Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

protojson: vuln: discard unknown fields can result in stack overflow #1584

Closed
jhump opened this issue Dec 21, 2023 · 1 comment
Closed

protojson: vuln: discard unknown fields can result in stack overflow #1584

jhump opened this issue Dec 21, 2023 · 1 comment

Comments

@jhump
Copy link
Contributor

jhump commented Dec 21, 2023

This is closely related to #1583. If a schema does not support an arbitrarily deep JSON encoding, a stack overflow can still be induced via a malicious payload if the protojson.UnmarshalOptions.DiscardUnknown field is true. This is because the code to discard unknown fields is recursive. It should instead use iteration with a slice to model the stack of open objects and arrays, so it can safely discard JSON of arbitrary complexity.

gopherbot pushed a commit to protocolbuffers/protobuf-go that referenced this issue Dec 21, 2023
Fixes golang/protobuf#1583 and golang/protobuf#1584

Limits the level of recursion when parsing JSON to avoid
fatal stack overflow errors if input uses pathologically
deep nesting. This is already a feature of the binary
format, and this adds that feature to the JSON format.

This also re-implements how JSON values are discarded
to be more efficient (and not use recursion).

Change-Id: I4026b739abe0335387209a43645f65e4b6e43409
Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/552255
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: David Chase <[email protected]>
Auto-Submit: Lasse Folger <[email protected]>
Reviewed-by: Lasse Folger <[email protected]>
@jhump
Copy link
Contributor Author

jhump commented Dec 21, 2023

Fixed in protocolbuffers/protobuf-go@bfcd647

@jhump jhump closed this as completed Dec 21, 2023
renovate bot referenced this issue in open-feature/flagd Dec 22, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-feature/flagd).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ghost referenced this issue in camunda/camunda Dec 25, 2023
15716: deps(go): Update module google.golang.org/protobuf to v1.32.0 (main) r=github-actions[bot] a=renovate[bot]

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go) | `v1.31.0` -> `v1.32.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go (google.golang.org/protobuf)</summary>

### [`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**: protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit protocolbuffers/protobuf-go@bfcd647, which fixes a denial of service vulnerability by preventing a stack overflow through a default maximum recursion limit. See [https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583) and [https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584) for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 8pm every weekday,before 6am every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->


Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
bogdandrutu referenced this issue in open-telemetry/opentelemetry-collector-contrib Dec 27, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector-contrib).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: opentelemetrybot <[email protected]>
dbuduev referenced this issue in cerbos/cerbos Dec 27, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
| [github.com/aws/aws-sdk-go](https://togithub.com/aws/aws-sdk-go) |
`v1.49.4` -> `v1.49.10` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go/v1.49.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2faws%2faws-sdk-go/v1.49.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2faws%2faws-sdk-go/v1.49.4/v1.49.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go/v1.49.4/v1.49.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | patch |
| [github.com/cerbos/cloud-api](https://togithub.com/cerbos/cloud-api) |
`v0.1.11` -> `v0.1.12` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcerbos%2fcloud-api/v0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcerbos%2fcloud-api/v0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcerbos%2fcloud-api/v0.1.11/v0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcerbos%2fcloud-api/v0.1.11/v0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | patch |
|
[github.com/golang-migrate/migrate/v4](https://togithub.com/golang-migrate/migrate)
| `v4.16.2` -> `v4.17.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgolang-migrate%2fmigrate%2fv4/v4.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgolang-migrate%2fmigrate%2fv4/v4.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgolang-migrate%2fmigrate%2fv4/v4.16.2/v4.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgolang-migrate%2fmigrate%2fv4/v4.16.2/v4.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
|
[github.com/goreleaser/goreleaser](https://togithub.com/goreleaser/goreleaser)
| `v1.22.1` -> `v1.23.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgoreleaser%2fgoreleaser/v1.23.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgoreleaser%2fgoreleaser/v1.23.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgoreleaser%2fgoreleaser/v1.22.1/v1.23.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgoreleaser%2fgoreleaser/v1.22.1/v1.23.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
| [github.com/twmb/franz-go](https://togithub.com/twmb/franz-go) |
`v1.15.3` -> `v1.15.4` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2ftwmb%2ffranz-go/v1.15.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2ftwmb%2ffranz-go/v1.15.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2ftwmb%2ffranz-go/v1.15.3/v1.15.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2ftwmb%2ffranz-go/v1.15.3/v1.15.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | patch |
| [github.com/vektra/mockery/v2](https://togithub.com/vektra/mockery) |
`v2.38.0` -> `v2.39.1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fvektra%2fmockery%2fv2/v2.39.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fvektra%2fmockery%2fv2/v2.39.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fvektra%2fmockery%2fv2/v2.38.0/v2.39.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fvektra%2fmockery%2fv2/v2.38.0/v2.39.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
| golang.org/x/exp | `aacd6d4` -> `02704c9` |
[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fexp/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fexp/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fexp/v0.0.0-20231214170342-aacd6d4b4611/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fexp/v0.0.0-20231214170342-aacd6d4b4611/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | digest |
| [google.golang.org/grpc](https://togithub.com/grpc/grpc-go) |
`v1.60.0` -> `v1.60.1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgrpc/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgrpc/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgrpc/v1.60.0/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgrpc/v1.60.0/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | patch |
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.1-0.20231215091903-8ed73c755013` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.1-0.20231215091903-8ed73c755013/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.1-0.20231215091903-8ed73c755013/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>aws/aws-sdk-go (github.com/aws/aws-sdk-go)</summary>

###
[`v1.49.10`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v14910-2023-12-26)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.49.9...v1.49.10)

\===

##### Service Client Updates

-   `service/iam`: Updates service documentation
- Documentation updates for AWS Identity and Access Management (IAM).

##### SDK Enhancements

- `aws`: Add `WithUseFIPSEndpoint` to `aws.Config`.
([#&#8203;5078](https://togithub.com/aws/aws-sdk-go/pull/5078))
- `WithUseFIPSEndpoint` can be used to explicitly enable or disable FIPS
endpoint variants.

###
[`v1.49.9`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1499-2023-12-22)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.49.8...v1.49.9)

\===

##### Service Client Updates

-   `service/bedrock-agent`: Updates service API
-   `service/glue`: Updates service API and documentation
- This release adds additional configurations for Query Session Context
on the following APIs: GetUnfilteredTableMetadata,
GetUnfilteredPartitionMetadata, GetUnfilteredPartitionsMetadata.
-   `service/lakeformation`: Updates service API and documentation
-   `service/mediaconnect`: Updates service API and documentation
-   `service/networkmonitor`: Adds new service
-   `service/omics`: Updates service documentation
-   `service/s3`: Updates service examples
    -   Added additional examples for some operations.
-   `service/secretsmanager`: Adds new service
    -   Update endpoint rules and examples.

###
[`v1.49.8`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1498-2023-12-21)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.49.7...v1.49.8)

\===

##### Service Client Updates

-   `service/amp`: Updates service API and documentation
- `service/appintegrations`: Updates service API, documentation,
paginators, and examples
-   `service/bedrock-agent`: Updates service API and documentation
-   `service/codecommit`: Updates service API and documentation
- AWS CodeCommit now supports customer managed keys from AWS Key
Management Service. UpdateRepositoryEncryptionKey is added for updating
the key configuration. CreateRepository, GetRepository,
BatchGetRepositories are updated with new input or output parameters.
- `service/connect`: Updates service API, documentation, and paginators
-   `service/medialive`: Updates service API and documentation
- MediaLive now supports the ability to configure the audio that an AWS
Elemental Link UHD device produces, when the device is configured as the
source for a flow in AWS Elemental MediaConnect.
- `service/rds`: Updates service API, documentation, waiters,
paginators, and examples
- This release adds support for using RDS Data API with Aurora
PostgreSQL Serverless v2 and provisioned DB clusters.
-   `service/rds-data`: Updates service API and documentation
-   `service/sagemaker`: Updates service API and documentation
- Amazon SageMaker Training now provides model training container access
for debugging purposes. Amazon SageMaker Search now provides the ability
to use visibility conditions to limit resource access to a single domain
or multiple domains.

###
[`v1.49.7`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1497-2023-12-20)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.49.6...v1.49.7)

\===

##### Service Client Updates

-   `service/appstream`: Updates service API and documentation
- This release introduces configurable clipboard, allowing admins to
specify the maximum length of text that can be copied by the users from
their device to the remote session and vice-versa.
-   `service/eks`: Updates service API, documentation, and paginators
-   `service/guardduty`: Updates service API and documentation
- This release 1) introduces a new API: GetOrganizationStatistics , and
2) adds a new UsageStatisticType TOP_ACCOUNTS_BY_FEATURE for
GetUsageStatistics API
- `service/managedblockchain-query`: Updates service API and
documentation
-   `service/mediatailor`: Updates service API and documentation
-   `service/route53`: Updates service API and documentation
- Amazon Route 53 now supports the Canada West (Calgary) Region
(ca-west-1) for latency records, geoproximity records, and private DNS
for Amazon VPCs in that region.

###
[`v1.49.6`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1496-2023-12-19)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.49.5...v1.49.6)

\===

##### Service Client Updates

-   `service/appsync`: Updates service API and documentation
-   `service/chime-sdk-meetings`: Updates service API and documentation
-   `service/ec2`: Updates service API and documentation
- Provision BYOIPv4 address ranges and advertise them by specifying the
network border groups option in Los Angeles, Phoenix and Dallas AWS
Local Zones.
-   `service/fsx`: Updates service API and documentation
-   `service/marketplace-catalog`: Updates service API and documentation
- `service/rds`: Updates service API, documentation, waiters,
paginators, and examples
- RDS - The release adds two new APIs: DescribeDBRecommendations and
ModifyDBRecommendation

###
[`v1.49.5`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1495-2023-12-18)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.49.4...v1.49.5)

\===

##### Service Client Updates

-   `service/cognito-idp`: Updates service API and documentation
-   `service/eks`: Updates service API, documentation, and paginators
-   `service/quicksight`: Updates service documentation
- A docs-only release to add missing entities to the API reference.
-   `service/route53resolver`: Updates service API and documentation

</details>

<details>
<summary>cerbos/cloud-api (github.com/cerbos/cloud-api)</summary>

###
[`v0.1.12`](https://togithub.com/cerbos/cloud-api/compare/v0.1.11...v0.1.12)

[Compare
Source](https://togithub.com/cerbos/cloud-api/compare/v0.1.11...v0.1.12)

</details>

<details>
<summary>golang-migrate/migrate
(github.com/golang-migrate/migrate/v4)</summary>

###
[`v4.17.0`](https://togithub.com/golang-migrate/migrate/releases/tag/v4.17.0)

[Compare
Source](https://togithub.com/golang-migrate/migrate/compare/v4.16.2...v4.17.0)

#### Changelog

-
[`cf03803`](https://togithub.com/golang-migrate/migrate/commit/cf03803)
Add rqlite 8.0.0 to tested database versions
-
[`12968a7`](https://togithub.com/golang-migrate/migrate/commit/12968a7)
Add syntax highlighting to Postgres example
-
[`50112e7`](https://togithub.com/golang-migrate/migrate/commit/50112e7)
Add to clickhouse README.md database creation
-
[`5ded96d`](https://togithub.com/golang-migrate/migrate/commit/5ded96d)
Bump golang.org/x/crypto from 0.14.0 to 0.17.0
-
[`c3ebd52`](https://togithub.com/golang-migrate/migrate/commit/c3ebd52)
Bump google.golang.org/grpc from 1.55.0 to 1.56.3
-
[`5026488`](https://togithub.com/golang-migrate/migrate/commit/5026488)
Clean up require directive grouping
-
[`3b02b18`](https://togithub.com/golang-migrate/migrate/commit/3b02b18)
Correct a spelling mistake
-
[`cd17c5a`](https://togithub.com/golang-migrate/migrate/commit/cd17c5a)
Drop support for Go 1.19 and add support for Go 1.21
-
[`839421e`](https://togithub.com/golang-migrate/migrate/commit/839421e)
Leverage quoteIdentifier from pgx
-
[`bad30b5`](https://togithub.com/golang-migrate/migrate/commit/bad30b5)
Mention migradaptor
-
[`fb22436`](https://togithub.com/golang-migrate/migrate/commit/fb22436)
Merge remote-tracking branch 'origin/master' into upgrade-spanner
-
[`bfedabb`](https://togithub.com/golang-migrate/migrate/commit/bfedabb)
Merge remote-tracking branch 'upstream/master'
-
[`92dec35`](https://togithub.com/golang-migrate/migrate/commit/92dec35)
Move supported go version to standard place
-
[`4078ef8`](https://togithub.com/golang-migrate/migrate/commit/4078ef8)
New release prep
-
[`9fe7383`](https://togithub.com/golang-migrate/migrate/commit/9fe7383)
Quote in drop as well
-
[`691f687`](https://togithub.com/golang-migrate/migrate/commit/691f687)
Reformat ScyllaDB/Cassandra docs
-
[`90a3ac4`](https://togithub.com/golang-migrate/migrate/commit/90a3ac4)
Remove cluster adaptation for tables to pass tests
-
[`64755d0`](https://togithub.com/golang-migrate/migrate/commit/64755d0)
Update README.md
-
[`f2c4b52`](https://togithub.com/golang-migrate/migrate/commit/f2c4b52)
Update aws-sdk-go from v1.44.301 to v1.49.6
-
[`876a13d`](https://togithub.com/golang-migrate/migrate/commit/876a13d)
Update aws-sdk-go to adress vulerabilitiy
-
[`b567287`](https://togithub.com/golang-migrate/migrate/commit/b567287)
Update from alpine 3.18 to 3.19
-
[`f2e0b33`](https://togithub.com/golang-migrate/migrate/commit/f2e0b33)
Update lib/pq to fix cert permissions issues
-
[`208ac53`](https://togithub.com/golang-migrate/migrate/commit/208ac53)
Update spanner to fix security issue See also:
[https://github.com/golang-migrate/migrate/pull/952](https://togithub.com/golang-migrate/migrate/pull/952)
-
[`72957b6`](https://togithub.com/golang-migrate/migrate/commit/72957b6)
Updated version of spanner to support sequences and generate uuid
-
[`7d03609`](https://togithub.com/golang-migrate/migrate/commit/7d03609)
add 8.11 and 8.12 versions and remove debug logging
-
[`7a72550`](https://togithub.com/golang-migrate/migrate/commit/7a72550)
add tests for scylladb. add scylladb to docs
-
[`90273fe`](https://togithub.com/golang-migrate/migrate/commit/90273fe)
clickhouse: Quote db name in ensureVersionTable
-
[`5163ac7`](https://togithub.com/golang-migrate/migrate/commit/5163ac7)
feature: add rqlite support
-
[`ee8a8e5`](https://togithub.com/golang-migrate/migrate/commit/ee8a8e5)
fix: typo
-
[`f8afa5a`](https://togithub.com/golang-migrate/migrate/commit/f8afa5a)
small changes to retry failed by timeout CI
-
[`669437c`](https://togithub.com/golang-migrate/migrate/commit/669437c)
update rqlite 8 container version to 8.0.6

</details>

<details>
<summary>goreleaser/goreleaser
(github.com/goreleaser/goreleaser)</summary>

###
[`v1.23.0`](https://togithub.com/goreleaser/goreleaser/releases/tag/v1.23.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser/compare/v1.22.1...v1.23.0)

#### Changelog

##### New Features

-
[`b149223`](https://togithub.com/goreleaser/goreleaser/commit/b14922322317aa6522d05f6b24856fd89a760bbc):
feat(docs): Update command in SLSA verification blog post
([#&#8203;4420](https://togithub.com/goreleaser/goreleaser/issues/4420))
([@&#8203;laurentsimon](https://togithub.com/laurentsimon))
-
[`ee14837`](https://togithub.com/goreleaser/goreleaser/commit/ee1483712733f4c2db4e13a113a65d6948f4fdef):
feat(homebrew): add os to dependency
([#&#8203;4481](https://togithub.com/goreleaser/goreleaser/issues/4481))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`dda1c70`](https://togithub.com/goreleaser/goreleaser/commit/dda1c708ae56de981ae43bb5c6dd38ca0acb9226):
feat(nix): validate licenses
([#&#8203;4497](https://togithub.com/goreleaser/goreleaser/issues/4497))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`1d34568`](https://togithub.com/goreleaser/goreleaser/commit/1d34568b75347fcb1aea3d7bbf55fe4bc85039f1):
feat(sbom): update default command
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`27f0e33`](https://togithub.com/goreleaser/goreleaser/commit/27f0e3304b744fcdb1f57fd02ee6283c43ce2e56):
feat(winget): support installing .exe directly
([#&#8203;4498](https://togithub.com/goreleaser/goreleaser/issues/4498))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`22fa994`](https://togithub.com/goreleaser/goreleaser/commit/22fa9947c869b42f3e9b50e95c4b8619396b48c1):
feat: allow to template builds.gobinary
([#&#8203;4454](https://togithub.com/goreleaser/goreleaser/issues/4454))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`711490d`](https://togithub.com/goreleaser/goreleaser/commit/711490dfc7c6b5faa083f98b01777e347624ae35):
feat: aur dir
([#&#8203;4484](https://togithub.com/goreleaser/goreleaser/issues/4484))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`25a054c`](https://togithub.com/goreleaser/goreleaser/commit/25a054c5e113c6b121aaff3841bdffa7f316bd8c):
feat: improve --single-target
([#&#8203;4442](https://togithub.com/goreleaser/goreleaser/issues/4442))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`bd7933d`](https://togithub.com/goreleaser/goreleaser/commit/bd7933d1852bddef445e7c81a91f7a71148b5fac):
feat: improve project and build hooks error handling
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`8f6b16f`](https://togithub.com/goreleaser/goreleaser/commit/8f6b16f6b5c122d2cc1a22a344ccde288dc035ed):
feat: validate ko's main path
([#&#8203;4429](https://togithub.com/goreleaser/goreleaser/issues/4429))
([@&#8203;gabrielcipriano](https://togithub.com/gabrielcipriano))

##### Bug fixes

-
[`8586878`](https://togithub.com/goreleaser/goreleaser/commit/8586878fdf47d38fd9f18c06fac8512ef2657b37):
fix(aur): support wrap_in_directory
([#&#8203;4502](https://togithub.com/goreleaser/goreleaser/issues/4502))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`aa9986e`](https://togithub.com/goreleaser/goreleaser/commit/aa9986e8268daed6b4adaa5d11a81f98dc20c11b):
fix(github): do not fail branch creation if it already exists
([#&#8203;4471](https://togithub.com/goreleaser/goreleaser/issues/4471))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`a09a0d7`](https://togithub.com/goreleaser/goreleaser/commit/a09a0d701875e1bf541e2ce46edeffd7866b405b):
fix(ko): error finishing with .
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`2b9e471`](https://togithub.com/goreleaser/goreleaser/commit/2b9e471370e488fa497f565df8c9fa8b4fbfaa51):
fix(nix): include unzip if any artifact is a zip
([#&#8203;4495](https://togithub.com/goreleaser/goreleaser/issues/4495))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`103b54b`](https://togithub.com/goreleaser/goreleaser/commit/103b54bed526713d612639fbd1d04fcb24b43f67):
fix(sbom): warn/error on wrong configuration
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`a85d049`](https://togithub.com/goreleaser/goreleaser/commit/a85d049f9b6b376c9ebfb729ea086e499efdcee6):
fix(winget): improve schema
([#&#8203;4489](https://togithub.com/goreleaser/goreleaser/issues/4489))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`e33d053`](https://togithub.com/goreleaser/goreleaser/commit/e33d0536129abeee90f46fbde5950403ba37cee1):
fix: --single-target when no match
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`159211a`](https://togithub.com/goreleaser/goreleaser/commit/159211ae78e146f2c1d595410831464ba67cb915):
fix: add -c flags when building go test
([#&#8203;4473](https://togithub.com/goreleaser/goreleaser/issues/4473))
([@&#8203;fl0Lec](https://togithub.com/fl0Lec))
-
[`74e7064`](https://togithub.com/goreleaser/goreleaser/commit/74e706461ba44ec491f9a000004edae85e7dcf55):
fix: allow homebrew to use tar.xz format
([#&#8203;4441](https://togithub.com/goreleaser/goreleaser/issues/4441))
([@&#8203;jftuga](https://togithub.com/jftuga))
-
[`c0b2be3`](https://togithub.com/goreleaser/goreleaser/commit/c0b2be344fca8c66fda35391ca76d9c3ca9753c8):
fix: handle configs with no explicit targets on --single-target
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`142b94c`](https://togithub.com/goreleaser/goreleaser/commit/142b94c533a21c4bfcfae405bc920b80cecb8b41):
fix: improve chocolatey no archive error handling and docs
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`59a3eeb`](https://togithub.com/goreleaser/goreleaser/commit/59a3eeb56da5d614a7432dd6a6036dbf050bf7c6):
fix: linkedin announce api changes
([#&#8203;4428](https://togithub.com/goreleaser/goreleaser/issues/4428))
([@&#8203;gabrielcipriano](https://togithub.com/gabrielcipriano))

##### Dependency updates

-
[`00ea9f9`](https://togithub.com/goreleaser/goreleaser/commit/00ea9f97edfb74a90e739257b3f2a2ee59323e31):
feat(deps): bump code.gitea.io/sdk/gitea from 0.16.0 to 0.17.0
([#&#8203;4459](https://togithub.com/goreleaser/goreleaser/issues/4459))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`a5ae5cd`](https://togithub.com/goreleaser/goreleaser/commit/a5ae5cd20a18de548602681417f38353d6e8fcc1):
feat(deps): bump github.com/disgoorg/disgo from 0.16.11 to 0.16.12
([#&#8203;4422](https://togithub.com/goreleaser/goreleaser/issues/4422))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`f9203ba`](https://togithub.com/goreleaser/goreleaser/commit/f9203badebae11145bf5b29796ec039c264330db):
feat(deps): bump github.com/disgoorg/disgo from 0.16.12 to 0.17.0
([#&#8203;4434](https://togithub.com/goreleaser/goreleaser/issues/4434))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`3458c7f`](https://togithub.com/goreleaser/goreleaser/commit/3458c7f34e1fd153aed105300d71bcbd65943ab2):
feat(deps): bump github.com/google/go-containerregistry from 0.16.1 to
0.17.0
([#&#8203;4452](https://togithub.com/goreleaser/goreleaser/issues/4452))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`334cb89`](https://togithub.com/goreleaser/goreleaser/commit/334cb890a589811e6d07845ec79acb9926f387b4):
feat(deps): bump github.com/google/ko from 0.15.0 to 0.15.1
([#&#8203;4435](https://togithub.com/goreleaser/goreleaser/issues/4435))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`e39548d`](https://togithub.com/goreleaser/goreleaser/commit/e39548dde7a1e5da73b587c8af08750f8c9fe4fd):
feat(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0
([#&#8203;4476](https://togithub.com/goreleaser/goreleaser/issues/4476))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`782dd54`](https://togithub.com/goreleaser/goreleaser/commit/782dd54b1f9186887adb9231a1970ea4466c74d8):
feat(deps): bump github.com/goreleaser/nfpm/v2 from 2.34.0 to 2.35.0
([#&#8203;4492](https://togithub.com/goreleaser/goreleaser/issues/4492))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`3c6dcd8`](https://togithub.com/goreleaser/goreleaser/commit/3c6dcd8dcd4b361468095d168bd8a22bf6b5c847):
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1
([#&#8203;4419](https://togithub.com/goreleaser/goreleaser/issues/4419))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`182e103`](https://togithub.com/goreleaser/goreleaser/commit/182e1033308331be3a084d2836752984c037a79c):
feat(deps): bump github.com/xanzy/go-gitlab from 0.93.2 to 0.94.0
([#&#8203;4433](https://togithub.com/goreleaser/goreleaser/issues/4433))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`48d4d04`](https://togithub.com/goreleaser/goreleaser/commit/48d4d04c713bd27837053591e42e1b2e41500051):
feat(deps): bump github.com/xanzy/go-gitlab from 0.94.0 to 0.95.1
([#&#8203;4468](https://togithub.com/goreleaser/goreleaser/issues/4468))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`a096097`](https://togithub.com/goreleaser/goreleaser/commit/a096097646e69a63ea9534116c75d1c050d24218):
feat(deps): bump github.com/xanzy/go-gitlab from 0.95.1 to 0.95.2
([#&#8203;4477](https://togithub.com/goreleaser/goreleaser/issues/4477))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`52de4ac`](https://togithub.com/goreleaser/goreleaser/commit/52de4ac1245776f996cc6790a71b6f4d80552dfc):
feat(deps): bump gocloud.dev from 0.34.0 to 0.35.0
([#&#8203;4467](https://togithub.com/goreleaser/goreleaser/issues/4467))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`c6b68aa`](https://togithub.com/goreleaser/goreleaser/commit/c6b68aa4603ef69a7775a1d921fc71c274c87393):
feat(deps): bump golang from 1.21.4-alpine to 1.21.5-alpine
([#&#8203;4463](https://togithub.com/goreleaser/goreleaser/issues/4463))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`fdf73bd`](https://togithub.com/goreleaser/goreleaser/commit/fdf73bda9e8f3223969b26856b3e976352dfa40b):
feat(deps): bump golang from `110b07a` to `30a46e7`
([#&#8203;4455](https://togithub.com/goreleaser/goreleaser/issues/4455))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`0222430`](https://togithub.com/goreleaser/goreleaser/commit/022243067bbc98411998bdf314831aa1eafe2167):
feat(deps): bump golang from `30a46e7` to `70afe55`
([#&#8203;4457](https://togithub.com/goreleaser/goreleaser/issues/4457))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`f0c4d71`](https://togithub.com/goreleaser/goreleaser/commit/f0c4d71b7806466f4728f0ae8d79bbe8c25518ca):
feat(deps): bump golang from `5c1cabd` to `feceecc`
([#&#8203;4466](https://togithub.com/goreleaser/goreleaser/issues/4466))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`d616c38`](https://togithub.com/goreleaser/goreleaser/commit/d616c385dec0eaf1845d38dd859f5d71130e94c5):
feat(deps): bump golang from `feceecc` to `4db4aac`
([#&#8203;4491](https://togithub.com/goreleaser/goreleaser/issues/4491))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`3bae110`](https://togithub.com/goreleaser/goreleaser/commit/3bae110184c8133133ee87e447ae70ef545fdef1):
feat(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
([#&#8203;4485](https://togithub.com/goreleaser/goreleaser/issues/4485))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`a73fcfc`](https://togithub.com/goreleaser/goreleaser/commit/a73fcfc5d96a6e0d7127d0b0665db6d8cbd1fa37):
feat(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0
([#&#8203;4416](https://togithub.com/goreleaser/goreleaser/issues/4416))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`5587cb2`](https://togithub.com/goreleaser/goreleaser/commit/5587cb2cb7562eac0b86749e6ed14ffb3c78593c):
feat(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0
([#&#8203;4445](https://togithub.com/goreleaser/goreleaser/issues/4445))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`5c2cbb3`](https://togithub.com/goreleaser/goreleaser/commit/5c2cbb3417ddd0847a97e153a7f620595ea2d083):
feat(deps): bump golang.org/x/tools from 0.14.0 to 0.15.0
([#&#8203;4417](https://togithub.com/goreleaser/goreleaser/issues/4417))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`2f1162a`](https://togithub.com/goreleaser/goreleaser/commit/2f1162a2a4afda8c5d59e45236f9e7acfef43590):
feat(deps): bump golang.org/x/tools from 0.15.0 to 0.16.0
([#&#8203;4444](https://togithub.com/goreleaser/goreleaser/issues/4444))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`7b5a858`](https://togithub.com/goreleaser/goreleaser/commit/7b5a85839a7020372c3faf9e317f0010136f6721):
feat(deps): bump golang.org/x/tools from 0.16.0 to 0.16.1
([#&#8203;4478](https://togithub.com/goreleaser/goreleaser/issues/4478))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])
-
[`853275f`](https://togithub.com/goreleaser/goreleaser/commit/853275f37920134a8337d485c3667e8cc710a45d):
feat(deps): update go-github to v57
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`6e9ed05`](https://togithub.com/goreleaser/goreleaser/commit/6e9ed0561ec1f431be830096651f28f6b241cec8):
feat(deps): update nfpm to latest
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`7d29385`](https://togithub.com/goreleaser/goreleaser/commit/7d293855e81aef7f795429fc76da9e9109c661c4):
fix(deps): bump golang from 1.21.3-alpine to 1.21.4-alpine
([#&#8203;4414](https://togithub.com/goreleaser/goreleaser/issues/4414))
([@&#8203;dependabot](https://togithub.com/dependabot)\[bot])

##### Build process updates

-
[`4f17fba`](https://togithub.com/goreleaser/goreleaser/commit/4f17fba173ec6d8feb93b15607fc692dd2b64533):
build: fix setup-task rate limit
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`5a74601`](https://togithub.com/goreleaser/goreleaser/commit/5a74601559edeb6db85dc3e069d33e04836de7d3):
build: fix typo ([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`b0bf4eb`](https://togithub.com/goreleaser/goreleaser/commit/b0bf4eb0cd024e900042b3b28615e479fbdae900):
build: golangci config
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`9d2162b`](https://togithub.com/goreleaser/goreleaser/commit/9d2162b61c5d5ceb58e61919030743e79c94f78b):
build: report only new lint problems
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`18c109a`](https://togithub.com/goreleaser/goreleaser/commit/18c109a62af1dbff1dcc5a662c6bf8e2a60633af):
build: simplify changelog on nightly builds
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`be9ad4d`](https://togithub.com/goreleaser/goreleaser/commit/be9ad4d47dd09c218c8fd32b321a99ff7eb5956d):
build: update workflow
([@&#8203;caarlos0](https://togithub.com/caarlos0))

##### Other work

-
[`a5f7678`](https://togithub.com/goreleaser/goreleaser/commit/a5f767832a8e7a4832249576318820481beb6069):
SBOM improvements
([#&#8203;4430](https://togithub.com/goreleaser/goreleaser/issues/4430))
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`6bce81c`](https://togithub.com/goreleaser/goreleaser/commit/6bce81c0bef158590dc65dcb6ccce1d3cb426c04):
docs(azblob): correct auth to Azure storage service
([#&#8203;4439](https://togithub.com/goreleaser/goreleaser/issues/4439))
([@&#8203;librucha](https://togithub.com/librucha))
-
[`d83243c`](https://togithub.com/goreleaser/goreleaser/commit/d83243cc28900f3583e3d921eeccf3b0bb69e6f6):
docs(sbom): improve sbom alternative example
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`532879e`](https://togithub.com/goreleaser/goreleaser/commit/532879ea9247650061a5544a2d23dfb09d6861ea):
docs: Removed the duplicate GoReleaser Pro entry
([#&#8203;4456](https://togithub.com/goreleaser/goreleaser/issues/4456))
([@&#8203;cafferata](https://togithub.com/cafferata))
-
[`b7be447`](https://togithub.com/goreleaser/goreleaser/commit/b7be447e0a727c7a9eefcad2eb0447bea23dc2b1):
docs: add flipt to USERS
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`522ab11`](https://togithub.com/goreleaser/goreleaser/commit/522ab11bf3dd846fd1b61500b533e269a242c6a4):
docs: fix broken link
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`3ec68fb`](https://togithub.com/goreleaser/goreleaser/commit/3ec68fbf8c3a1b16ca0f69aeccfb93765685b643):
docs: fix broken link
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`233c4bc`](https://togithub.com/goreleaser/goreleaser/commit/233c4bc26e7e518ad3ea6d71179a1ef538048c52):
docs: fix changelog subgroups docs
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`d2c0e4c`](https://togithub.com/goreleaser/goreleaser/commit/d2c0e4c6ad93c950c1462a653fef854c05f6e14d):
docs: fix typo
([#&#8203;4447](https://togithub.com/goreleaser/goreleaser/issues/4447))
([@&#8203;EverythingSuckz](https://togithub.com/EverythingSuckz))
-
[`582ff38`](https://togithub.com/goreleaser/goreleaser/commit/582ff3808db1fa4339324031f60c1682f26669f6):
docs: fix typo in check_boxes
([#&#8203;4499](https://togithub.com/goreleaser/goreleaser/issues/4499))
([@&#8203;jidckii](https://togithub.com/jidckii))
-
[`d89557b`](https://togithub.com/goreleaser/goreleaser/commit/d89557b27711224dfc4d3f91c3bd2172b1747090):
docs: install should say the required Go version
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`b682fdf`](https://togithub.com/goreleaser/goreleaser/commit/b682fdf7bb3d10644ea9978f1655fcc9d74cc520):
docs: mention that snaps cant be built inside docker
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`c1b7139`](https://togithub.com/goreleaser/goreleaser/commit/c1b71396c6e8d36e6e2bbae9047e687ed9da167a):
docs: update ([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`11e5682`](https://togithub.com/goreleaser/goreleaser/commit/11e5682165ad40dff9f65e864df4e922fbf7bb0c):
docs: update CONTRIBUTING.md add upx as optional prerequesite
([#&#8203;4427](https://togithub.com/goreleaser/goreleaser/issues/4427))
([@&#8203;gabrielcipriano](https://togithub.com/gabrielcipriano))
-
[`149b178`](https://togithub.com/goreleaser/goreleaser/commit/149b1780945cfcda1ca2291c45f28f319b5ece2f):
docs: update deprecated `--skip-publish` release flag
([#&#8203;4449](https://togithub.com/goreleaser/goreleaser/issues/4449))
([@&#8203;ixje](https://togithub.com/ixje))
-
[`429ddb1`](https://togithub.com/goreleaser/goreleaser/commit/429ddb175075ff00412be1b6206127c03fd53966):
docs: update details about cosign and certificate
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`910b837`](https://togithub.com/goreleaser/goreleaser/commit/910b837f7df4b259ab14d687ed7a77415ad2c2c9):
docs: update snap link
([#&#8203;4486](https://togithub.com/goreleaser/goreleaser/issues/4486))
([@&#8203;lucacome](https://togithub.com/lucacome))
-
[`df982a6`](https://togithub.com/goreleaser/goreleaser/commit/df982a6a3b402f0a3bf9147473a5adda0da08d6b):
docs: update the link to the go wiki page on first-class ports
([#&#8203;4490](https://togithub.com/goreleaser/goreleaser/issues/4490))
([@&#8203;smlx](https://togithub.com/smlx))
-
[`7e48196`](https://togithub.com/goreleaser/goreleaser/commit/7e481967b3e527dc45b85d7e41d3b6540ae3f4ed):
docs: update users, blog posts divider
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`6491631`](https://togithub.com/goreleaser/goreleaser/commit/64916314c7b402b42fde8cde78349fcdb07c0cdf):
docs: update users.md
([@&#8203;caarlos0](https://togithub.com/caarlos0))
-
[`6f598dc`](https://togithub.com/goreleaser/goreleaser/commit/6f598dc9b01b005f5e07fe11790b6a7bb85641c1):
refactor(brew): use cases.Title instead of strings.Title
([@&#8203;caarlos0](https://togithub.com/caarlos0))

**Full Changelog**:
goreleaser/goreleaser@v1.22.0...v1.23.0

#### Helping out

This release is only possible thanks to **all** the support of some
**awesome people**!

Want to be one of them?
You can [sponsor](https://goreleaser.com/sponsors/), get a [Pro
License](https://goreleaser.com/pro) or [contribute with
code](https://goreleaser.com/contributing).

#### Where to go next?

- Find examples and commented usage of all options in our
[website](https://goreleaser.com/intro/).
- Reach out on [Discord](https://discord.gg/RGEBtg8vQ6) and
[Twitter](https://twitter.com/goreleaser)!

<a href="https://goreleaser.com"><img
src="https://raw.githubusercontent.com/goreleaser/artwork/master/opencollective-header.png"
with="100%" alt="GoReleaser logo"></a>

</details>

<details>
<summary>twmb/franz-go (github.com/twmb/franz-go)</summary>

###
[`v1.15.4`](https://togithub.com/twmb/franz-go/blob/HEAD/CHANGELOG.md#v1154)

[Compare
Source](https://togithub.com/twmb/franz-go/compare/v1.15.3...v1.15.4)

\===

This patch release fixes a difficult to encounter, but
fatal-for-group-consuming bug.

The sequence of events to trigger this bug:

-   OffsetCommit is issued before Heartbeat
- The coordinator for the group needs to be loaded (so, likely, a
previous `NOT_COORDINATOR` error was received)
-   OffsetCommit triggers the load
- a second OffsetCommit happens while the first is still running,
canceling the first OffsetCommit's context

In this sequence of events, FindCoordinator will fail with
`context.Canceled`
and, importantly, also return that error to Heartbeat. In the guts of
the
client, a `context.Canceled` error *should* only happen when a group is
being
left, so this error is recognized as a group-is-leaving error and the
group
management goroutine exits. Thus, the group is never rejoined.

This likely requires a system to be overloaded to begin with, because
FindCoordinator requests are usually very fast.

The fix is to use the client context when issuing FindCoordinator,
rather than
the parent request. The parent request can still quit, but
FindCoordinator
continues. No parent request can affect any other waiting request.

This patch also includes a dep bump for everything but
klauspost/compress;
klauspost/compress changed go.mod to require go1.19, while this repo
still
requires 1.18. v1.16 will change to require 1.19 and then this repo will
bump
klauspost/compress.

There were multiple additions to the yet-unversioned kfake package, so
that an
advanced "test" could be written to trigger the behavior for this patch
and
then ensure it is fixed. To see the test, please check the comment on PR
[650](https://togithub.com/twmb/franz-go/pull/650).

- [`7d050fc`](https://togithub.com/twmb/franz-go/commit/7d050fc) kgo: do
not cancel FindCoordinator if the parent context cancels

</details>

<details>
<summary>vektra/mockery (github.com/vektra/mockery/v2)</summary>

###
[`v2.39.1`](https://togithub.com/vektra/mockery/releases/tag/v2.39.1)

[Compare
Source](https://togithub.com/vektra/mockery/compare/v2.39.0...v2.39.1)

#### Changelog

- [`5c62fda`](https://togithub.com/vektra/mockery/commit/5c62fda) Add
MongoDB as user of mockery
- [`a199cfb`](https://togithub.com/vektra/mockery/commit/a199cfb) Add
clarification on internal error
- [`5254b81`](https://togithub.com/vektra/mockery/commit/5254b81) Merge
pull request
[#&#8203;741](https://togithub.com/vektra/mockery/issues/741) from
LandonTClipp/clarification
- [`b9df18e`](https://togithub.com/vektra/mockery/commit/b9df18e) Merge
pull request
[#&#8203;742](https://togithub.com/vektra/mockery/issues/742) from
LandonTClipp/mongo

###
[`v2.39.0`](https://togithub.com/vektra/mockery/releases/tag/v2.39.0)

[Compare
Source](https://togithub.com/vektra/mockery/compare/v2.38.0...v2.39.0)

#### Changelog

- [`b248492`](https://togithub.com/vektra/mockery/commit/b248492) Don't
recurse into submodules on `recursive: true`
- [`4f9dc15`](https://togithub.com/vektra/mockery/commit/4f9dc15) Merge
pull request
[#&#8203;740](https://togithub.com/vektra/mockery/issues/740) from
LandonTClipp/monorepo

</details>

<details>
<summary>grpc/grpc-go (google.golang.org/grpc)</summary>

### [`v1.60.1`](https://togithub.com/grpc/grpc-go/releases/tag/v1.60.1)

[Compare
Source](https://togithub.com/grpc/grpc-go/compare/v1.60.0...v1.60.1)

### Bug Fixes

- server: fix two bugs that could lead to panics at shutdown when using
[NumStreamWorkers](https://pkg.go.dev/google.golang.org/grpc#NumStreamWorkers)
(experimental feature).

</details>

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerbos/cerbos).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Dennis Buduev <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Dennis Buduev <[email protected]>
charithe referenced this issue in cerbos/cerbos-sdk-go Dec 27, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [google.golang.org/grpc](https://togithub.com/grpc/grpc-go) |
`v1.60.0` -> `v1.60.1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgrpc/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgrpc/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgrpc/v1.60.0/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgrpc/v1.60.0/v1.60.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>grpc/grpc-go (google.golang.org/grpc)</summary>

### [`v1.60.1`](https://togithub.com/grpc/grpc-go/releases/tag/v1.60.1)

[Compare
Source](https://togithub.com/grpc/grpc-go/compare/v1.60.0...v1.60.1)

### Bug Fixes

- server: fix two bugs that could lead to panics at shutdown when using
[NumStreamWorkers](https://pkg.go.dev/google.golang.org/grpc#NumStreamWorkers)
(experimental feature).

</details>

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerbos/cerbos-sdk-go).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
bogdandrutu referenced this issue in open-telemetry/opentelemetry-collector Dec 29, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: opentelemetrybot <[email protected]>
tdeebswihart added a commit to temporalio/api-go that referenced this issue Jan 3, 2024
This commit ports over the fixes (and tests) for the two DOS bugs fixed
by golang/protobuf recently:

1. golang/protobuf#1583
2. golang/protobuf#1584

These changes come from protocolbuffers/protobuf-go@bfcd647
tdeebswihart added a commit to temporalio/api-go that referenced this issue Jan 3, 2024
This commit ports over the fixes (and tests) for the two DOS bugs fixed
by golang/protobuf recently:

1. golang/protobuf#1583
2. golang/protobuf#1584

These changes come from protocolbuffers/protobuf-go@bfcd647
michaelkedar referenced this issue in google/osv.dev Jan 9, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway)
| `v2.18.1` -> `v2.19.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.18.1/v2.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.18.1/v2.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
| [go](https://go.dev/) ([source](https://togithub.com/golang/go)) |
`1.21.5` -> `1.21.6` |
[![age](https://developer.mend.io/api/mc/badges/age/golang-version/go/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/golang-version/go/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/golang-version/go/1.21.5/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/golang-version/go/1.21.5/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| golang | patch |
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| require | minor |
| | All locks refreshed |
[![age](https://developer.mend.io/api/mc/badges/age///?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption///?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility////?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence////?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| | lockFileMaintenance |
| [jekyll-feed](https://togithub.com/jekyll/jekyll-feed) | `0.15.1` ->
`0.17.0` |
[![age](https://developer.mend.io/api/mc/badges/age/rubygems/jekyll-feed/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/rubygems/jekyll-feed/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/rubygems/jekyll-feed/0.15.1/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/rubygems/jekyll-feed/0.15.1/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| | minor |

---

### Release Notes

<details>
<summary>grpc-ecosystem/grpc-gateway
(github.com/grpc-ecosystem/grpc-gateway/v2)</summary>

###
[`v2.19.0`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.19.0)

[Compare
Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.18.1...v2.19.0)

#### What's Changed

- fix: use req.Body instead of IOReaderFactory when possible by
[@&#8203;leungster](https://togithub.com/leungster) in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3727](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3727)
- runtime: Add outgoing trailer matching by
[@&#8203;adriansmares](https://togithub.com/adriansmares) in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3725](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3725)
- Add openapiv2\_opt support for passing values to go templates via cli
by [@&#8203;500poundbear](https://togithub.com/500poundbear) in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3764](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3764)
- \[Bug
[#&#8203;3829](https://togithub.com/grpc-ecosystem/grpc-gateway/issues/3829)]
\[protoc-gen-openapiv2] consider openapiv2\_tag.name attribute when
generating ope… by [@&#8203;omrikiei](https://togithub.com/omrikiei) in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3830](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3830)
- feat: partial message created as named definitions by
[@&#8203;nkcr](https://togithub.com/nkcr) in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3743](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3743)
- Fix name tags in methods by
[@&#8203;omrikiei](https://togithub.com/omrikiei) in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3843](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3843)
- Revert
[`4c79b45`](https://togithub.com/grpc-ecosystem/grpc-gateway/commit/4c79b45386348459926176911cb6b35f6f53dcdc)
by [@&#8203;johanbrandhorst](https://togithub.com/johanbrandhorst) in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3856](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3856)

#### New Contributors

- [@&#8203;leungster](https://togithub.com/leungster) made their first
contribution in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3727](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3727)
- [@&#8203;adriansmares](https://togithub.com/adriansmares) made their
first contribution in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3725](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3725)
- [@&#8203;500poundbear](https://togithub.com/500poundbear) made their
first contribution in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3764](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3764)
- [@&#8203;omrikiei](https://togithub.com/omrikiei) made their first
contribution in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3830](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3830)
- [@&#8203;nkcr](https://togithub.com/nkcr) made their first
contribution in
[https://github.com/grpc-ecosystem/grpc-gateway/pull/3743](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3743)

**Full Changelog**:
grpc-ecosystem/grpc-gateway@v2.18.1...v2.19.0

</details>

<details>
<summary>golang/go (go)</summary>

###
[`v1.21.6`](https://togithub.com/golang/go/compare/go1.21.5...go1.21.6)

</details>

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

<details>
<summary>jekyll/jekyll-feed (jekyll-feed)</summary>

###
[`v0.17.0`](https://togithub.com/jekyll/jekyll-feed/blob/HEAD/History.markdown#0170--2022-10-14)

[Compare
Source](https://togithub.com/jekyll/jekyll-feed/compare/v0.16.0...v0.17.0)

##### Documentation

- Update CI status badge
([#&#8203;363](https://togithub.com/jekyll/jekyll-feed/issues/363))

##### Development Fixes

- Add Ruby 3.1 to the CI matrix
([#&#8203;365](https://togithub.com/jekyll/jekyll-feed/issues/365))

##### Minor Enhancements

- Allow disabling of jekyll-feed while in development
([#&#8203;370](https://togithub.com/jekyll/jekyll-feed/issues/370))

###
[`v0.16.0`](https://togithub.com/jekyll/jekyll-feed/blob/HEAD/History.markdown#0160--2022-01-03)

[Compare
Source](https://togithub.com/jekyll/jekyll-feed/compare/v0.15.1...v0.16.0)

##### Minor Enhancements

- Add support for `page.description` in front matter to become entry
`<summary>`
([#&#8203;297](https://togithub.com/jekyll/jekyll-feed/issues/297))

##### Bug Fixes

- Fold private methods into the `:render` method as local variables
([#&#8203;327](https://togithub.com/jekyll/jekyll-feed/issues/327))
- Check `post.categories` instead of `post.category`
([#&#8203;357](https://togithub.com/jekyll/jekyll-feed/issues/357))
- Switched xml_escape for `<![CDATA[]]>` for post content
([#&#8203;332](https://togithub.com/jekyll/jekyll-feed/issues/332))

##### Development Fixes

- Add Ruby 3.0 to CI
([#&#8203;337](https://togithub.com/jekyll/jekyll-feed/issues/337))
- Lock RuboCop to v1.18.x
([#&#8203;348](https://togithub.com/jekyll/jekyll-feed/issues/348))
- Add workflow to release gem via GH Action
([#&#8203;355](https://togithub.com/jekyll/jekyll-feed/issues/355))

##### Documentation

- Use `.atom` extension in documented examples since we write an Atom
feed ([#&#8203;359](https://togithub.com/jekyll/jekyll-feed/issues/359))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
cparkins referenced this issue in AmadeusITGroup/opentelemetry-collector-contrib Jan 10, 2024
…0220)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector-contrib).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: opentelemetrybot <[email protected]>
another-rex referenced this issue in google/osv-scanner Feb 5, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
| [deps.dev/api/v3alpha](https://togithub.com/google/deps.dev) | require
| digest | `00b51ef` -> `c339c64` |
[![age](https://developer.mend.io/api/mc/badges/age/go/deps.dev%2fapi%2fv3alpha/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/deps.dev%2fapi%2fv3alpha/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/deps.dev%2fapi%2fv3alpha/v0.0.0-20240109042716-00b51ef52ece/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/deps.dev%2fapi%2fv3alpha/v0.0.0-20240109042716-00b51ef52ece/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [deps.dev/util/resolve](https://togithub.com/google/deps.dev) |
require | digest | `00b51ef` -> `c339c64` |
[![age](https://developer.mend.io/api/mc/badges/age/go/deps.dev%2futil%2fresolve/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/deps.dev%2futil%2fresolve/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/deps.dev%2futil%2fresolve/v0.0.0-20240109042716-00b51ef52ece/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/deps.dev%2futil%2fresolve/v0.0.0-20240109042716-00b51ef52ece/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [deps.dev/util/semver](https://togithub.com/google/deps.dev) | require
| digest | `1e316b8` -> `c339c64` |
[![age](https://developer.mend.io/api/mc/badges/age/go/deps.dev%2futil%2fsemver/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/deps.dev%2futil%2fsemver/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/deps.dev%2futil%2fsemver/v0.0.0-20240109040450-1e316b822bc4/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/deps.dev%2futil%2fsemver/v0.0.0-20240109040450-1e316b822bc4/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[github.com/gkampitakis/go-snaps](https://togithub.com/gkampitakis/go-snaps)
| require | minor | `v0.4.12` -> `v0.5.2` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgkampitakis%2fgo-snaps/v0.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgkampitakis%2fgo-snaps/v0.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgkampitakis%2fgo-snaps/v0.4.12/v0.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgkampitakis%2fgo-snaps/v0.4.12/v0.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[github.com/ianlancetaylor/demangle](https://togithub.com/ianlancetaylor/demangle)
| require | digest | `964b1d5` -> `1f824a1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fianlancetaylor%2fdemangle/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fianlancetaylor%2fdemangle/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fianlancetaylor%2fdemangle/v0.0.0-20240117034632-964b1d53ca6c/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fianlancetaylor%2fdemangle/v0.0.0-20240117034632-964b1d53ca6c/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[github.com/jedib0t/go-pretty/v6](https://togithub.com/jedib0t/go-pretty)
| require | patch | `v6.5.3` -> `v6.5.4` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.3/v6.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.3/v6.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [go](https://go.dev/) ([source](https://togithub.com/golang/go)) |
golang | patch | `1.21.5` -> `1.21.6` |
[![age](https://developer.mend.io/api/mc/badges/age/golang-version/go/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/golang-version/go/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/golang-version/go/1.21.5/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/golang-version/go/1.21.5/1.21.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| golang.org/x/exp | require | digest | `1b97071` -> `2c58cdc` |
[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fexp/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fexp/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fexp/v0.0.0-20240119083558-1b970713d09a/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fexp/v0.0.0-20240119083558-1b970713d09a/?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [google.golang.org/grpc](https://togithub.com/grpc/grpc-go) | require
| minor | `v1.60.1` -> `v1.61.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgrpc/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgrpc/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgrpc/v1.60.1/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgrpc/v1.60.1/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| require | minor | `v1.31.0` -> `v1.32.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.32.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>gkampitakis/go-snaps
(github.com/gkampitakis/go-snaps)</summary>

