Bump the all-updates group across 1 directory with 5 updates #43

dependabot · 2025-01-07T20:59:36Z

Bumps the all-updates group with 5 updates in the / directory:

Package	From	To
github.com/go-resty/resty/v2	`2.15.3`	`2.16.2`
github.com/jedib0t/go-pretty/v6	`6.6.0`	`6.6.5`
github.com/labstack/echo/v4	`4.12.0`	`4.13.3`
github.com/urfave/cli/v2	`2.27.4`	`2.27.5`
google.golang.org/api	`0.199.0`	`0.215.0`

Updates github.com/go-resty/resty/v2 from 2.15.3 to 2.16.2

Release notes

Sourced from github.com/go-resty/resty/v2's releases.

v2.16.2

Release Notes

Bug Fixes

fix: buffer reuse and back to pool and release v2.16.2 by @jeevatkm in go-resty/resty#919

Full Changelog: go-resty/resty@v2.16.1...v2.16.2

v2.16.1

Release Notes

Bug Fixes

fix: buffer reset issue in io.Reader with content length enabled and release v2.16.1 by @jeevatkm in go-resty/resty#918

Full Changelog: go-resty/resty@v2.16.0...v2.16.1

v2.16.0

Release Notes

New Features

feat: option to set URL query params without encoding by @jeevatkm in go-resty/resty#885

Enhancements

Enhance buildCurlRequest for unit test by @yaziedda in go-resty/resty#884

Code optimizations by @jeevatkm in go-resty/resty#892

Documentation

release: version bump and readme update for v2.16.0 by @jeevatkm in go-resty/resty#907

New Contributors

@yaziedda made their first contribution in go-resty/resty#884

Full Changelog: go-resty/resty@v2.15.3...v2.16.0

Commits

c34e460 Merge pull request #919 from go-resty/fix-buffer-issue
43d5eca release: version bump and readme update for v2.16.2
9a9930f fix: buffer reuse and release #917
d598157 Merge pull request #918 from go-resty/buffer-reset-issue
253540b release: version bump and readme update for v2.16.1
67cf80b fix: buffer reset issue in io.Reader with content length enabled #917
feedf18 release: version bump and readme update for v2.16.0 (#907)
1c4960b Merge pull request #892 from go-resty/code-optimizations
cf921ad build: reduce test execution time
94aeffb refactor: optimize allocation
Additional commits viewable in compare view

Updates github.com/jedib0t/go-pretty/v6 from 6.6.0 to 6.6.5

Release notes

Sourced from github.com/jedib0t/go-pretty/v6's releases.

v6.6.5

What's Changed

text: Wrap* should account for display width; fixes #344 by @jedib0t in jedib0t/go-pretty#347

Full Changelog: jedib0t/go-pretty@v6.6.4...v6.6.5

v6.6.4

What's Changed

table: RowPainterWithAttributes by @jedib0t in jedib0t/go-pretty#346

Full Changelog: jedib0t/go-pretty@v6.6.3...v6.6.4

v6.6.3

What's Changed

table: ImportGrid to import a 1d or 2d grid as rows by @jedib0t in jedib0t/go-pretty#343

Full Changelog: jedib0t/go-pretty@v6.6.2...v6.6.3

v6.6.2

What's Changed

table: defaults for row/header/footer align/valign; fixes #340 by @jedib0t in jedib0t/go-pretty#341

Full Changelog: jedib0t/go-pretty@v6.6.1...v6.6.2

v6.6.1

What's Changed

table: auto expand columns with Style().Size.WidthMin by @jedib0t in jedib0t/go-pretty#335

progress: option to remove trackers from screen on completion by @jedib0t in jedib0t/go-pretty#336

table: change EmptySeparator to be a blank space; fixes #337 by @jedib0t in jedib0t/go-pretty#338

Full Changelog: jedib0t/go-pretty@v6.6.0...v6.6.1

Commits

bfe1b7c text: Wrap* should account for display width; fixes #344 (#347)
9dfb82e table: RowPainterWithAttributes; addresses #345 (#346)
5994546 table: ImportGrid to import a 1d or 2d grid as rows (#343)
ada7500 table: defaults for row/header/footer align/valign; fixes #340 (#341)
840c578 table: change EmptySeparator to be a blank space; fixes #337 (#338)
730bce7 progress: option to remove trackers on completion; fixes #321 (#336)
c27402a table: auto expand columns with Style().Size.WidthMin (#335)
See full diff in compare view

Updates github.com/labstack/echo/v4 from 4.12.0 to 4.13.3

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.13.3

Security

Update golang.org/x/net dependency GO-2024-3333 in labstack/echo#2722

Full Changelog: labstack/echo@v4.13.2...v4.13.3

v4.13.2 - update dependencies

Security

Update dependencies (dependabot reports https://pkg.go.dev/vuln/GO-2024-3321 by @aldas in labstack/echo#2721

Full Changelog: labstack/echo@v4.13.1...v4.13.2

v4.13.1

Fixes

Fix BindBody ignoring Transfer-Encoding: chunked requests (introduced in #2710) by @178inaba in labstack/echo#2717

Full Changelog: labstack/echo@v4.13.0...v4.13.1

JWT Middleware Removed

BREAKING CHANGE: JWT Middleware Removed from Core

The JWT middleware has been removed from Echo core due to another security vulnerability, CVE-2024-51744. For more details, refer to issue #2699. A drop-in replacement is available in the labstack/echo-jwt repository or see alternative implementation

Important: Direct assignments like token := c.Get("user").(*jwt.Token) will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from "github.com/golang-jwt/jwt" in your handlers to the new middleware version using "github.com/golang-jwt/jwt/v5".

Background:

The version of golang-jwt/jwt (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in [PR #1946](labstack/echo#1946). JWT middleware was marked as deprecated in Echo core as of v4.10.0 on 2022-12-27. If you did not notice that, consider leveraging tools like Staticcheck to catch such deprecations earlier in you dev/CI flow. For bonus points - check out gosec.

We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision.

Enhancements

remove jwt middleware by @stevenwhitehead in labstack/echo#2701

optimization: struct alignment by @behnambm in labstack/echo#2636

bind: Maintain backwards compatibility for map[string]interface{} binding by @thesaltree in labstack/echo#2656

Add Go 1.23 to CI by @aldas in labstack/echo#2675

improve MultipartForm test by @martinyonatann in labstack/echo#2682

bind : add support of multipart multi files by @martinyonatann in labstack/echo#2684

Add TemplateRenderer struct to ease creating renderers for html/template and text/template packages. by @aldas in labstack/echo#2690

Refactor TestBasicAuth to utilize table-driven test format by @ErikOlson in labstack/echo#2688

Remove broken header by @aldas in labstack/echo#2705

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.13.3 - 2024-12-19

Security

Update golang.org/x/net dependency GO-2024-3333 in labstack/echo#2722

v4.13.2 - 2024-12-12

Security

Update dependencies (dependabot reports GO-2024-3321) in labstack/echo#2721

v4.13.1 - 2024-12-11

Fixes

Fix BindBody ignoring Transfer-Encoding: chunked requests by @178inaba in labstack/echo#2717

v4.13.0 - 2024-12-04

BREAKING CHANGE JWT Middleware Removed from Core use labstack/echo-jwt instead

The JWT middleware has been removed from Echo core due to another security vulnerability, CVE-2024-51744. For more details, refer to issue #2699. A drop-in replacement is available in the labstack/echo-jwt repository.

Important: Direct assignments like token := c.Get("user").(*jwt.Token) will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from "github.com/golang-jwt/jwt" in your handlers to the new middleware version using "github.com/golang-jwt/jwt/v5".

Background:

The version of golang-jwt/jwt (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in [PR #1946](labstack/echo#1946). JWT middleware was marked as deprecated in Echo core as of v4.10.0 on 2022-12-27. If you did not notice that, consider leveraging tools like Staticcheck to catch such deprecations earlier in you dev/CI flow. For bonus points - check out gosec.

We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision.

Enhancements

remove jwt middleware by @stevenwhitehead in labstack/echo#2701

optimization: struct alignment by @behnambm in labstack/echo#2636

bind: Maintain backwards compatibility for map[string]interface{} binding by @thesaltree in labstack/echo#2656

Add Go 1.23 to CI by @aldas in labstack/echo#2675

improve MultipartForm test by @martinyonatann in labstack/echo#2682

bind : add support of multipart multi files by @martinyonatann in labstack/echo#2684

Add TemplateRenderer struct to ease creating renderers for html/template and text/template packages. by @aldas in labstack/echo#2690

Refactor TestBasicAuth to utilize table-driven test format by @ErikOlson in labstack/echo#2688

Remove broken header by @aldas in labstack/echo#2705

fix(bind body): content-length can be -1 by @phamvinhdat in labstack/echo#2710

... (truncated)

Commits

45524e3 Update golang.org/x/net dependency [GO-2024-3333](https://pkg.go.dev/vuln/GO-...
692bc2a Update dependencies (dependabot reports https://pkg.go.dev/vuln/GO-2024-3321)...
fd3f074 Changelog for v4.13.1 (#2719)
0368ed8 Add Conditions to Ensure Bind Succeeds with Transfer-Encoding: chunked (#2717)
3b01785 Changelog for 4.13.0 (#2712)
fe26277 remove jwt middleware
9e73691 Shorten Github issue template and add test example
118c163 CORS middleware should compile allowOrigin regexp at creation.
a973e3b add unit-test
c4410fe fix(bind body): content-length can be -1
Additional commits viewable in compare view

Updates github.com/urfave/cli/v2 from 2.27.4 to 2.27.5

Release notes

Sourced from github.com/urfave/cli/v2's releases.

v2.27.5

What's Changed

docs(flag): add UseShortOptionHandling description by @BlackHole1 in urfave/cli#1956

[Backport] Fix: Use $0 env var to correctly retrieve the current active shell by @asahasrabuddhe in urfave/cli#1970

Update dependencies in v2-maint by @meatballhat in urfave/cli#1980

Full Changelog: urfave/cli@v2.27.4...v2.27.5

Commits

f035ffa Merge pull request #1980 from urfave/v2-update-deps
6b0d484 Adjust test data doc to use current md2man format
6227bb0 Update dependencies to latest
bcc6869 Merge pull request #1970 from asahasrabuddhe/backport-issue-1884
e3ff573 fix: /bin/zsh env variable to retrieve current active shell
9114559 Merge pull request #1956 from BlackHole1/improve-flags-docs
584e28a Merge branch 'v2-maint' into improve-flags-docs
376a256 Update docs/v2/examples/flags.md
43eafe1 docs(flag): add UseShortOptionHandling description
See full diff in compare view

Updates google.golang.org/api from 0.199.0 to 0.215.0

Release notes

Sourced from google.golang.org/api's releases.

v0.215.0

0.215.0 (2025-01-01)

Features

all: Auto-regenerate discovery clients (#2933) (509aecd)

all: Auto-regenerate discovery clients (#2935) (b89d85a)

all: Auto-regenerate discovery clients (#2936) (c1849c7)

all: Auto-regenerate discovery clients (#2942) (d20ddf3)

v0.214.0

0.214.0 (2024-12-19)

Features

all: Auto-regenerate discovery clients (#2926) (7a17059)

all: Auto-regenerate discovery clients (#2931) (946a672)

v0.213.0

0.213.0 (2024-12-17)

Features

all: Auto-regenerate discovery clients (#2924) (a07467e)

v0.212.0

0.212.0 (2024-12-16)

Features

Add logging support (#2856) (ccc9019)

all: Auto-regenerate discovery clients (#2909) (c3b4421)

all: Auto-regenerate discovery clients (#2912) (f9e9be1)

all: Auto-regenerate discovery clients (#2916) (b46f348)

all: Auto-regenerate discovery clients (#2919) (5a3b270)

all: Auto-regenerate discovery clients (#2920) (ed29945)

all: Auto-regenerate discovery clients (#2922) (4fd4833)

Pass through logging in options (#2923) (2884c4e)

v0.211.0

0.211.0 (2024-12-10)

Features

all: Auto-regenerate discovery clients (#2897) (a7a9149)

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.215.0 (2025-01-01)

Features

all: Auto-regenerate discovery clients (#2933) (509aecd)

all: Auto-regenerate discovery clients (#2935) (b89d85a)

all: Auto-regenerate discovery clients (#2936) (c1849c7)

all: Auto-regenerate discovery clients (#2942) (d20ddf3)

0.214.0 (2024-12-19)

Features

all: Auto-regenerate discovery clients (#2926) (7a17059)

all: Auto-regenerate discovery clients (#2931) (946a672)

0.213.0 (2024-12-17)

Features

all: Auto-regenerate discovery clients (#2924) (a07467e)

0.212.0 (2024-12-16)

Features

Add logging support (#2856) (ccc9019)

all: Auto-regenerate discovery clients (#2909) (c3b4421)

all: Auto-regenerate discovery clients (#2912) (f9e9be1)

all: Auto-regenerate discovery clients (#2916) (b46f348)

all: Auto-regenerate discovery clients (#2919) (5a3b270)

all: Auto-regenerate discovery clients (#2920) (ed29945)

all: Auto-regenerate discovery clients (#2922) (4fd4833)

Pass through logging in options (#2923) (2884c4e)

0.211.0 (2024-12-10)

Features

all: Auto-regenerate discovery clients (#2897) (a7a9149)

all: Auto-regenerate discovery clients (#2899) (587a11d)

all: Auto-regenerate discovery clients (#2902) (d4cb90f)

all: Auto-regenerate discovery clients (#2903) (6528fb2)

all: Auto-regenerate discovery clients (#2905) (f37ece7)

all: Auto-regenerate discovery clients (#2906) (91960b1)

... (truncated)

Commits

6f4bd40 chore(main): release 0.215.0 (#2934)
d20ddf3 feat(all): auto-regenerate discovery clients (#2942)
01636c3 chore(all): update all (#2941)
d716600 chore(all): update all (#2938)
c1849c7 feat(all): auto-regenerate discovery clients (#2936)
b89d85a feat(all): auto-regenerate discovery clients (#2935)
509aecd feat(all): auto-regenerate discovery clients (#2933)
b9b7179 chore(main): release 0.214.0 (#2927)
aa743b8 chore(all): update module golang.org/x/net to v0.33.0 [SECURITY] (#2930)
946a672 feat(all): auto-regenerate discovery clients (#2931)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-updates group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) | `2.15.3` | `2.16.2` | | [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) | `6.6.0` | `6.6.5` | | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.12.0` | `4.13.3` | | [github.com/urfave/cli/v2](https://github.com/urfave/cli) | `2.27.4` | `2.27.5` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.199.0` | `0.215.0` | Updates `github.com/go-resty/resty/v2` from 2.15.3 to 2.16.2 - [Release notes](https://github.com/go-resty/resty/releases) - [Commits](go-resty/resty@v2.15.3...v2.16.2) Updates `github.com/jedib0t/go-pretty/v6` from 6.6.0 to 6.6.5 - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](jedib0t/go-pretty@v6.6.0...v6.6.5) Updates `github.com/labstack/echo/v4` from 4.12.0 to 4.13.3 - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](labstack/echo@v4.12.0...v4.13.3) Updates `github.com/urfave/cli/v2` from 2.27.4 to 2.27.5 - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](urfave/cli@v2.27.4...v2.27.5) Updates `google.golang.org/api` from 0.199.0 to 0.215.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.199.0...v0.215.0) --- updated-dependencies: - dependency-name: github.com/go-resty/resty/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-updates - dependency-name: github.com/labstack/echo/v4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-updates - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 7, 2025

dependabot bot mentioned this pull request Jan 7, 2025

Bump the all-updates group across 1 directory with 5 updates #42

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the all-updates group across 1 directory with 5 updates #43

Bump the all-updates group across 1 directory with 5 updates #43

Uh oh!

dependabot bot commented on behalf of github Jan 7, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the all-updates group across 1 directory with 5 updates #43

Are you sure you want to change the base?

Bump the all-updates group across 1 directory with 5 updates #43

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.16.2

Release Notes

Bug Fixes

v2.16.1

Release Notes

Bug Fixes

v2.16.0

Release Notes

New Features

Enhancements

Documentation

New Contributors

v6.6.5

What's Changed

v6.6.4

What's Changed

v6.6.3

What's Changed

v6.6.2

What's Changed

v6.6.1

What's Changed

v4.13.3

v4.13.2 - update dependencies

v4.13.1

JWT Middleware Removed

BREAKING CHANGE: JWT Middleware Removed from Core

v4.13.3 - 2024-12-19

v4.13.2 - 2024-12-12

v4.13.1 - 2024-12-11

v4.13.0 - 2024-12-04

v2.27.5

What's Changed

v0.215.0

0.215.0 (2025-01-01)

Features

v0.214.0

0.214.0 (2024-12-19)

Features

v0.213.0

0.213.0 (2024-12-17)

Features

v0.212.0

0.212.0 (2024-12-16)

Features

v0.211.0

0.211.0 (2024-12-10)

Features

0.215.0 (2025-01-01)

Features

0.214.0 (2024-12-19)

Features

0.213.0 (2024-12-17)

Features

0.212.0 (2024-12-16)

Features

0.211.0 (2024-12-10)

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Jan 7, 2025 •

edited

Loading