Default value for interactive text input by
[@&#8203;KarolosLykos](https://togithub.com/KarolosLykos) in
[https://github.com/pterm/pterm/pull/577](https://togithub.com/pterm/pterm/pull/577)
- Added a heatmap printer by
[@&#8203;floaust](https://togithub.com/floaust) in
[https://github.com/pterm/pterm/pull/487](https://togithub.com/pterm/pterm/pull/487)

<img width="800"
src="https://github.com/pterm/pterm/assets/56639481/c994c395-3b94-4b27-af20-4ae5fd6fc0be"
/>

##### Fixes 🔧
* fix(heatmap): fix bug legend was not fully boxed by
@&#8203;floau[https://github.com/pterm/pterm/pull/583](https://togithub.com/pterm/pterm/pull/583)ll/583
* fix(heatmap): fix bug legend was too long by
@&#8203;floau[https://github.com/pterm/pterm/pull/585](https://togithub.com/pterm/pterm/pull/585)ll/585

**Full Changelog**:
pterm/pterm@v0.12.69...v0.12.70

</details>

<details>
<summary>twmb/franz-go (github.com/twmb/franz-go)</summary>

###
[`v1.15.2`](https://togithub.com/twmb/franz-go/blob/HEAD/CHANGELOG.md#v1152)

[Compare
Source](https://togithub.com/twmb/franz-go/compare/v1.15.1...v1.15.2)

\===

This patch release fixes two bugs and changes Mark functions to be
no-ops when
not using AutoCommitMarks to avoid confusion. This also includes a minor
commit
further improving the sticky balancer. See the commits for more details.

- [`72778cb`](https://togithub.com/twmb/franz-go/commit/72778cb)
**behavior change** kgo: no-op mark functions when not using
AutoCommitMarks
- [`e209bb6`](https://togithub.com/twmb/franz-go/commit/e209bb6)
**bugfix** kgo: pin AddPartitionsToTxn to v3 when using one transaction
- [`36b4437`](https://togithub.com/twmb/franz-go/commit/36b4437) sticky:
further improvements
- [`af5bc1f`](https://togithub.com/twmb/franz-go/commit/af5bc1f)
**bugfix** kgo: be sure to use topics when other topics are paused

</details>

<details>
<summary>vektra/mockery (github.com/vektra/mockery/v2)</summary>

###
[`v2.36.1`](https://togithub.com/vektra/mockery/releases/tag/v2.36.1)

[Compare
Source](https://togithub.com/vektra/mockery/compare/v2.36.0...v2.36.1)

#### Changelog

- [`b648c23`](https://togithub.com/vektra/mockery/commit/b648c23) Add
additional test
- [`0310201`](https://togithub.com/vektra/mockery/commit/0310201) Add
fix for showconfig command
- [`d3515d1`](https://togithub.com/vektra/mockery/commit/d3515d1) Fix
bug with sub-package inheritance
- [`77064ad`](https://togithub.com/vektra/mockery/commit/77064ad) Fix
config bug where mockery crashes when package map is nil
- [`5978bc5`](https://togithub.com/vektra/mockery/commit/5978bc5) Fix
test with config initialization
- [`deb4860`](https://togithub.com/vektra/mockery/commit/deb4860) Merge
pull request
[#&#8203;730](https://togithub.com/vektra/mockery/issues/730) from
LandonTClipp/issue\_726
- [`e86d230`](https://togithub.com/vektra/mockery/commit/e86d230)
Simplifying some config in interface copying code
- [`726d76c`](https://togithub.com/vektra/mockery/commit/726d76c) Update
running.md
- [`2dd8f00`](https://togithub.com/vektra/mockery/commit/2dd8f00) Use
gotestsum for better testing output

</details>

<details>
<summary>cznic/sqlite (modernc.org/sqlite)</summary>

###
[`v1.27.0`](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0)

[Compare
Source](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerbos/cerbos).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oğuzhan Durgun <oguzhandurgun95@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Oğuzhan Durgun <oguzhandurgun95@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant