chore(deps): update all non-major regex dependencies

[renovate]

This PR contains the following updates:

Package	Update	Change
air-verse/air	patch	1.52.2 -> 1.52.3
bufbuild/buf	minor	1.33.0 -> 1.36.0
dapr/cli	minor	1.13.0 -> 1.14.0
dapr/dapr	minor	1.13.4 -> 1.14.0
dart (source)	minor	3.4.4 -> 3.5.0
golang	minor	1.22 -> 1.23
golangci/golangci-lint	minor	1.59.1 -> 1.60.1
sqlc-dev/sqlc	minor	1.26.0 -> 1.27.0
superfly/flyctl	patch	0.2.71 -> 0.2.111

---

Release Notes

air-verse/air (air-verse/air)

v1.52.3

Compare Source

Changelog

• 6b61fa9 Implement graceful shutdown on Mac (#​619)
• 7d43628 fix: fix proxy unmodified response when body tag is missing (#​611)
• 0febf6b fix (#​583) panic on Windows

bufbuild/buf (bufbuild/buf)

v1.36.0

Compare Source

• Add --list-services and --list-methods flags to buf curl, which trigger the command to list
  known services or methods in the RPC schema, instead of invoking an RPC method.
• Add clean as a top-level option in buf.gen.yaml, matching the buf generate --clean flag. If
  set to true, this will delete the directories, jar files, or zip files set to out for each
  plugin.
• Fix git input handling of annotated tags.
• Update buf registry login to complete the login flow in the browser by default. This allows
  users to login with their browser and have the token automatically provided to the CLI.
• Add buf registry organization {create, delete, info, update} commands to manage BSR
  organizations. Remove buf beta registry organization commands.
• Add buf registry module {create, delete, deprecate, info, undeprecate, update} commands to
  manage BSR modules. Remove buf beta registry repository commands.
• Add buf registry label {archive, info, list, unarchive} commands to manage BSR module labels.
  Remove buf beta registry label commands and buf beta registry {archive, unarchive}.
• Add buf registry commit {add-label, info, list, resolve} to manage BSR module commits. Remove
  buf beta registry commit commands.

v1.35.1

Compare Source

• Fix the git input parameter ref to align with the git notion of a ref. This allows for the use
  of branch names, tag names, and commit hashes.
• Fix unexpected buf build errors with absolute path directory inputs without workspace and/or
  module configurations (e.g. buf.yaml, buf.work.yaml) and proto file paths set to the --path flag.

v1.35.0

Compare Source

• Add buf generate --clean flag that will delete the directories, jar files, or zip files that the
  plugins will write to, prior to generation. Allows cleaning of existing assets without having
  to call rm -rf.
• Deprecate --username flag on and username prompt on buf registry login. A username is no longer
  required to log in.

v1.34.0

Compare Source

• Add buf config ls-modules command to list configured modules.
• Fix issue where buf generate would succeed on missing insertion points and
  panic on empty insertion point files.
• Update buf generate to allow the use of Editions syntax when doing local code
  generation by proxying to a protoc binary (for languages where code gen is
  implemented inside of protoc instead of in a plugin: Java, C++, Python, etc).
• Allow use of an array of strings for the protoc_path property of for buf.gen.yaml,
  where the first array element is the actual path and other array elements are extra
  arguments that are passed to protoc each time it is invoked.

dapr/cli (dapr/cli)

v1.14.0: Dapr CLI v1.14.0

Compare Source

dapr/dapr (dapr/dapr)

v1.14.0: Dapr Runtime v1.14.0

Compare Source

Dapr 1.14

We're excited to announce the release of Dapr 1.14!

We would like to extend our thanks to all the new and existing contributors who helped make this release happen.

If you're new to Dapr, visit the getting started page and familiarize yourself with Dapr.

Docs have been updated with all the new features and changes of this release. To get started with new capabilities introduced in this release, go to the Concepts and the Developing applications.

Note: This release contains a few breaking changes.

See this section on upgrading Dapr to version 1.14.

