Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /module/apmazure #1694

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 28, 2025

Bumps golang.org/x/net from 0.23.0 to 0.33.0.

Commits
  • dfc720d go.mod: update golang.org/x dependencies
  • 8e66b04 html: use strings.EqualFold instead of lowering ourselves
  • b935f7b html: avoid endless loop on error token
  • 9af49ef route: remove unused sizeof* consts
  • 6705db9 quic: clean up crypto streams when dropping packet protection keys
  • 4ef7588 quic: handle ACK frame in packet which drops number space
  • 552d8ac Revert "route: change from syscall to x/sys/unix"
  • 13a7c01 Revert "route: remove unused sizeof* consts on freebsd"
  • 285e1cf go.mod: update golang.org/x dependencies
  • d0a1049 route: remove unused sizeof* consts on freebsd
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot requested a review from a team as a code owner February 28, 2025 11:40
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 28, 2025
@dmathieu dmathieu enabled auto-merge (squash) February 28, 2025 11:57
@dmathieu
Copy link
Member

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/go_modules/module/apmazure/golang.org/x/net-0.33.0 branch from f3c8a84 to e37d46b Compare February 28, 2025 12:36
@dmathieu
Copy link
Member

@dependabot rebase

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](golang/net@v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/module/apmazure/golang.org/x/net-0.33.0 branch from e37d46b to 803d84f Compare February 28, 2025 12:38
@dmathieu dmathieu merged commit 37cc483 into main Feb 28, 2025
12 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/module/apmazure/golang.org/x/net-0.33.0 branch February 28, 2025 12:50
dmathieu added a commit that referenced this pull request Mar 14, 2025
* module/apmotel: update to stable metrics API (#1448)

* module/apmotel: update to stable metrics API

* module/apmotel: go mod download

* Allow retrieving span created in agent from otel, and store agent span in context when creating it with otel (#1450)

* store the agent transaction and span into the context

* add wrapper so we can retrieve agent span from otel

* fix precheck

* Require Go 1.19+ (#1453)

* Require Go 1.19

Update docs to drop the "best effort" support for
unsupported Go versions, and only test with the
two most recent Go releases. Also, simplify the
"check-modules" and "update-modules" make targets.

* Remove extraneous "go:build" tags

* README: update supported Go versions (#1463)

* Update https://github.com/stretchr/testify v1.8.4 (#1464)

* [doc] Align agents logs documentation (#1465)

* align logs docs

* fix typo

* add missing reference

* build(deps): bump github.com/gin-gonic/gin in /module/apmgin (#1451)

Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gin-gonic/gin/compare/v1.7.7...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update golang.org/x/... to latest (#1466)

* Update golang.org/x/sys to latest

* Update golang.org/x/*

* Update go-fastjson

* build(deps): bump mellium.im/sasl in /module/apmgopgv10 (#1467)

Bumps mellium.im/sasl from 0.2.1 to 0.3.1.

---
updated-dependencies:
- dependency-name: mellium.im/sasl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/prometheus/client_golang (#1468)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.7.0 to 1.11.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.7.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump mellium.im/sasl from 0.2.1 to 0.3.1 in /module/apmgopg (#1373)

Bumps mellium.im/sasl from 0.2.1 to 0.3.1.

---
updated-dependencies:
- dependency-name: mellium.im/sasl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci: use latest Go release for microbenchmarks (#1469)

* Fix data race accessing Request.URL (#1472)

If an HTTP client is instrumented with apmhttp,
then the http.Request.URL is recorded for including
in span context. The caller of the HTTP client request
may mutate the URL after the response is ready, so we
must clone the URL while recording it to prevent data
races.

* Prepare v2.4.3 (#1473)

* Remove survey link (#1480)

The survey itself is rather outdated, and has served its purpose.
Send users to the Discuss forum instead.

* Return usable/recording spans from the agent context (#1478)

* return usable/recording spans from the agent context

* set the tracer provider to the global one if it's an apmotel one

* docs: update doc with go support policy (#1488)

* docs: update doc with go support policy

* docs: remove go.mod comment

the doc doesn't actually mention specific versions

* ci: update json spec files (#1491)

* Add CODEOWNERS (#1493)

* update default value of ELASTIC_APM_CLOUD_PROVIDER in doc (#1495)

* docs: remove SECURITY.md to fallback to org-wide security policy (#1496)

* docs: mention public bug bounty program in security policy

* docs: remove SECURITY.md to fallback to org-wide security policy

* Remove container_metadata_discovery from tests (#1497)

* fix: child span not acquiring transaction lock in some cases  (#1487)

* fix: acquire lock before adding dropped spans

Spans from the same transaction share the dropped spans map.
If they end concurrency a race condition could happen when updating
the map.
Add a RW lock to prevent that.

* Revert "fix: acquire lock before adding dropped spans"

This reverts commit 7fe3968d85d902bc5e78d792965280b75cd9c097.

* fix: child span not acquiring transaction lock in some cases

The previous fix didn't cover all cases. The issue is deeper and affects more than the
transaction data. We need to always acquire the tx lock before ending the span.

* test: add test case for dropped spans race condition

* fix: also acquire transactiondata lock

Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com>

* test: end parent and transaction

Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com>

* test: close tracer once test ends

Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com>

---------

Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com>

* Upgrade OpenTelemetry (#1501)

* upgrade otel dependencies

* use metric.Aggregation instead of aggregation.Aggregation

* build(deps): bump github.com/gofiber/fiber/v2 from 2.18.0 to 2.43.0 in /module/apmfiber (#1470)

* build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber

Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.18.0 to 2.43.0.
- [Release notes](https://github.com/gofiber/fiber/releases)
- [Commits](https://github.com/gofiber/fiber/compare/v2.18.0...v2.43.0)

---
updated-dependencies:
- dependency-name: github.com/gofiber/fiber/v2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update tests

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Wilkins <axw@elastic.co>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>
Co-authored-by: Damien Mathieu <42@dmathieu.com>

* prepare 2.4.4 release (#1502)

* [DOC+] Change example from elastic.com to elastic.co (#1503)

Per Elastic docs websites' feedback, changes elastic domain from ".com" to ".co" to match other examples.

* Update logs.asciidoc (#1506)

* update: what the CI does (#1504)

* action: support GitHub check in branch protection (#1508)

* build: bump google.golang.org/grpc and fix failing tests and compile errors (#1505)

* test: improve tools to generate testservice pb message

* lint: fix linter issues

* build: bump google.golang.org/grpc and fix failing tests and compile errors

---------

Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

* build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1510)

Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.46.0 to 2.49.2.
- [Release notes](https://github.com/gofiber/fiber/releases)
- [Commits](https://github.com/gofiber/fiber/compare/v2.46.0...v2.49.2)

---
updated-dependencies:
- dependency-name: github.com/gofiber/fiber/v2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Change 'cloud.project.id' for GCP metadata to be the 'project-id' (#1511)

Closes: #1509

* apmotel: disallow closing spans twice (#1512)

* Prepare `2.4.5` release (#1514)

Signed-off-by: Marc Lopez Rubio <marc5.12@outlook.com>

* fix: pin python 3.11 for coverage testing (#1527)

aiohttp is not compatible with python 3.12 yet

* build(deps): bump golang.org/x/net in /internal/apmgodog (#1526)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgin (#1525)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmazure (#1524)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmecho (#1523)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmechov4 (#1522)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmbeego (#1521)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgoredisv8 (#1520)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgoredis (#1519)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* perf: improve memory usage in apmhttp module (#1531)

* chore: enable dependabot version updates of github-actions yaml files (#1535)

* dependabot: enable github and composite actions

* chore: rename file to be .yml

* build(deps): bump the github-actions group with 2 updates (#1536)

* build(deps): bump the github-actions group with 2 updates

Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

Updates `actions/setup-go` from 3 to 4
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* ci: drop cache

Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>
Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>

* updatecli: link to the original Pull Request (#1538)

* ci: use gvm instead of gimme  (#1537)

* action: run-benchdiff (#1530)

* build(deps): bump google.golang.org/grpc in /internal/apmgodog (#1534)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc in /module/apmgokit (#1532)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1529)

Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.49.2 to 2.50.0.
- [Release notes](https://github.com/gofiber/fiber/releases)
- [Commits](https://github.com/gofiber/fiber/compare/v2.49.2...v2.50.0)

