Skip to content

Bump the all-updates group across 1 directory with 10 updates #1427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Bump the all-updates group across 1 directory with 10 updates #1427

dependabot wants to merge 4 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 20, 2025
edited
Loading

Bumps the all-updates group with 9 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go 1.41.14 1.55.8
github.com/golang-jwt/jwt/v4 4.1.0 4.5.2
github.com/gosimple/slug 1.11.0 1.15.0
github.com/joho/godotenv 1.4.0 1.5.1
github.com/microcosm-cc/bluemonday 1.0.16 1.0.27
github.com/prometheus/client_golang 1.12.1 1.23.2
golang.org/x/crypto 0.45.0 0.46.0
golang.org/x/net 0.47.0 0.48.0
rogchap.com/v8go 0.7.1-0.20211222173054-943fcf9e74cc 0.9.0

Updates github.com/aws/aws-sdk-go from 1.41.14 to 1.55.8

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.55.8 (2025-07-31)

SDK Features

  • Mark the module and all packages as deprecated.
    • This SDK has entered end-of-support.

Release v1.55.7 (2025-04-22)

SDK Bugs

  • service/s3/s3manager: Abort multipart download if object is modified during download

Release v1.55.6 (2025-01-15)

SDK Bugs

  • Fix broken printf for go1.24

Release v1.55.5 (2024-07-30)

Service Client Updates

  • service/appstream: Updates service API and documentation
    • Added support for Red Hat Enterprise Linux 8 on Amazon AppStream 2.0
  • service/autoscaling: Updates service API and documentation
    • Increase the length limit for VPCZoneIdentifier from 2047 to 5000
  • service/codepipeline: Updates service API, documentation, and paginators
    • AWS CodePipeline V2 type pipelines now support stage level conditions to enable development teams to safely release changes that meet quality and compliance requirements.
  • service/elasticache: Updates service documentation
    • Doc only update for changes to deletion API.
  • service/elasticloadbalancing: Updates service API
  • service/eventbridge: Updates service API
  • service/logs: Updates service API
    • Add v2 smoke tests and smithy smokeTests trait for SDK testing.
  • service/models.lex.v2: Updates service API and documentation
  • service/rolesanywhere: Updates service API and documentation
  • service/tnb: Updates service API and documentation
  • service/workspaces: Updates service documentation
    • Removing multi-session as it isn't supported for pools

Release v1.55.4 (2024-07-29)

Service Client Updates

  • service/elasticache: Updates service documentation
    • Renaming full service name as it appears in developer documentation.
  • service/memorydb: Updates service API and documentation

... (truncated)

Commits
  • 070853e release v1.55.8 (2025-07-31)
  • bb0168e Add deprecation warnings everywhere and remove some README content
  • 7ce44f3 aws
  • 6d9a26d remove doc issue tmpl
  • 239002f deprecate service packages and HLLs
  • 70c4177 deprecate main runtime packages
  • bbdd4e9 deprecate
  • 163aada release v1.55.7 (2025-04-22) (#5346)
  • 9eb2bfd Abort multi part download if the object is modified during download
  • 8d203cc Update bug-report.yml
  • Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

  • Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

v4.5.0

What's Changed

Full Changelog: golang-jwt/jwt@v4.4.3...v4.5.0

v4.4.3

What's Changed

New Contributors

Full Changelog: golang-jwt/jwt@v4.4.2...v4.4.3

v4.4.2

What's Changed

... (truncated)

Commits

Updates github.com/gosimple/slug from 1.11.0 to 1.15.0

Release notes

Sourced from github.com/gosimple/slug's releases.

v1.15.0

🚀 New features and improvements

v1.14.0

🚀 New features and improvements

🐛 Bug Fixes

🧰 Maintenance

🚦 Tests

v1.13.1: Fix for panic when MaxLength is greater then string length and SmartTruncate is disabled

🐛 Bug Fixes

v1.13.0: Ability to disable smart truncate, 3 new languages (bg, it, ro) and bug fixes

Thank you for all contributions.

🚀 New features and improvements

🐛 Bug Fixes

  • Fix edge case in truncate function allowing too long slugs (#74) by @​Redlinkk
  • Fix Greek language to follow ELOT 743 standard (#70) by @​imikod

... (truncated)

Commits

Updates github.com/joho/godotenv from 1.4.0 to 1.5.1

Release notes

Sourced from github.com/joho/godotenv's releases.

Fix parser regressions from multiline support

Version 1.5 came with a whole new parser, and with a new parser comes new bugs.

Things that were broken in 1.5 that are now fixed:

  • unquoted variables with interior whitespace no longer split on the first space (and then break the following line if you have one)
  • inline comments now work again for both quoted and unquoted variables
  • export statement filtering was made more robust and matched earlier versions behaviour
  • FOO.BAR key names are permitted again (i have no idea why you'd do it, but it's explicitly supported in ruby dotenv files)

There's one breaking change: earlier versions of this library would allow unterminated quoted variables in some instances and return a value (ie FOO="bar would set env of FOO: '"bar'), this now returns an error.

What's Changed

Full Changelog: joho/godotenv@v1.5.0...v1.5.1

v1.5.0 - multiline variables

The big news this release is that godotenv finally, after much procrastination in review, supports multiline variables (fixes #64). Big shoutout to @​x1unix for the bulk of the work on the original PR and also to @​coolaj86 and @​austinsasko for some very helpful review and tweaks.

Also added a -o overload flag (thanks @​2tef)

What's Changed

New Contributors

... (truncated)

Commits

Updates github.com/microcosm-cc/bluemonday from 1.0.16 to 1.0.27

Release notes

Sourced from github.com/microcosm-cc/bluemonday's releases.

Update golang.org/x/net to latest and force latest version

Bumping version and ensuring latest golang.org/x/net as the HTTP rapid reset is triggering primitive vuln scanners, we do not implement a HTTP2 server and are not vulnerable but a minor bump can still help reduce noise for those searching for what they need to upgrade and patch.

Nothing else is in this release aside from the dependency updates and some staticcheck messages being resolved that should not modify behaviour.

Added src rewriter to allow for proxying inline assets.

What's Changed

New Contributors

Full Changelog: microcosm-cc/bluemonday@v1.0.24...v1.0.25

Added AllowURLSchemesMatching

This is a feature release, there are no security fixes in this release.

What's Changed

New Contributors

Full Changelog: microcosm-cc/bluemonday@v1.0.23...v1.0.24

Resolve golang.org/x/net CVE-2022-41723

What's Changed

New Contributors

Full Changelog: microcosm-cc/bluemonday@v1.0.22...v1.0.23

Add picture to list of elements allowed without attributes

This is not a security update!

This is a usability update as some HTML elements are valid without attributes however the default behaviour is to strip these out of an abundance of caution. The picture element https://developer.mozilla.org/en-US/docs/Web/HTML/Element/picture is one such element where it merely changes the browser rendering such that one of the child elements will be rendered.

The picture element was not present in the allowlist when it should have been, and so this release fixes that as per #161 .

Very minor bug fix to remove empty elements without attributes

Thanks to @​Gusted for microcosm-cc/bluemonday#151 which fixes a bug that allowed a policy to be defined in a way that input could've allowed an empty and meaningless element to be left in the output when it should not have done so.

This is not a security issue, and the details can be seen in the PR comment.

... (truncated)

Commits
  • 10b8ac6 Remove SPDX header from LICENSE to enable GitHub auto-detection
  • 30fb5d7 Don't duplicate attrs if multiple global policies allow them
  • e244202 Update CONTRIBUTING.md (fixup of 109c9cf)
  • 206ce8a Update the security policy
  • 109c9cf Clean up developer instructions to a vanilla Go project
  • e602a4a Fix RequireCrossOriginAnonymous when crossorigin attr is allowed
  • 37251d9 Consistently raise minimum Go version and update CI
  • 135e7bb all: upgrade dependencies
  • 5703ea6 Merge pull request #207 from silverwind/4hex
  • af654ef Merge pull request #202 from caarlos0/tidy
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.12.1 to 1.23.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.2 - 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.1...v1.23.2

v1.23.1 - 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.0...v1.23.1

v1.23.0 - 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.2 / 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

1.23.1 / 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

1.23.0 / 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

1.21.1 / 2025-03-04

  • [BUGFIX] prometheus: Revert of Inc, Add and Observe cumulative metric CAS optimizations (#1661), causing regressions on low contention cases.
  • [BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.

1.21.0 / 2025-02-17

⚠️ This release contains potential breaking change if you upgrade github.com/prometheus/common to 0.62+ together with client_golang. ⚠️

... (truncated)

Commits

Updates github.com/prometheus/client_model from 0.2.0 to 0.6.2

Release notes

Sourced from github.com/prometheus/client_model's releases.

v0.6.2

What's Changed

Full Changelog: prometheus/client_model@v0.6.1...v0.6.2

v0.6.1

What's Changed

Full Changelog: prometheus/client_model@v0.6.0...v0.6.1

v0.6.0

What's Changed

New Contributors

... (truncated)

Commits
  • eb136e5 Merge pull request #119 from prometheus/superq/google.golang.org/protobuf
  • bf7f2ca Update golanci-lint to v2.
  • 7e9b56c Bump google.golang.org/protobuf from 1.36.5 to 1.36.6
  • ef699ce Merge pull request #116 from prometheus/repo_sync
  • bf8b12e Update common Prometheus files
  • 5b93968 Merge pull request #115 from prometheus/repo_sync
  • ae83ddc Update common Prometheus files
  • afe0b21 Merge pull request #114 from prometheus/repo_sync
  • 75e1daf Update common Prometheus files
  • 73608e2 Merge pull request #113 from prometheus/dependabot/go_modules/google.golang.o...
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.45.0 to 0.46.0