Highlights

These are the new feature highlights for the v1.14 release:

Jobs API and Scheduler service (preview)

Many applications require job scheduling, or the need to take an action in the future. The new jobs API is an orchestrator for scheduling these future jobs, either at a specific time or for a specific interval. For example job scheduling is useful in scenarios such as automated database backups, regular Data Processing and ETL, email notifications, maintenance tasks and system updates and batch processing to name a few.

The Dapr’s Jobs API ensures the tasks represented in these types of scenarios are performed consistently and reliably, improving efficiency and reducing the risk of errors. Think of this as a scalable version of the popular Dapr Cron Binding, now as a first class API available via the Dapr SDKs.

You can read more in the Jobs API overview documentation, or dive into a Quickstart Go code example. Support for Jobs is also in the alpha Rust-SDK!

Scheduler service (preview)

The Scheduler service is a new control plane service used to schedule jobs, running in self-hosted mode or on Kubernetes. It is installed by when using Helm or the Dapr CLI and is the service responsible for managing the scheduled jobs.

Increased throughput and scalability for actors and workflows (preview)

The new Scheduler service can optionally be used as the backend for actor reminders and enables increased throughput and lower latency for both actors and workflows. To use the scheduler service for actors and workflows, simply enable it in a Dapr Configuration resource like this:

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: featureconfig
spec:
  features:
    - name: SchedulerReminders
      enabled: true

Important note: Existing reminder data is not be compatible with the scheduler service. The scheduler service should be used only for new actor and workflow reminders

Streaming subscriptions (preview)

Streaming subscriptions are a new type of subscription written in code. Streaming subscriptions are dynamic, meaning they allow for adding or removing subscriptions at runtime. They do not require a subscription HTTP endpoint in your application (which is required by the current programmatic and declarative subscriptions), making them easy to configure in code. Streaming subscriptions also do not require an app to be configured with the sidecar to receive messages. These are an incredibly easy way to configure topic subscriptions for your app. In this release streaming subscriptions are available in the Go SDK.

Actor multi-tenancy with namespacing

Namespacing in Dapr provides isolation, and thus multi-tenancy. With actor namespacing, the same actor type can be deployed into different namespaces. You can then call instances of these actors within the same namespace. Each namespaced actor deployment must use its own separate state store, especially if the same actor type is deployed into different namespaces.

HTTP metrics filtering with path matching

When invoking Dapr using HTTP, metrics are created for each requested method by default. For example metrics include error rates, latency and throughput numbers. This can result in a high number of metrics being reported, known as high cardinality, which can impact memory usage and CPU for your application.

HTTP metric path matching allows you to manage and control the cardinality, or the amount, of HTTP metrics in Dapr. This is an aggregation of metrics, so rather than having a metric for each event, you can reduce the number of metrics events and report an overall number.

Outbox message projections (stable)

The transactional outbox feature allows you to commit state and then send a message in a single transaction and can be used with a broad combination of pub/sub brokers and databases. The transactional outbox is now stable in v1.14 release.

Now in this release, when using the outbox pattern, you can send a different payload to the pub/sub broker than the one saved in the database. These are called outbox message projections, and can be shaped in any way you need.

Service invocation for non-Dapr endpoints (stable)

The ability to invoke non-Dapr endpoints using the Dapr Service invocation APIis now stable.

Dapr Shared (new preview repo in Dapr org)

Although not part of the Dapr runtime v1.14 release, Dapr Shared provides alternative deployment choices for Dapr.

Dapr, by default, is injected as a sidecar to enable the Dapr APIs for your applications for the best availability and reliability. Dapr Shared enables two alternative deployment strategies to create Dapr applications using a Kubernetes Daemonset for a per-node deployment or a Deployment for a per-cluster deployment.

For example, Dapr Shared can be used to reduce resource usage in a cluster or to make a simpler testing deployment environment.

Python SDK updates

• The python-sdk now has support for the cryptography API.
• The python-sdk now supports actor state TTL (timeouts)

Acknowledgements

Thanks to everyone who made this release possible!

@​aharonYK, @​akshaya-a, @​amardeep2006, @​andrejpk, @​andriisoldatenko, @​AnnuCode, @​antoniomaria, @​agoktugaydin, @​alundiak, @​andrew-hillier, @​antontroshin, @​artur-ciocanu, @​artursouza, @​avoidalone, @​berndverst, @​bibryam, @​bhagya05, @​bkc, @​bondz, @​c-thiel, @​cgillum, @​cicoyle, @​ckcd, @​cmendible, @​contributor, @​daixiang0, @​DeepanshuA, @​denisbchrsk, @​DropSnorz, @​ductnn, @​dwhiteddsoft, @​ecabrerar, @​Eileen-Yu, @​elena-kolevska, @​erwinkramer, @​evacchi, @​evhen14, @​fabistb, @​famarting, @​james-bartlett, @​filintod, @​guspan-tanadi, @​gralin, @​hhunter-ms, @​ibandhiya, @​imneov, @​ItalyPaleAle, @​jake-engelberg, @​jcchavezs, @​jjcollinge, @​jmprusi, @​joebowbeer, @​JoshVanL, @​Jossec101, @​kaibocai, @​KrylixZA, @​KentHsu, @​kindknow, @​ksachdeva, @​laurentkempe, @​m3nax, @​mahparaashley, @​marcoscale98, @​manojks1999, @​MattCosturos, @​MichaelHindley, @​mikeee, @​MO2k4, @​mohitpalsingh, @​moonorange, @​msfussell, @​mukundansundar, @​nadavv169, @​nathandl86, @​nelson-parente, @​nenikola, @​newbe36524, @​nikitasarawgi, @​olitomlinson, @​passuied, @​paulyuk, @​pdebruin, @​philliphoff, @​pravinpushkar, @​RafaelJCamara, @​robertojrojas, @​rochabr, @​ruokun-niu, @​Rutam21, @​RyanLettieri, @​sadath-12, @​salaboy, @​svdspradeep, @​SantoDE, @​shivam-51, @​shivamkm07, @​shubham1172, @​Shubhdeep02, @​sicoyle, @​Taction, @​thewilli, @​thompson-tomo, @​ThomasVitale, @​tmacam, @​toneill818, @​TomasEkeli, @​tlund101, @​umerkle, @​waltercoan, @​wardbeyens, @​WhitWaldo, @​willtsai, @​XavierGeerinck, @​yaron2, @​zedgell

New in this release

Dapr Runtime

• ADDED New Jobs API + Scheduler Control Plane Service 7768
• ADDED Support dynamic (on-demand) subscribe and unsubscribe of topics by user app 814
• ADDED Support namespace isolation/multi-tenancy for Dapr Actors 3167 4711
• ADDED [PROPOSAL] Identity Management Overhaul 5756
• RESOLVED [Proposal]: Actor State TTL 5899
• Change Dapr state store encryption to use AES in CBC mode 6027
• RESOLVED Incremental improvements to Actor Reminders subsystem 6121
• RESOLVED [Tracking issue] Actor subsystem improvements 6592
• FIXED Placement server fails to disseminate placement tables 7031
• CHANGED Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers 7037
• CHANGED Remove the legacy port 80 from the sentry service 7084
• FIXED Bug in runtime preventing outbox messages as cloudevent 7113
• ADDED Hot-reloading for Dapr Subscriptions 7139
• ADDED [Outbox] Allow override of CE fields on published event 7347
• ADDED Subscription source indication in metadata response 7396
• CHANGED Prioritized value of OTEL_SERVICE_NAME envvar over configuration if set 7451
• FIXED Healthz overhaul 7518
• CHANGED Change default cardinality to low for metrics 7522
• ADDED Standardize max-body-size and read-buffer-size flags 7546
• ADDED Update logging of "empty" 200 response for pub/sub messages to indicate success 7561
• CHANGED Always tick renewal check every minute 7565
• FIXED Parent-based tracing sampling has incorrect logic -- should behave differently on flag=0 vs Parent Span doesn't exist 7574
• CHANGED Update protoc protobuffer transcompilers 7585
• FIXED Operator logs gargage log 7607
• ADDED Additional metrics data to differentiate DROP status messages. 7610
• FIXED chore: fix some typos 7614
• ADDED Operator: Component server side scope filtering 7615
• ADDED Disk Loader: Scope filtering 7616
• CHANGED Update logging of empty 200 response for pub/sub messages 7620
• ADDED [observability]: allow configurable bucket settings for distributions 7641
• FIXED security: up dependencies to fix security vulnerabilities 7681
• ADDED Update holopin.yml to award runtime badge to contributors 7685
• FIXED chore: fix function names in comment 7687
• UPDATED OpenTelemetry specification to v1.25 7703
• CHANGED Bump to Go 1.22 - Pin latest contrib with Go 1.22 7713
• ADDED Allow outbox published data to be different than transaction data 7717
• CHANGED HTTP monitoring method parsing in low cardinality cases 7756
• FIXED high cardinality metrics are shown for actors but increasedCardinality is set to false 7736
• ADDED Standardize readme shield badges 7744
• ADDED Subscriptions: bi-directional subscription streaming- subscribe on no healthz 7757
• FIXED Includes app API token for all requests from sidecar to app 7774
• FIXED chore: update create namespace 7803
• FIXED Workflow actors backend, invalid start succeeds on retries 7811
• FIXED Doc: Update wfengine README.md 7845
• FIXED Doc: update protoc version 7857

Dapr CLI

• FIXED Bug in runtime (or documentation). 1023
• Add convenience commands for placement/sentry start via dapr CLI 1032
• ADDED support for full E2E tests on Windows 1078
• FIXED Improve console logs of daprd in error scenarios for Multi App Run 1257
• UPDATED Bump golang.org/x/net from 0.21.0 to 0.23.0 1401
• FIXED Scheduler service is not started in self-hosted mode 1416
• FIXED dapr status -k command does not show the scheduler service. 1433
• RESOLVED dapr init -k --dev is in crash loop on redis init, failing redis component load 1436

Components

• FIXED Kafka pubsub propagates partition key to DLT 2227
• ENABLED signed url in GCP Storage Bucket 2862
• ADDED support for Azure Cache for Redis in all Redis components 3088
• ADDED RabbitMQ subscription argument to enable Single Active Consumer 3120
• ADDED DeleteWithPrefix support for SQLite 3265
• ADDED AWS IAM auth for postgresql components 3324
• OPTIMIZED Kafka component to use a single Sarama client 3336
• UPDATED Azure Service Bus to enforce autodeleteonidlesec minimum of 300 3340
• FIXED recovery of interrupted eventhubs subscriptions 3344
• UPDATED AWS SD version to support SQS over AWS JSON Protocol 3354
• UPDATED http-wasm host to v0.6.0. 3360
• FIXED context used in Kafka consumer 3366
• FIXED Kafka pubsub's partition key propagation to DLT 3368
• ADDED S3 storage class metadata 3369
• ADDED Kafka producer config capabilities for connections 3371
• ADDED support to configure heartbeat interval and session timeout on kafka's consumer 3375
• FIXED all wasm guests build and update with TinyGo 0.28.1 3377
• UPDATED wazero to v1.7.0 3378
• FIXED Kafka's possible nil pointer error on close 3383
• FIXED bug with new Avro conversion when message values are NULL 3388
• UPDATED dependencies to fix security vulnerabilities 3390
• FIXED CosmosDB state store's SaveBulkStateAsync() throwing context deadline exceeded exception 3399
• FIXED CosmosDB for latest API version 3411
• REMOVED unnecessary loglines 3412
• FIXED metadata capitalization 3413
• ADDED configurable ackDeadline to GCP Pub/Sub component 3422
• ADDED support for Redis private certificates 3429
• FIXED fatal error: concurrent map writes 3430
• CREATED metadata for bindings.aws.sns 3432
• ADDED AWS SNS metadata schema 3433
• ADDED support for ApplicationProperties in subscriptions for Azure Service Bus 3436
• ADDED support for configurable MaxOutstanding* settings in GCP pubsub 3441
• FIXED Kafka bulk publisher 3445
• FIXED duplicate key violating unique restraint in Postgres state stores 3446
• FIXED incorrect metadata name/title for pubsub.solace.amqp 3451
• UPDATED HTTP binding to use Go's default transport 3466
• UPDATED vulnerable dependencies 3469
• ADDED EntraID auth support to all Redis components 3470
• ADDED Azure Auth for all Redis Components 3471
• FIXED MQTT3 component blocking shutdown 3501

Dashboard

• ALLOWS annotations to be set on ingress 271
• UPDATED Go to 1.21 and dependencies 273
• UPDATED to Dapr 1.13 and recent client-go 276

.NET SDK

• ADDED k8s deployment yaml to demoactor sample 96
• ADDED option to set a timeout for service invocation 1007
• REMOVED redundant dependencies 1239
• UPDATED handling of DAPR_GRPC_ENDPOINT 1254
• FIXED GetBulkStateAsync to return null items for missing keys 1255
• FIXED Dapr Actor startup in AspNetCore - Issue in .NET 8 1256
• REMOVED polyfill packages 1258
• ADDED ActorReference creation from the ActorBase class informations 1277
• ADDED DaprClient dependency injection extension overload to facilitate registration with dependencies 1288
• ADDED passing of query string parameters on method invocation 1303
• UPDATED Dapr runtime and .NET reference updates. 1323
• UPDATED Protos for Dapr 1.14 1327

Go SDK

• ADDED Dependabot added in workflow. 531
• ADDED Tests for stateManagerCtx 558
• ADDED Implement distributed scheduler building block (alpha) 561
• ADDED Implement distributed scheduler building block 562
• CHANGED make workflow client struct public 577
• CHANGED removed unnecessary warnings from actor reflection 586
• CHANGED Bump google.golang.org/grpc from 1.64.0 to 1.65.0 590

Java SDK

• ADDED Auto-detection of ipv4 loopback and ipv6 loopback for daprd communication. 218
• ADDED HTTP code to DaprException 1020
• UPDATED handling of DAPR_GRPC_ENDPOINT to support enhanced spec 1028
• FIXED State serializer to use content type when saving actor states. 1033
• ADDED Metadata to DaprClient 1049
• UPDATED SDK to implement a single client and add gRPC invoke helper. 1051
• EXPANDED Metadata response 1055
• DELETED DaprHTTPClient for actors. 1056

Python SDK

• RESOLVED [Crypto] Implement support for EncryptAlpha1/DecryptAlpha1 APIs 548
• RESOLVED Preview Feature Support: Add Actor State TTL support 560
• RESOLVED change call_child_workflow to pass correct wf name to durabletask worker 616
• ADDED Implement retry and timeout policy for both grpc and http based clients 676
• RESOLVED [BUG] DAPR_HEALTH_TIMEOUT as environment variable is not converted to numerical value 688
• RESOLVED Update the holopin.yaml to use the sdk badge 693
• FIXED .devcontainer.json configuration 702
• RESOLVED Standardize README shield badges 710
• ADDED Support for user-supplied actor_factory callable. 713
• RESOLVED [BUG] configuration api returns unexpected type 720
• RESOLVED [Feature] Health checks for dapr-ext-grpc 722

Rust SDK

• DOCUMENTED Clarify "WIP" Status 41
• CHANGED Move the DAPR GRPC port inside client 54
• ADDED Procedural Macros For Pub Sub 87
• ADDED Derive Clone for Client 92
• ADDED Feature: Enable query state API 116
• ADDED Implement Bulk Secret API 122
• ADDED Implement bulksecret retrieval 123
• DOCUMENTED Initialise Rust-SDK Docs 125
• FIXED minor changes to github templates 132
• ADDED Cryptography API support to the client 133
• ADDED Dependency management 146
• FIXED Repository bot no longer returns an error for non-assign comments and also … 149
• DOCUMENTED Initialise docs 181
• UPDATED chore: bump to rc.4 195
• ADDED feat: Jobs/Scheduler API 196

JavaScript SDK

• FIXED "TypeError: Converting circular structure to JSON" while using custom winston logger service 488
• FIXED Update the holopin.yaml to use the sdk badge 589

Quickstarts

• ADDED Go SDK and Go Http Quickstart for Jobs API 1026
• FIXED Javascript Quickstart Tests/Checks FAIL (timing / sidecar not found?) 1047
• FIXED Tutorials Tests/Checks FAIL (dapr app not ready / timing) 1048
• UPDATED Changing Dapr runtime version to 1.13.5 to support test efforts 1049
• FIXED Fixes Python test failure on Configuration API quickstart 1050 1051
• FIXED fix: pub_sub javascript npm audit issues 1055
• DOCUMENTED Updating Readme to favor kubectl based deploy vs. multi app run 1057

Upgrading to Dapr 1.14

To upgrade to this release of Dapr, follow the steps here to ensure a smooth upgrade. You know, the one where you don't get red errors on the terminal... we all hate that, right?

Local Machine / Self-hosted

Uninstall Dapr using the CLI you currently have installed. Note that this will remove the default $HOME/.dapr directory, binaries and all containers dapr_redis, dapr_placement and dapr_zipkin. Linux users need to run sudo if docker command needs sudo:

dapr uninstall --all

For RC releases like this, download the latest and greatest release from here and put the dapr binary in your PATH.

Once you have installed the CLI, run:

dapr init --runtime-version=1.14

Wait for the update to finish, ensure you are using the latest version of Dapr(1.14) with:

$ dapr --version

CLI version: 1.14
Runtime version: 1.14

Kubernetes

Upgrading from previous version

You can perform zero-downtime upgrades using both Helm 3 and the Dapr CLI.

Upgrade using the CLI

We've got some handy install scripts available: https://docs.dapr.io/getting-started/install-dapr-cli/ making sure to specify 1.14.0 as the CLI version.

Alternatively - download the latest release from here and put the dapr binary in your PATH.

To upgrade Dapr, run:

dapr upgrade --runtime-version 1.14 -k

To upgrade with high availability mode:

dapr upgrade --runtime-version 1.14 --enable-ha=true -k

Wait until the operation is finished and check your status with dapr status -k.

All done!

Note: Make sure your deployments are restarted to pick the latest version of the Dapr sidecar

Upgrade using Helm

To upgrade Dapr using Helm, run:

helm repo add dapr https://dapr.github.io/helm-charts/
helm repo update

helm upgrade dapr dapr/dapr --version 1.14 --namespace=dapr-system --wait

Wait until the operation is finished and check your status with dapr status -k.

All done!

Note: Make sure your deployments are restarted to pick the latest version of the Dapr sidecar

Starting a fresh install on a cluster

Please see how to deploy Dapr on a Kubernetes cluster for a complete guide to installing Dapr on Kubernetes

You can use Helm 3 to install Dapr:

helm repo add dapr https://dapr.github.io/helm-charts/
helm repo update

kubectl create namespace dapr-system

helm install dapr dapr/dapr --version 1.14 --namespace dapr-system --wait

Alternatively, you can use the latest version of CLI:

dapr init --runtime-version=1.14 -k

Post installation

Verify the control plane pods are running and are healthy:

$ dapr status -k
  NAME                   NAMESPACE    HEALTHY  STATUS   REPLICAS  VERSION  AGE  CREATED
  dapr-sidecar-injector  dapr-system  True     Running  1         1.14   15s  2024-07-23 13:07.39
  dapr-sentry            dapr-system  True     Running  1         1.14   15s  2024-07-23 13:07.39
  dapr-operator          dapr-system  True     Running  1         1.14   15s  2024-07-23 13:07.39
  dapr-placement         dapr-system  True     Running  1         1.14   15s  2024-07-23 13:07.39
  dapr-scheduler         dapr-system  True     Running  1         1.14   15s  2024-07-23 13:07.39

After Dapr 1.14 has been installed, perform a rolling restart for your deployments to pick up the new version of the sidecar.
This can be done with:

kubectl rollout restart deploy/<deployment-name>

Breaking changes

Java SDK

• ADDED State serializer content type when saving actor states. 1033
  • This change can make data to be saved in a different format in the state store, causing previous data not to be read. It is recommended for users to test the new SDK using non-production state store where data was saved with the previous SDK version to confirm it will not cause issues.

Actor placement (cross-namespace actor invocation)

Actors are now namespaced, meaning that cross-namespace actor invocation is no longer supported. You must ensure that all actor invocations occur within the same namespace.

Deprecation Notices

None.

v1.13.5: Dapr Runtime v1.13.5

Compare Source

Dapr 1.13.5

Updated dependencies

Updated multiple dependencies to address reported vulnerabilities.
Currently, none of the vulnerabilities in the updated dependencies are known to be exploitable in Dapr.
Update to accomodate users that need to comply with automated vulnerability scanning tools.

dart-lang/sdk (dart)

v3.5.0

Compare Source

Language

• Breaking Change #​55418: The context used by the compiler to perform
  type inference on the operand of an await expression has been changed to
  match the behavior of the analyzer. This change is not expected to make any
  difference in practice.

• Breaking Change #​55436: The context used by the compiler to perform
  type inference on the right hand side of an "if-null" expression (e1 ?? e2)
  has been changed to match the behavior of the analyzer. change is expected to
  have low impact on real-world code. But in principle it could cause
  compile-time errors or changes in runtime behavior by changing inferred
  types. The old behavior can be restored by supplying explicit types.

Libraries

dart:core

• Breaking Change #​44876: DateTime on the web platform now stores
  microseconds. The web implementation is now practically compatible with the
  native implementation, where it is possible to round-trip a timestamp in
  microseconds through a DateTime value without rounding the lower
  digits. This change might be breaking for apps that rely in some way on the
  .microsecond component always being zero, for example, expecting only three
  fractional second digits in the toString() representation. Small
  discrepancies in arithmetic due to rounding of web integers may still occur
  for extreme values, (1) microsecondsSinceEpoch outside the safe range,
  corresponding to dates with a year outside of 1685..2255, and (2) arithmetic
  (add, subtract, difference) where the Duration argument or result
  exceeds 570 years.

dart:io

• Breaking Change #​55786: SecurityContext is now final. This means
  that SecurityContext can no longer be subclassed. SecurityContext
  subclasses were never able to interoperate with other parts of dart:io.

• A ConnectionTask can now be created using an existing Future<Socket>.
  Fixes #​55562.

dart:typed_data

• Breaking Change #​53785: The unmodifiable view classes for typed data
  have been removed. These classes were deprecated in Dart 3.4.

  To create an unmodifiable view of a typed-data object, use the
  asUnmodifiableView() methods added in Dart 3.3.

• Added superinterface TypedDataList to typed data lists, implementing both
  List and TypedData. Allows abstracting over all such lists without losing
  access to either the List or the TypedData members.
  A ByteData is still only a TypedData, not a list.

dart:js_interop

• Breaking Change #​55508: importModule now accepts a JSAny instead
  of a String to support other JS values as well, like TrustedScriptURLs.

• Breaking Change #​55267: isTruthy and not now return JSBoolean
  instead of bool to be consistent with the other operators.

• Breaking Change ExternalDartReference no longer implements Object.
  ExternalDartReference now accepts a type parameter T with a bound of
  Object? to capture the type of the Dart object that is externalized.
  ExternalDartReferenceToObject.toDartObject now returns a T.
  ExternalDartReferenceToObject and ObjectToExternalDartReference are now
  extensions on T and ExternalDartReference<T>, respectively, where T extends Object?. See #​55342 and #​55536 for more details.

• Fixed some consistency issues with Function.toJS across all compilers.
  Specifically, calling Function.toJS on the same function gives you a new JS
  function (see issue #​55515), the maximum number of arguments that are
  passed to the JS function is determined by the static type of the Dart
  function, and extra arguments are dropped when passed to the JS function in
  all compilers (see #​48186).

Tools

Linter

• Added the [unintended_html_in_doc_comment][unintended_html_in_doc_comment] lint.
• Added the [invalid_runtime_check_with_js_interop_types][invalid_runtime_check_with_js_interop_types] lint.
• Added the [document_ignores][document_ignores] lint.

Pub

• New flag dart pub downgrade --tighten to restrict lower bounds of
  dependencies' constraints to the minimum that can be resolved.

Dart Runtime

• The Dart VM only executes sound null safe code, running of unsound null
  safe code using the option --no-sound-null-safety has been removed.

• Dart_NewListOf and Dart_IsLegacyType functions are
  removed from Dart C API.