---
updated-dependencies:
- dependency-name: github.com/gofiber/fiber/v2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/labstack/echo/v4 in /module/apmechov4 (#1540)

Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.6.1 to 4.9.0.
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/labstack/echo/compare/v4.6.1...v4.9.0)

---
updated-dependencies:
- dependency-name: github.com/labstack/echo/v4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgokit (#1517)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgrpc (#1518)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc in /module/apmgrpc (#1533)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* embed new opentelemetry interfaces to span/trace/traceprovider (#1544)

* build: downgrade gin to 1.8.2 (#1515)

* build: downgrade gin to 1.8.2

* lint: run go mod tidy

* release: v2.4.6 (#1545)

* release: v2.4.7 and properly sync module versions (#1546)

* build(deps): bump the github-actions group with 1 update (#1547)

Bumps the github-actions group with 1 update: [WillAbides/benchdiff-action](https://github.com/willabides/benchdiff-action).

- [Release notes](https://github.com/willabides/benchdiff-action/releases)
- [Commits](https://github.com/willabides/benchdiff-action/compare/4d1d267fa96763646dd7c0d58e242817ce392c61...990b4c50b5420b485bf87e42c9f18234eba76fbc)

---
updated-dependencies:
- dependency-name: WillAbides/benchdiff-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump the github-actions group with 1 update (#1549)

Bumps the github-actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go).

- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump the github-actions group with 1 update (#1552)

Bumps the github-actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact).

- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmbeego (#1557)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmecho (#1555)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmechov4 (#1553)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmlogrus (#1554)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmgin (#1556)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmpgx (#1559)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmpgxv5 (#1560)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmmongo (#1561)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmgopg (#1562)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmgormv2 (#1563)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmgopgv10 (#1558)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add nil and recording check to span.RecordError (#1566)

Co-authored-by: Damien Mathieu <42@dmathieu.com>

* Release 2.4.8 (#1568)

* upgrade version

* update changelog

* updatecli: dynamic specs (#1570)

* github-action: use wildcards for discovering all the workflows (#1571)

* Fix typo (#1572)

* ignore folders that are not actual modules in coverage check (#1579)

* fixed typo from grpc.UnaryClientInterceptor to grpc.StreamClientInterceptor in  the comments for NewStreamClientInterceptor  in apmgrpc/client.go (#1574)

Co-authored-by: Damien Mathieu <42@dmathieu.com>

* build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1577)

Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.50.0 to 2.52.1.
- [Release notes](https://github.com/gofiber/fiber/releases)
- [Commits](https://github.com/gofiber/fiber/compare/v2.50.0...v2.52.1)

---
updated-dependencies:
- dependency-name: github.com/gofiber/fiber/v2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Damien Mathieu <42@dmathieu.com>

* security: add permissions block to workflows (#1575)

* security: add permissions block to workflows

* Update .github/workflows/labeler.yml

* security: add permissions block to workflows

* Update .github/workflows/snapshoty.yml

---------

Co-authored-by: Damien Mathieu <42@dmathieu.com>

* Switch to microsoft/mssqldb package (#1569)

* switch to microsoft/mssqldb package

* upgrade gorm in apmgormv2

* add write permission to labeler job (#1581)

* upgrade go-restful to v3 (#1580)

* build(deps): bump golang.org/x/crypto in /module/apmsql (#1564)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* make use of the SpanIDFieldName constant in apmzerolog (#1578)

Co-authored-by: Damien Mathieu <42@dmathieu.com>

* build(deps): bump github.com/jackc/pgx/v4 in /module/apmpgx (#1583)

Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.17.0 to 4.18.2.
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v4.17.0...v4.18.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/jackc/pgx/v4 in /module/apmgormv2 (#1584)

Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.18.1 to 4.18.2.
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v4.18.1...v4.18.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump github.com/jackc/pgx/v4 from 4.9.0 to 4.18.2 in /module/apmsql (#1585)

* build(deps): bump github.com/jackc/pgx/v4 in /module/apmsql

Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.9.0 to 4.18.2.
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v4.9.0...v4.18.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* run update-modules

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dmathieu <damien.mathieu@elastic.co>
Co-authored-by: Damien Mathieu <42@dmathieu.com>

* Release v2.5.0 (#1582)

* we don't support every version of Go, and don't use travis

* upgrade to 2.5.0

* add changelog

* Update CONTRIBUTING.md

Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

---------

Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /module/apmbeego (#1587)

Bumps google.golang.org/protobuf from 1.26.0-rc.1 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /internal/apmgodog (#1591)

Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /module/apmprometheus (#1586)

Bumps google.golang.org/protobuf from 1.26.0-rc.1 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /module/apmgin (#1590)

Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /module/apmgokit (#1588)

Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /module/apmgrpc (#1589)

Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/jackc/pgx/v5 in /module/apmpgxv5 (#1592)

Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.0.4 to 5.5.4.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.0.4...v5.5.4)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/jackc/pgx/v5 in /module/apmgormv2 (#1593)

Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.4.3 to 5.5.4.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.4.3...v5.5.4)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add apm/sqlserver module to apmsql doc (#1595)

* specify `go get` needs to run within go modules (#1599)

* chore: APM agent json server schema a76e999543efb3ba803c9a57dd13a4f6b... (#1601)

... 3ffa7e1

Made with ❤️️ by updatecli

Co-authored-by: apmmachine <apmmachine@users.noreply.github.com>

* feat: bump minimum go version to 1.21 (#1602)

* feat: update genmod script for toolchain compatibility

* feat: bump go version to 1.21

* feat: bump tools go version to 1.21

* Allow adding links after tx/span creation in agent, and handle `AddLink` in apmotel (#1605)

* fix(apmotel): add noop addlinks for compatibility with newer otel version

* handle apmotel's links

---------

Co-authored-by: kruskal <99559985+kruskall@users.noreply.github.com>

* feat: bump version to 2.6.0 (#1606)

* feat: bump version to 2.6.0

* docs: update changelog section version

* build(deps): bump golang.org/x/net in /module/apmgoredisv8 (#1615)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmbeego (#1616)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmechov4 (#1613)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgin (#1610)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgokit (#1607)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgoredis (#1614)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmazure (#1612)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /internal/apmgodog (#1609)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmgrpc (#1608)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/net in /module/apmecho (#1611)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Slog Handler Elastic APM Integration (#1597)

* Slog Handler Elastic APM Integration

Implemented a slog handler that attached trace/correlation logs (if
available) to the log message. Also will report specific log level logs
as errors through an apm tracer.

Add documentation links and clean up comments

* Multi Error Reporting, Custom Report Attrs, and Clean Up

Implemented ability to report multiple apm errors from one log. If a user adds
multiple "reportable" error attributes to the log msg (default is "error" & "err"),
instead of trying to join the errors into one or discarding one, the apmslog
handler will report both errors.

Added ability for a user to define what slog attribute keys they want to report
as errors. Because there is no standard way in slog to attach an error to a msg
log, I wanted to add the ability for the user to decide what is and what is not
going to be reported. By default, slog attribute keys that are "error" or "err"
are reported, but with the new `WithErrorRecordAttrs(keys)` function a user
can define which keys will be reported.

Cleaned up `ApmHandler` struct and methods. Since we want the user to use the
included `NewApmHandler` function and its functional option functions, I
decided to make all Struct fields private.

Additionally added a check on if the `ApmHandler`'s `tracer` field is nill before
trying to use it. It is still possible for a user to pass in a nil tracer using
the `WithTracer` functional option.

New tests and documentation added.

* goimports formatting

---------

Co-authored-by: cmenke <cmenke@remax.com>

* Document the repository as being in maintenance only (#1617)

* document the repository as being in maintenance only

* small wording changes

* fix wording

* [Bugfix] apm.DefaultTracer misbehaves when transport configuration is invalid  (#1618)

* incase of invalid tracer config disabling it instead of returning discard transport

* The default value of 'active'  is true, setting it to 'false' to support the case where invalid tracer config

* added a test case to check if tracer is being set to inactive incase of invalid configuration

* removed unwanted variable and linter fix

* fix precheck

* ran gofmt and golangci-lint to format tracer.go and tracer_test.go

* ensure tracecontext example has a discard tracer

---------

Co-authored-by: dmathieu <damien.mathieu@elastic.co>

* [Bugfix] gin web framework does not properly sanitize filename parameter of `Context.FileAttachment` function (#1620)

* [Bugfix] gin web framework does not properly sanitize filename parameter of `Context.FileAttachment` function 

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat".

If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.

* run go mod tidy

---------

Co-authored-by: dmathieu <damien.mathieu@elastic.co>

* github-action: delete opentelemetry workflow (#1622)

* ci: use updatecli with GitHub secrets (#1626)

* ci: updatecli signed commits (#1627)

* github-action: run buildkite action with GH secrets (#1628)

* ci: remove snapshoty (#1629)

* use `docker compose` rather than `docker-compose` (#1631)

* build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1630)

Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.52.1 to 2.52.5.
- [Release notes](https://github.com/gofiber/fiber/releases)
- [Commits](https://github.com/gofiber/fiber/compare/v2.52.1...v2.52.5)

---
updated-dependencies:
- dependency-name: github.com/gofiber/fiber/v2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Damien Mathieu <42@dmathieu.com>

* updatecli: use shared policy (#1632)

* deps(updatecli): bump all policies (#1635)

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-data-spec" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-gherkin" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-json-specs" Updatecli version policy

Made with ❤️️ by updatecli

---------

Co-authored-by: obltmachine <obltmachine@users.noreply.github.com>

* updatecli: automate the policy bumps (#1633)

* build(deps): bump docker/login-action in the github-actions group (#1639)

Bumps the github-actions group with 1 update: [docker/login-action](https://github.com/docker/login-action).


Updates `docker/login-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/0d4c9c5ea7693da7b068278f7b52bda2a190a446...9780b0c442fbb1117ed29e0efdff1e18412f7567)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* updatecli: rename update-compose.yaml to updatecli-compose.yaml (#1642)

* feat: add extra goos support (#1646)

syscall.Errno is not available is some GOOS causing compile errors
Move syscall specific code to separate file behind build tags making it
future proof and adding support for all goos supported by the go runtime

* release v2.6.2 (#1648)

* deps(updatecli): bump all policies (#1650)

* chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod... (#1651)

... iscovery/updatecli" Updatecli version policy

Made with ❤️️ by updatecli

Co-authored-by: obltmachine <obltmachine@users.noreply.github.com>

* deps(updatecli): bump all policies (#1653)

* chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod...

... iscovery/updatecli" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-data-spec" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-gherkin" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-json-specs" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod...

... iscovery/updatecli" Updatecli version policy

Made with ❤️️ by updatecli

* github-action: use ephemeral tokens with the required permissions (#1652)

* chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod... (#1654)

... iscovery/updatecli" Updatecli version policy

Made with ❤️️ by updatecli

Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com>

* CVE-2024-8805 - update docker image (#1658)

Follow snyk suggestion and update docker image to mitigate CVE-2024-8805.

* github-actions: use GH app to manage the projects (#1660)

* Revert "github-actions: use GH app to manage the projects" (#1662)

This reverts commit 3c843c1ceb56b9b04bd9201b5d1f7480caa3215d.

* github-actions: use ephemeral tokens with the right permissions (#1663)

* Update logrus to v1.8.3 (#1665)

Logrus v1.8.3 fixes a DoS security vulnerability.

Reference: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391

* ci: use macos-latest (#1666)

the macOS 12 runner image will be removed by December 3rd, 2024

* github-action: use elastic/oblt-actions/check-dependent-jobs (#1667)

* github-actions: use v1 for the oblt-actions (#1670)

* deps(updatecli): bump all policies (#1671)

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-gherkin" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-data-spec" Updatecli version policy

Made with ❤️️ by updatecli

* chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p...

... olicies/apm/apm-json-specs" Updatecli version policy

Made with ❤️️ by updatecli

---------

Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com>

* ci: support updatecli version required for the new oblt updatecli policies (#1672)

* build(deps): bump golang.org/x/crypto in /module/apmechov4 (#1673)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmmongo (#1674)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.17.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: APM agent json server schema 560cc4b604ede25ec70afd09f213d892f... (#1675)

... 30ceedc

Made with ❤️️ by updatecli

Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com>

* Avoid `nil` values when unwrapping errors (#1677)

* Avoid `nil` values when building up exception data.

