Skip to content

fix(deps): update security updates#78

Closed
NumaryBot wants to merge 1 commit intomainfrom
renovate/security
Closed

fix(deps): update security updates#78
NumaryBot wants to merge 1 commit intomainfrom
renovate/security

Conversation

@NumaryBot
Copy link
Contributor

@NumaryBot NumaryBot commented Sep 9, 2025

This PR contains the following updates:

Package Type Update Change
github.com/formancehq/go-libs/v3 require minor v3.0.1 -> v3.2.1
github.com/onsi/ginkgo/v2 require minor v2.23.4 -> v2.25.3
github.com/onsi/gomega require minor v1.36.3 -> v1.38.2
github.com/spf13/cobra require minor v1.9.1 -> v1.10.1
github.com/stretchr/testify require minor v1.10.0 -> v1.11.1
go (source) toolchain minor 1.23.7 -> 1.25.1
golang.org/x/oauth2 require minor v0.30.0 -> v0.31.0

Release Notes

formancehq/go-libs (github.com/formancehq/go-libs/v3)

v3.2.1

Compare Source

v3.2.0

Compare Source

v3.1.0

Compare Source

onsi/ginkgo (github.com/onsi/ginkgo/v2)

v2.25.3

Compare Source

2.25.3

Fixes
  • emit --github-output group only for progress report itself [f01aed1]

v2.25.2

Compare Source

2.25.2

Fixes

Add github output group for progress report content

Maintenance

Bump Gomega

v2.25.1

Compare Source

2.25.1

Fixes
  • fix(types): ignore nameless nodes on FullText() [10866d3]
  • chore: fix some CodeQL warnings [2e42cff]

v2.25.0

Compare Source

2.25.0

AroundNode

This release introduces a new decorator to support more complex spec setup usecases.

AroundNode registers a function that runs before each individual node. This is considered a more advanced decorator.

Please read the docs for more information and some examples.

Allowed signatures:

  • AroundNode(func()) - func will be called before the node is run.
  • AroundNode(func(ctx context.Context) context.Context) - func can wrap the passed in context and return a new one which will be passed on to the node.
  • AroundNode(func(ctx context.Context, body func(ctx context.Context))) - ctx is the context for the node and body is a function that must be called to run the node. This gives you complete control over what runs before and after the node.

Multiple AroundNode decorators can be applied to a single node and they will run in the order they are applied.

Unlike setup nodes like BeforeEach and DeferCleanup, AroundNode is guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can call runtime.LockOSThread() in the AroundNode to ensure that the node runs on a single thread).

Since AroundNode allows you to modify the context you can also use AroundNode to implement shared setup that attaches values to the context.

If applied to a container, AroundNode will run before every node in the container. Including setup nodes like BeforeEach and DeferCleanup.

AroundNode can also be applied to RunSpecs to run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.

v2.24.0

Compare Source

2.24.0

Features

Specs can now be decorated with (e.g.) SemVerConstraint("2.1.0") and ginkgo --sem-ver-filter="2.1.1" will only run constrained specs that match the requested version. Learn more in the docs here! Thanks to @​Icarus9913 for the PR.

Fixes
Maintenance

Numerous dependency bumps and documentation fixes

onsi/gomega (github.com/onsi/gomega)

v1.38.2

Compare Source

1.38.2

v1.38.1

Compare Source

1.38.1

Fixes

Numerous minor fixes and dependency bumps

v1.38.0

Compare Source

1.38.0

Features
  • gstruct handles extra unexported fields [4ee7ed0]
Fixes
  • support [] in IgnoringTopFunction function signatures (#​851) [36bbf72]
Maintenance

v1.37.0

Compare Source

1.37.0

Features
  • add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]
spf13/cobra (github.com/spf13/cobra)

v1.10.1

Compare Source

🐛 Fix

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

Compare Source

What's Changed

🚨 Attention!

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

  • If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
  • or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: https://github.com/spf13/cobra/pull/2303#issuecomment-3242333515

✨ Features
🐛 Fix
🪠 Testing
📝 Docs

New Contributors

Full Changelog: spf13/cobra@v1.9.1...v1.9.2

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Fixes
Documentation, Build & CI

New Contributors

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@NumaryBot NumaryBot requested a review from a team as a code owner September 9, 2025 10:51
@NumaryBot NumaryBot enabled auto-merge (squash) September 9, 2025 10:51
@NumaryBot
Copy link
Contributor Author

NumaryBot commented Sep 9, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 31 additional dependencies were updated

Details:

Package Change
github.com/ThreeDotsLabs/watermill v1.4.7 -> v1.5.1
github.com/ThreeDotsLabs/watermill-aws v1.0.0 -> v1.0.1
github.com/aws/aws-sdk-go-v2 v1.36.6 -> v1.38.3
github.com/aws/aws-sdk-go-v2/config v1.29.18 -> v1.31.6
github.com/aws/aws-sdk-go-v2/credentials v1.17.71 -> v1.18.10
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33 -> v1.18.6
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37 -> v1.4.6
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37 -> v2.7.6
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 -> v1.13.1
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18 -> v1.13.6
github.com/aws/aws-sdk-go-v2/service/sns v1.34.8 -> v1.37.2
github.com/aws/aws-sdk-go-v2/service/sqs v1.38.10 -> v1.42.3
github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 -> v1.29.1
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 -> v1.34.2
github.com/aws/aws-sdk-go-v2/service/sts v1.34.1 -> v1.38.2
github.com/aws/smithy-go v1.22.5 -> v1.23.0
github.com/cenkalti/backoff/v5 v5.0.2 -> v5.0.3
github.com/docker/docker v28.2.2+incompatible -> v28.3.3+incompatible
github.com/docker/go-connections v0.5.0 -> v0.6.0
github.com/go-viper/mapstructure/v2 v2.3.0 -> v2.4.0
github.com/jackc/pgxlisten v0.0.0-20241106001234-1d6f6656415c -> v0.0.0-20250802141604-12b92425684c
github.com/nats-io/nats.go v1.43.0 -> v1.44.0
github.com/riandyrn/otelchi v0.12.1 -> v0.12.2
github.com/spf13/pflag v1.0.7 -> v1.0.10
golang.org/x/crypto v0.39.0 -> v0.41.0
golang.org/x/net v0.41.0 -> v0.43.0
golang.org/x/sync v0.15.0 -> v0.16.0
golang.org/x/sys v0.34.0 -> v0.35.0
golang.org/x/text v0.26.0 -> v0.28.0
golang.org/x/tools v0.33.0 -> v0.36.0
google.golang.org/protobuf v1.36.6 -> v1.36.8

@coderabbitai
Copy link

coderabbitai bot commented Sep 9, 2025

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)
  • go.mod is excluded by !**/*.mod
  • go.sum is excluded by !**/*.sum, !**/*.sum

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch renovate/security

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@flemzord flemzord closed this Sep 9, 2025
auto-merge was automatically disabled September 9, 2025 12:22

Pull request was closed

@NumaryBot NumaryBot deleted the renovate/security branch September 9, 2025 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NumaryBot @flemzord