Bump mellium.im/sasl from 0.2.1 to 0.3.1 #1969
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps mellium.im/sasl from 0.2.1 to 0.3.1. --- updated-dependencies: - dependency-name: mellium.im/sasl dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
|
@vmihailenco is this from Github's security thing? |
|
@elliotcourant Yes, it's auto generated by Dependabot; I came here looking for this because |
|
I'll tinker with it this evening; I'm not sure who is using 1.16 but maybe its time to just roll support for that one out, especially if the vulnerable library in question no longer supports it. |
|
If builds succeed I'll merge and do a tagged release this evening. |
|
@nyergler Please upgrade to the latest version of go-pg, https://github.com/go-pg/pg/releases/tag/v10.11.0 |
|
@elliotcourant Thank you! |
mojtabacazi
added a commit
to jamscloud/pg
that referenced
this pull request
Nov 3, 2023
* Warn on unknown tags * Change Logger interface * Add RealWorld example app * using go.opentelemetry.io/otel @v0.11.0 see https://github.com/open-telemetry/opentelemetry-go/releases/tag/v0.11.0 * ran go mod tidy * Add msgpack option * Set span name. Updates go-pg#1699 * Add nopk field option * Increase read buffer size to 1mb and reuse it via sync.Pool * feat(otel): Use first word as span name without operation. * Cleanup code * Update sponsors * Update * Add docs badge * Fix badge * Extract pgext to separate Go module * Add pgext to readme * Update changelog * Split channel and ping timeout * Change chan Notification * Fix test * . * Add ability to scan into map[string]interface{} * Add json_use_number to the list of known options * Test on Go 1.15 * Fix map update and insert * Fix test on older Postgres * Add support for scanning into map slice * Cleanup todo * Update changelog * Update sponsors to changelog * Restore column alloc * Add types.Numeric * Add Discord * Update issue templates * Update issue template * Disable blank template * Add stackoverflow linke * Cleanup * Better naming * Cleanup * Add self-validating rel tag option * Update changelog * Rework rel * Cleanup example * Update example * Update example names * Fix structs sharing in has-many * Add basic example * Update changelog * Fix discord link * orm: warn on tag name mistake * Add renovate.json * chore(deps): update golang.org/x/exp commit hash to ae8ad44 * chore(deps): update module onsi/ginkgo to v1.14.1 * Fix m2m table name containing a schema * Update module onsi/gomega to v1.10.2 * Fix a typo in changelog * Change hooks to be LIFO * Make sure to call after hook on error * Fix fk handling for has-one rel * Use primary key as fallback in m2m * Fix m2m using column without a prefix * dont-swallow-before-query-errors * Update golang.org/x/exp commit hash to 20d5ce0 * Update example names * Fix example name * Don't use retry backoff in listener * Add go vet * Update golang.org/x/exp commit hash to 18d7dbd * Add discord badge * Parse field tag only once when check for relation * Implement soft delete for scanner * Tweak scanning into a map * Fix build * Reset map slice len before scanning data * Add HexEncoder * Properly pass data len in scanner * fix many2many for multi-tenant applications (table names with a param) * dependency update and workaround for opentelemetry api change * Cleanup * Fix default + use_zero insert * Improve known tag check * Add treemux * Update module vmihailenco/tagparser to v0.1.2 * Cleanup * More resources * Update module go.opentelemetry.io/otel to v0.13.0 * Update readme * Update module onsi/ginkgo to v1.14.2 * Update module onsi/gomega to v1.10.3 * orm: try SQL name as fk. Fixes go-pg#1757 * Update dependencies * Add alias to the list of known options * Add extra modules * Remove pgext * chore(deps): update module go-pg/pg/v10 to v10.5.0 * Improve scanning null values * Don't reuse column name * Feat: Remove byte slice in ColumnAlloc * Remove unused column * Add an optional EmptyLine in log * Move changelog to docs * Tweak otel span and attrs name * Fix build * Try funding * Otel v0.14 * orm: improve WherePK for custom types * Fix batch update and delete * Fix WherePK for slices * Properly trim extra comma * chore(deps): update module go.opentelemetry.io/otel to v0.15.0 * Add go-pg-monitor to README ecosystem section * Bump dependencies * Undone timeout and cancel in Rollback/Commit context * Fix logger prefix * (go-pg#1830) Fixed notice during startup error. This adds handling of Notice messages during startup and will log the messages for the client to see so they may take action. * Remove renovate * Bumped otel up to v0.17.0 * Bumped otel up to v0.17.0 Bumped up testify t0 v1.7.0 * Update dependencies * Add utm * Add banner * Otel v0.18 * Fix otel db.system name According to the open [telemetry specification](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/semantic_conventions/database.md#connection-level-attributes): > db.system MUST be one of the following or, if none of the listed values apply, a custom value: Down the list the name for postgres reads as "postgresql". Add the remaining "ql" characters and conform the expectations of the spec. * Add a link to discussions * Fix discussions link * Use unformatted query when over limit * Update dependencies * Remove confusing statement * orm: improve template to omits columns when there are plenty * Add DBI * Move changelog back to the repo * pgotel: add hard query limit * Make extra modules to follow go-pg versioning * Update changelog * Add NewJSONProvider * extra/pgotel: add readme and example * Fix title * OpenTelemetry v0.20.0 * Add link to Bun * Mark more errors as fatal * Remove OpenTelemetry instrumentation from the core (but keep pgotel as is) * Update OpenTelemetry * Always remove canceled conn from the pool * Add big.Int link * int[] type to array conversion * Update example_model_test.go * Add link to Bun * Add possibility to specify custom `join_fk` for "has-one" relations. Will close go-pg#1812. * Replace travis * Add support for ScramSha256Plus * gofmt and go mod tidy * Release v10.10.4 (release.sh) * Version v10.10.4 (tag.sh) * Fix SASL authentication * Release v10.10.5 (release.sh) * Replace release script * Update dependencies * Update changelog * Release v10.10.6 (release.sh) * chore: tweak readme * fix: Add `-race` flag to GitHub actions test workflow. Added `-race` to the `test` target in the Makefile, this way tests that are run in GitHub Actions will help reveal any potential race conditions. * chore: update links * chore: update link * chore: update readme * chore: add monetr * Fix a bug for sending cancel request to terminate a long running query (go-pg#1952) * Add for loop for checking if the query is finished or is cancelled * Rename a var from RetryStatementTimeout to RetryCancelledQuery and update a comment * Send a cancel request when there is a bad connection error * Rename a var back to RetryStatementTimeout * Revert a change in withConn * Revert changes for comments * Add an unit test for testing sending a cancel request when a connection is timed out * Change the return values of isBadConn to return error code if it has * Send a cancel request when it is a bad conn expect 25P02 case * chore(ci): Bumping CI versions for Go. (go-pg#1955) * Add shortcut WhereInOr (go-pg#1947) * Add shortcut WhereInOr * Add tests for WhereInOr Co-authored-by: p.vorontsov <[email protected]> * chore: cleanup * chore: add release scripts (go-pg#1957) * fix(notify): Fixed race condition in listener. (go-pg#1963) This resolves a race condition in listener where `ln.closed` was being read without a mutex at the same time it could be written. Just move the mutex unlock for `Unlisten` down, **but not defer it** so that the mutex still holds the lock properly. But does not cause a deadlock with release conn. * Release v10.10.7 (release.sh) (go-pg#1964) * chore: update * chore: update * Bump mellium.im/sasl from 0.2.1 to 0.3.1 (go-pg#1969) * Bump mellium.im/sasl from 0.2.1 to 0.3.1 Bumps mellium.im/sasl from 0.2.1 to 0.3.1. --- updated-dependencies: - dependency-name: mellium.im/sasl dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * chore: Removing Go 1.16 support. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Elliot Courant <[email protected]> * chore: Make release scripts work on mac OS * Release v10.11.0 (release.sh) (go-pg#1970) * Bump golang.org/x/sys from 0.0.0-20210923061019-b8560ed6a9b7 to 0.1.0 (go-pg#1974) * Bump golang.org/x/crypto from 0.0.0-20210921155107-089bfa567519 to 0.1.0 (go-pg#1975) * Update err for single conn pool when context.Done() return first (go-pg#1981) * Update err from ctx if reason is nil * Add a unit test * Move pool object to the test itself * Rename a var from cl to cancel * Add comment for explaining why ctx.Err() is used * Release v10.11.1 (release.sh) (go-pg#1982) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Vladimir Mihailenco <[email protected]> Co-authored-by: burner-account <[email protected]> Co-authored-by: j2gg0s <[email protected]> Co-authored-by: Renovate Bot <[email protected]> Co-authored-by: ferhat elmas <[email protected]> Co-authored-by: Jeremy Mickelson <[email protected]> Co-authored-by: Shoshin Nikita <[email protected]> Co-authored-by: Martin Ottenwaelter <[email protected]> Co-authored-by: burner-account <[email protected]> Co-authored-by: j2gg0s <[email protected]> Co-authored-by: frederikhors <[email protected]> Co-authored-by: Igor Zibarev <[email protected]> Co-authored-by: Anatoly Rugalev <[email protected]> Co-authored-by: Elliot Courant <[email protected]> Co-authored-by: Marvin Hansen <[email protected]> Co-authored-by: Matthew Nibecker <[email protected]> Co-authored-by: alexander <[email protected]> Co-authored-by: 047801 <[email protected]> Co-authored-by: Vladimir Stolyarov <[email protected]> Co-authored-by: xin-tsla <[email protected]> Co-authored-by: Elliot Courant <[email protected]> Co-authored-by: swad2007 <[email protected]> Co-authored-by: p.vorontsov <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps mellium.im/sasl from 0.2.1 to 0.3.1.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.