Commits
  • 19acf81 go.mod: update golang.org/x dependencies
  • 3a1c6b4 x509roots/fallback: update bundle
  • f4602e4 ssh/agent: fix flaky test by ensuring a writeable home directory
  • See full diff in compare view

Updates golang.org/x/net from 0.47.0 to 0.48.0

Commits
  • 35e1306 go.mod: update golang.org/x dependencies
  • 7c36036 http2, webdav, websocket: fix %q verb uses with wrong type
  • ec11ecc trace: fix data race in RenderEvents
  • bff14c5 http2: don't PING a responsive server when resetting a stream
  • 88a6421 dns/dnsmessage: avoid use of "strings" and "math" in dns/dnsmessage
  • 123d099 http2: support net/http.Transport.NewClientConn
  • 346cc61 webdav: relax test to check for any redirect status, not just 301
  • See full diff in compare view

Updates rogchap.com/v8go from 0.7.1-0.20211222173054-943fcf9e74cc to 0.9.0

Release notes

Sourced from rogchap.com/v8go's releases.

v0.9.0

What's Changed

New Contributors

Full Changelog: rogchap/v8go@v0.8.0...v0.9.0

v0.8.0

Full changelog ⇒ v0.8.0

What's Changed

New Contributors

@dependabot
Bump the all-updates group across 1 directory with 10 updates
79685f9 
Bumps the all-updates group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.41.14` | `1.55.8` |
| [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) | `4.1.0` | `4.5.2` |
| [github.com/gosimple/slug](https://github.com/gosimple/slug) | `1.11.0` | `1.15.0` |
| [github.com/joho/godotenv](https://github.com/joho/godotenv) | `1.4.0` | `1.5.1` |
| [github.com/microcosm-cc/bluemonday](https://github.com/microcosm-cc/bluemonday) | `1.0.16` | `1.0.27` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.12.1` | `1.23.2` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.46.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.47.0` | `0.48.0` |
| [rogchap.com/v8go](https://github.com/rogchap/v8go) | `0.7.1-0.20211222173054-943fcf9e74cc` | `0.9.0` |



Updates `github.com/aws/aws-sdk-go` from 1.41.14 to 1.55.8
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md)
- [Commits](aws/aws-sdk-go@v1.41.14...v1.55.8)

Updates `github.com/golang-jwt/jwt/v4` from 4.1.0 to 4.5.2
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](golang-jwt/jwt@v4.1.0...v4.5.2)

Updates `github.com/gosimple/slug` from 1.11.0 to 1.15.0
- [Release notes](https://github.com/gosimple/slug/releases)
- [Commits](gosimple/slug@v1.11.0...v1.15.0)

Updates `github.com/joho/godotenv` from 1.4.0 to 1.5.1
- [Release notes](https://github.com/joho/godotenv/releases)
- [Commits](joho/godotenv@v1.4.0...v1.5.1)

Updates `github.com/microcosm-cc/bluemonday` from 1.0.16 to 1.0.27
- [Release notes](https://github.com/microcosm-cc/bluemonday/releases)
- [Commits](microcosm-cc/bluemonday@v1.0.16...v1.0.27)

Updates `github.com/prometheus/client_golang` from 1.12.1 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.12.1...v1.23.2)

Updates `github.com/prometheus/client_model` from 0.2.0 to 0.6.2
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](prometheus/client_model@v0.2.0...v0.6.2)

Updates `golang.org/x/crypto` from 0.45.0 to 0.46.0
- [Commits](golang/crypto@v0.45.0...v0.46.0)

Updates `golang.org/x/net` from 0.47.0 to 0.48.0
- [Commits](golang/net@v0.47.0...v0.48.0)

Updates `rogchap.com/v8go` from 0.7.1-0.20211222173054-943fcf9e74cc to 0.9.0
- [Release notes](https://github.com/rogchap/v8go/releases)
- [Changelog](https://github.com/rogchap/v8go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rogchap/v8go/commits/v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-version: 1.55.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-version: 4.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: github.com/gosimple/slug
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: github.com/joho/godotenv
  dependency-version: 1.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: github.com/microcosm-cc/bluemonday
  dependency-version: 1.0.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: github.com/prometheus/client_model
  dependency-version: 0.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: golang.org/x/crypto
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: golang.org/x/net
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: rogchap.com/v8go
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 20, 2025
@mattwoberts
Copy link
Contributor

mattwoberts commented Dec 20, 2025

@copilot there are CI issues from the linting, can you sort them please

Copilot AI mentioned this pull request Dec 20, 2025
Merged
Copy link
Contributor

Copilot AI commented Dec 20, 2025

@mattwoberts I've opened a new pull request, #1429, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI and others added 2 commits December 20, 2025 17:16
@mattwoberts
Fix linting issues from aws-sdk-go deprecation warnings
1063348 
Co-authored-by: mattwoberts <109196+mattwoberts@users.noreply.github.com>
@mattwoberts
Merge pull request #1429 from getfider/copilot/sub-pr-1427
b31346b 
Suppress aws-sdk-go v1 deprecation warnings in linter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

Copilot code review Copilot

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattwoberts