Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CVE-2022-28948 #1938

Merged
merged 2 commits into from
Feb 21, 2024
Merged

Fix CVE-2022-28948 #1938

merged 2 commits into from
Feb 21, 2024

Conversation

ferhatelmas
Copy link
Contributor

Drop logrus in favor of slog.
Bump testify and use in healthcheck
test to make it direct dependency.

Fixes #1932.

Drop logrus in favor of slog.
Bump testify and use in healthcheck
test to make it direct dependency.

Fixes minio#1932.
go.mod Outdated Show resolved Hide resolved
Copy link
Member

@harshavardhana harshavardhana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You cannot remove JSON marshal of the logs they are used by mint tests

https://github.com/minio/mint

@ferhatelmas
Copy link
Contributor Author

You cannot remove JSON marshal of the logs they are used by mint tests

I am not sure if I get this comment because JSON formatting of comments aren't changed but custom marshaler is removed since it's not needed (i.e. we use slog.JSONHandler now).

go.mod Outdated Show resolved Hide resolved
@ferhatelmas
Copy link
Contributor Author

@harshavardhana anything else is needed to get this in?

@harshavardhana harshavardhana merged commit de3d492 into minio:master Feb 21, 2024
7 checks passed
charithe referenced this pull request in cerbos/cerbos Mar 4, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
| [github.com/aws/aws-sdk-go](https://togithub.com/aws/aws-sdk-go) |
`v1.50.25` -> `v1.50.30` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go/v1.50.30?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2faws%2faws-sdk-go/v1.50.30?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2faws%2faws-sdk-go/v1.50.25/v1.50.30?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go/v1.50.25/v1.50.30?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | patch |
|
[github.com/bufbuild/protovalidate-go](https://togithub.com/bufbuild/protovalidate-go)
| `v0.5.2` -> `v0.6.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fbufbuild%2fprotovalidate-go/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fbufbuild%2fprotovalidate-go/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fbufbuild%2fprotovalidate-go/v0.5.2/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fbufbuild%2fprotovalidate-go/v0.5.2/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
|
[github.com/fergusstrange/embedded-postgres](https://togithub.com/fergusstrange/embedded-postgres)
| `v1.25.0` -> `v1.26.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2ffergusstrange%2fembedded-postgres/v1.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2ffergusstrange%2fembedded-postgres/v1.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2ffergusstrange%2fembedded-postgres/v1.25.0/v1.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2ffergusstrange%2fembedded-postgres/v1.25.0/v1.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
| [github.com/gdamore/tcell/v2](https://togithub.com/gdamore/tcell) |
`v2.7.1` -> `v2.7.4` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgdamore%2ftcell%2fv2/v2.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgdamore%2ftcell%2fv2/v2.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgdamore%2ftcell%2fv2/v2.7.1/v2.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgdamore%2ftcell%2fv2/v2.7.1/v2.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | patch |
| [github.com/minio/minio-go/v7](https://togithub.com/minio/minio-go) |
`v7.0.67` -> `v7.0.68` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fminio%2fminio-go%2fv7/v7.0.68?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fminio%2fminio-go%2fv7/v7.0.68?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fminio%2fminio-go%2fv7/v7.0.67/v7.0.68?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fminio%2fminio-go%2fv7/v7.0.67/v7.0.68?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | patch |
|
[github.com/prometheus/client_golang](https://togithub.com/prometheus/client_golang)
| `v1.18.0` -> `v1.19.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fprometheus%2fclient_golang/v1.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fprometheus%2fclient_golang/v1.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fprometheus%2fclient_golang/v1.18.0/v1.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fprometheus%2fclient_golang/v1.18.0/v1.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
| [github.com/stretchr/testify](https://togithub.com/stretchr/testify) |
`v1.8.4` -> `v1.9.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fstretchr%2ftestify/v1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fstretchr%2ftestify/v1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fstretchr%2ftestify/v1.8.4/v1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fstretchr%2ftestify/v1.8.4/v1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
| golang.org/x/crypto | `v0.19.0` -> `v0.20.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fcrypto/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fcrypto/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
|
[google.golang.org/genproto/googleapis/api](https://togithub.com/googleapis/go-genproto)
| `b0ce06b` -> `df926f6` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/v0.0.0-20240221002015-b0ce06bbee7c/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/v0.0.0-20240221002015-b0ce06bbee7c/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | digest |

---

### Release Notes

<details>
<summary>aws/aws-sdk-go (github.com/aws/aws-sdk-go)</summary>

###
[`v1.50.30`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v15030-2024-03-01)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.29...v1.50.30)

\===

##### Service Client Updates

-   `service/accessanalyzer`: Updates service documentation
-   `service/autoscaling`: Updates service documentation
- With this release, Amazon EC2 Auto Scaling groups, EC2 Fleet, and Spot
Fleet improve the default price protection behavior of attribute-based
instance type selection of Spot Instances, to consistently select from a
wide range of instance types.
-   `service/ec2`: Updates service documentation
- With this release, Amazon EC2 Auto Scaling groups, EC2 Fleet, and Spot
Fleet improve the default price protection behavior of attribute-based
instance type selection of Spot Instances, to consistently select from a
wide range of instance types.

###
[`v1.50.29`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v15029-2024-02-29)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.28...v1.50.29)

\===

##### Service Client Updates

-   `service/docdb-elastic`: Updates service API and documentation
-   `service/eks`: Updates service API
- `service/migrationhuborchestrator`: Updates service API and
documentation
-   `service/models.lex.v2`: Updates service API and documentation
-   `service/quicksight`: Updates service API and documentation
- TooltipTarget for Combo chart visuals; ColumnConfiguration limit
increase to 2000; Documentation Update
-   `service/sagemaker`: Updates service API and documentation
- Adds support for ModelDataSource in Model Packages to support unzipped
models. Adds support to specify SourceUri for models which allows
registration of models without mandating a container for hosting. Using
SourceUri, customers can decouple the model from hosting information
during registration.
-   `service/securitylake`: Updates service API and documentation

###
[`v1.50.28`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v15028-2024-02-28)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.27...v1.50.28)

\===

##### Service Client Updates

-   `service/batch`: Updates service API and documentation
- This release adds Batch support for configuration of multicontainer
jobs in ECS, Fargate, and EKS. This support is available for all types
of jobs, including both array jobs and multi-node parallel jobs.
- `service/bedrock-agent-runtime`: Updates service API and documentation
-   `service/ce`: Updates service API and documentation
-   `service/ec2`: Updates service API and documentation
- This release increases the range of MaxResults for
GetNetworkInsightsAccessScopeAnalysisFindings to 1,000.
-   `service/iot`: Updates service API and documentation
- This release reduces the maximum results returned per query invocation
from 500 to 100 for the SearchIndex API. This change has no implications
as long as the API is invoked until the nextToken is NULL.
-   `service/wafv2`: Updates service API and documentation

###
[`v1.50.27`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v15027-2024-02-27)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.26...v1.50.27)

\===

##### Service Client Updates

-   `service/amplifyuibuilder`: Updates service API and documentation

###
[`v1.50.26`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v15026-2024-02-26)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.25...v1.50.26)

\===

##### Service Client Updates

-   `service/apigateway`: Updates service documentation
    -   Documentation updates for Amazon API Gateway.
-   `service/drs`: Updates service API and documentation
-   `service/kafkaconnect`: Updates service API and documentation
- `service/rds`: Updates service API, documentation, waiters,
paginators, and examples
- This release adds support for gp3 data volumes for Multi-AZ DB
Clusters.

</details>

<details>
<summary>bufbuild/protovalidate-go
(github.com/bufbuild/protovalidate-go)</summary>

###
[`v0.6.0`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.6.0)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.5.2...v0.6.0)

#### What's Changed

- Run go mod tidy by [@&#8203;pkwarren](https://togithub.com/pkwarren)
in
[https://github.com/bufbuild/protovalidate-go/pull/96](https://togithub.com/bufbuild/protovalidate-go/pull/96)
- Create add-to-project workflow by
[@&#8203;chrispine](https://togithub.com/chrispine) in
[https://github.com/bufbuild/protovalidate-go/pull/97](https://togithub.com/bufbuild/protovalidate-go/pull/97)
- Bump the go group with 1 update by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/98](https://togithub.com/bufbuild/protovalidate-go/pull/98)
- Bump the github-actions group with 1 update by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/100](https://togithub.com/bufbuild/protovalidate-go/pull/100)
- Update protovalidate-go to work with 0.6.1 protos by
[@&#8203;pkwarren](https://togithub.com/pkwarren) in
[https://github.com/bufbuild/protovalidate-go/pull/101](https://togithub.com/bufbuild/protovalidate-go/pull/101)

#### New Contributors

- [@&#8203;chrispine](https://togithub.com/chrispine) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/97](https://togithub.com/bufbuild/protovalidate-go/pull/97)

**Full Changelog**:
bufbuild/protovalidate-go@v0.5.2...v0.6.0

</details>

<details>
<summary>fergusstrange/embedded-postgres
(github.com/fergusstrange/embedded-postgres)</summary>

###
[`v1.26.0`](https://togithub.com/fergusstrange/embedded-postgres/releases/tag/v1.26.0)

[Compare
Source](https://togithub.com/fergusstrange/embedded-postgres/compare/v1.25.0...v1.26.0)

#### What's Changed

- Add V16 constant by [@&#8203;zzzFelix](https://togithub.com/zzzFelix)
in
[https://github.com/fergusstrange/embedded-postgres/pull/129](https://togithub.com/fergusstrange/embedded-postgres/pull/129)
- fix(deps): upgrade postgres for 13 constant from `13.11` to `13.14.0`
by [@&#8203;michaelbrewer](https://togithub.com/michaelbrewer) in
[https://github.com/fergusstrange/embedded-postgres/pull/131](https://togithub.com/fergusstrange/embedded-postgres/pull/131)
- Upgrade versions by
[@&#8203;fergusstrange](https://togithub.com/fergusstrange) in
[https://github.com/fergusstrange/embedded-postgres/pull/132](https://togithub.com/fergusstrange/embedded-postgres/pull/132)

#### New Contributors

- [@&#8203;zzzFelix](https://togithub.com/zzzFelix) made their first
contribution in
[https://github.com/fergusstrange/embedded-postgres/pull/129](https://togithub.com/fergusstrange/embedded-postgres/pull/129)
- [@&#8203;michaelbrewer](https://togithub.com/michaelbrewer) made their
first contribution in
[https://github.com/fergusstrange/embedded-postgres/pull/131](https://togithub.com/fergusstrange/embedded-postgres/pull/131)

**Full Changelog**:
fergusstrange/embedded-postgres@v1.25.0...v1.26.0

</details>

<details>
<summary>gdamore/tcell (github.com/gdamore/tcell/v2)</summary>

### [`v2.7.4`](https://togithub.com/gdamore/tcell/releases/tag/v2.7.4):
Version 2.7.4 Bug Fix Release

[Compare
Source](https://togithub.com/gdamore/tcell/compare/v2.7.3...v2.7.4)

This release fixes a problem with restoring cursor location properly on
Windows.

It also includes a new stress test for your terminal (FPS monitor)
contributed by [@&#8203;Bios-Marcel](https://togithub.com/Bios-Marcel)

### [`v2.7.3`](https://togithub.com/gdamore/tcell/releases/tag/v2.7.3):
Version 2.7.3 Bug Fix Release

[Compare
Source](https://togithub.com/gdamore/tcell/compare/v2.7.2...v2.7.3)

This release just updates the terminfo data using current data from
Ubuntu 24.04 (Noble).
It fixes a regression where we dropped some capabilities including
StrikeThrough for some terminals.

### [`v2.7.2`](https://togithub.com/gdamore/tcell/releases/tag/v2.7.2):
Version 2.7.2 Improvement Release

[Compare
Source](https://togithub.com/gdamore/tcell/compare/v2.7.1...v2.7.2)

This release does not add new APIs, but it does improve the
functionality of tcell on Windows, and provides an "undocumented"
feature for managing the alternate screen buffer.

- Windows uses VT mode output everywhere except on ConEmu (because VT
output mode on ConEmu is borked for colors)
- The `TCELL_VTMODE` environment variable can be set to "enable" or
"disable" to force attempting to use (or not) this mode.
- Windows now uses the alternate screen buffer by default, and preserves
the original screen content
- Use of the alternate screen can be disabled setting the
`TCELL_ALTSCREEN` environment variable to "disable".
- If the alternate screen is disabled in that fashion, we will not clear
the screen either. This is an experimental way to preserve the output
from a tcell application on exit or suspend. Feedback on this would be
appreciated.

The specific environment variables listed here are *not* considered part
of the Tcell API, and their presence and meaning may change without
notice at any time. Please consider them experimental and let us know
whether these are useful or not.

</details>

<details>
<summary>minio/minio-go (github.com/minio/minio-go/v7)</summary>

###
[`v7.0.68`](https://togithub.com/minio/minio-go/releases/tag/v7.0.68):
Bugfix Release

[Compare
Source](https://togithub.com/minio/minio-go/compare/v7.0.67...v7.0.68)

#### What's Changed

- deprecate go1.17 support and move to go1.21 by
[@&#8203;harshavardhana](https://togithub.com/harshavardhana) in
[https://github.com/minio/minio-go/pull/1933](https://togithub.com/minio/minio-go/pull/1933)
- creds: Add Expiration value by
[@&#8203;vadmeste](https://togithub.com/vadmeste) in
[https://github.com/minio/minio-go/pull/1936](https://togithub.com/minio/minio-go/pull/1936)
- Drop seeding rand in tests by
[@&#8203;ferhatelmas](https://togithub.com/ferhatelmas) in
[https://github.com/minio/minio-go/pull/1934](https://togithub.com/minio/minio-go/pull/1934)
- Make 520 status code retryable by
[@&#8203;ferhatelmas](https://togithub.com/ferhatelmas) in
[https://github.com/minio/minio-go/pull/1935](https://togithub.com/minio/minio-go/pull/1935)
- Fix CVE-2022-28948 by
[@&#8203;ferhatelmas](https://togithub.com/ferhatelmas) in
[https://github.com/minio/minio-go/pull/1938](https://togithub.com/minio/minio-go/pull/1938)
- Added valid allowed internal headers by
[@&#8203;shtripat](https://togithub.com/shtripat) in
[https://github.com/minio/minio-go/pull/1939](https://togithub.com/minio/minio-go/pull/1939)
- x-minio-replication-encrypted-multipart as allowed header by
[@&#8203;shtripat](https://togithub.com/shtripat) in
[https://github.com/minio/minio-go/pull/1943](https://togithub.com/minio/minio-go/pull/1943)
- Drop more rand seeding in tests by
[@&#8203;ferhatelmas](https://togithub.com/ferhatelmas) in
[https://github.com/minio/minio-go/pull/1942](https://togithub.com/minio/minio-go/pull/1942)

#### New Contributors

- [@&#8203;ferhatelmas](https://togithub.com/ferhatelmas) made their
first contribution in
[https://github.com/minio/minio-go/pull/1934](https://togithub.com/minio/minio-go/pull/1934)

**Full Changelog**:
minio/minio-go@v7.0.67...v7.0.68

</details>

<details>
<summary>prometheus/client_golang
(github.com/prometheus/client_golang)</summary>

###
[`v1.19.0`](https://togithub.com/prometheus/client_golang/releases/tag/v1.19.0)

[Compare
Source](https://togithub.com/prometheus/client_golang/compare/v1.18.0...v1.19.0)

#### What's Changed

The module `prometheus/common v0.48.0` introduced an incompatibility
when used together with client_golang (See
[https://github.com/prometheus/client_golang/pull/1448](https://togithub.com/prometheus/client_golang/pull/1448)
for more details). If your project uses client_golang and you want to
use `prometheus/common v0.48.0` or higher, please update client_golang
to v1.19.0.

- \[CHANGE] Minimum required go version is now 1.20 (we also test
client_golang against new 1.22 version).
[#&#8203;1445](https://togithub.com/prometheus/client_golang/issues/1445)
[#&#8203;1449](https://togithub.com/prometheus/client_golang/issues/1449)
- \[FEATURE] collectors: Add version collector.
[#&#8203;1422](https://togithub.com/prometheus/client_golang/issues/1422)
[#&#8203;1427](https://togithub.com/prometheus/client_golang/issues/1427)

#### New Contributors

- [@&#8203;michurin](https://togithub.com/michurin) made their first
contribution in
[https://github.com/prometheus/client_golang/pull/1423](https://togithub.com/prometheus/client_golang/pull/1423)
- [@&#8203;kavu](https://togithub.com/kavu) made their first
contribution in
[https://github.com/prometheus/client_golang/pull/1445](https://togithub.com/prometheus/client_golang/pull/1445)
- [@&#8203;ywwg](https://togithub.com/ywwg) made their first
contribution in
[https://github.com/prometheus/client_golang/pull/1448](https://togithub.com/prometheus/client_golang/pull/1448)

**Full Changelog**:
prometheus/client_golang@v1.18.0...v1.19.0

</details>

<details>
<summary>stretchr/testify (github.com/stretchr/testify)</summary>

###
[`v1.9.0`](https://togithub.com/stretchr/testify/releases/tag/v1.9.0)

[Compare
Source](https://togithub.com/stretchr/testify/compare/v1.8.4...v1.9.0)

#### What's Changed

- Fix Go modules version by
[@&#8203;SuperQ](https://togithub.com/SuperQ) in
[https://github.com/stretchr/testify/pull/1394](https://togithub.com/stretchr/testify/pull/1394)
- Document that require is not safe to call in created goroutines by
[@&#8203;programmer04](https://togithub.com/programmer04) in
[https://github.com/stretchr/testify/pull/1392](https://togithub.com/stretchr/testify/pull/1392)
- Remove myself from MAINTAINERS.md by
[@&#8203;mvdkleijn](https://togithub.com/mvdkleijn) in
[https://github.com/stretchr/testify/pull/1367](https://togithub.com/stretchr/testify/pull/1367)
- Correct spelling/grammar by
[@&#8203;echarrod](https://togithub.com/echarrod) in
[https://github.com/stretchr/testify/pull/1389](https://togithub.com/stretchr/testify/pull/1389)
- docs: Update URLs in README by
[@&#8203;davidjb](https://togithub.com/davidjb) in
[https://github.com/stretchr/testify/pull/1349](https://togithub.com/stretchr/testify/pull/1349)
- Update mockery link to Github Pages in README by
[@&#8203;LandonTClipp](https://togithub.com/LandonTClipp) in
[https://github.com/stretchr/testify/pull/1346](https://togithub.com/stretchr/testify/pull/1346)
- docs: Fix typos in tests and comments by
[@&#8203;alexandear](https://togithub.com/alexandear) in
[https://github.com/stretchr/testify/pull/1410](https://togithub.com/stretchr/testify/pull/1410)
- CI: tests from go1.17 by [@&#8203;SuperQ](https://togithub.com/SuperQ)
in
[https://github.com/stretchr/testify/pull/1409](https://togithub.com/stretchr/testify/pull/1409)
- Fix adding ? when no values passed by
[@&#8203;lesichkovm](https://togithub.com/lesichkovm) in
[https://github.com/stretchr/testify/pull/1320](https://togithub.com/stretchr/testify/pull/1320)
- codegen: use standard header for generated files by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1406](https://togithub.com/stretchr/testify/pull/1406)
- mock: AssertExpectations log reason only on failure by
[@&#8203;hikyaru-suzuki](https://togithub.com/hikyaru-suzuki) in
[https://github.com/stretchr/testify/pull/1360](https://togithub.com/stretchr/testify/pull/1360)
- assert: fix flaky TestNeverTrue by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1417](https://togithub.com/stretchr/testify/pull/1417)
- README: fix typos "set up" vs "setup" by
[@&#8203;ossan-dev](https://togithub.com/ossan-dev) in
[https://github.com/stretchr/testify/pull/1428](https://togithub.com/stretchr/testify/pull/1428)
- mock: move regexp compilation outside of `Called` by
[@&#8203;aud10slave](https://togithub.com/aud10slave) in
[https://github.com/stretchr/testify/pull/631](https://togithub.com/stretchr/testify/pull/631)
- assert: refactor internal func getLen() by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1445](https://togithub.com/stretchr/testify/pull/1445)
- mock: deprecate type AnythingOfTypeArgument
([#&#8203;1434](https://togithub.com/stretchr/testify/issues/1434)) by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1441](https://togithub.com/stretchr/testify/pull/1441)
- Remove no longer needed assert.canConvert by
[@&#8203;alexandear](https://togithub.com/alexandear) in
[https://github.com/stretchr/testify/pull/1470](https://togithub.com/stretchr/testify/pull/1470)
- assert: ObjectsAreEqual: use time.Equal for time.Time types by
[@&#8203;tscales](https://togithub.com/tscales) in
[https://github.com/stretchr/testify/pull/1464](https://togithub.com/stretchr/testify/pull/1464)
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/stretchr/testify/pull/1466](https://togithub.com/stretchr/testify/pull/1466)
- Bump actions/setup-go from 3.2.0 to 4.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/stretchr/testify/pull/1451](https://togithub.com/stretchr/testify/pull/1451)
- fix: make EventuallyWithT concurrency safe by
[@&#8203;czeslavo](https://togithub.com/czeslavo) in
[https://github.com/stretchr/testify/pull/1395](https://togithub.com/stretchr/testify/pull/1395)
- assert: fix httpCode and HTTPBody occur panic when http.Handler read
Body by [@&#8203;hidu](https://togithub.com/hidu) in
[https://github.com/stretchr/testify/pull/1484](https://togithub.com/stretchr/testify/pull/1484)
- assert.EqualExportedValues: fix handling of arrays by
[@&#8203;zrbecker](https://togithub.com/zrbecker) in
[https://github.com/stretchr/testify/pull/1473](https://togithub.com/stretchr/testify/pull/1473)
- .github: use latest Go versions by
[@&#8203;kevinburkesegment](https://togithub.com/kevinburkesegment) in
[https://github.com/stretchr/testify/pull/1489](https://togithub.com/stretchr/testify/pull/1489)
- assert: Deprecate EqualExportedValues by
[@&#8203;HaraldNordgren](https://togithub.com/HaraldNordgren) in
[https://github.com/stretchr/testify/pull/1488](https://togithub.com/stretchr/testify/pull/1488)
- suite: refactor test assertions by
[@&#8203;alexandear](https://togithub.com/alexandear) in
[https://github.com/stretchr/testify/pull/1474](https://togithub.com/stretchr/testify/pull/1474)
- suite: fix SetupSubTest and TearDownSubTest execution order by
[@&#8203;linusbarth](https://togithub.com/linusbarth) in
[https://github.com/stretchr/testify/pull/1471](https://togithub.com/stretchr/testify/pull/1471)
- docs: Fix deprecation comments for http package by
[@&#8203;alexandear](https://togithub.com/alexandear) in
[https://github.com/stretchr/testify/pull/1335](https://togithub.com/stretchr/testify/pull/1335)
- Add map support doc comments to Subset and NotSubset by
[@&#8203;jedevc](https://togithub.com/jedevc) in
[https://github.com/stretchr/testify/pull/1306](https://togithub.com/stretchr/testify/pull/1306)
- TestErrorIs/TestNotErrorIs: check error message contents by
[@&#8203;craig65535](https://togithub.com/craig65535) in
[https://github.com/stretchr/testify/pull/1435](https://togithub.com/stretchr/testify/pull/1435)
- suite: fix subtest names (fix
[#&#8203;1501](https://togithub.com/stretchr/testify/issues/1501)) by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1504](https://togithub.com/stretchr/testify/pull/1504)
- assert: improve unsafe.Pointer tests by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1505](https://togithub.com/stretchr/testify/pull/1505)
- assert: simplify isNil implementation by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1506](https://togithub.com/stretchr/testify/pull/1506)
- assert.InEpsilonSlice: fix expected/actual order and other
improvements by [@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1483](https://togithub.com/stretchr/testify/pull/1483)
- Fix dependency cycle with objx
[#&#8203;1292](https://togithub.com/stretchr/testify/issues/1292) by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1453](https://togithub.com/stretchr/testify/pull/1453)
- mock: refactor TestIsArgsEqual by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1444](https://togithub.com/stretchr/testify/pull/1444)
- mock: optimize argument matching checks by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1416](https://togithub.com/stretchr/testify/pull/1416)
- assert: fix TestEventuallyTimeout by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1412](https://togithub.com/stretchr/testify/pull/1412)
- CI: add go 1.21 in GitHub Actions by
[@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1450](https://togithub.com/stretchr/testify/pull/1450)
- suite: fix recoverAndFailOnPanic to report test failure at the right
location by [@&#8203;dolmen](https://togithub.com/dolmen) in
[https://github.com/stretchr/testify/pull/1502](https://togithub.com/stretchr/testify/pull/1502)
- Update maintainers by
[@&#8203;brackendawson](https://togithub.com/brackendawson) in
[https://github.com/stretchr/testify/pull/1533](https://togithub.com/stretchr/testify/pull/1533)
- assert: Fix EqualValues to handle overflow/underflow by
[@&#8203;arjunmahishi](https://togithub.com/arjunmahishi) in
[https://github.com/stretchr/testify/pull/1531](https://togithub.com/stretchr/testify/pull/1531)
- assert: better formatting for Len() error by
[@&#8203;kevinburkesegment](https://togithub.com/kevinburkesegment) in
[https://github.com/stretchr/testify/pull/1485](https://togithub.com/stretchr/testify/pull/1485)
- Ensure AssertExpectations does not fail in skipped tests by
[@&#8203;ianrose14](https://togithub.com/ianrose14) in
[https://github.com/stretchr/testify/pull/1331](https://togithub.com/stretchr/testify/pull/1331)
- suite: fix deadlock in suite.Require()/Assert() by
[@&#8203;arjunmahishi](https://togithub.com/arjunmahishi) in
[https://github.com/stretchr/testify/pull/1535](https://togithub.com/stretchr/testify/pull/1535)
- Revert "assert: ObjectsAreEqual: use time.Equal for time.Time type" by
[@&#8203;brackendawson](https://togithub.com/brackendawson) in
[https://github.com/stretchr/testify/pull/1537](https://togithub.com/stretchr/testify/pull/1537)
- \[chore] Add issue templates by
[@&#8203;arjunmahishi](https://togithub.com/arjunmahishi) in
[https://github.com/stretchr/testify/pull/1538](https://togithub.com/stretchr/testify/pull/1538)
- Update the build status badge by
[@&#8203;brackendawson](https://togithub.com/brackendawson) in
[https://github.com/stretchr/testify/pull/1540](https://togithub.com/stretchr/testify/pull/1540)
- Update Github workflows setup-go to V5 by
[@&#8203;hendrywiranto](https://togithub.com/hendrywiranto) in
[https://github.com/stretchr/testify/pull/1545](https://togithub.com/stretchr/testify/pull/1545)
- Support Pointer to Struct in EqualExportedValues by
[@&#8203;Lucaber](https://togithub.com/Lucaber) in
[https://github.com/stretchr/testify/pull/1517](https://togithub.com/stretchr/testify/pull/1517)
- README: drop link to gorc by
[@&#8203;guettli](https://togithub.com/guettli) in
[https://github.com/stretchr/testify/pull/1248](https://togithub.com/stretchr/testify/pull/1248)
- http_assertions: honour the msgAndArgs provided with each assertion by
[@&#8203;arjunmahishi](https://togithub.com/arjunmahishi) in
[https://github.com/stretchr/testify/pull/1548](https://togithub.com/stretchr/testify/pull/1548)
- fix typos in comments and tests by
[@&#8203;ccoVeille](https://togithub.com/ccoVeille) in
[https://github.com/stretchr/testify/pull/1247](https://togithub.com/stretchr/testify/pull/1247)
- Include the auto-release notes in releases by
[@&#8203;brackendawson](https://togithub.com/brackendawson) in
[https://github.com/stretchr/testify/pull/1550](https://togithub.com/stretchr/testify/pull/1550)
- Add `NotImplements` and variants by
[@&#8203;hslatman](https://togithub.com/hslatman) in
[https://github.com/stretchr/testify/pull/1385](https://togithub.com/stretchr/testify/pull/1385)
- Add support to compare uintptr by
[@&#8203;bogdandrutu](https://togithub.com/bogdandrutu) in
[https://github.com/stretchr/testify/pull/1339](https://togithub.com/stretchr/testify/pull/1339)
- build(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/stretchr/testify/pull/1552](https://togithub.com/stretchr/testify/pull/1552)

#### New Contributors

- [@&#8203;SuperQ](https://togithub.com/SuperQ) made their first
contribution in
[https://github.com/stretchr/testify/pull/1394](https://togithub.com/stretchr/testify/pull/1394)
- [@&#8203;programmer04](https://togithub.com/programmer04) made their
first contribution in
[https://github.com/stretchr/testify/pull/1392](https://togithub.com/stretchr/testify/pull/1392)
- [@&#8203;echarrod](https://togithub.com/echarrod) made their first
contribution in
[https://github.com/stretchr/testify/pull/1389](https://togithub.com/stretchr/testify/pull/1389)
- [@&#8203;davidjb](https://togithub.com/davidjb) made their first
contribution in
[https://github.com/stretchr/testify/pull/1349](https://togithub.com/stretchr/testify/pull/1349)
- [@&#8203;LandonTClipp](https://togithub.com/LandonTClipp) made their
first contribution in
[https://github.com/stretchr/testify/pull/1346](https://togithub.com/stretchr/testify/pull/1346)
- [@&#8203;alexandear](https://togithub.com/alexandear) made their first
contribution in
[https://github.com/stretchr/testify/pull/1410](https://togithub.com/stretchr/testify/pull/1410)
- [@&#8203;lesichkovm](https://togithub.com/lesichkovm) made their first
contribution in
[https://github.com/stretchr/testify/pull/1320](https://togithub.com/stretchr/testify/pull/1320)
- [@&#8203;dolmen](https://togithub.com/dolmen) made their first
contribution in
[https://github.com/stretchr/testify/pull/1406](https://togithub.com/stretchr/testify/pull/1406)
- [@&#8203;hikyaru-suzuki](https://togithub.com/hikyaru-suzuki) made
their first contribution in
[https://github.com/stretchr/testify/pull/1360](https://togithub.com/stretchr/testify/pull/1360)
- [@&#8203;ossan-dev](https://togithub.com/ossan-dev) made their first
contribution in
[https://github.com/stretchr/testify/pull/1428](https://togithub.com/stretchr/testify/pull/1428)
- [@&#8203;aud10slave](https://togithub.com/aud10slave) made their first
contribution in
[https://github.com/stretchr/testify/pull/631](https://togithub.com/stretchr/testify/pull/631)
- [@&#8203;tscales](https://togithub.com/tscales) made their first
contribution in
[https://github.com/stretchr/testify/pull/1464](https://togithub.com/stretchr/testify/pull/1464)
- [@&#8203;czeslavo](https://togithub.com/czeslavo) made their first
contribution in
[https://github.com/stretchr/testify/pull/1395](https://togithub.com/stretchr/testify/pull/1395)
- [@&#8203;hidu](https://togithub.com/hidu) made their first
contribution in
[https://github.com/stretchr/testify/pull/1484](https://togithub.com/stretchr/testify/pull/1484)
- [@&#8203;zrbecker](https://togithub.com/zrbecker) made their first
contribution in
[https://github.com/stretchr/testify/pull/1473](https://togithub.com/stretchr/testify/pull/1473)
- [@&#8203;kevinburkesegment](https://togithub.com/kevinburkesegment)
made their first contribution in
[https://github.com/stretchr/testify/pull/1489](https://togithub.com/stretchr/testify/pull/1489)
- [@&#8203;linusbarth](https://togithub.com/linusbarth) made their first
contribution in
[https://github.com/stretchr/testify/pull/1471](https://togithub.com/stretchr/testify/pull/1471)
- [@&#8203;jedevc](https://togithub.com/jedevc) made their first
contribution in
[https://github.com/stretchr/testify/pull/1306](https://togithub.com/stretchr/testify/pull/1306)
- [@&#8203;craig65535](https://togithub.com/craig65535) made their first
contribution in
[https://github.com/stretchr/testify/pull/1435](https://togithub.com/stretchr/testify/pull/1435)
- [@&#8203;arjunmahishi](https://togithub.com/arjunmahishi) made their
first contribution in
[https://github.com/stretchr/testify/pull/1531](https://togithub.com/stretchr/testify/pull/1531)
- [@&#8203;ianrose14](https://togithub.com/ianrose14) made their first
contribution in
[https://github.com/stretchr/testify/pull/1331](https://togithub.com/stretchr/testify/pull/1331)
- [@&#8203;hendrywiranto](https://togithub.com/hendrywiranto) made their
first contribution in
[https://github.com/stretchr/testify/pull/1545](https://togithub.com/stretchr/testify/pull/1545)
- [@&#8203;Lucaber](https://togithub.com/Lucaber) made their first
contribution in
[https://github.com/stretchr/testify/pull/1517](https://togithub.com/stretchr/testify/pull/1517)
- [@&#8203;guettli](https://togithub.com/guettli) made their first
contribution in
[https://github.com/stretchr/testify/pull/1248](https://togithub.com/stretchr/testify/pull/1248)
- [@&#8203;ccoVeille](https://togithub.com/ccoVeille) made their first
contribution in
[https://github.com/stretchr/testify/pull/1247](https://togithub.com/stretchr/testify/pull/1247)
- [@&#8203;hslatman](https://togithub.com/hslatman) made their first
contribution in
[https://github.com/stretchr/testify/pull/1385](https://togithub.com/stretchr/testify/pull/1385)
- [@&#8203;bogdandrutu](https://togithub.com/bogdandrutu) made their
first contribution in
[https://github.com/stretchr/testify/pull/1339](https://togithub.com/stretchr/testify/pull/1339)

**Full Changelog**:
stretchr/testify@v1.8.4...v1.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerbos/cerbos).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMjAuMiIsInVwZGF0ZWRJblZlciI6IjM3LjIyMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Sec vul CVE-2022-28948 from sirupsen/logrus > stretchr/testify > yaml.v3
2 participants