-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /module/apmazure #1694
Merged
dmathieu
merged 1 commit into
main
from
dependabot/go_modules/module/apmazure/golang.org/x/net-0.33.0
Feb 28, 2025
Merged
build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /module/apmazure #1694
dmathieu
merged 1 commit into
main
from
dependabot/go_modules/module/apmazure/golang.org/x/net-0.33.0
Feb 28, 2025
+11
−11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmathieu
approved these changes
Feb 28, 2025
@dependabot rebase |
f3c8a84
to
e37d46b
Compare
@dependabot rebase |
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0. - [Commits](golang/net@v0.23.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
e37d46b
to
803d84f
Compare
dmathieu
added a commit
that referenced
this pull request
Mar 14, 2025
* module/apmotel: update to stable metrics API (#1448) * module/apmotel: update to stable metrics API * module/apmotel: go mod download * Allow retrieving span created in agent from otel, and store agent span in context when creating it with otel (#1450) * store the agent transaction and span into the context * add wrapper so we can retrieve agent span from otel * fix precheck * Require Go 1.19+ (#1453) * Require Go 1.19 Update docs to drop the "best effort" support for unsupported Go versions, and only test with the two most recent Go releases. Also, simplify the "check-modules" and "update-modules" make targets. * Remove extraneous "go:build" tags * README: update supported Go versions (#1463) * Update https://github.com/stretchr/testify v1.8.4 (#1464) * [doc] Align agents logs documentation (#1465) * align logs docs * fix typo * add missing reference * build(deps): bump github.com/gin-gonic/gin in /module/apmgin (#1451) Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](https://github.com/gin-gonic/gin/compare/v1.7.7...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update golang.org/x/... to latest (#1466) * Update golang.org/x/sys to latest * Update golang.org/x/* * Update go-fastjson * build(deps): bump mellium.im/sasl in /module/apmgopgv10 (#1467) Bumps mellium.im/sasl from 0.2.1 to 0.3.1. --- updated-dependencies: - dependency-name: mellium.im/sasl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/prometheus/client_golang (#1468) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.7.0 to 1.11.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.7.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump mellium.im/sasl from 0.2.1 to 0.3.1 in /module/apmgopg (#1373) Bumps mellium.im/sasl from 0.2.1 to 0.3.1. --- updated-dependencies: - dependency-name: mellium.im/sasl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: use latest Go release for microbenchmarks (#1469) * Fix data race accessing Request.URL (#1472) If an HTTP client is instrumented with apmhttp, then the http.Request.URL is recorded for including in span context. The caller of the HTTP client request may mutate the URL after the response is ready, so we must clone the URL while recording it to prevent data races. * Prepare v2.4.3 (#1473) * Remove survey link (#1480) The survey itself is rather outdated, and has served its purpose. Send users to the Discuss forum instead. * Return usable/recording spans from the agent context (#1478) * return usable/recording spans from the agent context * set the tracer provider to the global one if it's an apmotel one * docs: update doc with go support policy (#1488) * docs: update doc with go support policy * docs: remove go.mod comment the doc doesn't actually mention specific versions * ci: update json spec files (#1491) * Add CODEOWNERS (#1493) * update default value of ELASTIC_APM_CLOUD_PROVIDER in doc (#1495) * docs: remove SECURITY.md to fallback to org-wide security policy (#1496) * docs: mention public bug bounty program in security policy * docs: remove SECURITY.md to fallback to org-wide security policy * Remove container_metadata_discovery from tests (#1497) * fix: child span not acquiring transaction lock in some cases (#1487) * fix: acquire lock before adding dropped spans Spans from the same transaction share the dropped spans map. If they end concurrency a race condition could happen when updating the map. Add a RW lock to prevent that. * Revert "fix: acquire lock before adding dropped spans" This reverts commit 7fe3968d85d902bc5e78d792965280b75cd9c097. * fix: child span not acquiring transaction lock in some cases The previous fix didn't cover all cases. The issue is deeper and affects more than the transaction data. We need to always acquire the tx lock before ending the span. * test: add test case for dropped spans race condition * fix: also acquire transactiondata lock Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com> * test: end parent and transaction Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com> * test: close tracer once test ends Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com> --------- Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com> * Upgrade OpenTelemetry (#1501) * upgrade otel dependencies * use metric.Aggregation instead of aggregation.Aggregation * build(deps): bump github.com/gofiber/fiber/v2 from 2.18.0 to 2.43.0 in /module/apmfiber (#1470) * build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.18.0 to 2.43.0. - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](https://github.com/gofiber/fiber/compare/v2.18.0...v2.43.0) --- updated-dependencies: - dependency-name: github.com/gofiber/fiber/v2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Update tests --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Wilkins <axw@elastic.co> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> Co-authored-by: Damien Mathieu <42@dmathieu.com> * prepare 2.4.4 release (#1502) * [DOC+] Change example from elastic.com to elastic.co (#1503) Per Elastic docs websites' feedback, changes elastic domain from ".com" to ".co" to match other examples. * Update logs.asciidoc (#1506) * update: what the CI does (#1504) * action: support GitHub check in branch protection (#1508) * build: bump google.golang.org/grpc and fix failing tests and compile errors (#1505) * test: improve tools to generate testservice pb message * lint: fix linter issues * build: bump google.golang.org/grpc and fix failing tests and compile errors --------- Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> * build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1510) Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.46.0 to 2.49.2. - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](https://github.com/gofiber/fiber/compare/v2.46.0...v2.49.2) --- updated-dependencies: - dependency-name: github.com/gofiber/fiber/v2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Change 'cloud.project.id' for GCP metadata to be the 'project-id' (#1511) Closes: #1509 * apmotel: disallow closing spans twice (#1512) * Prepare `2.4.5` release (#1514) Signed-off-by: Marc Lopez Rubio <marc5.12@outlook.com> * fix: pin python 3.11 for coverage testing (#1527) aiohttp is not compatible with python 3.12 yet * build(deps): bump golang.org/x/net in /internal/apmgodog (#1526) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgin (#1525) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmazure (#1524) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmecho (#1523) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmechov4 (#1522) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmbeego (#1521) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgoredisv8 (#1520) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgoredis (#1519) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * perf: improve memory usage in apmhttp module (#1531) * chore: enable dependabot version updates of github-actions yaml files (#1535) * dependabot: enable github and composite actions * chore: rename file to be .yml * build(deps): bump the github-actions group with 2 updates (#1536) * build(deps): bump the github-actions group with 2 updates Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Updates `actions/setup-go` from 3 to 4 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> * ci: drop cache Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> * updatecli: link to the original Pull Request (#1538) * ci: use gvm instead of gimme (#1537) * action: run-benchdiff (#1530) * build(deps): bump google.golang.org/grpc in /internal/apmgodog (#1534) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump google.golang.org/grpc in /module/apmgokit (#1532) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1529) Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.49.2 to 2.50.0. - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](https://github.com/gofiber/fiber/compare/v2.49.2...v2.50.0) --- updated-dependencies: - dependency-name: github.com/gofiber/fiber/v2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/labstack/echo/v4 in /module/apmechov4 (#1540) Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.6.1 to 4.9.0. - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](https://github.com/labstack/echo/compare/v4.6.1...v4.9.0) --- updated-dependencies: - dependency-name: github.com/labstack/echo/v4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgokit (#1517) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgrpc (#1518) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump google.golang.org/grpc in /module/apmgrpc (#1533) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * embed new opentelemetry interfaces