• Dart_DefaultCanonicalizeUrl is removed from the Dart C API.

golangci/golangci-lint (golangci/golangci-lint)

v1.60.1

Compare Source

sqlc-dev/sqlc (sqlc-dev/sqlc)

v1.27.0

Compare Source

Release notes

Sunsetting hosted ephemeral databases

On September 4th, 2024, we'll be turning off support for hosted ephemeral databases in sqlc Cloud. If you use managed databases or query verification with sqlc Cloud, you'll need to update to 1.27.0 to avoid any issues. I've already emailed you if you're using this feature. It's more than likely that you are not!

https://github.com/sqlc-dev/sqlc/discussions/3422

Bug Fixes

• (dbmanager) Add leading slash to db uri path rewrite (#​3493)
• (verify) Include database engine in request (#​3522)

Features

• (golang) Add initialisms configuration (#​3308)
• (compiler) Support subqueries in the FROM clause (second coming) (#​3310)
• Managed databases with any accessible server (#​3421)
• (vet) Use new dbmanager client (#​3423)
• (verify) Update verify to work with managed databases (#​3425)

Documentation

• Fix typo in config (#​3358)
• Resolve a typo in configuration keys (#​3349)
• Add sponsorship information to README (#​3413)
• Update the language-support to include C# (#​3408)
• Add migration guide for hosted managed databases (#​3417)
• Fix readme links (#​3424)
• Update the managed db and verify documentation (#​3426)
• Add sponsor image (#​3428)
• Add Ruby as supported language (#​3487)
• Update migrating-to-sqlc-gen-kotlin.md (#​3454)
• Fix typo in comment (#​3316)
• Fix deprecated build tag format (#​3361)

Testing

• (endtoend) Re-use databases when possible (#​3315)
• Enabled MySQL database (#​3318)
• Remove internal/sqltest/hosted package (#​3521)

superfly/flyctl (superfly/flyctl)

v0.2.111

Compare Source

Changelog

• 5789248 Allow updating MySQL cluster settings (#​3839)
• a4ead76 fly pg unregister hook: update for new node names (#​3836)
• 3c430bb Sync docs after the automated release (#​3835)
• 3d2730f Replace deprecated nhooyr.io/websocket by maintained github.com/coder/websocket (#​3832)

v0.2.110

Compare Source

Changelog

• 1497bac don't pin debian version (#​3829)
• 047b8e2 Bump golang.org/x/sys from 0.23.0 to 0.24.0 in the golangx group (#​3826)
• 2dc801e surface idle timeout functionality (#​3827)

v0.2.109

Compare Source

Changelog

• c0a1cf9 Update fly auth token desc (#​3824)
• d66c0eb remove platform version from machine list view (#​3811)
• d8dca83 fix downtime causing bug during rolling deployments (#​3817)
• 0e5d2d1 Allow fly logs to read --machine flag (#​3820)

v0.2.108

Compare Source

Changelog

• 4b3bdbd Bump the golangx group with 4 updates (#​3823)

v0.2.107

Compare Source

Changelog

• 87aa565 support --volume on fly console (#​3818)
• 6dbf77d Bump github.com/buildpacks/pack from 0.35.0 to 0.35.1 (#​3821)

v0.2.106

Compare Source

Changelog

• 96a1c9f Bump the golangx group with 4 updates (#​3819)
• d322ce8 Read the --org flag when running the flyctl tokens list command (#​3799)
• faab36a \Better handling for Postgres image versions and features on Stolon clusters (#​3803)
• 25aa2b7 build: remove github.com/heroku/heroku-go/v5 (#​3804)
• f87ff73 fix typo on internal/command/apps/destroy.go (#​3812)
• 47ae293 Machine lease UX improvements (#​3815)

v0.2.104

Compare Source

Changelog

• ef58457 Send release metadata while updating the release (#​3798)
• 0c5cf93 Add more MySQL commands (#​3806)
• e7d4a06 Add helper to simplify Flex version checks. (#​3805)

v0.2.103

Compare Source

Changelog

• f4ae6f0 Add --fs-type from https://github.com/superfly/flyctl/pull/2527 (#​3302)
• 79c9b04 build: remove github.com/vektah/gqlparser (#​3796)

v0.2.102

Compare Source

Changelog

• 7f4afe8 Make sure to finish the depot build at the correct time (#​3802)
• [291e534](

---

Configuration

📅 Schedule: Branch creation - "* 18-21 * * 5" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.