fix(deps): update all (major) #149

renovate · 2022-02-24T19:31:37Z

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	major	`v2.1.7` -> `v5.0.1`
actions/checkout	action	major	`v3` -> `v6`
actions/setup-go	action	major	`v2` -> `v6`
codecov/codecov-action	action	major	`v2.1.0` -> `v5.5.2`
ghcr.io/codfish/semantic-release-action	docker	major	`v1` -> `v4`
github.com/grpc-ecosystem/grpc-gateway	require	major	`v1.16.0` -> `v2.27.3`
golangci/golangci-lint-action	action	major	`v3.1.0` -> `v9.2.0`
goreleaser/goreleaser-action	action	major	`v2.9.1` -> `v6.4.0`
ubuntu	github-runner	major	`20.04` -> `24.04`

Release Notes

actions/cache (actions/cache)

What's Changed

Add note on runner versions by @GhadimiR in #1642
Prepare v4.3.0 release by @Link- in #1655

New Contributors

@GhadimiR made their first contribution in #1642

Full Changelog: actions/cache@v4...v4.3.0

`v4.2.4`

Compare Source

What's Changed

Update README.md by @nebuk89 in #1620
Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @Link- in #1634
Prepare release 4.2.4 by @Link- in #1636

New Contributors

@nebuk89 made their first contribution in #1620

Full Changelog: actions/cache@v4...v4.2.4

`v4.2.3`

Compare Source

What's Changed

Update to use @actions/cache 4.0.3 package & prepare for new release by @salmanmkc in #1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

@salmanmkc made their first contribution in #1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

`v4.2.2`

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

Bump @actions/cache to v4.0.2 by @robherley in #1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

`v4.2.1`

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

docs: GitHub is spelled incorrectly in caching-strategies.md by @janco-absa in #1526
docs: Make the "always save prime numbers" example more clear by @Tobbe in #1525
Update force deletion docs due a recent deprecation by @sebbalex in #1500
Bump @actions/cache to v4.0.1 by @robherley in #1554

New Contributors

@janco-absa made their first contribution in #1526
@Tobbe made their first contribution in #1525
@sebbalex made their first contribution in #1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

`v4.2.0`

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

@actions/core: 1.11.1
@actions/io: 1.1.3
@vercel/ncc: 0.38.3

Full Changelog: actions/cache@v4.1.2...v4.2.0

`v4.1.2`

Compare Source

What's Changed

Add Bun example by @idleberg in #1456
Revise isGhes logic by @jww3 in #1474
Bump braces from 3.0.2 to 3.0.3 by @dependabot in #1475
Add dependabot.yml to enable automatic dependency upgrades by @Link- in #1476
Bump actions/checkout from 3 to 4 by @dependabot in #1478
Bump actions/stale from 3 to 9 by @dependabot in #1479
Bump github/codeql-action from 2 to 3 by @dependabot in #1483
Bump actions/setup-node from 3 to 4 by @dependabot in #1481
Prepare 4.1.2 release by @Link- in #1477

New Contributors

@idleberg made their first contribution in #1456
@jww3 made their first contribution in #1474
@Link- made their first contribution in #1476

Full Changelog: actions/cache@v4.1.1...v4.1.2

`v4.1.1`

Compare Source

What's Changed

Restore original behavior of cache-hit output by @joshmgross in #1467

Full Changelog: actions/cache@v4.1.0...v4.1.1

`v4.1.0`

Compare Source

What's Changed

Fix cache-hit output when cache missed by @fchimpan in #1404
Deprecate save-always input by @joshmgross in #1452

New Contributors

@ottlinger made their first contribution in #1437
@Olegt0rr made their first contribution in #1377
@fchimpan made their first contribution in #1404
@x612skm made their first contribution in #1434
@todgru made their first contribution in #1311
@Jcambass made their first contribution in #1463
@mackey0225 made their first contribution in #1462
@quatquatt made their first contribution in #1445

Full Changelog: actions/cache@v4.0.2...v4.1.0

`v4.0.2`

Compare Source

What's Changed

Fix fail-on-cache-miss not working by @cdce8p in #1327

Full Changelog: actions/cache@v4.0.1...v4.0.2

`v4.0.1`

Compare Source

What's Changed

Update README.md by @yacaovsnc in #1304
Update examples by @yacaovsnc in #1305
Update actions/cache publish flow by @bethanyj28 in #1340
Update @actions/cache by @bethanyj28 in #1341

New Contributors

@yacaovsnc made their first contribution in #1304

Full Changelog: actions/cache@v4...v4.0.1

`v4.0.0`

Compare Source

What's Changed

Update action to node20 by @takost in #1284
feat: save-always flag by @to-s in #1242

New Contributors

@takost made their first contribution in #1284
@to-s made their first contribution in #1242

Full Changelog: actions/cache@v3...v4.0.0

`v3.5.0`

Compare Source

Bump actions/cache to v4.1.0

Full Changelog: actions/cache@v3...v3.5.0

`v3.4.3`

Compare Source

What's Changed

Bump @actions/cache to v4.0.2 by @robherley

Full Changelog: actions/cache@v3.4.2...v3.4.3

`v3.4.2`

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v3.4.0, see those release notes and the announcement for more details.

Bump @actions/cache to v4.0.1 by @robherley in #1554

Full Changelog: actions/cache@v3.4.0...v3.4.2

`v3.4.1`

Compare Source

[!WARNING]
This version was incorrectly released using a SHA pointing to a newer version for immutable actions only. Please use v3.4.2 (or v3) instead.

`v3.4.0`

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

@actions/core: 1.11.1
@actions/io: 1.1.3
@vercel/ncc: 0.38.3

Full Changelog: actions/cache@v3.3.3...v3.4.0

`v3.3.3`

Compare Source

What's Changed

Cache v3.3.3 by @robherley in #1302

New Contributors

@robherley made their first contribution in #1302

Full Changelog: actions/cache@v3...v3.3.3

`v3.3.2`

Compare Source

What's Changed

Fixed readme with new segment timeout values by @kotewar in #1133
Readme fixes by @kotewar in #1134
Updated description of the lookup-only input for main action by @kotewar in #1130
Change two new actions mention as quoted text by @bishal-pdMSFT in #1131
Update Cross-OS Caching tips by @pdotl in #1122
Bazel example (Take #2️⃣) by @vorburger in #1132
Remove actions to add new PRs and issues to a project board by @jorendorff in #1187
Consume latest toolkit and fix dangling promise bug by @chkimes in #1217
Bump action version to 3.3.2 by @bethanyj28 in #1236

New Contributors

@vorburger made their first contribution in #1132
@jorendorff made their first contribution in #1187
@chkimes made their first contribution in #1217
@bethanyj28 made their first contribution in #1236

Full Changelog: actions/cache@v3...v3.3.2

`v3.3.1`

Compare Source

What's Changed

Reduced download segment size to 128 MB and timeout to 10 minutes by @kotewar in #1129

Full Changelog: actions/cache@v3...v3.3.1

`v3.3.0`

Compare Source

What's Changed

Bug: Permission is missing in cache delete example by @kotokaze in #1123
Add lookup-only option by @cdce8p in #1041

New Contributors

@kotokaze made their first contribution in #1123

Full Changelog: actions/cache@v3...v3.3.0

`v3.2.6`

Compare Source

What's Changed

Updated branch in Force deletion of caches by @t-dedah in #1108
Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners by @pdotl in #1118

Full Changelog: actions/cache@v3...v3.2.6

`v3.2.5`

Compare Source

What's Changed

Rewrite readmes by @jsoref in #1085
Fixed typos and formatting in docs by @kotewar in #1076
Fixing paths for OSes by @kotewar in #1101
Release patch version update by @Phantsure in #1105

New Contributors

@jsoref made their first contribution in #1085

Full Changelog: actions/cache@v3...v3.2.5

`v3.2.4`

Compare Source

What's Changed

Update json5 package version by @vsvipul in #1065
Cache recipes for cache, restore and save actions by @kotewar in #1055
Add gnu tar and zstd as pre-requisites for windows self-hosted runners by @pdotl in #1068
Fix a whitespace typo by @kurtmckee in #1074
📝 #1045 update using the set-output command is deprecated by @siguikesse in #1046
Fix referenced output key in save action readme by @ruudk in #1061
Update workflows to use reusable-workflows by @jongwooo in #1066
Introduce add-to-project step & rename workflow files by @pallavx in #1077
chore: Fix syntax error typo by @vHeemstra in #1081
Update caching-strategies.md by @kpfleming in #1084
Added another usage hint to foresee #1072 by @maybeec in #1089
Add fail-on-cache-miss option by @cdce8p in #1036

New Contributors

@kurtmckee made their first contribution in #1074
@siguikesse made their first contribution in #1046
@ruudk made their first contribution in #1061
@pallavx made their first contribution in #1077
@vHeemstra made their first contribution in #1081
@kpfleming made their first contribution in #1084
@maybeec made their first contribution in #1089
@cdce8p made their first contribution in #1036

Full Changelog: actions/cache@v3...v3.2.4

`v3.2.3`

Compare Source

What's Changed

Add Mint example by @uhooi in #1051
Fixed broken link by @kotewar in #1057
Add support to opt-in enable cross-os caching on windows by @Phantsure in #1056
Release support for cross-os caching as opt-in feature by @Phantsure in #1060

New Contributors

@uhooi made their first contribution in #1051

Full Changelog: actions/cache@v3...v3.2.3

`v3.2.2`

Compare Source

What's Changed

Fix formatting error in restore/README.md by @me-and in #1044
save/README.md: Fix typo in example by @mmuetzel in #1040
README.md: remove outdated Windows cache tip link by @me-and in #1042
Revert compression changes related to windows but keep version logging by @Phantsure in #1049

New Contributors

@me-and made their first contribution in #1044
@mmuetzel made their first contribution in #1040

Full Changelog: actions/cache@v3.2.1...v3.2.2

`v3.2.1`

Compare Source

What's Changed

Release compression related changes for windows by @Phantsure in #1039
Upgrade codeql to v2 by @Phantsure in #1023

Full Changelog: actions/cache@v3.2.0...v3.2.1

`v3.2.0`

Compare Source

What's Changed

fix wrong timeout env var key in README.md by @walterddr in #959
Updated release doc with correct env variable by @kotewar in #960
Create pull_request_template.md by @pdotl in #963
Update README with clearer info about cache-hit and its value by @kotewar in #961
Change datadog/squid to Ubuntu/squid in CI check by @bishal-pdMSFT in #976
Add more details to version section in readme by @bishal-pdMSFT in #971
Update hashFiles documentation reference by @asaf400 in #979
Updated link for cache segment download info by @kotewar in #986
Readme update for deleting caches by @t-dedah in #981
Add oncall logic to assign issues and PRs by @vsvipul in #997
Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in #998
Revert "Bump minimatch from 3.0.4 to 3.1.2" by @vsvipul in #1005
Fix npm vulnerability by @Phantsure in #1007
refactor: Use early return pattern to avoid nested conditions by @jongwooo in #1013
Use cache in check-dist.yml by @jongwooo in #1004
chore: Use built-in cache action to cache dependencies by @jongwooo in #1014
Updated node example by @t-dedah in #1008
Fix: Node npm doc example by @apascualm in #1026
docs: fix an invalid link in workarounds.md by @teatimeguest in #929
General Availability release for granular cache by @kotewar in #1035 More details here on beta release.

New Contributors

@walterddr made their first contribution in #959
@asaf400 made their first contribution in #979
@jongwooo made their first contribution in #1013
@apascualm made their first contribution in #1026
@teatimeguest made their first contribution in #929

Full Changelog: actions/cache@v3...v3.2.0

`v3.0.11`

Compare Source

What's Changed

Call out cache not saved on hit by @Phantsure in #946
Update @actions/core to 1.10.0 by @rentziass in #950
Update cache to use @actions/core@^1.10.0 by @pdotl in #956

New Contributors

@rentziass made their first contribution in #950

Full Changelog: actions/cache@v3...v3.0.11

`v3.0.10`

Compare Source

Fix a bug with sorting inputs.
Update definition for restore-keys in README.md

`v3.0.9`

Compare Source

Enhanced the warning message for cache unavailability in case of GHES.

`v3.0.8`

Compare Source

What's Changed

Fix zstd not working for windows on gnu tar in issues.
Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.

`v3.0.7`

Compare Source

What's Changed

Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out.

`v3.0.6`

Compare Source

What's Changed

Add example for clojure lein project dependencies by @shivamarora1 in PR #835
Update toolkit's cache npm module to latest. Bump cache version to v3.0.6 by @pdotl in PR #887
Fix issue #809 where cache save/restore was failing for Amazon Linux 2 runners due to older tar version
Fix issue #833 where cache save was not working for caching github workspace directory

New Contributors

@shivamarora1 made their first contribution in #835
@pdotl made their first contribution in #887

Full Changelog: actions/cache@v3...v3.0.6

`v3.0.5`

Compare Source

Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit.

`v3.0.4`

Compare Source

In this release, we have fixed the tar creation error while trying to create it with path as ~/ home folder on ubuntu-latest.

`v3.0.3`

Compare Source

Fixed avoiding empty cache save when no files are available for caching. (#624)

`v3.0.2`

Compare Source

This release adds the support for dynamic cache size cap on GHES.

`v3.0.1`

Compare Source

Added support for caching from GHES 3.5.
Fixed download issue for files > 2GB during restore.

`v3.0.0`

Compare Source

This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.
Few dependencies and cache action usage examples have also been updated.

`v2.1.8`: Updating actions/core to version 1.10.0

Compare Source

The ::save-state and ::set-output are deprecated. The newer version of actions/core >1.10.0 uses the new syntax for save and set output. After this change, customers using actions/cache@v2 won't see deprecation warning message.

actions/checkout (actions/checkout)

`v6`

Compare Source

`v5`

Compare Source

`v4`

Compare Source

url-helper.ts now leverages well-known environment variables by @jww3 in #1941
Expand unit test coverage for isGhes by @jww3 in #1946

actions/setup-go (actions/setup-go)

`v6`

Compare Source

`v5`

Compare Source

`v4`

Compare Source

`v3`

Compare Source

codecov/codecov-action (codecov/codecov-action)

`v5.5.2`

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

`v5.5.1`

Compare Source

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in #1871
build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in #1868
build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in #1867
fix: update to use local app/ dir by @thomasrockhu-codecov in #1872
docs: fix typo in README by @datalater in #1866
Document a codecov-cli version reference example by @webknjaz in #1774
build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in #1861
build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in #1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

`v5.5.0`

Compare Source

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in #1864
Pin actions/github-script by Git SHA by @martincostello in #1859
fix: check reqs exist by @joseph-sentry in #1835
fix: Typo in README by @spalmurray in #1838
docs: Refine OIDC docs by @spalmurray in #1837
build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in #1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

`v5.4.3`

Compare Source

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in #1822
fix: OIDC on forks by @joseph-sentry in #1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

`v5.4.2`

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

`v5.4.1`

Compare Source

What's Changed

fix: use the github core methods by @thomasrockhu-codecov in #1807
build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @app/dependabot in #1803
build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @app/dependabot in #1797
build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @app/dependabot in #1798
chore(release): wrapper -0.2.1 by @app/codecov-releaser-app in #1788
build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @app/dependabot in #1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

`v5.4.0`

Compare Source

What's Changed

update wrapper submodule to 0.2.0, add recurse_submodules arg by @matt-codecov in #1780
build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @app/dependabot in #1775
build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @app/dependabot in #1776
build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @app/dependabot in #1777
Clarify in README that use_pypi bypasses integrity checks too by @webknjaz in #1773
Fix use of safe.directory inside containers by @Flamefire in #1768
Fix description for report_type input by @craigscott-crascit in #1770
build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @app/dependabot in #1765
Fix a typo in the example by @miranska in #1758
build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @app/dependabot in #1757
build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @app/dependabot in #1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

`v5.3.1`

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

`v5.3.0`

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0

`v5.2.0`

Compare Source

What's Changed

Fix typo in README by @tserg in #1747
Th/add commands by @thomasrockhu-codecov in #1745
use correct audience when requesting oidc token by @juho9000 in #1744
build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @app/dependabot in #1742
build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by [@app/dependabot](https://redirect.github.com/app

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

codecov · 2022-02-24T19:34:22Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 37.14%. Comparing base (90bb2f8) to head (9f184d8).
Report is 3 commits behind head on master.

❗ Current head 9f184d8 differs from pull request most recent head 7e7294b

Please upload reports for the commit 7e7294b to get more accurate results.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #149   +/-   ##
=======================================
  Coverage   37.14%   37.14%           
=======================================
  Files           1        1           
  Lines          70       70           
=======================================
  Hits           26       26           
  Misses         44       44

Flag	Coverage Δ
unittests	`37.14% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

socket-security · 2025-08-20T17:01:29Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: Incorrect handling of credential expiry by /nats-io/nats-server in golang `github.com/nats-io/jwt` CVE: GHSA-4w5x-x539-ppf5 Incorrect handling of credential expiry by /nats-io/nats-server (CRITICAL) Affected versions: < 1.1.0 Patched version: 1.1.0 From: `?` → `golang/github.com/nats-io/[email protected]` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/nats-io/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: nats-io/jwt not enforcing checking of Import token permissions in golang `github.com/nats-io/jwt` CVE: GHSA-62mh-w5cv-p88c nats-io/jwt not enforcing checking of Import token permissions (CRITICAL) Affected versions: <= 1.2.2 Patched version: No patched versions From: `?` → `golang/github.com/nats-io/[email protected]` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/nats-io/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

socket-security · 2025-11-07T23:54:05Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability
golang.org/x/crypto@v0.0.0-20210513164829-c07d793c2f9a ⏵ v0.41.0	⁺¹	⁺⁷³
github.com/grpc-ecosystem/grpc-gateway/v2@v2.27.3
golang.org/x/net@v0.0.0-20210610132358-84b48f89b13b ⏵ v0.43.0	⁺¹	⁺³¹
google.golang.org/grpc@v1.45.0 ⏵ v1.75.1	⁺¹	⁺¹⁶

View full report

renovate · 2025-12-12T02:47:49Z

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

3 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.14` -> `1.24.0`
`golang.org/x/crypto`	`v0.0.0-20210513164829-c07d793c2f9a` -> `v0.41.0`
`golang.org/x/net`	`v0.0.0-20210610132358-84b48f89b13b` -> `v0.43.0`
`google.golang.org/grpc`	`v1.45.0` -> `v1.75.1`

renovate bot requested a review from moul as a code owner February 24, 2022 19:31

auto-add-label bot added the dependencies label Feb 24, 2022

trafico-bot bot added the 🔍 Ready for Review Pull Request is not reviewed yet label Feb 24, 2022

renovate bot force-pushed the renovate/major-all branch from 3bd3103 to 1f2d67f Compare February 26, 2022 17:38

renovate bot changed the title ~~chore(deps): update golangci/golangci-lint-action action to v3~~ chore(deps): update all (major) Feb 28, 2022

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 2801e89 to 1826cd9 Compare March 1, 2022 18:36

renovate bot force-pushed the renovate/major-all branch from 1826cd9 to 903af66 Compare March 20, 2022 23:16

renovate bot changed the title ~~chore(deps): update all (major)~~ chore(deps): update actions/setup-go action to v3 Mar 20, 2022

renovate bot changed the title ~~chore(deps): update actions/setup-go action to v3~~ chore(deps): update all (major) Mar 21, 2022

renovate bot force-pushed the renovate/major-all branch from 903af66 to 8136c5b Compare March 21, 2022 11:13

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 378de0e to 1f9fc32 Compare April 5, 2022 17:09

renovate bot force-pushed the renovate/major-all branch from 1f9fc32 to c68b53e Compare April 11, 2022 12:57

renovate bot force-pushed the renovate/major-all branch from c68b53e to 39d2a74 Compare April 21, 2022 16:08

renovate bot force-pushed the renovate/major-all branch from 39d2a74 to 3cb5f96 Compare May 22, 2022 01:43

renovate bot changed the title ~~chore(deps): update all (major)~~ chore(deps): update all to v3 (major) May 23, 2022

renovate bot force-pushed the renovate/major-all branch from 3cb5f96 to 2010ae2 Compare May 31, 2022 11:26

renovate bot force-pushed the renovate/major-all branch from 2010ae2 to d64b61b Compare June 7, 2022 13:55

renovate bot force-pushed the renovate/major-all branch from d64b61b to 162991f Compare July 13, 2022 10:49

renovate bot force-pushed the renovate/major-all branch from 162991f to 7f2d018 Compare September 25, 2022 16:17

renovate bot changed the title ~~chore(deps): update all to v3 (major)~~ chore(deps): update all (major) Sep 25, 2022

renovate bot force-pushed the renovate/major-all branch from 7f2d018 to 9f184d8 Compare November 20, 2022 11:28

renovate bot force-pushed the renovate/major-all branch from 9f184d8 to 0f48dda Compare March 16, 2023 15:49

renovate bot force-pushed the renovate/major-all branch from 0f48dda to 76cd06f Compare April 17, 2023 12:38

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 465532d to c2e315a Compare June 2, 2023 15:06

renovate bot force-pushed the renovate/major-all branch from c2e315a to 707e1ab Compare June 12, 2023 12:46

renovate bot force-pushed the renovate/major-all branch from 707e1ab to 785ca79 Compare July 24, 2023 21:46

renovate bot force-pushed the renovate/major-all branch 3 times, most recently from 010e0af to 450c1e0 Compare March 24, 2025 15:33

renovate bot force-pushed the renovate/major-all branch from 450c1e0 to d805fdc Compare March 30, 2025 12:43

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 98d5043 to 051961c Compare April 14, 2025 21:15

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from bbab456 to c6d36d2 Compare May 7, 2025 09:30

renovate bot force-pushed the renovate/major-all branch from c6d36d2 to 5d1e1fd Compare May 16, 2025 01:15

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 8534898 to 0c87274 Compare June 24, 2025 19:00

renovate bot force-pushed the renovate/major-all branch 3 times, most recently from 4a4349f to 28b606c Compare August 14, 2025 14:54

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 0bde9d2 to 33952c7 Compare August 20, 2025 16:57

renovate bot force-pushed the renovate/major-all branch from 33952c7 to 402bc67 Compare September 7, 2025 22:56

renovate bot force-pushed the renovate/major-all branch from 402bc67 to 83ba8f0 Compare September 24, 2025 13:51

renovate bot force-pushed the renovate/major-all branch from 83ba8f0 to bc47826 Compare October 3, 2025 01:27

renovate bot force-pushed the renovate/major-all branch from bc47826 to 9bc222f Compare November 7, 2025 23:52

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from d847fec to ca68996 Compare November 21, 2025 17:28

renovate bot force-pushed the renovate/major-all branch 2 times, most recently from 3f9465c to 55986ee Compare December 10, 2025 02:54

renovate bot force-pushed the renovate/major-all branch from 55986ee to ee17b22 Compare December 12, 2025 02:47

fix(deps): update all

0391750

renovate bot force-pushed the renovate/major-all branch from ee17b22 to 0391750 Compare December 12, 2025 20:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

fix(deps): update all (major) #149

fix(deps): update all (major) #149

Uh oh!

renovate bot commented Feb 24, 2022 •

edited

Loading

Uh oh!

codecov bot commented Feb 24, 2022 •

edited

Loading

Uh oh!

socket-security bot commented Aug 20, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Nov 7, 2025 •

edited

Loading

Uh oh!

renovate bot commented Dec 12, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

fix(deps): update all (major) #149

Are you sure you want to change the base?

fix(deps): update all (major) #149

Uh oh!

Conversation

renovate bot commented Feb 24, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

⚠️ Important Changes

Minor changes

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

⚠️ Important Changes

Minor changes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

v2.1.8: Updating actions/core to version 1.10.0

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

Configuration

Uh oh!

codecov bot commented Feb 24, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

socket-security bot commented Aug 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Nov 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

renovate bot commented Feb 24, 2022 •

edited

Loading

`v2.1.8`: Updating actions/core to version 1.10.0

codecov bot commented Feb 24, 2022 •

edited

Loading

socket-security bot commented Aug 20, 2025 •

edited

Loading

socket-security bot commented Nov 7, 2025 •

edited

Loading