chore(deps): bump the dependencies group with 3 updates #46

dependabot · 2025-05-01T00:20:55Z

Bumps the dependencies group with 3 updates: github.com/dgraph-io/badger/v4, github.com/lestrrat-go/jwx and github.com/prometheus/client_golang.

Updates github.com/dgraph-io/badger/v4 from 4.6.0 to 4.7.0

Release notes

Sourced from github.com/dgraph-io/badger/v4's releases.

Badger v4.7.0

This release removes the dependency on github.com/pkg/errors. If you rely on errors returned by badger, please proceed with caution.

What's Changed

chore(deps): Update module golang.org/x/sys to v0.31.0 by @renovate in hypermodeinc/badger#2179

chore(deps): Update go minor and patch by @renovate in hypermodeinc/badger#2181

chore(deps): Update go minor and patch by @renovate in hypermodeinc/badger#2187

chore(deps): remove dependency on github.com/pkg/errors by @hazzik in hypermodeinc/badger#2184

New Contributors

@linkdd made their first contribution in hypermodeinc/badger#2180

@wolf31o2 made their first contribution in hypermodeinc/badger#2183

@hazzik made their first contribution in hypermodeinc/badger#2184

Full Changelog: hypermodeinc/badger@v4.6.0...v4.7.0

Commits

a9a63e2 chore(deps): remove dependency on github.com/pkg/errors (#2184)
987f17d chore(deps): Update go minor and patch (#2187)
66ef1ef fix broken badge (#2186)
de847a3 Update README.md
8f86604 Update README.md
ff36268 doc: add Blink Labs projects to the using Badger list (#2183)
92932c3 chore(deps): Update go minor and patch (#2181)
12bc621 doc: add FlowG to "Projects Using Badger" section of the README (#2180)
5a9e8c2 chore(deps): Update module golang.org/x/sys to v0.31.0 (#2179)
See full diff in compare view

Updates github.com/lestrrat-go/jwx from 1.2.30 to 1.2.31

Release notes

Sourced from github.com/lestrrat-go/jwx's releases.

v1.2.31

What's Changed

This release was made to officially deprecate v1 series of github.com/lestrrat-go/jwx. Please use github.com/lestrrat-go/jwx/v3 or newer

Bump golang.org/x/crypto from 0.25.0 to 0.26.0 by @dependabot in lestrrat-go/jwx#1169

Bump golang.org/x/crypto from 0.26.0 to 0.28.0 by @dependabot in lestrrat-go/jwx#1209

Bump golang.org/x/crypto from 0.28.0 to 0.29.0 by @dependabot in lestrrat-go/jwx#1230

Bump codecov/codecov-action from 4 to 5 by @dependabot in lestrrat-go/jwx#1236

Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in lestrrat-go/jwx#1244

Latchset workaround by @lestrrat in lestrrat-go/jwx#1270

Bump golang.org/x/crypto from 0.29.0 to 0.32.0 by @dependabot in lestrrat-go/jwx#1264

Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.3.0 to 4.4.0 by @dependabot in lestrrat-go/jwx#1292

Bump golangci/golangci-lint-action from 6 to 7 by @dependabot in lestrrat-go/jwx#1326

[v1] Add deprecation notice in go.mod by @lestrrat in lestrrat-go/jwx#1346

Full Changelog: lestrrat-go/jwx@v1.2.30...v1.2.31

Changelog

Sourced from github.com/lestrrat-go/jwx's changelog.

v1.2.31 9 Apr 2025

Mark this version of github.com/lestrrat-go/jwx deprecated. Please use github.com/lestrrat-go/jwx/v3 or newer

Update tooling

Skip TestJoseCompatibility, because latchset/jose recently decided to set p2c to 32768, but we do not have the ability to set this number in v1

Commits

26ecf5d Merge branch 'develop/v1' into v1
d6a692c Update Changes
f516f9e Add deprecation notice in go.mod (#1346)
39739fc Bump golangci/golangci-lint-action from 6 to 7 (#1326)
dca1861 Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.3.0 to 4.4.0 (#1292)
177161f Bump golang.org/x/crypto from 0.29.0 to 0.32.0 (#1264)
3adf769 Latchset workaround (#1270)
8d7d3e8 Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#1244)
9004fe3 Bump codecov/codecov-action from 4 to 5 (#1236)
f439cc0 Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#1230)
Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:
import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
[FEATURE] prometheus: Add new CollectorFunc utility #1724

[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738

[FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743

[CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by @dependabot in prometheus/client_golang#1720

build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 by @dependabot in prometheus/client_golang#1719

Update RELEASE.md by @bwplotka in prometheus/client_golang#1721

chore(docs): Add links for the upstream PRs by @kakkoyun in prometheus/client_golang#1722

Added tips on releasing client and checking with k8s. by @bwplotka in prometheus/client_golang#1723

feat: Add new CollectorFunc utility by @Saumya40-codes in prometheus/client_golang#1724

build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by @dependabot in prometheus/client_golang#1725

build(deps): bump the github-actions group with 5 updates by @dependabot in prometheus/client_golang#1726

Synchronize common files from prometheus/prometheus by @prombot in prometheus/client_golang#1727

Synchronize common files from prometheus/prometheus by @prombot in prometheus/client_golang#1731

build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by @dependabot in prometheus/client_golang#1739

build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @dependabot in prometheus/client_golang#1740

Cleanup dependabot config by @SuperQ in prometheus/client_golang#1741

Upgrade Golang version v1.24 by @dongjiang1989 in prometheus/client_golang#1738

build(deps): bump the github-actions group with 2 updates by @dependabot in prometheus/client_golang#1742

Merging 1.21 release back to main. by @bwplotka in prometheus/client_golang#1744

Synchronize common files from prometheus/prometheus by @prombot in prometheus/client_golang#1745

Add support for undocumented query options for API by @mahendrapaipuri in prometheus/client_golang#1743

exp/api: Add experimental exp module; Add remote API with write client and handler. by @bwplotka in prometheus/client_golang#1658

exp/api: Add accepted msg type validation to handler by @saswatamcode in prometheus/client_golang#1750

build(deps): bump the github-actions group with 5 updates by @dependabot in prometheus/client_golang#1751

build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 by @dependabot in prometheus/client_golang#1752

build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @dependabot in prometheus/client_golang#1753

exp: Reset snappy buf by @saswatamcode in prometheus/client_golang#1756

Merge release 1.21.1 to main. by @bwplotka in prometheus/client_golang#1762

exp: Add dependabot config by @saswatamcode in prometheus/client_golang#1754

build(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the github-actions group by @dependabot in prometheus/client_golang#1764

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:
import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
[FEATURE] prometheus: Add new CollectorFunc utility #1724

[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738

[FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743

[CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

Commits

d50be25 Cut 1.22.0 (#1793)
1043db7 Cut 1.22.0-rc.0 (#1768)
e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
9df772c build(deps): bump peter-evans/create-pull-request
a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
60fd2b0 Remove go.work file for now
8f9d0de exp: Add dependabot config
c5cf981 Merge pull request #1762 from prometheus/release-1.21
e84c305 exp: Reset snappy buf (#1756)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 3 updates: [github.com/dgraph-io/badger/v4](https://github.com/dgraph-io/badger), [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) and [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang). Updates `github.com/dgraph-io/badger/v4` from 4.6.0 to 4.7.0 - [Release notes](https://github.com/dgraph-io/badger/releases) - [Changelog](https://github.com/hypermodeinc/badger/blob/main/CHANGELOG.md) - [Commits](hypermodeinc/badger@v4.6.0...v4.7.0) Updates `github.com/lestrrat-go/jwx` from 1.2.30 to 1.2.31 - [Release notes](https://github.com/lestrrat-go/jwx/releases) - [Changelog](https://github.com/lestrrat-go/jwx/blob/v1.2.31/Changes) - [Commits](lestrrat-go/jwx@v1.2.30...v1.2.31) Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.21.1...v1.22.0) --- updated-dependencies: - dependency-name: github.com/dgraph-io/badger/v4 dependency-version: 4.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/lestrrat-go/jwx dependency-version: 1.2.31 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/prometheus/client_golang dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from vitalvas May 1, 2025 00:20

dependabot bot assigned vitalvas May 1, 2025

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 1, 2025

vitalvas approved these changes May 5, 2025

View reviewed changes

vitalvas merged commit 79c226c into master May 5, 2025
1 check failed

vitalvas deleted the dependabot/go_modules/dependencies-b3b1e45014 branch May 5, 2025 14:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): bump the dependencies group with 3 updates #46

chore(deps): bump the dependencies group with 3 updates #46

Uh oh!

dependabot bot commented on behalf of github May 1, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chore(deps): bump the dependencies group with 3 updates #46

chore(deps): bump the dependencies group with 3 updates #46

Uh oh!

Conversation

dependabot bot commented on behalf of github May 1, 2025

Badger v4.7.0

What's Changed

New Contributors

v1.2.31

What's Changed

v1.22.0 - 2025-04-07

1.22.0 / 2025-04-07

Uh oh!

Uh oh!

Uh oh!