We sometimes see Buildkite fail to add annotations to a build and when this happens, it fails with the following error:

```
{"log.level":"error","ecs.version":"1.6.0","gobld.version":"7.25.2","gobld.gitCommit":"8eae7d1","error.message":"Message: An error occurred while executing your GraphQL query. Please contact hello@buildkite.com for help and provide this query in the email., Locations: [], Extensions: map[], Path: []","error":[{"message":"An error occurred while executing your GraphQL query. Please contact hello@buildkite.com for help and provide this query in the email.","extensions":null,"locations":null,"path":null}],"@timestamp":"2024-11-22T20:25:12.306Z","log.origin":{"file.name":"/go/src/gobld/buildkite/buildkite.go","file.line":157},"trace.id":"d9ab02ae11e462233dfbcdb189fc043a","transaction.id":"d9ab02ae11e46223","trace.id":"325cf6b488e72c6e7457be8ecaf46eca","transaction.id":"325cf6b488e72c6e","span.id":"af9de4294dd6daf0","message":"Failed to annotate build"}
panic: reflect: call of reflect.Value.Type on zero Value

goroutine 319 [running]:
reflect.Value.typeSlow({0x0?, 0x0?, 0x40eb9f?})
	/usr/local/go/src/reflect/value.go:2699 +0x113
reflect.Value.Type(...)
	/usr/local/go/src/reflect/value.go:2694
go.elastic.co/apm/v2.(*exceptionDataBuilder).init(0xc0010eef50, 0xc004a800a0, {0x0, 0x0})
	/root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:414 +0xf6
go.elastic.co/apm/v2.(*exceptionDataBuilder).init(0xc0010eef50, 0xc00af0a020, {0x343fcc0, 0xc001316588})
	/root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:499 +0x8e5
go.elastic.co/apm/v2.initException(...)
	/root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:402
go.elastic.co/apm/v2.(*Tracer).NewError(0x3461720?, {0x343fcc0, 0xc001316588})
	/root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:103 +0xec
go.elastic.co/apm/v2.CaptureError({0x3461720, 0xc0008022d0}, {0x343fcc0, 0xc001316588})
	/root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/gocontext.go:132 +0xed
http://github.com/elastic/gobld/buildkite.(*buildkite ).AnnotateBuild(0xc0006a0c20, {0x3461720?, 0xc00a55b080?}, {0xc0009d1440, 0x3c}, {0x2ce4a15, 0x11}, {0xc000969880, 0x370}, {0x2cce7a8, ...}, ...)
	/go/src/gobld/buildkite/buildkite.go:158 +0x585
http://github.com/elastic/gobld/creator.ProcessJob ({_, }, , {{0x343ee20, 0xc00a4ccb40}, {0xc00073e260, 0xd}, {0x3462308, 0xc0006a0c20}, {0xc000a14540, ...}, ...}, ...)
	/go/src/gobld/creator/creator.go:356 +0xfad
http://github.com/elastic/gobld/creator.ProcessJobs (, {, _}, {{0x343ee20, 0xc00a4ccb40}, {0xc00073e260, 0xd}, {0x3462308, 0xc0006a0c20}, {0xc000a14540, ...}, ...})
	/go/src/gobld/creator/creator.go:257 +0x3ae
created by http://github.com/elastic/gobld/creator.(*creator ).StartWorkers in goroutine 321
	/go/src/gobld/creator/creator.go:218 +0x151
```

One hunch of mine is that, somehow, the `err` passed in to `init(e *exceptionData, err error)` is nil and therefor, the `reflectValue.Type()` call on
its value returns an error "Type on zero Value". If that supposition is correct, then changing the following block to
confirm `err` isn't nil before passing it in would obviate the problem:

```
for _, err := range e.ErrorDetails.Cause {
  if b.errorCount >= maxErrorTreeNodes {
    break
  }
  var data exceptionData
  if b.init(&data, err) {
    e.cause = append(e.cause, data)
  }
}
```

However, I may well be (very) wrong about this so I'd welcome any feedback from people more knowledgeable around this
code than I am. For one thing, I have not been able to run this modified code to confirm it has any effect on the above
Buildkite crash.

* Fix nil check during unwrapping.

Instead of aborting after encountering a `nil` error and thus missing other potential causes, add missing nil check in
the `Unwrap` method that takes a slice.

Also include a test for actually exercising this code and reproducing the problem seen in the wild (in Buildkite).
Thanks to @kruskall for providing the test and the excellent suggestion.

* build: update version to 2.6.3 (#1678)

* feat: bump version to 2.6.3

* build: update changelog

* build(deps): bump golang.org/x/net in /module/apmgin (#1679)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmbeego (#1680)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto in /module/apmpgxv5 (#1681)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang.org/x/crypto from 0.20.0 to 0.31.0 in /module/apmsql (#1682)

* build(deps): bump golang.org/x/crypto in /module/apmsql

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* run go mod tidy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dmathieu <damien.mathieu@elastic.co>

* build(deps): bump golang.org/x/crypto in /module/apmecho (#1683)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump minimum Go version to 1.22 (#1684)

* build(deps): bump golang.org/x/net in /module/apmbeego (#1685)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add the new ci checks (#1688)

* build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /module/apmgrpc (#1690)

* build(deps): bump golang.org/x/net in /module/apmgrpc

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* run go mod tidy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dmathieu <damien.mathieu@elastic.co>

* remove coverage ci check (#1693)

* Run ci with fips check (#1691)

* run ci with fips check

* disable custom certificate path in fips mode

* prevent disabling certificate verification in fips mode

* fix goimports

* remove fips disabled checks from non-fips tests

* Update Makefile

Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co>

* Revert "Update Makefile"

This reverts commit e585f0060521fe4b6421f8b7f7d2e3c86aa7c51b.

* Update Makefile

Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co>

---------

Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co>

* Fix random precheck failures (#1695)

* build(deps): bump golang.org/x/net in /module/apmazure (#1694)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [docs] Migrate docs from AsciiDoc to Markdown (#1689)

* delete asciidoc files

* add migrated files

* clean up cross-repo links

* Drop support for go 1.22 (#1697)

* drop support for go 1.22

* upgrade fastjson

* remove patch version

* Release 2.7.0 (#1698)

* upgrade version to 2.7.0

* add changelog entry

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Marc Lopez Rubio <marc5.12@outlook.com>
Co-authored-by: Andrew Wilkins <axw@elastic.co>
Co-authored-by: Silvia Mitter <silvia.mitter@elastic.co>
Co-authored-by: SylvainJuge <763082+SylvainJuge@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com>
Co-authored-by: yw <yangweilim21@gmail.com>
Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com>
Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com>
Co-authored-by: Brandon Morelli <brandon.morelli@elastic.co>
Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com>
Co-authored-by: Trent Mick <trentm@gmail.com>
Co-authored-by: Jack She <jackshe2702@gmail.com>
Co-authored-by: Carson Ip <carsonip@users.noreply.github.com>
Co-authored-by: Shubham Sharma <87318534+shubhamsharma7867@users.noreply.github.com>
Co-authored-by: Jan Calanog <jan.calanog@elastic.co>
Co-authored-by: Daniel Dias de Assumpção <dassump@gmail.com>
Co-authored-by: apmmachine <58790750+apmmachine@users.noreply.github.com>
Co-authored-by: apmmachine <apmmachine@users.noreply.github.com>
Co-authored-by: charliemenke <38671724+charliemenke@users.noreply.github.com>
Co-authored-by: cmenke <cmenke@remax.com>
Co-authored-by: Suchi Fatmawati <andrizafran067@gmail.com>
Co-authored-by: obltmachine <150269514+obltmachine@users.noreply.github.com>
Co-authored-by: obltmachine <obltmachine@users.noreply.github.com>
Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com>
Co-authored-by: Florian Lehner <florianl@users.noreply.github.com>
Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co>
Co-authored-by: Robin Verduijn <robinverduijn@users.noreply.github.com>
Co-authored-by: Colleen McGinnis <colleen.j.mcginnis@gmail.com>
Co-authored-by: Colleen McGinnis <colleen.mcginnis@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
agent-go dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant