primal/athens
1
0
Fork 0
mirror of https://github.com/gomods/athens synced 2026-02-03 08:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,081 Commits 29 Branches 34 Tags
main
Commit Graph

111 Commits

Author SHA1 Message Date
William Fisher
cef941bf85 go.mod: vulnerabilities: bump go version to 1.23.12 for (#2077) 
`govulncheck` detects some vulnerabilities from the current builds that
are resolved by bumping the minor Go version to `.12`. I have kept the
major version the same.

On current `main`:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode binary ./athens
    === Symbol Results ===

    Vulnerability #1: GO-2025-3956
        Unexpected paths returned from LookPath in os/exec
      More info: https://pkg.go.dev/vuln/GO-2025-3956
      Standard library
        Found in: os/exec@go1.23.5
        Fixed in: os/exec@go1.23.12
        Vulnerable symbols found:
          #1: exec.LookPath

    Vulnerability #2: GO-2025-3849
        Incorrect results returned from Rows.Scan in database/sql
      More info: https://pkg.go.dev/vuln/GO-2025-3849
      Standard library
        Found in: database/sql@go1.23.5
        Fixed in: database/sql@go1.23.12
        Vulnerable symbols found:
          #1: sql.Row.Scan
          #2: sql.Rows.Scan

    Vulnerability #3: GO-2025-3751
        Sensitive headers not cleared on cross-origin redirect in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3751
      Standard library
        Found in: net/http@go1.23.5
        Fixed in: net/http@go1.23.10
        Vulnerable symbols found:
          #1: http.Client.Do
          #2: http.Client.Get
          #3: http.Client.Head
          #4: http.Client.Post
          #5: http.Client.PostForm

    Vulnerability #4: GO-2025-3563
        Request smuggling due to acceptance of invalid chunked data in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3563
      Standard library
        Found in: net/http/internal@go1.23.5
        Fixed in: net/http/internal@go1.23.8
        Vulnerable symbols found:
          #1: internal.chunkedReader.Read

    Your code is affected by 4 vulnerabilities from the Go standard library.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

After version bump:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode=binary ./athens 
    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.
 2025-10-23 16:24:05 +02:00
dependabot[bot]
47b69500c2 chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.27.0 (#2058) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.23.0 to 0.27.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.23.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.27.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-19 14:31:56 +02:00
dependabot[bot]
b338559444 chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 (#2044) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.36.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-17 06:27:17 +02:00
dependabot[bot]
18041d7364 chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#2036) 
Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.5.1 to 4.5.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-22 16:18:19 +02:00
dependabot[bot]
b479740ac2 chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#2035) 
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-22 15:47:41 +02:00
dependabot[bot]
4a3c4e4051 chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 (#2034) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-13 06:46:04 +02:00
dependabot[bot]
de19d14c17 chore(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 (#2024) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.30.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.30.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matt <matt.ouille@protonmail.com>
 2025-02-19 04:44:41 +00:00
HDYA-BackFire
b1036a9dc8 [chore][golang] bump golang to 1.23.5 for security patches (#2025) 2025-01-27 12:20:22 -08:00
yueluhuan
ac9e4fa4fe Bump go version to 1.23.4 (#2019) 2025-01-20 08:51:00 +01:00
dependabot[bot]
f348d6c311 update-go-pkg(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager (#2011) 
Bumps [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) from 1.16.15 to 1.17.43.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.16.15...credentials/v1.17.43)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-09 06:02:40 +02:00
dependabot[bot]
e765256033 update-go-pkg(deps): bump github.com/go-playground/validator/v10 (#2009) 
Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.19.0 to 10.23.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.19.0...v10.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 06:17:13 +02:00
dependabot[bot]
bf38a47902 update-go-pkg(deps): bump github.com/gobuffalo/httptest (#2007) 
Bumps [github.com/gobuffalo/httptest](https://github.com/gobuffalo/httptest) from 1.0.4 to 1.5.2.
- [Release notes](https://github.com/gobuffalo/httptest/releases)
- [Commits](https://github.com/gobuffalo/httptest/compare/v1.0.4...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/gobuffalo/httptest
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-25 08:09:18 +02:00
dependabot[bot]
531dcf6ff3 update-go-pkg(deps): bump github.com/aws/smithy-go from 1.20.2 to 1.22.1 (#2005) 
Bumps [github.com/aws/smithy-go](https://github.com/aws/smithy-go) from 1.20.2 to 1.22.1.
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.20.2...v1.22.1)

---
updated-dependencies:
- dependency-name: github.com/aws/smithy-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-18 08:09:29 +02:00
Nicholas Wiersma
e53c524a96 chore: upgrade go to v1.23.2 (#1997) 
Upgrades Go to 1.23.2
 2024-11-14 05:36:25 +00:00
Nicholas Wiersma
76e7c3746a chore: bump cloud.google.com/go/storage to v1.45.0 (#1996) 2024-11-14 07:23:41 +02:00
dependabot[bot]
c71cb72a2f update-go-pkg(deps): bump github.com/go-redis/redis/v8 (#2001) 
Bumps [github.com/go-redis/redis/v8](https://github.com/go-redis/redis) from 8.11.4 to 8.11.5.
- [Release notes](https://github.com/go-redis/redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/v8.11.5/CHANGELOG.md)
- [Commits](https://github.com/go-redis/redis/compare/v8.11.4...v8.11.5)

---
updated-dependencies:
- dependency-name: github.com/go-redis/redis/v8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 06:41:12 +02:00
dependabot[bot]
ce19cde35f chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#1999) 
Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-05 06:20:14 +02:00
dependabot[bot]
bf31119b38 update-go-pkg(deps): bump contrib.go.opencensus.io/exporter/stackdriver (#1998) 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.6.0 to 0.13.14.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.6.0...v0.13.14)

---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-04 09:05:34 +01:00
dependabot[bot]
6510048069 update-go-pkg(deps): bump github.com/spf13/afero from 1.8.2 to 1.11.0 (#1960) 
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.8.2 to 1.11.0.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.8.2...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-28 09:14:25 +02:00
Matt
0092d3a118 Upgrade to Go 1.22 toolchain (#1987) 
Upgrades to the Go 1.22 toolchain. Upgrades golangci-lint to 1.61.0 and disables some new linters.

---------

Co-authored-by: Nicholas Wiersma <nick@wiersma.co.za>
 2024-09-28 05:51:14 +00:00
Matt
6f1346fdb9 Fix: Change goreleaser flag from --rm-dist to --clean (#1984) 
Fixing a release with maintainer permissions
 2024-09-08 21:27:48 -07:00
yueluhuan
34002b8408 Switch from ADAL to AzIdentity, Add Azure Storage Token Refresh, and Update Golang Version (#1977) 
Uses the new Azure Identity package for current support. Support automated Azure storage token refresh. Sets the default value of Athens storage account key and Azure managed identity resource id should be empty.
 2024-09-09 03:03:26 +00:00
yueluhuan
1e39c23d72 Add aad auth option when using azure storage account (#1973) 
Support managed identity authentication in Azure Blob Storage.
 2024-07-14 18:21:31 -07:00
dependabot[bot]
426fd24457 update-go-pkg(deps): bump github.com/unrolled/secure (#1955) 
Bumps [github.com/unrolled/secure](https://github.com/unrolled/secure) from 0.0.0-20181221173256-0d6b5bb13069 to 1.14.0.
- [Release notes](https://github.com/unrolled/secure/releases)
- [Commits](https://github.com/unrolled/secure/commits/v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/unrolled/secure
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-29 22:00:03 -07:00
dependabot[bot]
7c1518da9d Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.25.0 to 0.46.0 (#1901) 
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc

Bumps [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.25.0 to 0.46.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.25.0...zpages/v0.46.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update packages that depend on otel

* Use same version for etcd packages

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matt Ouille <matt.ouille@protonmail.com>
 2024-04-29 05:27:27 +00:00
Vanes Angelo
900cb4f7c1 Upgrade to AWS SDK v2 (#1938) (#1950) 
Upgrades the AWS SDK to v2. AWS S3 bucket urls will now error if they are not prefixed with a schema (example: https://).
 2024-04-28 21:38:42 -07:00
dependabot[bot]
ae36734542 build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 (#1946) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matt <matt.ouille@protonmail.com>
 2024-04-20 13:00:39 -07:00
dependabot[bot]
8d9b7676fd update-go-pkg(deps): bump github.com/aws/aws-sdk-go (#1942) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.220 to 1.51.21.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.220...v1.51.21)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-16 19:24:54 -07:00
Matt
a32e5f0a42 Upgrade logrus from 1.7.0 => 1.9.3 (#1934) 
Logurs prior to 1.9.3 is subject to https://nvd.nist.gov/vuln/detail/CVE-2023-0056
 2024-04-04 15:07:09 -07:00
dependabot[bot]
46f5731608 update-go-pkg(deps): bump github.com/stretchr/testify (#1933) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-01 09:09:07 +02:00
dependabot[bot]
b72f01b7bc update-go-pkg(deps): bump github.com/lib/pq from 1.10.7 to 1.10.9 (#1923) 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.7 to 1.10.9.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.7...v1.10.9)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-26 06:11:05 +02:00
tanx
c072f6089a Update mongodb driver (#1928) 
Updates the MongoDB driver
 2024-03-25 15:39:14 -07:00
Matt
08520bf894 Add log formatting settings (#1926) 
Adds a log format setting as ATHENS_LOG_FORMAT that can be either plain or JSON when CloudRuntime is none (the default). Does not break or change any existing behavior.
 2024-03-21 09:07:39 -07:00
dependabot[bot]
d877af2099 update-go-pkg(deps): bump go.etcd.io/etcd/api/v3 from 3.5.9 to 3.5.12 (#1919) 
Bumps [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd) from 3.5.9 to 3.5.12.
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.5.9...v3.5.12)

---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-14 02:36:28 -07:00
dependabot[bot]
334dfdea82 update-go-pkg(deps): bump github.com/stretchr/testify (#1918) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-26 06:46:53 +02:00
dependabot[bot]
ee327f59d8 update-go-pkg(deps): bump github.com/gorilla/mux from 1.6.2 to 1.8.1 (#1917) 
Bumps [github.com/gorilla/mux](https://github.com/gorilla/mux) from 1.6.2 to 1.8.1.
- [Release notes](https://github.com/gorilla/mux/releases)
- [Commits](https://github.com/gorilla/mux/compare/v1.6.2...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/gorilla/mux
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-19 06:52:22 +02:00
dependabot[bot]
2ac4289974 build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#1907) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DrPsychick <drpsychick@drsick.net>
 2024-01-04 13:04:18 +01:00
dependabot[bot]
fc807a56bd Bump google.golang.org/grpc from 1.44.0 to 1.56.3 (#1900) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.56.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.44.0...v1.56.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-09 17:11:08 +01:00
dependabot[bot]
05d502df4c Bump golang.org/x/net from 0.8.0 to 0.17.0 (#1898) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.8.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-08 16:36:56 +02:00
Thomas
9a14565152 fix(pkg/stash): close etcd sessions (#1887) 2023-09-18 12:15:41 -07:00
Manu Gupta
16644cb6d1 update dependencies x/net and aws sdk (#1854) 2023-03-13 20:52:17 -07:00
dependabot[bot]
511fb11e50 update-go-pkg(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#1846) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.8 to 0.5.9.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.8...v0.5.9)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-13 10:55:01 +02:00
dependabot[bot]
d663c255ac Bump golang.org/x/crypto from 0.0.0-20211108221036-ceb1ce70b4fa to 0.1.0 (#1848) 2023-03-13 00:27:43 -07:00
dependabot[bot]
f7e7b14484 Bump golang.org/x/net from 0.0.0-20220425223048-2871e0cb64e4 to 0.7.0 (#1847) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220425223048-2871e0cb64e4 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/commits/v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-12 22:28:12 -07:00
Nicholas Wiersma
4090b0620a feat: update to Go 1.20 (#1838) 
Co-authored-by: Manu Gupta <manugupt1@gmail.com>
 2023-03-12 22:12:39 -07:00
dependabot[bot]
af82a7a9cd update-go-pkg(deps): bump github.com/google/uuid from 1.1.2 to 1.3.0 (#1822) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.1.2 to 1.3.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Commits](https://github.com/google/uuid/compare/v1.1.2...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ashish Ranjan <ashishranjan2912@gmail.com>
 2023-02-28 13:17:04 +08:00
dependabot[bot]
c4dec51b01 Bump github.com/aws/aws-sdk-go from 1.33.0 to 1.34.0 (#1824) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.33.0 to 1.34.0.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/v1.34.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ashish Ranjan <ashishranjan2912@gmail.com>
 2023-02-27 18:07:55 +08:00
dependabot[bot]
257bb752fb Bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1 (#1825) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ashish Ranjan <ashishranjan2912@gmail.com>
 2023-02-26 14:38:51 +05:30
dependabot[bot]
66582eebfe Bump golang.org/x/text from 0.3.7 to 0.3.8 (#1829) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-24 20:02:24 -08:00
Rob Prentiss
23bfcd19bc Update lib/pq to fix cert permissions issues (#1804) 
When attempting to connect to a PostgreSQL database using certificate
credentials, authentication may fail due to permissions issues on the
certificate files. When using Athens in Kubernetes, this issue may be
unavoidable when using secrets.

The github.com/lib/pq library has resolved this issue as of v1.10.6, so
this commit updates that library to the latest release version (v1.10.7)
to resolve the issue in Athens.

Co-authored-by: Ashish Ranjan <ashishranjan2912@gmail.com>
 2023-01-30 13:49:43 +08:00