to span/trace/traceprovider (#1544) * build: downgrade gin to 1.8.2 (#1515) * build: downgrade gin to 1.8.2 * lint: run go mod tidy * release: v2.4.6 (#1545) * release: v2.4.7 and properly sync module versions (#1546) * build(deps): bump the github-actions group with 1 update (#1547) Bumps the github-actions group with 1 update: [WillAbides/benchdiff-action](https://github.com/willabides/benchdiff-action). - [Release notes](https://github.com/willabides/benchdiff-action/releases) - [Commits](https://github.com/willabides/benchdiff-action/compare/4d1d267fa96763646dd7c0d58e242817ce392c61...990b4c50b5420b485bf87e42c9f18234eba76fbc) --- updated-dependencies: - dependency-name: WillAbides/benchdiff-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump the github-actions group with 1 update (#1549) Bumps the github-actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump the github-actions group with 1 update (#1552) Bumps the github-actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmbeego (#1557) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmecho (#1555) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmechov4 (#1553) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmlogrus (#1554) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmgin (#1556) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmpgx (#1559) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmpgxv5 (#1560) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmmongo (#1561) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmgopg (#1562) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmgormv2 (#1563) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmgopgv10 (#1558) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add nil and recording check to span.RecordError (#1566) Co-authored-by: Damien Mathieu <42@dmathieu.com> * Release 2.4.8 (#1568) * upgrade version * update changelog * updatecli: dynamic specs (#1570) * github-action: use wildcards for discovering all the workflows (#1571) * Fix typo (#1572) * ignore folders that are not actual modules in coverage check (#1579) * fixed typo from grpc.UnaryClientInterceptor to grpc.StreamClientInterceptor in the comments for NewStreamClientInterceptor in apmgrpc/client.go (#1574) Co-authored-by: Damien Mathieu <42@dmathieu.com> * build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1577) Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.50.0 to 2.52.1. - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](https://github.com/gofiber/fiber/compare/v2.50.0...v2.52.1) --- updated-dependencies: - dependency-name: github.com/gofiber/fiber/v2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Damien Mathieu <42@dmathieu.com> * security: add permissions block to workflows (#1575) * security: add permissions block to workflows * Update .github/workflows/labeler.yml * security: add permissions block to workflows * Update .github/workflows/snapshoty.yml --------- Co-authored-by: Damien Mathieu <42@dmathieu.com> * Switch to microsoft/mssqldb package (#1569) * switch to microsoft/mssqldb package * upgrade gorm in apmgormv2 * add write permission to labeler job (#1581) * upgrade go-restful to v3 (#1580) * build(deps): bump golang.org/x/crypto in /module/apmsql (#1564) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * make use of the SpanIDFieldName constant in apmzerolog (#1578) Co-authored-by: Damien Mathieu <42@dmathieu.com> * build(deps): bump github.com/jackc/pgx/v4 in /module/apmpgx (#1583) Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.17.0 to 4.18.2. - [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v4.17.0...v4.18.2) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/jackc/pgx/v4 in /module/apmgormv2 (#1584) Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.18.1 to 4.18.2. - [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v4.18.1...v4.18.2) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump github.com/jackc/pgx/v4 from 4.9.0 to 4.18.2 in /module/apmsql (#1585) * build(deps): bump github.com/jackc/pgx/v4 in /module/apmsql Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.9.0 to 4.18.2. - [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v4.9.0...v4.18.2) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * run update-modules --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dmathieu <damien.mathieu@elastic.co> Co-authored-by: Damien Mathieu <42@dmathieu.com> * Release v2.5.0 (#1582) * we don't support every version of Go, and don't use travis * upgrade to 2.5.0 * add changelog * Update CONTRIBUTING.md Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> --------- Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> * build(deps): bump google.golang.org/protobuf in /module/apmbeego (#1587) Bumps google.golang.org/protobuf from 1.26.0-rc.1 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/protobuf in /internal/apmgodog (#1591) Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/protobuf in /module/apmprometheus (#1586) Bumps google.golang.org/protobuf from 1.26.0-rc.1 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/protobuf in /module/apmgin (#1590) Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/protobuf in /module/apmgokit (#1588) Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/protobuf in /module/apmgrpc (#1589) Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/jackc/pgx/v5 in /module/apmpgxv5 (#1592) Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.0.4 to 5.5.4. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.0.4...v5.5.4) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/jackc/pgx/v5 in /module/apmgormv2 (#1593) Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.4.3 to 5.5.4. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.4.3...v5.5.4) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add apm/sqlserver module to apmsql doc (#1595) * specify `go get` needs to run within go modules (#1599) * chore: APM agent json server schema a76e999543efb3ba803c9a57dd13a4f6b... (#1601) ... 3ffa7e1 Made with ❤️️ by updatecli Co-authored-by: apmmachine <apmmachine@users.noreply.github.com> * feat: bump minimum go version to 1.21 (#1602) * feat: update genmod script for toolchain compatibility * feat: bump go version to 1.21 * feat: bump tools go version to 1.21 * Allow adding links after tx/span creation in agent, and handle `AddLink` in apmotel (#1605) * fix(apmotel): add noop addlinks for compatibility with newer otel version * handle apmotel's links --------- Co-authored-by: kruskal <99559985+kruskall@users.noreply.github.com> * feat: bump version to 2.6.0 (#1606) * feat: bump version to 2.6.0 * docs: update changelog section version * build(deps): bump golang.org/x/net in /module/apmgoredisv8 (#1615) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmbeego (#1616) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmechov4 (#1613) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgin (#1610) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgokit (#1607) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgoredis (#1614) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmazure (#1612) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /internal/apmgodog (#1609) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmgrpc (#1608) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net in /module/apmecho (#1611) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Slog Handler Elastic APM Integration (#1597) * Slog Handler Elastic APM Integration Implemented a slog handler that attached trace/correlation logs (if available) to the log message. Also will report specific log level logs as errors through an apm tracer. Add documentation links and clean up comments * Multi Error Reporting, Custom Report Attrs, and Clean Up Implemented ability to report multiple apm errors from one log. If a user adds multiple "reportable" error attributes to the log msg (default is "error" & "err"), instead of trying to join the errors into one or discarding one, the apmslog handler will report both errors. Added ability for a user to define what slog attribute keys they want to report as errors. Because there is no standard way in slog to attach an error to a msg log, I wanted to add the ability for the user to decide what is and what is not going to be reported. By default, slog attribute keys that are "error" or "err" are reported, but with the new `WithErrorRecordAttrs(keys)` function a user can define which keys will be reported. Cleaned up `ApmHandler` struct and methods. Since we want the user to use the included `NewApmHandler` function and its functional option functions, I decided to make all Struct fields private. Additionally added a check on if the `ApmHandler`'s `tracer` field is nill before trying to use it. It is still possible for a user to pass in a nil tracer using the `WithTracer` functional option. New tests and documentation added. * goimports formatting --------- Co-authored-by: cmenke <cmenke@remax.com> * Document the repository as being in maintenance only (#1617) * document the repository as being in maintenance only * small wording changes * fix wording * [Bugfix] apm.DefaultTracer misbehaves when transport configuration is invalid (#1618) * incase of invalid tracer config disabling it instead of returning discard transport * The default value of 'active' is true, setting it to 'false' to support the case where invalid tracer config * added a test case to check if tracer is being set to inactive incase of invalid configuration * removed unwanted variable and linter fix * fix precheck * ran gofmt and golangci-lint to format tracer.go and tracer_test.go * ensure tracecontext example has a discard tracer --------- Co-authored-by: dmathieu <damien.mathieu@elastic.co> * [Bugfix] gin web framework does not properly sanitize filename parameter of `Context.FileAttachment` function (#1620) * [Bugfix] gin web framework does not properly sanitize filename parameter of `Context.FileAttachment` function The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header. * run go mod tidy --------- Co-authored-by: dmathieu <damien.mathieu@elastic.co> * github-action: delete opentelemetry workflow (#1622) * ci: use updatecli with GitHub secrets (#1626) * ci: updatecli signed commits (#1627) * github-action: run buildkite action with GH secrets (#1628) * ci: remove snapshoty (#1629) * use `docker compose` rather than `docker-compose` (#1631) * build(deps): bump github.com/gofiber/fiber/v2 in /module/apmfiber (#1630) Bumps [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) from 2.52.1 to 2.52.5. - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](https://github.com/gofiber/fiber/compare/v2.52.1...v2.52.5) --- updated-dependencies: - dependency-name: github.com/gofiber/fiber/v2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Damien Mathieu <42@dmathieu.com> * updatecli: use shared policy (#1632) * deps(updatecli): bump all policies (#1635) * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-data-spec" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-gherkin" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-json-specs" Updatecli version policy Made with ❤️️ by updatecli --------- Co-authored-by: obltmachine <obltmachine@users.noreply.github.com> * updatecli: automate the policy bumps (#1633) * build(deps): bump docker/login-action in the github-actions group (#1639) Bumps the github-actions group with 1 update: [docker/login-action](https://github.com/docker/login-action). Updates `docker/login-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/0d4c9c5ea7693da7b068278f7b52bda2a190a446...9780b0c442fbb1117ed29e0efdff1e18412f7567) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updatecli: rename update-compose.yaml to updatecli-compose.yaml (#1642) * feat: add extra goos support (#1646) syscall.Errno is not available is some GOOS causing compile errors Move syscall specific code to separate file behind build tags making it future proof and adding support for all goos supported by the go runtime * release v2.6.2 (#1648) * deps(updatecli): bump all policies (#1650) * chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod... (#1651) ... iscovery/updatecli" Updatecli version policy Made with ❤️️ by updatecli Co-authored-by: obltmachine <obltmachine@users.noreply.github.com> * deps(updatecli): bump all policies (#1653) * chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod... ... iscovery/updatecli" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-data-spec" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-gherkin" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-json-specs" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod... ... iscovery/updatecli" Updatecli version policy Made with ❤️️ by updatecli * github-action: use ephemeral tokens with the required permissions (#1652) * chore: deps(updatecli/policy): bump "ghcr.io/updatecli/policies/autod... (#1654) ... iscovery/updatecli" Updatecli version policy Made with ❤️️ by updatecli Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com> * CVE-2024-8805 - update docker image (#1658) Follow snyk suggestion and update docker image to mitigate CVE-2024-8805. * github-actions: use GH app to manage the projects (#1660) * Revert "github-actions: use GH app to manage the projects" (#1662) This reverts commit 3c843c1ceb56b9b04bd9201b5d1f7480caa3215d. * github-actions: use ephemeral tokens with the right permissions (#1663) * Update logrus to v1.8.3 (#1665) Logrus v1.8.3 fixes a DoS security vulnerability. Reference: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 * ci: use macos-latest (#1666) the macOS 12 runner image will be removed by December 3rd, 2024 * github-action: use elastic/oblt-actions/check-dependent-jobs (#1667) * github-actions: use v1 for the oblt-actions (#1670) * deps(updatecli): bump all policies (#1671) * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-gherkin" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-data-spec" Updatecli version policy Made with ❤️️ by updatecli * chore: deps(updatecli/policy): bump "ghcr.io/elastic/oblt-updatecli-p... ... olicies/apm/apm-json-specs" Updatecli version policy Made with ❤️️ by updatecli --------- Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com> * ci: support updatecli version required for the new oblt updatecli policies (#1672) * build(deps): bump golang.org/x/crypto in /module/apmechov4 (#1673) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmmongo (#1674) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.17.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: APM agent json server schema 560cc4b604ede25ec70afd09f213d892f... (#1675) ... 30ceedc Made with ❤️️ by updatecli Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com> * Avoid `nil` values when unwrapping errors (#1677) * Avoid `nil` values when building up exception data. We sometimes see Buildkite fail to add annotations to a build and when this happens, it fails with the following error: ``` {"log.level":"error","ecs.version":"1.6.0","gobld.version":"7.25.2","gobld.gitCommit":"8eae7d1","error.message":"Message: An error occurred while executing your GraphQL query. Please contact hello@buildkite.com for help and provide this query in the email., Locations: [], Extensions: map[], Path: []","error":[{"message":"An error occurred while executing your GraphQL query. Please contact hello@buildkite.com for help and provide this query in the email.","extensions":null,"locations":null,"path":null}],"@timestamp":"2024-11-22T20:25:12.306Z","log.origin":{"file.name":"/go/src/gobld/buildkite/buildkite.go","file.line":157},"trace.id":"d9ab02ae11e462233dfbcdb189fc043a","transaction.id":"d9ab02ae11e46223","trace.id":"325cf6b488e72c6e7457be8ecaf46eca","transaction.id":"325cf6b488e72c6e","span.id":"af9de4294dd6daf0","message":"Failed to annotate build"} panic: reflect: call of reflect.Value.Type on zero Value goroutine 319 [running]: reflect.Value.typeSlow({0x0?, 0x0?, 0x40eb9f?}) /usr/local/go/src/reflect/value.go:2699 +0x113 reflect.Value.Type(...) /usr/local/go/src/reflect/value.go:2694 go.elastic.co/apm/v2.(*exceptionDataBuilder).init(0xc0010eef50, 0xc004a800a0, {0x0, 0x0}) /root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:414 +0xf6 go.elastic.co/apm/v2.(*exceptionDataBuilder).init(0xc0010eef50, 0xc00af0a020, {0x343fcc0, 0xc001316588}) /root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:499 +0x8e5 go.elastic.co/apm/v2.initException(...) /root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:402 go.elastic.co/apm/v2.(*Tracer).NewError(0x3461720?, {0x343fcc0, 0xc001316588}) /root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/error.go:103 +0xec go.elastic.co/apm/v2.CaptureError({0x3461720, 0xc0008022d0}, {0x343fcc0, 0xc001316588}) /root/go/pkg/mod/go.elastic.co/apm/v2@v2.6.2/gocontext.go:132 +0xed http://github.com/elastic/gobld/buildkite.(*buildkite ).AnnotateBuild(0xc0006a0c20, {0x3461720?, 0xc00a55b080?}, {0xc0009d1440, 0x3c}, {0x2ce4a15, 0x11}, {0xc000969880, 0x370}, {0x2cce7a8, ...}, ...) /go/src/gobld/buildkite/buildkite.go:158 +0x585 http://github.com/elastic/gobld/creator.ProcessJob ({_, }, , {{0x343ee20, 0xc00a4ccb40}, {0xc00073e260, 0xd}, {0x3462308, 0xc0006a0c20}, {0xc000a14540, ...}, ...}, ...) /go/src/gobld/creator/creator.go:356 +0xfad http://github.com/elastic/gobld/creator.ProcessJobs (, {, _}, {{0x343ee20, 0xc00a4ccb40}, {0xc00073e260, 0xd}, {0x3462308, 0xc0006a0c20}, {0xc000a14540, ...}, ...}) /go/src/gobld/creator/creator.go:257 +0x3ae created by http://github.com/elastic/gobld/creator.(*creator ).StartWorkers in goroutine 321 /go/src/gobld/creator/creator.go:218 +0x151 ``` One hunch of mine is that, somehow, the `err` passed in to `init(e *exceptionData, err error)` is nil and therefor, the `reflectValue.Type()` call on its value returns an error "Type on zero Value". If that supposition is correct, then changing the following block to confirm `err` isn't nil before passing it in would obviate the problem: ``` for _, err := range e.ErrorDetails.Cause { if b.errorCount >= maxErrorTreeNodes { break } var data exceptionData if b.init(&data, err) { e.cause = append(e.cause, data) } } ``` However, I may well be (very) wrong about this so I'd welcome any feedback from people more knowledgeable around this code than I am. For one thing, I have not been able to run this modified code to confirm it has any effect on the above Buildkite crash. * Fix nil check during unwrapping. Instead of aborting after encountering a `nil` error and thus missing other potential causes, add missing nil check in the `Unwrap` method that takes a slice. Also include a test for actually exercising this code and reproducing the problem seen in the wild (in Buildkite). Thanks to @kruskall for providing the test and the excellent suggestion. * build: update version to 2.6.3 (#1678) * feat: bump version to 2.6.3 * build: update changelog * build(deps): bump golang.org/x/net in /module/apmgin (#1679) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmbeego (#1680) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto in /module/apmpgxv5 (#1681) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/crypto from 0.20.0 to 0.31.0 in /module/apmsql (#1682) * build(deps): bump golang.org/x/crypto in /module/apmsql Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * run go mod tidy --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dmathieu <damien.mathieu@elastic.co> * build(deps): bump golang.org/x/crypto in /module/apmecho (#1683) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump minimum Go version to 1.22 (#1684) * build(deps): bump golang.org/x/net in /module/apmbeego (#1685) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add the new ci checks (#1688) * build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /module/apmgrpc (#1690) * build(deps): bump golang.org/x/net in /module/apmgrpc Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * run go mod tidy --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dmathieu <damien.mathieu@elastic.co> * remove coverage ci check (#1693) * Run ci with fips check (#1691) * run ci with fips check * disable custom certificate path in fips mode * prevent disabling certificate verification in fips mode * fix goimports * remove fips disabled checks from non-fips tests * Update Makefile Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co> * Revert "Update Makefile" This reverts commit e585f0060521fe4b6421f8b7f7d2e3c86aa7c51b. * Update Makefile Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co> --------- Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co> * Fix random precheck failures (#1695) * build(deps): bump golang.org/x/net in /module/apmazure (#1694) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [docs] Migrate docs from AsciiDoc to Markdown (#1689) * delete asciidoc files * add migrated files * clean up cross-repo links * Drop support for go 1.22 (#1697) * drop support for go 1.22 * upgrade fastjson * remove patch version * Release 2.7.0 (#1698) * upgrade version to 2.7.0 * add changelog entry --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Marc Lopez Rubio <marc5.12@outlook.com> Co-authored-by: Andrew Wilkins <axw@elastic.co> Co-authored-by: Silvia Mitter <silvia.mitter@elastic.co> Co-authored-by: SylvainJuge <763082+SylvainJuge@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kruskall <99559985+kruskall@users.noreply.github.com> Co-authored-by: yw <yangweilim21@gmail.com> Co-authored-by: Marc Lopez Rubio <marc5.12@outlook.com> Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com> Co-authored-by: Brandon Morelli <brandon.morelli@elastic.co> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> Co-authored-by: Trent Mick <trentm@gmail.com> Co-authored-by: Jack She <jackshe2702@gmail.com> Co-authored-by: Carson Ip <carsonip@users.noreply.github.com> Co-authored-by: Shubham Sharma <87318534+shubhamsharma7867@users.noreply.github.com> Co-authored-by: Jan Calanog <jan.calanog@elastic.co> Co-authored-by: Daniel Dias de Assumpção <dassump@gmail.com> Co-authored-by: apmmachine <58790750+apmmachine@users.noreply.github.com> Co-authored-by: apmmachine <apmmachine@users.noreply.github.com> Co-authored-by: charliemenke <38671724+charliemenke@users.noreply.github.com> Co-authored-by: cmenke <cmenke@remax.com> Co-authored-by: Suchi Fatmawati <andrizafran067@gmail.com> Co-authored-by: obltmachine <150269514+obltmachine@users.noreply.github.com> Co-authored-by: obltmachine <obltmachine@users.noreply.github.com> Co-authored-by: elastic-observability-automation[bot] <180520183+elastic-observability-automation[bot]@users.noreply.github.com> Co-authored-by: Florian Lehner <florianl@users.noreply.github.com> Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co> Co-authored-by: Robin Verduijn <robinverduijn@users.noreply.github.com> Co-authored-by: Colleen McGinnis <colleen.j.mcginnis@gmail.com> Co-authored-by: Colleen McGinnis <colleen.mcginnis@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
agent-go
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps golang.org/x/net from 0.23.0 to 0.33.0.
Commits
dfc720d
go.mod: update golang.org/x dependencies8e66b04
html: use strings.EqualFold instead of lowering ourselvesb935f7b
html: avoid endless loop on error token9af49ef
route: remove unused sizeof* consts6705db9
quic: clean up crypto streams when dropping packet protection keys4ef7588
quic: handle ACK frame in packet which drops number space552d8ac
Revert "route: change from syscall to x/sys/unix"13a7c01
Revert "route: remove unused sizeof* consts on freebsd"285e1cf
go.mod: update golang.org/x dependenciesd0a1049
route: remove unused sizeof* consts on freebsdDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.