###
[`v0.5.2`](https://togithub.com/gkampitakis/go-snaps/compare/v0.5.1...v0.5.2)

[Compare
Source](https://togithub.com/gkampitakis/go-snaps/compare/v0.5.1...v0.5.2)

###
[`v0.5.1`](https://togithub.com/gkampitakis/go-snaps/releases/tag/v0.5.1)

[Compare
Source](https://togithub.com/gkampitakis/go-snaps/compare/v0.5.0...v0.5.1)

#### What's Changed

- fix: replace `Print` with `Println` by
[@&#8203;G-Rath](https://togithub.com/G-Rath) in
[https://github.com/gkampitakis/go-snaps/pull/94](https://togithub.com/gkampitakis/go-snaps/pull/94)

**Full Changelog**:
gkampitakis/go-snaps@v0.5.0...v0.5.1

###
[`v0.5.0`](https://togithub.com/gkampitakis/go-snaps/releases/tag/v0.5.0)

[Compare
Source](https://togithub.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0)

#### What's Changed

- docs: improve readme code formatting and grammar by
[@&#8203;G-Rath](https://togithub.com/G-Rath) in
[https://github.com/gkampitakis/go-snaps/pull/85](https://togithub.com/gkampitakis/go-snaps/pull/85)
- docs: improve `TestMain` references by
[@&#8203;G-Rath](https://togithub.com/G-Rath) in
[https://github.com/gkampitakis/go-snaps/pull/86](https://togithub.com/gkampitakis/go-snaps/pull/86)
- chore(docs): minor improvements by
[@&#8203;gkampitakis](https://togithub.com/gkampitakis) in
[https://github.com/gkampitakis/go-snaps/pull/89](https://togithub.com/gkampitakis/go-snaps/pull/89)
- chore: clean up test mocks and change getTestID param order by
[@&#8203;gkampitakis](https://togithub.com/gkampitakis) in
[https://github.com/gkampitakis/go-snaps/pull/92](https://togithub.com/gkampitakis/go-snaps/pull/92)
- feat: don't create multiple snapshots when -test.count>1 by
[@&#8203;gkampitakis](https://togithub.com/gkampitakis) in
[https://github.com/gkampitakis/go-snaps/pull/90](https://togithub.com/gkampitakis/go-snaps/pull/90)

#### Breaking changes ❗

On `v0.5.0` when running tests with `test.count>1` flag a call to create
a snapshot will not create multiple instances of the same snapshot, but
it will create the snapshot once and then subsequent execution will test
against that snapshot. Look at issue
[https://github.com/gkampitakis/go-snaps/issues/87](https://togithub.com/gkampitakis/go-snaps/issues/87)

#### New Contributors

- [@&#8203;G-Rath](https://togithub.com/G-Rath) made their first
contribution in
[https://github.com/gkampitakis/go-snaps/pull/85](https://togithub.com/gkampitakis/go-snaps/pull/85)

**Full Changelog**:
gkampitakis/go-snaps@v0.4.12...v0.5.0

</details>

<details>
<summary>jedib0t/go-pretty (github.com/jedib0t/go-pretty/v6)</summary>

###
[`v6.5.4`](https://togithub.com/jedib0t/go-pretty/releases/tag/v6.5.4)

[Compare
Source](https://togithub.com/jedib0t/go-pretty/compare/v6.5.3...v6.5.4)

#### What's Changed

- table: fix SuppressTrailingSpaces removing spaces from the beginning
by [@&#8203;ilya-lesikov](https://togithub.com/ilya-lesikov) in
[https://github.com/jedib0t/go-pretty/pull/295](https://togithub.com/jedib0t/go-pretty/pull/295)
- table: fix documentation for merges by
[@&#8203;jedib0t](https://togithub.com/jedib0t) in
[https://github.com/jedib0t/go-pretty/pull/296](https://togithub.com/jedib0t/go-pretty/pull/296)

#### New Contributors

- [@&#8203;ilya-lesikov](https://togithub.com/ilya-lesikov) made their
first contribution in
[https://github.com/jedib0t/go-pretty/pull/295](https://togithub.com/jedib0t/go-pretty/pull/295)

**Full Changelog**:
jedib0t/go-pretty@v6.5.3...v6.5.4

</details>

<details>
<summary>golang/go (go)</summary>

###
[`v1.21.6`](https://togithub.com/golang/go/compare/go1.21.5...go1.21.6)

</details>

<details>
<summary>grpc/grpc-go (google.golang.org/grpc)</summary>

### [`v1.61.0`](https://togithub.com/grpc/grpc-go/releases/tag/v1.61.0):
Release 1.61.0

[Compare
Source](https://togithub.com/grpc/grpc-go/compare/v1.60.1...v1.61.0)

### New Features

- resolver: provide method, `AuthorityOverrider`, to allow
resolver.Builders to override the default authority for a `ClientConn`.
(EXPERIMENTAL)
([#&#8203;6752](https://togithub.com/grpc/grpc-go/issues/6752))
- Special Thanks:
[@&#8203;Aditya-Sood](https://togithub.com/Aditya-Sood)
- xds: add support for mTLS Credentials in xDS bootstrap ([gRFC
A65](github.com/grpc/proposal/blob/8c31bfedded5f0a51c4933e9e9a8246122f9c41a/A65-xds-mtls-creds-in-bootstrap.md))
([#&#8203;6757](https://togithub.com/grpc/grpc-go/issues/6757))
- Special Thanks: [@&#8203;atollena](https://togithub.com/atollena)
- server: add `grpc.WaitForHandlers` `ServerOption` to cause
`Server.Stop` to block until method handlers return. (EXPERIMENTAL)
([#&#8203;6922](https://togithub.com/grpc/grpc-go/issues/6922))

### Performance Improvements

- grpc: skip compression of empty messages as an optimization
([#&#8203;6842](https://togithub.com/grpc/grpc-go/issues/6842))
    -   Special Thanks: [@&#8203;jroper](https://togithub.com/jroper)
- orca: use atomic pointer to improve performance in server metrics
recorder ([#&#8203;6799](https://togithub.com/grpc/grpc-go/issues/6799))
- Special Thanks:
[@&#8203;danielzhaotongliu](https://togithub.com/danielzhaotongliu)

### Bug Fixes

- client: correctly enable TCP keepalives with OS defaults on windows
([#&#8203;6863](https://togithub.com/grpc/grpc-go/issues/6863))
- Special Thanks: [@&#8203;mmatczuk](https://togithub.com/mmatczuk)
- server: change some stream operations to return `UNAVAILABLE` instead
of `UNKNOWN` when underlying connection is broken
([#&#8203;6891](https://togithub.com/grpc/grpc-go/issues/6891))
- Special Thanks:
[@&#8203;mustafasen81](https://togithub.com/mustafasen81)
- server: fix `GracefulStop` to block until all method handlers return
(v1.60 regression).
([#&#8203;6922](https://togithub.com/grpc/grpc-go/issues/6922))
- server: fix two bugs that could lead to panics at shutdown when using
[`NumStreamWorkers`](https://pkg.go.dev/google.golang.org/grpc#NumStreamWorkers)
(EXPERIMENTAL).
([#&#8203;6856](https://togithub.com/grpc/grpc-go/issues/6856))
- reflection: do not send invalid descriptors to clients for files that
cannot be fully resolved
([#&#8203;6771](https://togithub.com/grpc/grpc-go/issues/6771))
    -   Special Thanks: [@&#8203;jhump](https://togithub.com/jhump)
- xds: don't fail channel/server startup when xds creds is specified,
but bootstrap is missing certificate providers
([#&#8203;6848](https://togithub.com/grpc/grpc-go/issues/6848))
- xds: Atomically read and write xDS security configuration client side
([#&#8203;6796](https://togithub.com/grpc/grpc-go/issues/6796))
- xds/server: fix RDS handling for non-inline route configs
([#&#8203;6915](https://togithub.com/grpc/grpc-go/issues/6915))

</details>

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
renovate bot referenced this issue in DelineaXPM/dsv-k8s Mar 26, 2024
…rity] (#116)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.31.0` -> `v1.33.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.31.0/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.31.0/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786)

The protojson.Unmarshal function can enter an infinite loop when
unmarshaling certain forms of invalid JSON. This condition can occur
when unmarshaling into a message which contains a google.protobuf.Any
value, or when the UnmarshalOptions.DiscardUnknown option is set.

---

### Golang protojson.Unmarshal function infinite loop when unmarshaling
certain forms of invalid JSON
[CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786) /
[GHSA-8r3f-844c-mc37](https://togithub.com/advisories/GHSA-8r3f-844c-mc37)
/ [GO-2024-2611](https://pkg.go.dev/vuln/GO-2024-2611)

<details>
<summary>More information</summary>

#### Details
The protojson.Unmarshal function can enter an infinite loop when
unmarshaling certain forms of invalid JSON. This condition can occur
when unmarshaling into a message which contains a google.protobuf.Any
value, or when the UnmarshalOptions.DiscardUnknown option is set.

#### Severity
Moderate

#### References
-
[https://nvd.nist.gov/vuln/detail/CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786)
-
[https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023](https://togithub.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023)
-
[https://github.com/protocolbuffers/protobuf-go](https://togithub.com/protocolbuffers/protobuf-go)
-
[https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0)
- [https://go.dev/cl/569356](https://go.dev/cl/569356)
-
[https://lists.fedoraproject.org/archives/list/[email protected]/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU](https://lists.fedoraproject.org/archives/list/[email protected]/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU)
-
[https://pkg.go.dev/vuln/GO-2024-2611](https://pkg.go.dev/vuln/GO-2024-2611)

This data is provided by
[OSV](https://osv.dev/vulnerability/GHSA-8r3f-844c-mc37) and the [GitHub
Advisory Database](https://togithub.com/github/advisory-database)
([CC-BY
4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Infinite loop in JSON unmarshaling in google.golang.org/protobuf
[CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786) /
[GHSA-8r3f-844c-mc37](https://togithub.com/advisories/GHSA-8r3f-844c-mc37)
/ [GO-2024-2611](https://pkg.go.dev/vuln/GO-2024-2611)

<details>
<summary>More information</summary>

#### Details
The protojson.Unmarshal function can enter an infinite loop when
unmarshaling certain forms of invalid JSON. This condition can occur
when unmarshaling into a message which contains a google.protobuf.Any
value, or when the UnmarshalOptions.DiscardUnknown option is set.

#### Severity
Unknown

#### References
- [https://go.dev/cl/569356](https://go.dev/cl/569356)

This data is provided by
[OSV](https://osv.dev/vulnerability/GO-2024-2611) and the [Go
Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY
4.0](https://togithub.com/golang/vulndb#license)).
</details>

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.33.0`](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.32.0...v1.33.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.32.0...v1.33.0)

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/DelineaXPM/dsv-k8s).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot referenced this issue in DelineaXPM/terraform-provider-dsv Mar 28, 2024
…rity] (#79)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)
| `v1.30.0` -> `v1.33.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.30.0/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.30.0/v1.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786)

The protojson.Unmarshal function can enter an infinite loop when
unmarshaling certain forms of invalid JSON. This condition can occur
when unmarshaling into a message which contains a google.protobuf.Any
value, or when the UnmarshalOptions.DiscardUnknown option is set.

---

### Infinite loop in JSON unmarshaling in google.golang.org/protobuf
[CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786) /
[GHSA-8r3f-844c-mc37](https://togithub.com/advisories/GHSA-8r3f-844c-mc37)
/ [GO-2024-2611](https://pkg.go.dev/vuln/GO-2024-2611)

<details>
<summary>More information</summary>

#### Details
The protojson.Unmarshal function can enter an infinite loop when
unmarshaling certain forms of invalid JSON. This condition can occur
when unmarshaling into a message which contains a google.protobuf.Any
value, or when the UnmarshalOptions.DiscardUnknown option is set.

#### Severity
Unknown

#### References
- [https://go.dev/cl/569356](https://go.dev/cl/569356)

This data is provided by
[OSV](https://osv.dev/vulnerability/GO-2024-2611) and the [Go
Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY
4.0](https://togithub.com/golang/vulndb#license)).
</details>

---

### Golang protojson.Unmarshal function infinite loop when unmarshaling
certain forms of invalid JSON
[CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786) /
[GHSA-8r3f-844c-mc37](https://togithub.com/advisories/GHSA-8r3f-844c-mc37)
/ [GO-2024-2611](https://pkg.go.dev/vuln/GO-2024-2611)

<details>
<summary>More information</summary>

#### Details
The protojson.Unmarshal function can enter an infinite loop when
unmarshaling certain forms of invalid JSON. This condition can occur
when unmarshaling into a message which contains a google.protobuf.Any
value, or when the UnmarshalOptions.DiscardUnknown option is set.

#### Severity
Moderate

#### References
-
[https://nvd.nist.gov/vuln/detail/CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786)
-
[https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023](https://togithub.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023)
-
[https://github.com/protocolbuffers/protobuf-go](https://togithub.com/protocolbuffers/protobuf-go)
-
[https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0)
- [https://go.dev/cl/569356](https://go.dev/cl/569356)
-
[https://lists.fedoraproject.org/archives/list/[email protected]/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU](https://lists.fedoraproject.org/archives/list/[email protected]/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU)
-
[https://pkg.go.dev/vuln/GO-2024-2611](https://pkg.go.dev/vuln/GO-2024-2611)

This data is provided by
[OSV](https://osv.dev/vulnerability/GHSA-8r3f-844c-mc37) and the [GitHub
Advisory Database](https://togithub.com/github/advisory-database)
([CC-BY
4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go
(google.golang.org/protobuf)</summary>

###
[`v1.33.0`](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.32.0...v1.33.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.32.0...v1.33.0)

###
[`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**:
protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit
protocolbuffers/protobuf-go@bfcd647,
which fixes a denial of service vulnerability by preventing a stack
overflow through a default maximum recursion limit. See
[https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583)
and
[https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584)
for details.

###
[`v1.31.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.31.0)

[Compare
Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.30.0...v1.31.0)

##### Notable changes <a name="v1.31-notable-changes"></a>

**New Features**

-   [CL/489316](https://go.dev/cl/489316): types/dynamicpb: add NewTypes
- Add a function to construct a dynamic type registry from a
protoregistry.Files
- [CL/489615](https://go.dev/cl/489615): encoding: add MarshalAppend to
protojson and prototext

**Minor performance improvements**

- [CL/491596](https://go.dev/cl/491596): encoding/protodelim: If
UnmarshalFrom gets a bufio.Reader, try to reuse its buffer instead of
creating a new one
- [CL/500695](https://go.dev/cl/500695): proto: store the size of tag to
avoid multiple calculations

**Bug fixes**

- [CL/497935](https://go.dev/cl/497935): internal/order: fix sorting of
synthetic oneofs to be deterministic
- [CL/505555](https://go.dev/cl/505555): encoding/protodelim: fix
handling of io.EOF

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/DelineaXPM/terraform-provider-dsv).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
kodiakhq bot referenced this issue in cloudquery/cloudquery May 20, 2024
…ITY] (#18024)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go) | indirect | minor | `v1.31.0` -> `v1.33.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

### GitHub Vulnerability Alerts

#### [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786)

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

---

### Release Notes

<details>
<summary>protocolbuffers/protobuf-go (google.golang.org/protobuf)</summary>

### [`v1.33.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0)

[Compare Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.32.0...v1.33.0)

This release contains one security fix:

-   `encoding/protojson`: `Unmarshal` could enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a `google.protobuf.Any` value, or when the `UnmarshalOptions.DiscardUnknown` option is set. `Unmarshal` now correctly returns an error when handling these inputs. This is CVE-2024-24786.

### [`v1.32.0`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.32.0)

[Compare Source](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0)

**Full Changelog**: protocolbuffers/protobuf-go@v1.31.0...v1.32.0

This release contains commit protocolbuffers/protobuf-go@bfcd647, which fixes a denial of service vulnerability by preventing a stack overflow through a default maximum recursion limit. See [https://github.com/golang/protobuf/issues/1583](https://togithub.com/golang/protobuf/issues/1583) and [https://github.com/golang/protobuf/issues/1584](https://togithub.com/golang/protobuf/issues/1584) for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant