v11.3.0

Compare Source

Changelog

New Features

• 59284e4: feat: implement interface { Unwrap() []error } for AggregateError to be compatibility with std errors.Join go1.20 without any breaking change (#​336) (@​itsabgr-raika)
• 17fdb91: feat: set custom tag name for envDefault (#​324) (@​dnovikoff)
• 1cb1967: feat: set custom tag name for envPrefix (#​332) (@​sv-kozlov)
• 0136931: feat: support time.Location (#​326) (@​BorzdeG)
• 4ab8b37: feat: support ignored value "-" for env tag (#​338) (@​sv-kozlov)

Bug fixes

• 6f3a5c0: fix: better handle envDefault, refactor merge options (#​349) (@​astak16)
• 3afa723: fix: improve errors (#​329) (@​caarlos0)
• 0cbf40b: fix: map value with : in it (@​caarlos0)
• e55230b: fix: parsing into ptr fields with value (#​340) (@​hypnoglow)

Documentation updates

• 84c7739: docs: DefaultValueTagName example (@​caarlos0)
• 0847ba1: docs: add installation instructions to README.md (#​330) (@​eduardolat)
• 76faca5: docs: project state (@​caarlos0)

Other work

• b76caa9: ci: add EditorConfig (#​327) (@​BorzdeG)
• 1f955b7: ci: update (@​caarlos0)
• f68d1dc: refactor: enable gocritic linter and fix lint issues (#​342) (@​alexandear)
• 52e7186: refactor: modify the init logic for env tag options to make it more reasonable (#​347) (@​astak16)

Released with GoReleaser Pro!

v1.7.24: containerd 1.7.24

Compare Source

Welcome to the v1.7.24 release of containerd!

The twenty-fourth patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Update runc binary to 1.2.2 (#​11027)
• Fix "invalid metric type" error message for cgroup v1 (#​10814)

Container Runtime Interface (CRI)

• Update the container exit log to info level (#​11007)

Image Distribution

• Fix retry logic and concurrency issue with http fallback (#​11032)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Phil Estes
• Akhil Mohan
• Akihiro Suda
• Maksym Pavlenko
• Austin Vazquez
• Samuel Karp
• Benjamin Peterson
• Davanum Srinivas
• Iceber Gu
• Mike Brown
• Sebastiaan van Stijn
• Tõnis Tiigi
• ningmingxiao

Changes

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.23

v0.12.9

Compare Source

[0.12.9] - 2024-12-13

Added

• HTTP timeout is now configurable. cyberark/conjur-api-go#150

v4.0.4

Compare Source

Fixed

• Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a
  breaking change. See #​136 / #​137.

v4.0.3

Compare Source

Changed

• Allow unmarshalling JSONWebKeySets with unsupported key types (#​130)
• Document that OpaqueKeyEncrypter can't be implemented (for now) (#​129)
• Dependency updates

v4.0.2

Compare Source

Changed

• Improved documentation of Verify() to note that JSONWebKeySet is a supported
  argument type (#​104)
• Defined exported error values for missing x5c header and unsupported elliptic
  curves error cases (#​117)

v4.0.1

Compare Source

Fixed

• An attacker could send a JWE containing compressed data that used large
  amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
  Those functions now return an error if the decompressed data would exceed
  250kB or 10x the compressed size (whichever is larger). Thanks to
  Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@​zer0yu and @​chenjj)
  for reporting.

v4.0.0

Compare Source

This release makes some breaking changes in order to more thoroughly
address the vulnerabilities discussed in Three New Attacks Against JSON Web
Tokens, "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
token".

Changed

• Limit JWT encryption types (exclude password or public key types) (#​78)
• Enforce minimum length for HMAC keys (#​85)
• jwt: match any audience in a list, rather than requiring all audiences (#​81)
• jwt: accept only Compact Serialization (#​75)
• jws: Add expected algorithms for signatures (#​74)
• Require specifying expected algorithms for ParseEncrypted,
  ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
  jwt.ParseSignedAndEncrypted (#​69, #​74)
  • Usually there is a small, known set of appropriate algorithms for a program
    to use and it's a mistake to allow unexpected algorithms. For instance the
    "billion hash attack" relies in part on programs accepting the PBES2
    encryption algorithm and doing the necessary work even if they weren't
    specifically configured to allow PBES2.
• Revert "Strip padding off base64 strings" (#​82)
• The specs require base64url encoding without padding.
• Minimum supported Go version is now 1.21

Added

• ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
  • These allow parsing a specific serialization, as opposed to ParseSigned and
    ParseEncrypted, which try to automatically detect which serialization was
    provided. It's common to require a specific serialization for a specific
    protocol - for instance JWT requires Compact serialization.

v1.15.10: 1.15.10

Compare Source

What's Changed

• Replace fmt.Sprint with faster alternatives by @​alexandear in https://github.com/goccy/go-yaml/pull/555
• Fix displaying testable example on pkg.go.dev by @​alexandear in https://github.com/goccy/go-yaml/pull/587
• Fix parsing of multi line text by @​goccy in https://github.com/goccy/go-yaml/pull/590
• Fix parsing of invalid tag character by @​goccy in https://github.com/goccy/go-yaml/pull/591
• Fix parsing of tab characters by @​goccy in https://github.com/goccy/go-yaml/pull/592

New Contributors

• @​alexandear made their first contribution in https://github.com/goccy/go-yaml/pull/555

Full Changelog: goccy/go-yaml@v1.15.9...v1.15.10

v1.15.9: 1.15.9

Compare Source

What's Changed

• Fix parsing of multiline mapping key by @​goccy in https://github.com/goccy/go-yaml/pull/579
• Fix plain-url-in-flow-mapping by @​goccy in https://github.com/goccy/go-yaml/pull/580
• Fix scalar-value-with-two-anchors by @​goccy in https://github.com/goccy/go-yaml/pull/581
• Fix parsing of literal header option by @​goccy in https://github.com/goccy/go-yaml/pull/582
• Fix node-anchor-not-indented by @​goccy in https://github.com/goccy/go-yaml/pull/584
• fix typo in CharacterType by @​nekrassov01 in https://github.com/goccy/go-yaml/pull/585
• Fix quotation for timestamps by @​shuheiktgw in https://github.com/goccy/go-yaml/pull/515

New Contributors

• @​nekrassov01 made their first contribution in https://github.com/goccy/go-yaml/pull/585

Full Changelog: goccy/go-yaml@v1.15.8...v1.15.9

v1.2.3: runc v1.2.3 -- "Winter is not a season, it's a celebration."

Compare Source

This is the third patch release of the 1.2.z release branch of runc. It
primarily fixes some minor regressions introduced in 1.2.0.

• Fixed a regression in use of securejoin.MkdirAll, where multiple
  runc processes racing to create the same mountpoint in a shared rootfs
  would result in spurious EEXIST errors. In particular, this regression
  caused issues with BuildKit. (#​4543, #​4550)
• Fixed a regression in eBPF support for pre-5.6 kernels after upgrading
  Cilium's eBPF library version to 0.16 in runc. (#​3008, #​4551)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

• libseccomp

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

• Aleksa Sarai cyphar@cyphar.com
• Kir Kolyshkin kolyshkin@gmail.com
• lifubang lifubang@acmcoder.com

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v1.33.0: /v0.55.0/v0.9.0/v0.0.12

Compare Source

Overview

Added

• Add Reset method to SpanRecorder in go.opentelemetry.io/otel/sdk/trace/tracetest. (#​5994)
• Add EnabledInstrument interface in go.opentelemetry.io/otel/sdk/metric/internal/x. This is an experimental interface that is implemented by synchronous instruments provided by go.opentelemetry.io/otel/sdk/metric. Users can use it to avoid performing computationally expensive operations when recording measurements. It does not fall within the scope of the OpenTelemetry Go versioning and stability policy and it may be changed in backwards incompatible ways or removed in feature releases. (#​6016)

Changed

• The default global API now supports full auto-instrumentation from the go.opentelemetry.io/auto package. See that package for more information. (#​5920)
• Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#​5929)
• Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#​5929)
• Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#​5929)
• Performance improvements for attribute value AsStringSlice, AsFloat64Slice, AsInt64Slice, AsBoolSlice. (#​6011)
• Change EnabledParameters to have a Severity field instead of a getter and setter in go.opentelemetry.io/otel/log. (#​6009)

Fixed

• Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#​5954)
• Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#​5954)
• Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#​5954)
• Fix invalid exemplar keys in go.opentelemetry.io/otel/exporters/prometheus. (#​5995)
• Fix attribute value truncation in go.opentelemetry.io/otel/sdk/trace. (#​5997)
• Fix attribute value truncation in go.opentelemetry.io/otel/sdk/log. (#​6032)

What's Changed

• fix(deps): update module google.golang.org/grpc to v1.68.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5955
• chore(deps): update golang.org/x by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5962
• fix(deps): update golang.org/x/exp digest to 2d47ceb by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5963
• otlp: Clients to close body uniformly by @​mark-pictor-csec in https://github.com/open-telemetry/opentelemetry-go/pull/5954
• Fix lint issues for golangci-lint 1.62.0 by @​dmathieu in https://github.com/open-telemetry/opentelemetry-go/pull/5967
• fix(deps): update module github.com/golangci/golangci-lint to v1.62.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5966
• chore(deps): update googleapis to e0fbfb7 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5971
• chore(deps): update googleapis to 65e8d21 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5972
• fix(deps): update module google.golang.org/protobuf to v1.35.2 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5975
• [chore]: enable int-conversion rule of perfsprint by @​mmorel-35 in https://github.com/open-telemetry/opentelemetry-go/pull/5964
• chore(deps): update codecov/codecov-action action to v5 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5977
• [chore] Fix codecov action usage by @​pellared in https://github.com/open-telemetry/opentelemetry-go/pull/5979
• chore(deps): update codecov/codecov-action action to v5.0.2 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5981
• [chore]: enable all rules of perfsprint by @​mmorel-35 in https://github.com/open-telemetry/opentelemetry-go/pull/5978
• Add toolchain check by @​cheese-head in https://github.com/open-telemetry/opentelemetry-go/pull/5983
• [chore] Fix VERSIONING.md missing parenthesis by @​MrAlias in https://github.com/open-telemetry/opentelemetry-go/pull/5984
• chore(deps): update googleapis to e639e21 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5985
• chore(deps): update codecov/codecov-action action to v5.0.3 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5986
• fix(deps): update module github.com/masterminds/semver/v3 to v3.3.1 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5987
• Propagate non-retryable error messages to client by @​mark-pictor-csec in https://github.com/open-telemetry/opentelemetry-go/pull/5929
• chore(deps): update codecov/codecov-action action to v5.0.5 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5991
• chore(deps): update codecov/codecov-action action to v5.0.6 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5992
• chore(deps): update codecov/codecov-action action to v5.0.7 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5993
• Use auto-instrumentation SDK in global tracing by @​MrAlias in https://github.com/open-telemetry/opentelemetry-go/pull/5920
• Escape exemplar keys to fix invalid key errors by @​dashpole in https://github.com/open-telemetry/opentelemetry-go/pull/5995
• chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.24.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/5998
• fix(deps): update module github.com/stretchr/testify to v1.10.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6000
• Corrent comments for the metric data storage location by @​yumosx in https://github.com/open-telemetry/opentelemetry-go/pull/5999
• fix(deps): update module github.com/golangci/golangci-lint to v1.62.2 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6003
• [chore]: enable usestdlibvars linter by @​mmorel-35 in https://github.com/open-telemetry/opentelemetry-go/pull/6001
• feat(trace): add concurrent-safe Reset method to SpanRecorder by @​flc1125 in https://github.com/open-telemetry/opentelemetry-go/pull/5994
• Fix attribute value truncation by @​MrAlias in https://github.com/open-telemetry/opentelemetry-go/pull/5997
• fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to 8dc4a50 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6005
• Fix span option typo in SDK span End, and WithAttributes only being available on span start by @​dmathieu in https://github.com/open-telemetry/opentelemetry-go/pull/6006
• chore(deps): update github.com/golang/groupcache digest to 2c02b82 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6010
• fix(deps): update module go.opentelemetry.io/proto/otlp to v1.4.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6013
• chore(deps): update googleapis to 19429a9 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6014
• Performance improvements for attribute value AsStringSlice, AsFloat64Slice, AsInt64Slice, AsBoolSlice by @​boekkooi-impossiblecloud in https://github.com/open-telemetry/opentelemetry-go/pull/6011
• log: Change EnabledParameters to have a field instead of getter and setter by @​pellared in https://github.com/open-telemetry/opentelemetry-go/pull/6009
• chore: fix a typo in TestMeterCreatesInstruments by @​codeboten in https://github.com/open-telemetry/opentelemetry-go/pull/6015
• chore(deps): update module golang.org/x/sys to v0.28.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6019
• chore(deps): update module golang.org/x/text to v0.21.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6020
• fix(deps): update module google.golang.org/grpc to v1.68.1 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6021
• fix(deps): update golang.org/x by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6022
• fix(deps): update module github.com/prometheus/common to v0.61.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6023
• chore(deps): update codecov/codecov-action action to v5.1.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6024
• chore(deps): update module go.opentelemetry.io/auto/sdk to v1.1.0 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6025
• chore(deps): update codecov/codecov-action action to v5.1.1 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6026
• chore(deps): update google.golang.org/genproto/googleapis/rpc digest to a4fef06 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6027
• sdk/metric: Add experimental Enabled method to synchronous instruments by @​codeboten in https://github.com/open-telemetry/opentelemetry-go/pull/6016
• fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to ca80a95 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6029
• chore(deps): update googleapis to e6fa225 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6028
• fix(deps): update golang.org/x/exp digest to 1829a12 by @​renovate in https://github.com/open-telemetry/opentelemetry-go/pull/6031
• Cache successful requests in lychee by @​dmathieu in https://github.com/open-telemetry/opentelemetry-go/pull/6030
• Fix sdk/log record attr value limit by @​MrAlias in https://github.com/open-telemetry/opentelemetry-go/pull/6032
• Release v1.33.0 by @​MrAlias in https://github.com/open-telemetry/opentelemetry-go/pull/6035

New Contributors

• @​mark-pictor-csec made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/5954
• @​cheese-head made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/5983
• @​yumosx made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/5999
• @​flc1125 made their first contribution in https://github.com/open-telemetry/opentelemetry-go/pull/5994

Full Changelog: open-telemetry/opentelemetry-go@v1.32.0...v1.33.0

v1.69.0: Release 1.69.0

Compare Source

Known Issues

• The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (#​7556)

New Features

• stats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (#​7874)
• xdsclient: add support to fallback to lower priority servers when higher priority ones are down (#​7701)
• dns: Add support for link local IPv6 addresses (#​7889)
• The new experimental pickfirst LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in RFC-8305 section 4, to attempt connections to multiple backends concurrently. The experimental pickfirst policy can be enabled by setting the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to true. (#​7725, #​7742)
• balancer/pickfirst: Emit metrics from the pick_first load balancing policy (#​7839)
• grpc: export MethodHandler, which is the type of an already-exported field in MethodDesc (#​7796)
  • Special Thanks: @​mohdjishin

Bug Fixes

• credentials/google: set scope for application default credentials (#​7887)
  • Special Thanks: [@​halvards]