Skip to content

fix(deps): update all dependencies#77

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all
Open

fix(deps): update all dependencies#77
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented Jul 4, 2024

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@aptre/common ^0.31.1^0.34.0 age adoption passing confidence devDependencies minor
@aptre/protobuf-es-lite 1.1.01.1.1 age adoption passing confidence overrides patch
@aptre/protobuf-es-lite 1.1.01.1.1 age adoption passing confidence resolutions patch
@aptre/protobuf-es-lite 1.1.01.1.1 age adoption passing confidence dependencies patch
actions/cache v5v6 age adoption passing confidence action major
actions/checkout v6.0.2v7.0.0 age adoption passing confidence action major
actions/checkout v4.1.7v7.0.0 age adoption passing confidence action major
actions/dependency-review-action v4.3.3v5.0.0 age adoption passing confidence action major
actions/setup-go v6.2.0v7.0.0 age adoption passing confidence action major
github.com/aperturerobotics/common v0.30.7v0.34.2 age adoption passing confidence require minor
github.com/aperturerobotics/protobuf-go-lite v0.12.2v0.15.0 age adoption passing confidence require minor
github.com/aperturerobotics/starpc v0.47.2-0.20260228105112-f1337c4314e9v0.49.18 age adoption passing confidence require minor
github.com/sirupsen/logrus 34027eaa23d315 require digest
github/codeql-action v3.25.11v4.37.1 age adoption passing confidence action major
starpc ^0.47.1^0.49.0 age adoption passing confidence dependencies minor
typescript (source) ^5.2.2^7.0.0 age adoption passing confidence devDependencies major

Release Notes

aperturerobotics/common (@​aptre/common)

v0.34.2

Compare Source

What's Changed

Full Changelog: aperturerobotics/common@v0.34.1...v0.34.2

v0.34.1

Compare Source

Full Changelog: aperturerobotics/common@v0.34.0...v0.34.1

v0.34.0

Compare Source

Full Changelog: aperturerobotics/common@v0.33.1...v0.34.0

v0.33.1

Compare Source

Full Changelog: aperturerobotics/common@v0.33.0...v0.33.1

v0.33.0

Compare Source

Full Changelog: aperturerobotics/common@v0.32.10...v0.33.0

v0.32.10

Compare Source

What's Changed

  • fix(deps): update module github.com/aperturerobotics/starpc to v0.49.7 by @​renovate[bot] in #​47

Full Changelog: aperturerobotics/common@v0.32.9...v0.32.10

v0.32.9

Compare Source

Full Changelog: aperturerobotics/common@v0.32.8...v0.32.9

v0.32.6

Compare Source

Full Changelog: aperturerobotics/common@v0.32.5...v0.32.6

v0.32.5

Compare Source

Full Changelog: aperturerobotics/common@v0.32.4...v0.32.5

v0.32.4

Compare Source

Full Changelog: aperturerobotics/common@v0.32.3...v0.32.4

v0.32.3

Compare Source

Full Changelog: aperturerobotics/common@v0.32.2...v0.32.3

v0.32.2

Compare Source

Full Changelog: aperturerobotics/common@v0.32.1...v0.32.2

v0.32.1

Compare Source

Full Changelog: aperturerobotics/common@v0.32.0...v0.32.1

v0.32.0

Compare Source

Full Changelog: aperturerobotics/common@v0.31.1...v0.32.0

aperturerobotics/protobuf-es-lite (@​aptre/protobuf-es-lite)

v1.1.1

Compare Source

Full Changelog: aperturerobotics/protobuf-es-lite@v1.1.0...v1.1.1

actions/cache (actions/cache)

v6.1.0

Compare Source

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

Compare Source

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v6

Compare Source

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

v6.0.3

Compare Source

actions/dependency-review-action (actions/dependency-review-action)

v5.0.0: 5.0.0

Compare Source

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Compare Source

Minor fixes:

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

  • Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
  • License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

  • Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
  • Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

  • Include all added dependencies in scorecard entries by @​elireisman in #​783
  • Update SPDX Expression Parsing by @​febuiles in #​719
    • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

actions/setup-go (actions/setup-go)

v7.0.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/setup-go@v6...v7.0.0

v7

Compare Source

v6.5.0

Compare Source

v6.4.0

Compare Source

What's Changed
Enhancement
  • Add go-download-base-url input for custom Go distributions by @​gdams in #​721
Dependency update
Documentation update
New Contributors

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

Compare Source

What's Changed

Full Changelog: actions/setup-go@v6...v6.3.0

aperturerobotics/protobuf-go-lite (github.com/aperturerobotics/protobuf-go-lite)

v0.15.0

Compare Source

v0.14.0

Compare Source

v0.13.0

Compare Source

aperturerobotics/starpc (github.com/aperturerobotics/starpc)

v0.49.18

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.17...v0.49.18

v0.49.17

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.16...v0.49.17

v0.49.16

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.15...v0.49.16

v0.49.15

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.14...v0.49.15

v0.49.14

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.13...v0.49.14

v0.49.13

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.12...v0.49.13

v0.49.12

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.11...v0.49.12

v0.49.11

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.10...v0.49.11

v0.49.10

Compare Source

What's Changed

Full Changelog: aperturerobotics/starpc@v0.49.9...v0.49.10

v0.49.9

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.8...v0.49.9

v0.49.8

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.7...v0.49.8

v0.49.7

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.6...v0.49.7

v0.49.6

Compare Source

What's Changed
  • fix(deps): update module github.com/aperturerobotics/util to v1.34.3 by @​renovate[bot] in #​205

Full Changelog: aperturerobotics/starpc@v0.49.5...v0.49.6

v0.49.5

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.4...v0.49.5

v0.49.4

Compare Source

What's Changed
  • chore(deps): update dependency esbuild to ^0.28.0 by @​renovate[bot] in #​203
  • fix(deps): update module github.com/aperturerobotics/util to v1.33.1 by @​renovate[bot] in #​204

Full Changelog: aperturerobotics/starpc@v0.49.3...v0.49.4

v0.49.3

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.2...v0.49.3

v0.49.2

Compare Source

Full Changelog: aperturerobotics/starpc@v0.49.1...v0.49.2

v0.49.1

Compare Source

Released rust crate: at crates.io

Full Changelog: aperturerobotics/starpc@v0.49.0...v0.49.1

v0.49.0

Compare Source

Full Changelog: aperturerobotics/starpc@v0.48.0...v0.49.0

github/codeql-action (github/codeql-action)

v4.37.1

Compare Source

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #​3956
  • Update default CodeQL bundle version to

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot force-pushed the renovate/all branch 8 times, most recently from 66e408e to 9641ec2 Compare July 11, 2024 01:37
@renovate
renovate Bot force-pushed the renovate/all branch 7 times, most recently from 10acd47 to 5306151 Compare July 16, 2024 08:18
@renovate
renovate Bot force-pushed the renovate/all branch 9 times, most recently from cd427d5 to 3cb31cd Compare July 26, 2024 17:02
@renovate
renovate Bot force-pushed the renovate/all branch 4 times, most recently from 7f59f3f to aa36101 Compare August 5, 2024 13:21
@renovate
renovate Bot force-pushed the renovate/all branch 2 times, most recently from 4d598be to 7c01319 Compare August 6, 2024 20:23
@renovate
renovate Bot force-pushed the renovate/all branch 2 times, most recently from e11d54c to d24a01c Compare September 13, 2024 16:15
@renovate

renovate Bot commented Sep 13, 2024

Copy link
Copy Markdown
Contributor Author

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 13 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.22 -> 1.25
github.com/aperturerobotics/util v1.23.7 -> v1.31.4
github.com/aperturerobotics/json-iterator-lite v1.0.0 -> v1.0.1-0.20240713111131-be6bf89c3008
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 -> v4.4.0
github.com/ipfs/go-cid v0.4.1 -> v0.5.0
github.com/klauspost/cpuid/v2 v2.2.7 -> v2.2.10
github.com/libp2p/go-libp2p v0.35.1 -> v0.45.0
github.com/multiformats/go-multiaddr v0.12.4 -> v0.16.0
github.com/multiformats/go-multicodec v0.9.0 -> v0.9.1
github.com/multiformats/go-multistream v0.5.0 -> v0.6.1
golang.org/x/crypto v0.23.0 -> v0.41.0
golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 -> v0.0.0-20250606033433-dcc06ee1d476
golang.org/x/sys v0.20.0 -> v0.35.0
lukechampine.com/blake3 v1.2.1 -> v1.4.1

@renovate
renovate Bot force-pushed the renovate/all branch 3 times, most recently from 287ffe9 to e345bf1 Compare September 19, 2024 15:06
@renovate
renovate Bot force-pushed the renovate/all branch 3 times, most recently from c726851 to e686b6f Compare September 30, 2024 15:27
@renovate
renovate Bot force-pushed the renovate/all branch 8 times, most recently from a6040cc to 55d06a5 Compare October 9, 2024 06:05
@renovate
renovate Bot force-pushed the renovate/all branch 4 times, most recently from 4757115 to 100c277 Compare October 15, 2024 07:56
@renovate
renovate Bot force-pushed the renovate/all branch 5 times, most recently from e9a4b9a to 31a64ba Compare October 28, 2024 19:46
@socket-security

socket-security Bot commented Dec 17, 2025

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: golang github.com/tetratelabs/wazero is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/github.com/aperturerobotics/common@v0.34.2golang/github.com/tetratelabs/wazero@v1.12.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/tetratelabs/wazero@v1.12.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/tetratelabs/wazero is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/github.com/aperturerobotics/common@v0.34.2golang/github.com/tetratelabs/wazero@v1.12.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/tetratelabs/wazero@v1.12.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate

renovate Bot commented Feb 23, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 8 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.25 -> 1.25.0
github.com/aperturerobotics/util v1.32.4 -> v1.34.5
github.com/aperturerobotics/go-protoc-gen-prost v0.0.0-20260204215916-dc1f0fed8cfc -> v0.0.0-20260329113538-218ccd8f20e0
github.com/aperturerobotics/go-protoc-wasi v0.0.0-20260131050911-b5f94b044584 -> v0.0.0-20260329113540-600516012db3
github.com/aperturerobotics/go-websocket v1.8.15-0.20260228104546-35e37959349c -> v1.8.15-0.20260329113544-74dbfb8f11c6
github.com/aperturerobotics/json-iterator-lite v1.0.1-0.20251104042408-0c9eb8a3f726 -> v1.1.0
github.com/tetratelabs/wazero v1.11.0 -> v1.12.0
golang.org/x/mod v0.33.0 -> v0.37.0
golang.org/x/sys v0.40.0 -> v0.44.0

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

0 participants