chore(gnoweb): Merge master into playground2, resolve conflicts#5849
Closed
jefft0 wants to merge 48 commits into
Closed
chore(gnoweb): Merge master into playground2, resolve conflicts#5849jefft0 wants to merge 48 commits into
jefft0 wants to merge 48 commits into
Conversation
…gnolang#5781) ## Problem `ci / tm2` has failed on every `master` push since June 4 (`ecc5c9fe`, `11b05a42`, `4b3479e1`, `ba9da8eb`), always the same way: ``` --- FAIL: TestReactorDoesNotResignKnownSelfPrevote (300.04s) panic: Timed out waiting for all validators to commit a block ``` The failing commits are uncorrelated with the failure (docs-only, CI config, gnovm), and the identical tree passed `tm2` twice on the gnolang#5216 PR branch hours before failing on master — so this is a flake, not a regression. It reproduces locally at roughly 1 in 3 runs. ## Root cause In `MakeConnectedPeers` (`tm2/pkg/internal/p2p/p2p.go`), every switch dials every other switch concurrently. For each pair there's a racy interleaving: 1. A's outbound dial to B completes → A registers peer B, fires `PeerConnected`. 2. B's outbound dial to A completes → B registers peer A, fires `PeerConnected`. 3. `MakeConnectedPeers` sees both events and returns "all connected". 4. B's accept loop sees A's inbound conn → rejects it as a duplicate (`switch.go` "already connected") → closes the TCP conn backing **A's registered peer** → A removes peer B. 5. Symmetrically, A rejects B's inbound → B removes peer A. Both directions are torn down *after* setup reported success, and test peers aren't persistent, so nothing redials. Goroutine dumps from hung runs confirm it: zero gossip/MConnection routines, both switches idle in `waitForPeersToDial`. `TestReactorDoesNotResignKnownSelfPrevote` (added in gnolang#5348) is the test that pays for this because it's the only reactor test with a 2-validator net that must commit a block — losing the single link is a total partition. N=4 tests survive losing one link, which is why this raced silently before. ## Fix Dial only peers with a higher index, so each pair connects in exactly one direction and the duplicate-rejection path can never trigger. Inbound and outbound connections both fire `PeerConnected`, so each switch still observes `Count-1` events before setup returns. Also replaces the concurrent `sws = append(...)` (raced across the errgroup goroutines and made slot order nondeterministic) with an indexed write. ## Verification - Before: 2/6 local runs of `TestReactorDoesNotResignKnownSelfPrevote` hang until panic. - After: 0/20 local runs fail. - All reactor tests in `tm2/pkg/bft/consensus`, plus `tm2/pkg/bft/blockchain` and `tm2/pkg/bft/mempool` (the other `MakeConnectedPeers` users) pass. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
…ng#5751) fixes gnolang#5664 The range of the form ```go for _ = range a.e ``` Should cause an early return on (x *RangeStmt) AssertCompatible, as both values key and value of the range are discarded. The problem is when the range is on the form `for _ := range` . the key is considered blankIdentifier but the value is not present (nil). The fix is to add this case to the early return --------- Co-authored-by: ltzmaxwell <ltz.maxwell@gmail.com>
…ang#5713) ## Summary - Match Go's runtime behavior: comparing two interface values whose dynamic type is uncomparable (`map`/`slice`/`func`) panics with `comparing uncomparable type X`, even when both are nil-wrapped. - Thread a `viaInterface` flag through `isEql`, derived from the operands' static type (via `ATTR_TYPEOF_VALUE`). Propagate it into array elements and struct fields whose declared type is an interface. - Wire the same check into `doOpSwitchClauseCase` for `switch iface { case map[K]V(nil): }`. - `m == nil` direct comparisons are unaffected (preprocess already rejects two-non-nil map/slice/func compares). ## Test plan - [x] `go test ./gnovm/pkg/gnolang/ -run Files -test.short` - [x] `go test ./gno.land/pkg/sdk/vm/ -run Gas` - [x] `go test ./gno.land/pkg/integration/ -run txtar` - [x] `go test -bench BenchmarkOpEql_Int -benchtime 1x -run=^$ ./gnovm/pkg/gnolang/` - [x] New filetest `gnovm/tests/files/cmp_runtime.gno` (port of Go's `test/cmp.go`) --------- Co-authored-by: Morgan <morgan@morganbaz.com>
…dates (gnolang#5595) Bumps the npm_and_yarn group with 3 updates in the /gno.land/pkg/gnoweb/frontend directory: [postcss](https://github.com/postcss/postcss), [picomatch](https://github.com/micromatch/picomatch) and [svgo](https://github.com/svg/svgo). Updates `postcss` from 8.5.6 to 8.5.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986"><code>33b9790</code></a> Release 8.5.10 version</li> <li><a href="https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b"><code>536c79e</code></a> Escape </style> in CSS output (<a href="https://redirect.github.com/postcss/postcss/issues/2074">#2074</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4"><code>afa96b2</code></a> Update dependencies (<a href="https://redirect.github.com/postcss/postcss/issues/2073">#2073</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d"><code>effe88b</code></a> Typo (<a href="https://redirect.github.com/postcss/postcss/issues/2072">#2072</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad"><code>3ee79a2</code></a> Thread model (<a href="https://redirect.github.com/postcss/postcss/issues/2071">#2071</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01"><code>2e0683d</code></a> Create incident response docs (<a href="https://redirect.github.com/postcss/postcss/issues/2070">#2070</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9"><code>fe88ac2</code></a> Release 8.5.9 version</li> <li><a href="https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e"><code>c551632</code></a> Avoid RegExp when we can use simple JS</li> <li><a href="https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a"><code>89a6b74</code></a> Move SECURITY.txt for docs folder to keep GitHub page cleaner</li> <li><a href="https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b"><code>6ceb8a4</code></a> Create SECURITY.md</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.5.6...8.5.10">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 2.3.1 to 2.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 4.0.3 to 4.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> Updates `svgo` from 4.0.0 to 4.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/svg/svgo/releases">svgo's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h2>What's Changed</h2> <h3>Dependencies</h3> <ul> <li>Sets minimum version of <a href="https://www.npmjs.com/package/sax">sax</a> (XML parser) to v1.5.0, which improves built-in guards against entity expansion.</li> </ul> <h3>Bug Fixes</h3> <ul> <li><a href="https://svgo.dev/docs/plugins/removeEmptyContainers/">removeEmptyContainers</a>, removed leftover <code><use></code> elements referencing an empty container that were removed. By <a href="https://github.com/johnkenny54"><code>@johnkenny54</code></a> in <a href="https://redirect.github.com/svg/svgo/pull/2051">svg/svgo#2051</a></li> <li><a href="https://svgo.dev/docs/plugins/removeUnknownsAndDefaults/">removeUnknownsAndDefaults</a>, don't remove attributes if they're referenced in attribute selectors (CSS). By <a href="https://github.com/SethFalco"><code>@SethFalco</code></a> in <a href="https://redirect.github.com/svg/svgo/pull/2144">svg/svgo#2144</a></li> </ul> <h3>Performance</h3> <ul> <li><a href="https://svgo.dev/docs/plugins/convertPathData/">convertPathData</a>, refactor to reduce redundant equality checks. By <a href="https://github.com/Lorfdail"><code>@Lorfdail</code></a> in <a href="https://redirect.github.com/svg/svgo/pull/1764">svg/svgo#1764</a> and <a href="https://redirect.github.com/svg/svgo/pull/2135">svg/svgo#2135</a></li> <li><a href="https://svgo.dev/docs/plugins/removeHiddenElems/">removeHiddenElems</a>, compute styles lazily. By <a href="https://github.com/Lorfdail"><code>@Lorfdail</code></a> in <a href="https://redirect.github.com/svg/svgo/pull/1764">svg/svgo#1764</a> and <a href="https://redirect.github.com/svg/svgo/pull/2135">svg/svgo#2135</a></li> </ul> <h3>Other Changes</h3> <ul> <li>Plugins no longer include if they are enabled or disabled by default, as this was written inconsistently. The <code>--show-plugins</code> argument appends the presets a plugin is in to the end of the line. By <a href="https://github.com/viralcodex"><code>@viralcodex</code></a> in <a href="https://redirect.github.com/svg/svgo/pull/2174">svg/svgo#2174</a></li> <li>Plugin/preset types to enforce the name start with <code>preset-</code> if it is a preset (collection of plugins). By <a href="https://github.com/SethFalco"><code>@SethFalco</code></a> in <a href="https://redirect.github.com/svg/svgo/pull/2178">svg/svgo#2178</a></li> </ul> <h2>Metrics</h2> <p>Before and after of the browser bundle of each respective version:</p> <table> <thead> <tr> <th></th> <th>v4.0.0</th> <th>v4.0.1</th> <th>Delta</th> </tr> </thead> <tbody> <tr> <td>svgo.browser.js</td> <td>780.2 kB</td> <td>781.5 kB</td> <td>⬆️ 1.3 kB</td> </tr> </tbody> </table> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/svg/svgo/commit/e691f5f85d9ff6c8f3bc75dc5150181d314b7f2d"><code>e691f5f</code></a> Merge commit from fork</li> <li><a href="https://github.com/svg/svgo/commit/b1d9f1a5dd018ffcbd52b96678019ccf4312b22d"><code>b1d9f1a</code></a> chore(deps): bump actions/upload-artifact from 6 to 7 (<a href="https://redirect.github.com/svg/svgo/issues/2202">#2202</a>)</li> <li><a href="https://github.com/svg/svgo/commit/d724af1b75d9a76ffd0ff4aef95047a045deb2b6"><code>d724af1</code></a> chore(deps): bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/svg/svgo/issues/2195">#2195</a>)</li> <li><a href="https://github.com/svg/svgo/commit/4114b3236f4ee5d2e0db6506e09e2633d55bfab6"><code>4114b32</code></a> chore(deps): bump actions/upload-artifact from 4 to 6 (<a href="https://redirect.github.com/svg/svgo/issues/2196">#2196</a>)</li> <li><a href="https://github.com/svg/svgo/commit/c06d8f6899788defae9594537063c2f4307803e4"><code>c06d8f6</code></a> chore: upgrade js-yaml and glob (<a href="https://redirect.github.com/svg/svgo/issues/2191">#2191</a>)</li> <li><a href="https://github.com/svg/svgo/commit/26e86e5d722fbc1937446b23d53a1bf8e3f01e39"><code>26e86e5</code></a> fix: remove unused <use> elements when deleting empty symbols (<a href="https://redirect.github.com/svg/svgo/issues/2051">#2051</a>)</li> <li><a href="https://github.com/svg/svgo/commit/50c326bbff8eda6589f09504f87197b693ac6854"><code>50c326b</code></a> perf: optimiztions to reduce regression test runtime (<a href="https://redirect.github.com/svg/svgo/issues/2135">#2135</a>)</li> <li><a href="https://github.com/svg/svgo/commit/1f33cbe3aea1fd04d8272860d0356a5b107fd6cf"><code>1f33cbe</code></a> ci: separate regression tests and write delta report (<a href="https://redirect.github.com/svg/svgo/issues/2190">#2190</a>)</li> <li><a href="https://github.com/svg/svgo/commit/79a2167dc93aaff982686ec65846db714aae3e76"><code>79a2167</code></a> ci: save test reports to artifacts (<a href="https://redirect.github.com/svg/svgo/issues/2189">#2189</a>)</li> <li><a href="https://github.com/svg/svgo/commit/0ae52a02a5cc021e37d227a8d6ca68cf6ca28679"><code>0ae52a0</code></a> chore(deps): bump actions/setup-node from 5 to 6 (<a href="https://redirect.github.com/svg/svgo/issues/2187">#2187</a>)</li> <li>Additional commits viewable in <a href="https://github.com/svg/svgo/compare/v4.0.0...v4.0.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gnolang/gno/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com>
gnolang#5796) Bumps the actions group with 29 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.1` | `6.0.3` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8.0.0` | `9.2.1` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.1.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.5` | `47.0.6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.2.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | | [actions/github-script](https://github.com/actions/github-script) | `7.1.0` | `9.0.0` | | [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.2` | `0.5.6` | | [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.35.1` | `4.36.1` | | [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `6.0.1` | `7.1.0` | | [coursier/cache-action](https://github.com/coursier/cache-action) | `6.4.9` | `8.1.1` | | [coursier/setup-action](https://github.com/coursier/setup-action) | `1.3.9` | `3.0.0` | | [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) | `2.1.1` | `3.0.2` | | [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.1.0` | | [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.3.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.2.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.1.0` | | [docker/bake-action](https://github.com/docker/bake-action) | `6.10.0` | `7.2.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.9.2` | `4.1.2` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.5` | `0.24.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.1.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.2.2` | Updates `actions/checkout` from 5.0.1 to 6.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.3</h2> <h2>What's Changed</h2> <ul> <li>Update changelog by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>Update changelog for v6.0.3 by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yaananth"><code>@yaananth</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p> <h2>v6.0.2</h2> <h2>What's Changed</h2> <ul> <li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update all references from v5 and v4 to v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> <li>Clarify v6 README by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.3</h2> <ul> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a> Update changelog for v6.0.3 (<a href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824"><code>1cce339</code></a> Fix checkout init for SHA-256 repositories (<a href="https://redirect.github.com/actions/checkout/issues/2439">#2439</a>)</li> <li><a href="https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231"><code>900f221</code></a> fix: expand merge commit SHA regex and add SHA-256 test cases (<a href="https://redirect.github.com/actions/checkout/issues/2414">#2414</a>)</li> <li><a href="https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98"><code>0c366fd</code></a> Update changelog (<a href="https://redirect.github.com/actions/checkout/issues/2357">#2357</a>)</li> <li><a href="https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd"><code>de0fac2</code></a> Fix tag handling: preserve annotations and explicit fetch-tags (<a href="https://redirect.github.com/actions/checkout/issues/2356">#2356</a>)</li> <li><a href="https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49"><code>064fe7f</code></a> Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...</li> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...df4cb1c069e1874edd31b4311f1884172cec0e10">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-go` from 5.6.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <h3>Enhancement</h3> <ul> <li>Add go-download-base-url input for custom Go distributions by <a href="https://github.com/gdams"><code>@gdams</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li> </ul> <h3>Dependency update</h3> <ul> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/727">actions/setup-go#727</a></li> </ul> <h3>Documentation update</h3> <ul> <li>Rearrange README.md, add advanced-usage.md by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/724">actions/setup-go#724</a></li> <li>Fix Microsoft build of Go link by <a href="https://github.com/gdams"><code>@gdams</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/734">actions/setup-go#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gdams"><code>@gdams</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.4.0">https://github.com/actions/setup-go/compare/v6...v6.4.0</a></p> <h2>v6.3.0</h2> <h2>What's Changed</h2> <ul> <li>Update default Go module caching to use go.mod by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/705">actions/setup-go#705</a></li> <li>Fix golang download url to go.dev by <a href="https://github.com/178inaba"><code>@178inaba</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/469">actions/setup-go#469</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.3.0">https://github.com/actions/setup-go/compare/v6...v6.3.0</a></p> <h2>v6.2.0</h2> <h2>What's Changed</h2> <h3>Enhancements</h3> <ul> <li>Example for restore-only cache in documentation by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/696">actions/setup-go#696</a></li> <li>Update Node.js version in action.yml by <a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/691">actions/setup-go#691</a></li> <li>Documentation update of actions/checkout by <a href="https://github.com/deining"><code>@deining</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/683">actions/setup-go#683</a></li> </ul> <h3>Dependency updates</h3> <ul> <li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/682">actions/setup-go#682</a></li> <li>Upgrade <code>@actions/cache</code> to v5 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/695">actions/setup-go#695</a></li> <li>Upgrade actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/686">actions/setup-go#686</a></li> <li>Upgrade qs from 6.14.0 to 6.14.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/703">actions/setup-go#703</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/691">actions/setup-go#691</a></li> <li><a href="https://github.com/deining"><code>@deining</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/683">actions/setup-go#683</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.2.0">https://github.com/actions/setup-go/compare/v6...v6.2.0</a></p> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancements</h3> <ul> <li>Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by <a href="https://github.com/nicholasngai"><code>@nicholasngai</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li> <li>Add support for .tool-versions file and update workflow by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li> <li>Add comprehensive breaking changes documentation for v6 by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c"><code>4a36011</code></a> docs: fix Microsoft build of Go link (<a href="https://redirect.github.com/actions/setup-go/issues/734">#734</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d"><code>8f19afc</code></a> feat: add go-download-base-url input for custom Go distributions (<a href="https://redirect.github.com/actions/setup-go/issues/721">#721</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a"><code>27fdb26</code></a> Bump minimatch from 3.1.2 to 3.1.5 (<a href="https://redirect.github.com/actions/setup-go/issues/727">#727</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b"><code>def8c39</code></a> Rearrange README.md, add advanced-usage.md (<a href="https://redirect.github.com/actions/setup-go/issues/724">#724</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/4b73464bb391d4059bd26b0524d20df3927bd417"><code>4b73464</code></a> Fix golang download url to go.dev (<a href="https://redirect.github.com/actions/setup-go/issues/469">#469</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/a5f9b05d2d216f63e13859e0d847461041025775"><code>a5f9b05</code></a> Update default Go module caching to use go.mod (<a href="https://redirect.github.com/actions/setup-go/issues/705">#705</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5"><code>7a3fe6c</code></a> Bump qs from 6.14.0 to 6.14.1 (<a href="https://redirect.github.com/actions/setup-go/issues/703">#703</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/b9adafd441833a027479ddd0db37eaece68d35cb"><code>b9adafd</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/actions/setup-go/issues/686">#686</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/d73f6bcfc2b419b74f47075f8a487b40cc4680f8"><code>d73f6bc</code></a> README.md: correct to actions/checkout@v6 (<a href="https://redirect.github.com/actions/setup-go/issues/683">#683</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/ae252ee6fb24babc50e89fc67c4aa608e69fbf8f"><code>ae252ee</code></a> Bump <code>@actions/cache</code> to v5 (<a href="https://redirect.github.com/actions/setup-go/issues/695">#695</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-go/compare/40f1582b2485089dde7abd97c1529aa768e1baff...4a3601121dd01d1626a1e23e37211e3254c1c06c">compare view</a></li> </ul> </details> <br /> Updates `golangci/golangci-lint-action` from 8.0.0 to 9.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v9.2.1</h2> <h2>What's Changed</h2> <p>IMPORTANT: this is the first immutable release.</p> <h3>Changes</h3> <ul> <li>chore: improve workflows by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1394">golangci/golangci-lint-action#1394</a></li> </ul> <h3>Dependencies</h3> <ul> <li>build(deps-dev): bump the dev-dependencies group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1325">golangci/golangci-lint-action#1325</a></li> <li>build(deps-dev): bump the dev-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1326">golangci/golangci-lint-action#1326</a></li> <li>build(deps): bump the dependencies group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1327">golangci/golangci-lint-action#1327</a></li> <li>build(deps-dev): bump the dev-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1328">golangci/golangci-lint-action#1328</a></li> <li>build(deps): bump <code>@types/node</code> from 25.0.2 to 25.0.3 in the dependencies group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1329">golangci/golangci-lint-action#1329</a></li> <li>build(deps-dev): bump the dev-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1330">golangci/golangci-lint-action#1330</a></li> <li>build(deps-dev): bump the dev-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1332">golangci/golangci-lint-action#1332</a></li> <li>build(deps-dev): bump the dev-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1333">golangci/golangci-lint-action#1333</a></li> <li>build(deps): bump the dependencies group with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1334">golangci/golangci-lint-action#1334</a></li> <li>build(deps-dev): bump the dev-dependencies group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1335">golangci/golangci-lint-action#1335</a></li> <li>build(deps): bump the dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1336">golangci/golangci-lint-action#1336</a></li> <li>build(deps-dev): bump the dev-dependencies group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1337">golangci/golangci-lint-action#1337</a></li> <li>build(deps): bump <code>@types/node</code> from 25.0.9 to 25.0.10 in the dependencies group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1338">golangci/golangci-lint-action#1338</a></li> <li>build(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1339">golangci/golangci-lint-action#1339</a></li> <li>build(deps-dev): bump the dev-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1340">golangci/golangci-lint-action#1340</a></li> <li>build(deps-dev): bump the dev-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1344">golangci/golangci-lint-action#1344</a></li> <li>build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1346">golangci/golangci-lint-action#1346</a></li> <li>build(deps): bump minimatch by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1348">golangci/golangci-lint-action#1348</a></li> <li>build(deps): bump minimatch from 3.1.3 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1350">golangci/golangci-lint-action#1350</a></li> <li>build(deps): bump fast-xml-parser from 5.3.6 to 5.4.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1351">golangci/golangci-lint-action#1351</a></li> <li>build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1357">golangci/golangci-lint-action#1357</a></li> <li>build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1358">golangci/golangci-lint-action#1358</a></li> <li>build(deps-dev): bump flatted from 3.3.3 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1359">golangci/golangci-lint-action#1359</a></li> <li>build(deps): bump picomatch from 4.0.3 to 4.0.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1364">golangci/golangci-lint-action#1364</a></li> <li>build(deps): bump yaml from 2.8.2 to 2.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1365">golangci/golangci-lint-action#1365</a></li> <li>build(deps): bump brace-expansion by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1370">golangci/golangci-lint-action#1370</a></li> <li>build(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1374">golangci/golangci-lint-action#1374</a></li> <li>build(deps): bump github/codeql-action from 4 to 4.35.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1384">golangci/golangci-lint-action#1384</a></li> <li>build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1386">golangci/golangci-lint-action#1386</a></li> <li>build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1389">golangci/golangci-lint-action#1389</a></li> <li>build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1391">golangci/golangci-lint-action#1391</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1">https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1</a></p> <h2>v9.2.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Changes</h3> <ul> <li>feat: add version-file option by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1320">golangci/golangci-lint-action#1320</a></li> <li>chore: move samples into fixtures by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1321">golangci/golangci-lint-action#1321</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golangci/golangci-lint-action/commit/82606bf257cbaff209d206a39f5134f0cfbfd2ee"><code>82606bf</code></a> chore: prepare release v9.2.1</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/97c8387e660fa3be78f698fb592523e1f906a02c"><code>97c8387</code></a> chore: improve workflows (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1394">#1394</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/28d0a191bb76f633872d1f12600dd9900ac73840"><code>28d0a19</code></a> build(deps): bump the dependencies group across 1 directory with 2 updates</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/633fbc7d54a1fe7d54f72fb83194a7d442beb929"><code>633fbc7</code></a> build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1391">#1391</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/59f43e26c902dadac745307f8cf2537da50ad344"><code>59f43e2</code></a> build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1389">#1389</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/9eb174e04acac69b4b7f6602f9a5cc384ba59b45"><code>9eb174e</code></a> build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1386">#1386</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/4f52504dfb47d09a983372e869f643e9e0d4014b"><code>4f52504</code></a> build(deps): bump github/codeql-action from 4 to 4.35.2 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1384">#1384</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/6f87dfdbd16618b59a5d86104adea6216152a47c"><code>6f87dfd</code></a> docs: update examples</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/c9500d7aa7797b3e999034a3e6a0b9a4f18e8708"><code>c9500d7</code></a> chore: improve workflows</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/03b1faa37ed78712fa70fc44b56fa553f0d7a6bc"><code>03b1faa</code></a> chore: improve issue templates</li> <li>Additional commits viewable in <a href="https://github.com/golangci/golangci-lint-action/compare/4afd733a84b1f43292c63897423277bb7f4313a9...82606bf257cbaff209d206a39f5134f0cfbfd2ee">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-node` from 4.4.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <h3>Dependency updates:</h3> <ul> <li>Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> <li>Update Node.js versions in versions.yml and bump package to v6.4.0 by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1533">actions/setup-node#1533</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.4.0">https://github.com/actions/setup-node/compare/v6...v6.4.0</a></p> <h2>v6.3.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Support parsing <code>devEngines</code> field by <a href="https://github.com/susnux"><code>@susnux</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1283">actions/setup-node#1283</a></li> </ul> <blockquote> <p>When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.</p> </blockquote> <h3>Dependency updates:</h3> <ul> <li>Fix npm audit issues by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1491">actions/setup-node#1491</a></li> <li>Replace uuid with crypto.randomUUID() by <a href="https://github.com/trivikr"><code>@trivikr</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1378">actions/setup-node#1378</a></li> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1498">actions/setup-node#1498</a></li> </ul> <h3>Bug fixes:</h3> <ul> <li>Remove hardcoded bearer for mirror-url <a href="https://github.com/marco-ippolito"><code>@marco-ippolito</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1467">actions/setup-node#1467</a></li> <li>Scope test lockfiles by package manager and update cache tests by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1495">actions/setup-node#1495</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/susnux"><code>@susnux</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1283">actions/setup-node#1283</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.3.0">https://github.com/actions/setup-node/compare/v6...v6.3.0</a></p> <h2>v6.2.0</h2> <h2>What's Changed</h2> <h3>Documentation</h3> <ul> <li>Documentation update related to absence of Lockfile by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li> <li>Correct mirror option typos by <a href="https://github.com/MikeMcC399"><code>@MikeMcC399</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li> <li>Readme update on checkout version v6 by <a href="https://github.com/deining"><code>@deining</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li> <li>Readme typo fixes <a href="https://github.com/munyari"><code>@munyari</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1226">actions/setup-node#1226</a></li> <li>Advanced document update on checkout version v6 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1468">actions/setup-node#1468</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@actions/cache</code> to v5.0.1 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1449">actions/setup-node#1449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li> <li><a href="https://github.com/MikeMcC399"><code>@MikeMcC399</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li> <li><a href="https://github.com/deining"><code>@deining</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"><code>48b55a0</code></a> Update Node.js versions in versions.yml and bump package to v6.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1533">#1533</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9"><code>ab72c7e</code></a> Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies (<a href="https://redirect.github.com/actions/setup-node/issues/1525">#1525</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f"><code>53b8394</code></a> Bump minimatch from 3.1.2 to 3.1.5 (<a href="https://redirect.github.com/actions/setup-node/issues/1498">#1498</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc"><code>54045ab</code></a> Scope test lockfiles by package manager and update cache tests (<a href="https://redirect.github.com/actions/setup-node/issues/1495">#1495</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a"><code>c882bff</code></a> Replace uuid with crypto.randomUUID() (<a href="https://redirect.github.com/actions/setup-node/issues/1378">#1378</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d"><code>774c1d6</code></a> feat(node-version-file): support parsing <code>devEngines</code> field (<a href="https://redirect.github.com/actions/setup-node/issues/1283">#1283</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e"><code>efcb663</code></a> fix: remove hardcoded bearer (<a href="https://redirect.github.com/actions/setup-node/issues/1467">#1467</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb"><code>d02c89d</code></a> Fix npm audit issues (<a href="https://redirect.github.com/actions/setup-node/issues/1491">#1491</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238"><code>6044e13</code></a> Docs: bump actions/checkout from v5 to v6 (<a href="https://redirect.github.com/actions/setup-node/issues/1468">#1468</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657"><code>8e49463</code></a> Fix README typo (<a href="https://redirect.github.com/actions/setup-node/issues/1226">#1226</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-buildx-action` from 3.12.0 to 4.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.79.0 to 0.90.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/489">docker/setup-buildx-action#489</a></li> <li>Bump brace-expansion from 1.1.12 to 5.0.6 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/547">docker/setup-buildx-action#547</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/508">docker/setup-buildx-action#508</a></li> <li>Bump fast-xml-builder from 1.0.0 to 1.2.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/540">docker/setup-buildx-action#540</a></li> <li>Bump fast-xml-parser from 5.4.2 to 5.8.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/496">docker/setup-buildx-action#496</a></li> <li>Bump flatted from 3.3.3 to 3.4.2 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/499">docker/setup-buildx-action#499</a></li> <li>Bump glob from 10.3.12 to 13.0.6 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/495">docker/setup-buildx-action#495</a></li> <li>Bump handlebars from 4.7.8 to 4.7.9 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/504">docker/setup-buildx-action#504</a></li> <li>Bump lodash from 4.17.23 to 4.18.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/523">docker/setup-buildx-action#523</a></li> <li>Bump picomatch from 4.0.3 to 4.0.4 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/503">docker/setup-buildx-action#503</a></li> <li>Bump postcss from 8.5.6 to 8.5.10 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/537">docker/setup-buildx-action#537</a></li> <li>Bump tar from 6.2.1 to 7.5.15 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/545">docker/setup-buildx-action#545</a></li> <li>Bump undici from 6.23.0 to 6.25.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/492">docker/setup-buildx-action#492</a></li> <li>Bump vite from 7.3.1 to 7.3.2 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/520">docker/setup-buildx-action#520</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0">https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0</a></p> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/483">docker/setup-buildx-action#483</a></li> <li>Remove deprecated inputs/outputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/464">docker/setup-buildx-action#464</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/481">docker/setup-buildx-action#481</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/475">docker/setup-buildx-action#475</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.79.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/482">docker/setup-buildx-action#482</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/485">docker/setup-buildx-action#485</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/452">docker/setup-buildx-action#452</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/472">docker/setup-buildx-action#472</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/480">docker/setup-buildx-action#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0">https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5"><code>d7f5e7f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/489">#489</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164"><code>92bc5c9</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5"><code>da11e35</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.79.0 to 0.90.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851"><code>f021e16</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/492">#492</a> from docker/dependabot/npm_and_yarn/undici-6.24.1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67"><code>b5af94f</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6"><code>16ad977</code></a> build(deps): bump undici from 6.23.0 to 6.25.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458"><code>d7a12d7</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/495">#495</a> from docker/dependabot/npm_and_yarn/glob-10.5.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb"><code>28ff27d</code></a> build(deps): bump glob from 10.3.12 to 13.0.6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019"><code>daf436b</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/496">#496</a> from docker/dependabot/npm_and_yarn/fast-xml-parser-5...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35"><code>9725348</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5">compare view</a></li> </ul> </details> <br /> Updates `tj-actions/changed-files` from 46.0.5 to 47.0.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v47.0.6</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v47.0.5 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2816">tj-actions/changed-files#2816</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2817">tj-actions/changed-files#2817</a></li> <li>chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2818">tj-actions/changed-files#2818</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.3.3 to 25.3.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2820">tj-actions/changed-files#2820</a></li> <li>chore(deps): bump github/codeql-action from 4.32.5 to 4.32.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2819">tj-actions/changed-files#2819</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.3.5 to 25.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2825">tj-actions/changed-files#2825</a></li> <li>chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2824">tj-actions/changed-files#2824</a></li> <li>chore(deps): bump github/codeql-action from 4.32.6 to 4.35.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2834">tj-actions/changed-files#2834</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2831">tj-actions/changed-files#2831</a></li> <li>chore(deps): bump yaml from 2.8.2 to 2.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2830">tj-actions/changed-files#2830</a></li> <li>chore(deps): bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2829">tj-actions/changed-files#2829</a></li> <li>chore(deps-dev): bump jest from 30.2.0 to 30.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2822">tj-actions/changed-files#2822</a></li> <li>chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2849">tj-actions/changed-files#2849</a></li> <li>chore(deps-dev): bump prettier from 3.8.1 to 3.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2848">tj-actions/changed-files#2848</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.5.0 to 25.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2846">tj-actions/changed-files#2846</a></li> <li>chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2844">tj-actions/changed-files#2844</a></li> <li>chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2843">tj-actions/changed-files#2843</a></li> <li>chore(deps): bump lodash from 4.17.23 to 4.18.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2837">tj-actions/changed-files#2837</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6">https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6</a></p> <h2>v47.0.5</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v47.0.4 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2802">tj-actions/changed-files#2802</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2803">tj-actions/changed-files#2803</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2805">tj-actions/changed-files#2805</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.2.2 to 25.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2811">tj-actions/changed-files#2811</a></li> <li>chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2810">tj-actions/changed-files#2810</a></li> <li>chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2809">tj-actions/changed-files#2809</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2799">tj-actions/changed-files#2799</a></li> <li>chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2806">tj-actions/changed-files#2806</a></li> <li>chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2775">tj-actions/changed-files#2775</a></li> <li>chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2774">tj-actions/changed-files#2774</a></li> <li>chore(deps): bump lodash and <code>@types/lodash</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2807">tj-actions/changed-files#2807</a></li> <li>chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2764">tj-actions/changed-files#2764</a></li> <li>chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2815">tj-actions/changed-files#2815</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.3.2 to 25.3.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2814">tj-actions/changed-files#2814</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5">https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5</a></p> <h2>v47.0.4</h2> <h2>What's Changed</h2> <ul> <li>update: release-tagger action to version 6.0.6 by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2801">tj-actions/changed-files#2801</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4">https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6">47.0.6</a> - (2026-04-18)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2817">#2817</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/c23d52ba6ff8c67273c61e097615eafe88cb8650">c23d52b</a>) - (github-actions[bot])</p> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Bump lodash from 4.17.23 to 4.18.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2837">#2837</a>) (<a href="https://github.com/tj-actions/changed-files/commit/9426d40962ed5378910ee2e21d5f8c6fcbf2dd96">9426d40</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2843">#2843</a>) (<a href="https://github.com/tj-actions/changed-files/commit/32de080616d8c84d89622770d26b0857f4ce8b49">32de080</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2844">#2844</a>) (<a href="https://github.com/tj-actions/changed-files/commit/2487d125c6ecf3457228762d50599297a8c80310">2487d12</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.5.0 to 25.6.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2846">#2846</a>) (<a href="https://github.com/tj-actions/changed-files/commit/cef85a3eab76d9db9f294de4915d6a31b1dcbfda">cef85a3</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump prettier from 3.8.1 to 3.8.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2848">#2848</a>) (<a href="https://github.com/tj-actions/changed-files/commit/7b082dee30a6f42592f70940c0f0a26a72af452c">7b082de</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.35.1 to 4.35.2 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2849">#2849</a>) (<a href="https://github.com/tj-actions/changed-files/commit/07224cab5986b4ce28c5080f4a804e5573422714">07224ca</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump jest from 30.2.0 to 30.3.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2822">#2822</a>) (<a href="https://github.com/tj-actions/changed-files/commit/2bb135777322059ee3a3c9239999b159ff49febc">2bb1357</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2829">#2829</a>) (<a href="https://github.com/tj-actions/changed-files/commit/cc98117d3993777f3babaccc496514b4a65652a9">cc98117</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump yaml from 2.8.2 to 2.8.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2830">#2830</a>) (<a href="https://github.com/tj-actions/changed-files/commit/786e4213eac60d6e2b4492135b46644269fac3db">786e421</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump eslint-plugin-jest from 29.15.0 to 29.15.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2831">#2831</a>) (<a href="https://github.com/tj-actions/changed-files/commit/726b41bbed783a50de97829de6d977cd665…
gnolang#5292) Bumps the golang-x group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.48.0 to 0.52.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803"><code>a1c0d99</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d"><code>3c7c869</code></a> ssh: fix deadlock on unexpected channel responses</li> <li><a href="https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce"><code>533fb3f</code></a> ssh: fix source-address critical option bypass</li> <li><a href="https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3"><code>abbc44d</code></a> ssh: fix incorrect operator order</li> <li><a href="https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f"><code>e052873</code></a> ssh: fix infinite loop on large channel writes due to integer overflow</li> <li><a href="https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456"><code>b61cf85</code></a> ssh: enforce user presence verification for security keys</li> <li><a href="https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd"><code>9c2cd33</code></a> ssh: enforce strict limits on DSA key parameters</li> <li><a href="https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4"><code>8907318</code></a> ssh: reject RSA keys with excessively large moduli</li> <li><a href="https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e"><code>ffd87b4</code></a> ssh: fix panic when authority callbacks are nil</li> <li><a href="https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946"><code>4e7a738</code></a> ssh: fix deadlock on unexpected global responses</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.48.0...v0.52.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.32.0 to 0.35.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/03901d351deb5bd95deb90714fb75bf8e232cb22"><code>03901d3</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/1ac721dff8591283e59aba6412a0eafc8b950d83"><code>1ac721d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/fb1fac8b369ec75b114cb416119e80d3aebda7f5"><code>fb1fac8</code></a> all: upgrade go directive to at least 1.25.0 [generated]</li> <li><a href="https://github.com/golang/mod/commit/27761a2ad800eabb86324226bb5e39adb07759da"><code>27761a2</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.32.0...v0.35.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.50.0 to 0.54.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/b138e06246cb323f2f380c2b7f7dd91f581dd56b"><code>b138e06</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/689f70a42abd350f3a1aaa70b0d13eb9543d927a"><code>689f70a</code></a> quic: fix wrong final size being used for RESET_STREAM frame</li> <li><a href="https://github.com/golang/net/commit/208f306b2f0fd008b388bee2c2644be279778e94"><code>208f306</code></a> http3: increase handshake timeout</li> <li><a href="https://github.com/golang/net/commit/49810da71b9026da9e0d028a6ad8c7730c52d9c4"><code>49810da</code></a> http2: enable net/http wrapping when go >= 1.27</li> <li><a href="https://github.com/golang/net/commit/5e11a5ab891c117eda83b4304d60dd13286c1c76"><code>5e11a5a</code></a> quic: fix data race in streamForFrame</li> <li><a href="https://github.com/golang/net/commit/8c63081cd380ea768db5651941614b73472160ff"><code>8c63081</code></a> http2: use empty Transport rather than DefaultTransport in http2wrap</li> <li><a href="https://github.com/golang/net/commit/fc7b466ca49cb204039630533ece4fc557eb35cd"><code>fc7b466</code></a> http2: add http2wrap test</li> <li><a href="https://github.com/golang/net/commit/15c2cb1875fd727313dc4de909b3ee149422fbe2"><code>15c2cb1</code></a> http2: avoid overflowing 32-bit int when http2wrap enabled</li> <li><a href="https://github.com/golang/net/commit/64651885c2f2d745d77af2d7af2edbf568c179af"><code>6465188</code></a> http2: add wrapped Server</li> <li><a href="https://github.com/golang/net/commit/72f419a894cb0597dd5b6bcf119086bf2af41231"><code>72f419a</code></a> http2: add wrapped ClientConn</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.50.0...v0.54.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sync/commit/ec11c4a93de22cde2abe2bf74d70791033c2464c"><code>ec11c4a</code></a> errgroup: fix a typo in the documentation</li> <li><a href="https://github.com/golang/sync/commit/1a583072c11b16c643c8f6051ff1fab5a424d0a9"><code>1a58307</code></a> all: modernize interface{} -> any</li> <li><a href="https://github.com/golang/sync/commit/3172ca581eb96530283f713311f81df986c19932"><code>3172ca5</code></a> all: upgrade go directive to at least 1.25.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/sync/compare/v0.19.0...v0.20.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.40.0 to 0.43.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/3c3e4855f7d2eb06c3e48933554add9ec6b599b5"><code>3c3e485</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/52b71d3344c86b384ed34ebf73f1e6f37044fe79"><code>52b71d3</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/9d2dc074d2bdcb2229cbbaa0a252eace245a6489"><code>9d2dc07</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/d954e03213327a5b6380b6c2aec621192ee56007"><code>d954e03</code></a> all: upgrade go directive to at least 1.25.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.40.0...v0.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/text` from 0.34.0 to 0.37.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/3ef517e623a4bfc08d6457f87d73afda7af7d8e1"><code>3ef517e</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/text/commit/8577a70117e110160c45f32af0e0df84eef844f7"><code>8577a70</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/text/commit/7ca2c6d99153f6456168837916829c735c67d355"><code>7ca2c6d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/text/commit/73d1ba91404d0de47cb6a9b3fb52a31565ca4d25"><code>73d1ba9</code></a> all: upgrade go directive to at least 1.25.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.34.0...v0.37.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/tools` from 0.41.0 to 0.44.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/3dd188df80fd3563559f02e4eeb10ba1043cce55"><code>3dd188d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/aebd87084e63fd3aa0a5222eeae28af6c2e33629"><code>aebd870</code></a> gopls: improve doc link matching to support links followed by a colon</li> <li><a href="https://github.com/golang/tools/commit/5357b43c088d8403d5fcd9992431db0a351ce922"><code>5357b43</code></a> go/analysis/passes/modernize: rangeint: handle type parameter constraints</li> <li><a href="https://github.com/golang/tools/commit/bf04c618d518f244d26fb5c7ad77d893f8b1fc4d"><code>bf04c61</code></a> go/types/internal/play: show normal terms of selected type</li> <li><a href="https://github.com/golang/tools/commit/0ae2de027e10d7a0530ecf7ccc2db8df8aa5dcb3"><code>0ae2de0</code></a> gopls/internal/filecache: cache decoded objects in memCache</li> <li><a href="https://github.com/golang/tools/commit/8e51a5fb67f9b3e2b32792f21e727664ca6561e2"><code>8e51a5f</code></a> go/ssa: support direct references to embedded fields in struct lit</li> <li><a href="https://github.com/golang/tools/commit/5005b9e710b3c1eef7e5077c77289410729919ec"><code>5005b9e</code></a> internal/gcimporter: rename ureader_yes.go to ureader.go</li> <li><a href="https://github.com/golang/tools/commit/5ca865bb7d52012b73ac379c5aec59b3d04efce8"><code>5ca865b</code></a> go/types/objectpath: add debugging command</li> <li><a href="https://github.com/golang/tools/commit/f6476fbaabd396b58618b473e4eb71e1f532b495"><code>f6476fb</code></a> internal/gcimporter: consume generic methods in gcimporter</li> <li><a href="https://github.com/golang/tools/commit/b36d1d12a1a724eb9be6609c9789aec3d99e6030"><code>b36d1d1</code></a> internal/pkgbits: sync version.go with goroot</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.41.0...v0.44.0">compare view</a></li> </ul> </details> <br /> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
…8 updates (gnolang#5772) Bumps the everything-else group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) | `2.23.1` | `2.26.1` | | [github.com/btcsuite/btcd/btcec/v2](https://github.com/btcsuite/btcd) | `2.3.6` | `2.5.0` | | [github.com/btcsuite/btcd/btcutil](https://github.com/btcsuite/btcd) | `1.1.6` | `1.2.0` | | [github.com/cockroachdb/apd/v3](https://github.com/cockroachdb/apd) | `3.2.1` | `3.2.3` | | [github.com/consensys/gnark-crypto](https://github.com/consensys/gnark-crypto) | `0.14.0` | `0.20.1` | | [github.com/decred/dcrd/dcrec/secp256k1/v4](https://github.com/decred/dcrd) | `4.4.0` | `4.4.1` | | [github.com/erigontech/mdbx-go](https://github.com/erigontech/mdbx-go) | `0.40.0` | `0.40.1` | | [github.com/rogpeppe/go-internal](https://github.com/rogpeppe/go-internal) | `1.14.1` | `1.15.0` | | [github.com/yuin/goldmark](https://github.com/yuin/goldmark) | `1.7.16` | `1.8.2` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.41.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.37.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) | `1.41.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.41.0` | `1.44.0` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` | Updates `github.com/alecthomas/chroma/v2` from 2.23.1 to 2.26.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/alecthomas/chroma/releases">github.com/alecthomas/chroma/v2's releases</a>.</em></p> <blockquote> <h2>v2.26.1</h2> <h2>Changelog</h2> <ul> <li>56c7702 fix: downgrade go.mod version to 1.25</li> </ul> <h2>v2.26.0</h2> <h2>Changelog</h2> <ul> <li>a4d3f60 feat(chromad): use style counterparts for theme switching</li> <li>ce159e6 chore: migrate to new bit format</li> <li>180ea9f perf(colour): replace Sprintf/ParseUint round-trip in NewColour with direct bit arithmetic (<a href="https://redirect.github.com/alecthomas/chroma/issues/1274">#1274</a>)</li> <li>68a08b0 docs: how to support dynamic theme switching</li> <li>6fb9d92 feat(html): tag output with style mode</li> <li>a71fea3 feat(styles): add light/dark mode support</li> </ul> <h2>v2.25.0</h2> <h2>Changelog</h2> <ul> <li>c3826f0 chore: go mod tidy</li> <li>fb5bc39 fix: emit HTTP body tokens without Coalesce</li> <li>a3c2946 Improve Nu file detection (<a href="https://redirect.github.com/alecthomas/chroma/issues/1260">#1260</a>)</li> <li>e841b1a chore(deps): update all non-major dependencies (<a href="https://redirect.github.com/alecthomas/chroma/issues/1272">#1272</a>)</li> <li>3ed2db8 Add Gemfile.lock lexer (& ruby improvements) (<a href="https://redirect.github.com/alecthomas/chroma/issues/1269">#1269</a>)</li> <li>41fb546 Add YAML+Jinja lexer (<a href="https://redirect.github.com/alecthomas/chroma/issues/1268">#1268</a>)</li> <li>e99b881 chore(deps): update all non-major dependencies (<a href="https://redirect.github.com/alecthomas/chroma/issues/1263">#1263</a>)</li> <li>e67dd2f (Markless) Fix parse issue for embed directives without options (<a href="https://redirect.github.com/alecthomas/chroma/issues/1266">#1266</a>)</li> <li>dffa370 fix(go): tokenize trailing // as comment instead of consuming next line (<a href="https://redirect.github.com/alecthomas/chroma/issues/1265">#1265</a>)</li> <li>1cf1560 chore: upgrade to github.com/dlclark/regexp2/v2</li> <li>2cbcf7b chore: upgrade golangci-lint</li> <li>786675b chore(deps): update all non-major dependencies (<a href="https://redirect.github.com/alecthomas/chroma/issues/1257">#1257</a>)</li> <li>235590c feat: add JSONL support to JSON lexer (<a href="https://redirect.github.com/alecthomas/chroma/issues/1262">#1262</a>)</li> <li>f9b5c97 fix(dart): match single-line comments without trailing newline (<a href="https://redirect.github.com/alecthomas/chroma/issues/1225">#1225</a>) (<a href="https://redirect.github.com/alecthomas/chroma/issues/1261">#1261</a>)</li> <li>097f8e9 Mention Arturo in README (<a href="https://redirect.github.com/alecthomas/chroma/issues/1256">#1256</a>)</li> <li>d46ce60 feat(markdown): highlight frontmatter and comments (<a href="https://redirect.github.com/alecthomas/chroma/issues/1245">#1245</a>)</li> <li>f786b2a feat(lexers): add support for LilyPond (<a href="https://redirect.github.com/alecthomas/chroma/issues/1255">#1255</a>)</li> <li>0a02b98 chore(deps): update actions/checkout digest to de0fac2 (<a href="https://redirect.github.com/alecthomas/chroma/issues/1212">#1212</a>)</li> <li>c55009e Fix AGENTS.md referencing a non-existent scripts directory (<a href="https://redirect.github.com/alecthomas/chroma/issues/1231">#1231</a>)</li> <li>c5e763e Improve protobuf lexer (<a href="https://redirect.github.com/alecthomas/chroma/issues/1253">#1253</a>)</li> <li>113cd0e Add Arturo lexer (<a href="https://redirect.github.com/alecthomas/chroma/issues/1232">#1232</a>)</li> <li>4498d71 chore(deps): update dependency binaryen to v129 (<a href="https://redirect.github.com/alecthomas/chroma/issues/1238">#1238</a>)</li> <li>885f912 Added f4 to "Projects using Chroma" list (<a href="https://redirect.github.com/alecthomas/chroma/issues/1242">#1242</a>)</li> <li>c42c9ef Update java lexer (<a href="https://redirect.github.com/alecthomas/chroma/issues/1254">#1254</a>)</li> </ul> <h2>v2.24.1</h2> <h2>Changelog</h2> <ul> <li>d2a3784 fix: fallback bug</li> </ul> <h2>v2.24.0</h2> <h2>Changelog</h2> <ul> <li>0b841ee chore: go mod tidy</li> <li>10fcb68 chore(deps): update ubuntu docker tag to v26 (<a href="https://redirect.github.com/alecthomas/chroma/issues/1251">#1251</a>)</li> <li>2218de6 chore(deps): update all non-major dependencies (<a href="https://redirect.github.com/alecthomas/chroma/issues/1236">#1236</a>)</li> <li>2099887 Update Solarized Light to use correct background color (<a href="https://redirect.github.com/alecthomas/chroma/issues/1250">#1250</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/alecthomas/chroma/commit/56c7702e16f3bf78b335c57cdd5af8f8b493f1c6"><code>56c7702</code></a> fix: downgrade go.mod version to 1.25</li> <li><a href="https://github.com/alecthomas/chroma/commit/a4d3f60813272352474a6ecda93270487d20a9ee"><code>a4d3f60</code></a> feat(chromad): use style counterparts for theme switching</li> <li><a href="https://github.com/alecthomas/chroma/commit/ce159e61b0d7234beba95e25e25464ea90324d1f"><code>ce159e6</code></a> chore: migrate to new bit format</li> <li><a href="https://github.com/alecthomas/chroma/commit/180ea9f54dce4c7b7241944110fc0e01bffae913"><code>180ea9f</code></a> perf(colour): replace Sprintf/ParseUint round-trip in NewColour with direct b...</li> <li><a href="https://github.com/alecthomas/chroma/commit/68a08b0f9a1f4edeaadd0ef9fbbc2945b5a02adf"><code>68a08b0</code></a> docs: how to support dynamic theme switching</li> <li><a href="https://github.com/alecthomas/chroma/commit/6fb9d920b575be857c7322f79699fd92e3645e2f"><code>6fb9d92</code></a> feat(html): tag output with style mode</li> <li><a href="https://github.com/alecthomas/chroma/commit/a71fea34358d2b9f75c0d5be2002a5293633116d"><code>a71fea3</code></a> feat(styles): add light/dark mode support</li> <li><a href="https://github.com/alecthomas/chroma/commit/c3826f007cb719dfba2e331ee356c9f0d521dbad"><code>c3826f0</code></a> chore: go mod tidy</li> <li><a href="https://github.com/alecthomas/chroma/commit/fb5bc39d407d3d39fb71f010683a2d4b6211da2f"><code>fb5bc39</code></a> fix: emit HTTP body tokens without Coalesce</li> <li><a href="https://github.com/alecthomas/chroma/commit/a3c2946ab1b0af692b2087b9f54e70f87a7b0295"><code>a3c2946</code></a> Improve Nu file detection (<a href="https://redirect.github.com/alecthomas/chroma/issues/1260">#1260</a>)</li> <li>Additional commits viewable in <a href="https://github.com/alecthomas/chroma/compare/v2.23.1...v2.26.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/btcsuite/btcd/btcec/v2` from 2.3.6 to 2.5.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/btcsuite/btcd/commit/258049c9eb58bc993fe0ce98c8680958bb757ca0"><code>258049c</code></a> Merge pull request <a href="https://redirect.github.com/btcsuite/btcd/issues/1825">#1825</a> from guggero/btcec-v2-no-circular-dep</li> <li><a href="https://github.com/btcsuite/btcd/commit/b29ce9735062979a592957a5d8b442f3e8cb1ea9"><code>b29ce97</code></a> rpcwebsocket: fi linter complaint about unused functions</li> <li><a href="https://github.com/btcsuite/btcd/commit/9dfa926fff501850673dc12d14be1aa1e60cd792"><code>9dfa926</code></a> server: fix linter issue</li> <li><a href="https://github.com/btcsuite/btcd/commit/c0cfa06111fc29d0b08c0dcd1c478bc8e4e7db59"><code>c0cfa06</code></a> multi: update make and CI goals with new packages</li> <li><a href="https://github.com/btcsuite/btcd/commit/dccea8febadcc50c2a96a3d6f2a386aa0392fe73"><code>dccea8f</code></a> multi: use new v2 modules everywhere</li> <li><a href="https://github.com/btcsuite/btcd/commit/c0db6dfa115957cfeb6989547bad3df1ee400560"><code>c0db6df</code></a> psbt: move to top-level module, use v2, remove btcutil dep</li> <li><a href="https://github.com/btcsuite/btcd/commit/e9ec6ec506f7336954b2c3c3612dd72f4af69a46"><code>e9ec6ec</code></a> btcutil: remove circular dependency, use v2</li> <li><a href="https://github.com/btcsuite/btcd/commit/55a463a35f51d67af42c730efaf46563cf4465c4"><code>55a463a</code></a> txscript: turn into own module, use v2</li> <li><a href="https://github.com/btcsuite/btcd/commit/3000c455f8a7a7717bb1588d113ceb7099a2e695"><code>3000c45</code></a> address: move to top-level module, use v2</li> <li><a href="https://github.com/btcsuite/btcd/commit/bd65d6d6bb378cf021a1f8bfbfcffd8c4b0e38ca"><code>bd65d6d</code></a> chaincfg: add own module, use v2</li> <li>Additional commits viewable in <a href="https://github.com/btcsuite/btcd/compare/btcec/v2.3.6...btcec/v2.5.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/btcsuite/btcd/btcutil` from 1.1.6 to 1.2.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/btcsuite/btcd/commit/90540b821ed87fdea20576bccf97b2b06bca9f6e"><code>90540b8</code></a> Merge pull request <a href="https://redirect.github.com/btcsuite/btcd/issues/2524">#2524</a> from MPins/verifylows</li> <li><a href="https://github.com/btcsuite/btcd/commit/c728090e63ae5f3d763675264a68af129f50fa03"><code>c728090</code></a> Merge pull request <a href="https://redirect.github.com/btcsuite/btcd/issues/2461">#2461</a> from kcalvinalvin/2025-11-12-fix-android-builds</li> <li><a href="https://github.com/btcsuite/btcd/commit/2c05692401e15b91defb1318c6a72fd83e1cb60d"><code>2c05692</code></a> github: cross-compile android/arm64 in CI</li> <li><a href="https://github.com/btcsuite/btcd/commit/73af4d6f8871d46aa089d8d64feaa45276e01f3d"><code>73af4d6</code></a> btcutil: rename interfaceAddrs to InterfaceAddrs in appengine variant</li> <li><a href="https://github.com/btcsuite/btcd/commit/8bffc8ada81ded0176f4f850a4f33d0bca58bdcd"><code>8bffc8a</code></a> Merge pull request <a href="https://redirect.github.com/btcsuite/btcd/issues/2526">#2526</a> from JLSchuler99/rpcclient-httpurl-no-resolve</li> <li><a href="https://github.com/btcsuite/btcd/commit/589d7c0ae083d3e615628b4838f3abe4506ef949"><code>589d7c0</code></a> main: use btcutil.InterfaceAddr</li> <li><a href="https://github.com/btcsuite/btcd/commit/0f603feffabe71d60f0830aca4dc4e6df6fea0d1"><code>0f603fe</code></a> main: update go.mod and go.sum</li> <li><a href="https://github.com/btcsuite/btcd/commit/c90e88ee234fbdf7224169776cf8269047671aab"><code>c90e88e</code></a> btcutil: export interfaceAddr</li> <li><a href="https://github.com/btcsuite/btcd/commit/153bf6d828b7477f2b4992292feeefc995d42020"><code>153bf6d</code></a> btcutil: use anet instead of net for android builds</li> <li><a href="https://github.com/btcsuite/btcd/commit/807cbce3bf3b3940627bbae83d9fac5a7cebb357"><code>807cbce</code></a> rpcclient: compute httpURL once at construction time</li> <li>Additional commits viewable in <a href="https://github.com/btcsuite/btcd/compare/btcutil/v1.1.6...btcutil/v1.2.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/cockroachdb/apd/v3` from 3.2.1 to 3.2.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cockroachdb/apd/releases">github.com/cockroachdb/apd/v3's releases</a>.</em></p> <blockquote> <h2>v3.2.3</h2> <h2>What's Changed</h2> <ul> <li>Fix nil panic in NumDigits for large negative numbers by <a href="https://github.com/yuzefovich"><code>@yuzefovich</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/149">cockroachdb/apd#149</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yuzefovich"><code>@yuzefovich</code></a> made their first contribution in <a href="https://redirect.github.com/cockroachdb/apd/pull/149">cockroachdb/apd#149</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cockroachdb/apd/compare/v3.2.2...v3.2.3">https://github.com/cockroachdb/apd/compare/v3.2.2...v3.2.3</a></p> <h2>v3.2.2</h2> <h2>What's Changed</h2> <ul> <li>apd: add go 1.21 and 1.22 testing to CI by <a href="https://github.com/nvb"><code>@nvb</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/131">cockroachdb/apd#131</a></li> <li>Allow decompose to make use of the buffer by <a href="https://github.com/Gilthoniel"><code>@Gilthoniel</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/132">cockroachdb/apd#132</a></li> <li>apd: fix TestFormatFlags on go 1.23, add go 1.23 to CI by <a href="https://github.com/nvb"><code>@nvb</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/139">cockroachdb/apd#139</a></li> <li>ci: update GitHub Actions and OS versions by <a href="https://github.com/mw5h"><code>@mw5h</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/146">cockroachdb/apd#146</a></li> <li>apd: prevent NewFromString parsing invalid decimals by <a href="https://github.com/jms-bc"><code>@jms-bc</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/145">cockroachdb/apd#145</a></li> <li>ci: enable gcassert on Go 1.24 by <a href="https://github.com/mw5h"><code>@mw5h</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/148">cockroachdb/apd#148</a></li> <li>fix negative zero from multiplication/division by zero bigint by <a href="https://github.com/mhaddon"><code>@mhaddon</code></a> in <a href="https://redirect.github.com/cockroachdb/apd/pull/143">cockroachdb/apd#143</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Gilthoniel"><code>@Gilthoniel</code></a> made their first contribution in <a href="https://redirect.github.com/cockroachdb/apd/pull/132">cockroachdb/apd#132</a></li> <li><a href="https://github.com/mw5h"><code>@mw5h</code></a> made their first contribution in <a href="https://redirect.github.com/cockroachdb/apd/pull/146">cockroachdb/apd#146</a></li> <li><a href="https://github.com/jms-bc"><code>@jms-bc</code></a> made their first contribution in <a href="https://redirect.github.com/cockroachdb/apd/pull/145">cockroachdb/apd#145</a></li> <li><a href="https://github.com/mhaddon"><code>@mhaddon</code></a> made their first contribution in <a href="https://redirect.github.com/cockroachdb/apd/pull/143">cockroachdb/apd#143</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cockroachdb/apd/compare/v3.2.1...v3.2.2">https://github.com/cockroachdb/apd/compare/v3.2.1...v3.2.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cockroachdb/apd/commit/6d9c587326e78bcfbea630bf52893ff45f6f9ed5"><code>6d9c587</code></a> Merge pull request <a href="https://redirect.github.com/cockroachdb/apd/issues/149">#149</a> from cockroachdb/fix-large-negative</li> <li><a href="https://github.com/cockroachdb/apd/commit/212a4c6da7de714f06d9aa5a6c90e575f2667716"><code>212a4c6</code></a> Fix nil panic in NumDigits for large negative numbers</li> <li><a href="https://github.com/cockroachdb/apd/commit/cae01a2bba14314173d5b5f78d04685d7662b3c1"><code>cae01a2</code></a> Merge pull request <a href="https://redirect.github.com/cockroachdb/apd/issues/143">#143</a> from politepixels/master</li> <li><a href="https://github.com/cockroachdb/apd/commit/62de7720331215d84aded66ddb660369e9b1d0c8"><code>62de772</code></a> Merge pull request <a href="https://redirect.github.com/cockroachdb/apd/issues/148">#148</a> from mw5h/gcassert-go124</li> <li><a href="https://github.com/cockroachdb/apd/commit/36807179ec255778b1542858e4244a41cff5d752"><code>3680717</code></a> ci: enable gcassert on Go 1.24</li> <li><a href="https://github.com/cockroachdb/apd/commit/d9564ab8d35e4160418e6096cc9eda7a5bf52054"><code>d9564ab</code></a> Merge pull request <a href="https://redirect.github.com/cockroachdb/apd/issues/145">#145</a> from jms-bc/master</li> <li><a href="https://github.com/cockroachdb/apd/commit/fa35de35123a8e1e79d9620d3ff6995d7a984491"><code>fa35de3</code></a> Merge pull request <a href="https://redirect.github.com/cockroachdb/apd/issues/146">#146</a> from mw5h/update-ci-workflow</li> <li><a href="https://github.com/cockroachdb/apd/commit/cdcb08d2e589b2c9ddc010f82b8dab4b892d892a"><code>cdcb08d</code></a> ci: update GitHub Actions and OS versions</li> <li><a href="https://github.com/cockroachdb/apd/commit/ffdb35281764641839c8bd01035a4f84d5a83518"><code>ffdb352</code></a> apd: prevent NewFromString parsing invalid decimals</li> <li><a href="https://github.com/cockroachdb/apd/commit/03a2bd6777f1fb2502963c46f51a485d42bb595c"><code>03a2bd6</code></a> fix negative zero from multiplication/division by zero bigint</li> <li>Additional commits viewable in <a href="https://github.com/cockroachdb/apd/compare/v3.2.1...v3.2.3">compare view</a></li> </ul> </details> <br /> Updates `github.com/consensys/gnark-crypto` from 0.14.0 to 0.20.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/consensys/gnark-crypto/releases">github.com/consensys/gnark-crypto's releases</a>.</em></p> <blockquote> <h2>v0.20.1</h2> <p><strong>This release contains correctness fix for vector multiplication using IFMA, see <a href="https://redirect.github.com/consensys/gnark-crypto/issues/816">#816</a>. Users of <code>ecc/bls12-377/fr</code>, <code>ecc/bls12-381/fr</code>, <code>ecc/bls24-315/fr</code>, <code>ecc/bn254/fr</code>, <code>ecc/bn254/fp</code>, <code>ecc/grumpkin/fr</code>, <code>ecc/grumpkin/fp</code>, <code>ecc/stark-curve/fr</code> and <code>ecc/stark-curve/fp</code> using v0.20.0 should upgrade to avoid incorrect computation results.</strong></p> <h2>What's Changed</h2> <ul> <li>fix: correct IFMA vector mul carry propagation by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/816">Consensys/gnark-crypto#816</a></li> <li>deps(actions)(deps): bump actions/setup-go from 6.2.0 to 6.3.0 in the core-actions-minor-patch group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/814">Consensys/gnark-crypto#814</a></li> <li>release: v0.20.1 by <a href="https://github.com/ivokub"><code>@ivokub</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/818">Consensys/gnark-crypto#818</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Consensys/gnark-crypto/compare/v0.20.0...v0.20.1">https://github.com/Consensys/gnark-crypto/compare/v0.20.0...v0.20.1</a></p> <h2>v0.20.0</h2> <h2>What's Changed</h2> <ul> <li>Feat: Jacobian Triple for <code>j=0</code> curves by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/715">Consensys/gnark-crypto#715</a></li> <li>feat: handle len(p)=0 in kzg by <a href="https://github.com/ThomasPiellard"><code>@ThomasPiellard</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/730">Consensys/gnark-crypto#730</a></li> <li>perf: optimize (purego) extension for koalabear by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/729">Consensys/gnark-crypto#729</a></li> <li>fix: <a href="https://redirect.github.com/consensys/gnark-crypto/issues/727">#727</a> with go generate and cosmetics by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/734">Consensys/gnark-crypto#734</a></li> <li>perf: adds E4 vector ops (avx512) by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/733">Consensys/gnark-crypto#733</a></li> <li>feat: make bitReverse generic by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/736">Consensys/gnark-crypto#736</a></li> <li>fix: reintroduce BitReverse in fft package as deprecated for backward… by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/740">Consensys/gnark-crypto#740</a></li> <li>perf: add for small fields int64 for exp by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/738">Consensys/gnark-crypto#738</a></li> <li>feat: adds e4 vector Exp method by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/739">Consensys/gnark-crypto#739</a></li> <li>Feat: add column linear combination check by <a href="https://github.com/YaoJGalteland"><code>@YaoJGalteland</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/731">Consensys/gnark-crypto#731</a></li> <li>Feat/newdomain optimization by <a href="https://github.com/YaoJGalteland"><code>@YaoJGalteland</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/737">Consensys/gnark-crypto#737</a></li> <li>Perf(BN254, BLS12-377/BW6-761): revisit <code>mulBySeed()</code> addition chains in G1/2 by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/720">Consensys/gnark-crypto#720</a></li> <li>mpcsetup(generator): use G2Affine in UpdateMonomialsG2 template by <a href="https://github.com/Forostovec"><code>@Forostovec</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/735">Consensys/gnark-crypto#735</a></li> <li>chore: clarify PublicKey.SetBytes uses compressed public key by <a href="https://github.com/VolodymyrBg"><code>@VolodymyrBg</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/732">Consensys/gnark-crypto#732</a></li> <li>perf: use vector ops on FFT E4 by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/746">Consensys/gnark-crypto#746</a></li> <li>Feat/batch lagrange by <a href="https://github.com/YaoJGalteland"><code>@YaoJGalteland</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/745">Consensys/gnark-crypto#745</a></li> <li>feat: vector e4 utils ops by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/749">Consensys/gnark-crypto#749</a></li> <li>feat: add parallel prefix product for vector e4 by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/750">Consensys/gnark-crypto#750</a></li> <li>feat: add typed field hasher interface in MiMC package by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/752">Consensys/gnark-crypto#752</a></li> <li>perf: twisted Edwards affine arithmetic by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/743">Consensys/gnark-crypto#743</a></li> <li>perf: limit memory allocation during Vector deserialization by <a href="https://github.com/ivokub"><code>@ivokub</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/759">Consensys/gnark-crypto#759</a></li> <li>CI: Standardize imports by <a href="https://github.com/Tabaie"><code>@Tabaie</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/760">Consensys/gnark-crypto#760</a></li> <li>fix: remove duplicate import by <a href="https://github.com/ivokub"><code>@ivokub</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/762">Consensys/gnark-crypto#762</a></li> <li>Perf: Optimize <code>Sqrt</code> in <code>Fp2</code> for all fields by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/757">Consensys/gnark-crypto#757</a></li> <li>feat: batch subgroup membership testing by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/710">Consensys/gnark-crypto#710</a></li> <li>chore: merge v0.19 hotfix branch by <a href="https://github.com/ivokub"><code>@ivokub</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/766">Consensys/gnark-crypto#766</a></li> <li>release: v0.19 hotfix branch by <a href="https://github.com/ivokub"><code>@ivokub</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/765">Consensys/gnark-crypto#765</a></li> <li>chore: use self hosted runners by <a href="https://github.com/waskow-consensys"><code>@waskow-consensys</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/763">Consensys/gnark-crypto#763</a></li> <li>Feat: Add P-256 (secp256r1) elliptic curve + ECDSA by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/767">Consensys/gnark-crypto#767</a></li> <li>Feat/sig bounds by <a href="https://github.com/ThomasPiellard"><code>@ThomasPiellard</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/725">Consensys/gnark-crypto#725</a></li> <li>build(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 in the go_modules group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/770">Consensys/gnark-crypto#770</a></li> <li>Fix: Affine twisted Edwards scalar multiplication edge case by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/774">Consensys/gnark-crypto#774</a></li> <li>ci: enable security code scanner by <a href="https://github.com/witmicko"><code>@witmicko</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/771">Consensys/gnark-crypto#771</a></li> <li>perf(bw6): faster direct Fp6 mul by <a href="https://github.com/yelhousni"><code>@yelhousni</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/776">Consensys/gnark-crypto#776</a></li> <li>perf: adds poseidon2 "simd" fashion compress function (avx512) by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/777">Consensys/gnark-crypto#777</a></li> <li>feat: Expose <code>NewDefaultPermutation</code> in Poseidon2 packages by <a href="https://github.com/Tabaie"><code>@Tabaie</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/761">Consensys/gnark-crypto#761</a></li> <li>perf: adds some more neon implementations for poseidon2 by <a href="https://github.com/gbotrel"><code>@gbotrel</code></a> in <a href="https://redirect.github.com/Consensys/gnark-crypto/pull/785">Consensys/gnark-crypto#785</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Consensys/gnark-crypto/blob/master/CHANGELOG.md">github.com/consensys/gnark-crypto's changelog</a>.</em></p> <blockquote> <h2>[v0.20.1] - 2026-03-16</h2> <h3>Fix</h3> <ul> <li>correct IFMA vector mul carry propagation (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/816">#816</a>) <!-- raw HTML omitted --><!-- raw HTML omitted --></li> </ul> <h2>[v0.20.0] - 2026-03-11</h2> <h3>Build</h3> <ul> <li><strong>deps:</strong> bump golang.org/x/crypto from 0.41.0 to 0.45.0 in the go_modules group across 1 directory (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/770">#770</a>)</li> </ul> <h3>CI</h3> <ul> <li>enable security code scanner (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/771">#771</a>)</li> <li>Standardize imports (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/760">#760</a>)</li> </ul> <h3>Chore</h3> <ul> <li>golangci-lint update (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/813">#813</a>)</li> <li>rename sage files (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/806">#806</a>)</li> <li>add dependabot configuration for GitHub Actions updates (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/804">#804</a>)</li> <li>reintroduce slack notif (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/802">#802</a>)</li> <li>update ci workflows to go 1.25 (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/801">#801</a>)</li> <li>use self hosted runners (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/763">#763</a>)</li> <li>merge v0.19 hotfix branch (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/766">#766</a>)</li> <li>clarify PublicKey.SetBytes uses compressed public key (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/732">#732</a>)</li> </ul> <h3>Feat</h3> <ul> <li>add bn254 poseidon2 constants and support t=4/8/12/16 (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/783">#783</a>)</li> <li>lattice-based rational reconstructions for gnark scalar decompositions (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/799">#799</a>)</li> <li>Expose <code>NewDefaultPermutation</code> in Poseidon2 packages (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/761">#761</a>)</li> <li>batch subgroup membership testing (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/710">#710</a>)</li> <li>add typed field hasher interface in MiMC package (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/752">#752</a>)</li> <li>add parallel prefix product for vector e4 (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/750">#750</a>)</li> <li>expose vortex.ComputeLagrangeBasisAtX</li> <li>vector e4 utils ops (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/749">#749</a>)</li> <li>add vector.Exp method</li> <li>adds e4 vector Exp method (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/739">#739</a>)</li> <li>make bitReverse generic (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/736">#736</a>)</li> <li>handle len(p)=0 in kzg (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/730">#730</a>)</li> <li>Add P-256 (secp256r1) elliptic curve + ECDSA (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/767">#767</a>)</li> <li>add column linear combination check (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/731">#731</a>)</li> <li>Jacobian Triple for <code>j=0</code> curves (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/715">#715</a>)</li> </ul> <h3>FiatShamir</h3> <ul> <li>creation of new challenges with New() (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/811">#811</a>)</li> </ul> <h3>Fix</h3> <ul> <li>Affine twisted Edwards scalar multiplication edge case (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/774">#774</a>)</li> <li>fix cursor bot comments (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/803">#803</a>)</li> <li>E2 MustSetRandom all elements (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/793">#793</a>)</li> <li>remove duplicate import (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/762">#762</a>)</li> <li>use G2Affine in UpdateMonomialsG2 template (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/735">#735</a>)</li> <li>make <a href="https://redirect.github.com/Consensys/gnark-crypto/issues/740">#740</a> retro compatible BitReverse generic impl</li> <li>reintroduce BitReverse in fft package as deprecated for backward… (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/740">#740</a>)</li> <li><a href="https://redirect.github.com/Consensys/gnark-crypto/issues/727">#727</a> with go generate and cosmetics (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/734">#734</a>)</li> </ul> <h3>Perf</h3> <ul> <li>direct quartic extension for koala and baby bears (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/779">#779</a>)</li> <li>optimize (purego) extension for koalabear (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/729">#729</a>)</li> <li>optimize pre-computation in fixed-argument pairings by batching double steps (<a href="https://redirect.github.com/Consensys/gnark-crypto/issues/798">#798</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Consensys/gnark-crypto/commit/49879afc0859220afd5165bc6cafc1ee0a6e987a"><code>49879af</code></a> release: v0.20.1 (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/818">#818</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/d932506964d24d8512c86e6575dd1ceb4a803088"><code>d932506</code></a> deps(actions)(deps): bump actions/setup-go from 6.2.0 to 6.3.0 in the core-ac...</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/be4aeba09a46ac45a12be6ee76f4d9a2aaf9bd99"><code>be4aeba</code></a> fix: correct IFMA vector mul carry propagation (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/816">#816</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/a66323f3230119f2582e5ce9bcbfecf21e35286a"><code>a66323f</code></a> release: v0.20.0 (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/815">#815</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/61835805fe3fee260c9ec2ccf0a52926e5e2c58b"><code>6183580</code></a> chore: golangci-lint update (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/813">#813</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/448730f52fa6cdd5bb59ebcc21c8897996fd269c"><code>448730f</code></a> FiatShamir: creation of new challenges with New() (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/811">#811</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/a1e02e552854386b14ab0136e30e7eb77b91e17f"><code>a1e02e5</code></a> FFT Vectorization Optimization for F31 Fields (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/812">#812</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/be8fef1fff85d78b3fee54f842daa7965ab45490"><code>be8fef1</code></a> chore: rename sage files (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/806">#806</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/aa334fcde5bda0a41687912ce83c5b917406c2cb"><code>aa334fc</code></a> Add Python language configuration to security scanner (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/808">#808</a>)</li> <li><a href="https://github.com/Consensys/gnark-crypto/commit/a3a3ae54638a1201fa818d7d722ee57b1e1631f2"><code>a3a3ae5</code></a> feat: add bn254 poseidon2 constants and support t=4/8/12/16 (<a href="https://redirect.github.com/consensys/gnark-crypto/issues/783">#783</a>)</li> <li>Additional commits viewable in <a href="https://github.com/consensys/gnark-crypto/compare/v0.14.0...v0.20.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/decred/dcrd/dcrec/secp256k1/v4` from 4.4.0 to 4.4.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/decred/dcrd/commit/76c0dc4f362b89331ff3bd46a3527f904181b8e0"><code>76c0dc4</code></a> secp256k1: Deprecate elliptic.Curve impl methods.</li> <li><a href="https://github.com/decred/dcrd/commit/9cfcb7e9172902b7e8042ee72cc1b76cb617ce77"><code>9cfcb7e</code></a> secp256k1: Reduce compat shim inputs mod prime.</li> <li><a href="https://github.com/decred/dcrd/commit/01869377bc3b3a2d1ab992dcb57c7726c162a72b"><code>0186937</code></a> secp256k1: Add compat shim unreduced input tests.</li> <li><a href="https://github.com/decred/dcrd/commit/3612094297fcdc28e3abccb74704062b569e82f4"><code>3612094</code></a> secp256k1: Add more compat shim curve member tests.</li> <li><a href="https://github.com/decred/dcrd/commit/fa3f7048cc028bcbc50cae1d7d04b2f09eac3deb"><code>fa3f704</code></a> docs: Update README.md to required Go 1.25/1.26.</li> <li><a href="https://github.com/decred/dcrd/commit/f3224a64001f568b4014ca92bc4434323a0400ea"><code>f3224a6</code></a> build: Test against Go 1.26.</li> <li><a href="https://github.com/decred/dcrd/commit/cc82c1084a68ae64891ba78f9fdf7a9ef978a037"><code>cc82c10</code></a> build: Update golangci-lint to v2.9.0.</li> <li><a href="https://github.com/decred/dcrd/commit/7c01e5740a81e84a4b2d509af7934e267d1c8f7c"><code>7c01e57</code></a> build: Update to latest action versions.</li> <li><a href="https://github.com/decred/dcrd/commit/951614378eac96ebb7fb3fce97a9221c2f4f20a6"><code>9516143</code></a> mixing: Increment PRNG seed nonce for each test</li> <li><a href="https://github.com/decred/dcrd/commit/8aa2ac07222e4ce8698f318984cd1c0a5b1025af"><code>8aa2ac0</code></a> docker: Update image to golang:1.26.0-alpine3.23.</li> <li>Additional commits viewable in <a href="https://github.com/decred/dcrd/compare/dcrec/secp256k1/v4.4.0...dcrec/secp256k1/v4.4.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/erigontech/mdbx-go` from 0.40.0 to 0.40.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/erigontech/mdbx-go/commit/b49c1df725a946d9d15c441e639585642b7005a7"><code>b49c1df</code></a> new 0.14.2 mdbx release</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/08b12a1fb60bcbe5332ff26e8616d5b047db41bd"><code>08b12a1</code></a> mdbx: expose ExactKeyValue/Pair navigation flags + merge last master (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/217">#217</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/9c70e981b27f653552ed5499bdbfe5286c7f1057"><code>9c70e98</code></a> Readers metrics and last master of libmdbx (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/216">#216</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/23ee811a77124b72a86261c05bb3c8d081782233"><code>23ee811</code></a> added readers metrics & helpers (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/215">#215</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/12d0f973a379b3356ea4b160a253599cd4d5ad1d"><code>12d0f97</code></a> added gc metrics field (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/214">#214</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/fc66e76c31b8f192890a43e0a3f228e4fd92d968"><code>fc66e76</code></a> added bindings for range del (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/201">#201</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/bd0ba123cbd07a519ce25b6ccabea4c6ffb5bada"><code>bd0ba12</code></a> mdbx latest master (unreleased 0.14.x) (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/213">#213</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/42d451d368e9afa6b3e76c6f8613c1bbc6ef75dd"><code>42d451d</code></a> ci: bump GitHub Actions and golangci-lint versions (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/212">#212</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/e2ff376eb3bcf647e42a1ccc54b6b8caa4d7f5f7"><code>e2ff376</code></a> Cherry-pick PRs <a href="https://redirect.github.com/erigontech/mdbx-go/issues/208">#208</a>, <a href="https://redirect.github.com/erigontech/mdbx-go/issues/209">#209</a>, <a href="https://redirect.github.com/erigontech/mdbx-go/issues/210">#210</a> from release/0.39 to master (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/211">#211</a>)</li> <li><a href="https://github.com/erigontech/mdbx-go/commit/d4802a0d23471a6f46b0f0301d598bf452520af9"><code>d4802a0</code></a> mdbx: add Cursor.PutCurrent for DupSort in-place dup replacement (<a href="https://redirect.github.com/erigontech/mdbx-go/issues/207">#207</a>)</li> <li>Additional commits viewable in <a href="https://github.com/erigontech/mdbx-go/compare/v0.40.0...v0.40.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/rogpeppe/go-internal` from 1.14.1 to 1.15.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rogpeppe/go-internal/releases">github.com/rogpeppe/go-internal's releases</a>.</em></p> <blockquote> <h2>v1.15.0</h2> <h2>What's Changed</h2> <ul> <li>hash: do not salt with Go runtime version by <a href="https://github.com/rogpeppe"><code>@rogpeppe</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/292">rogpeppe/go-internal#292</a></li> <li>testscript: reset verbose on new blocks by <a href="https://github.com/myitcv"><code>@myitcv</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/293">rogpeppe/go-internal#293</a></li> <li>testscript: rewind last block if it was not in error by <a href="https://github.com/myitcv"><code>@myitcv</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/294">rogpeppe/go-internal#294</a></li> <li>testscript: protect against no-op uses of cmp by <a href="https://github.com/mvdan"><code>@mvdan</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/295">rogpeppe/go-internal#295</a></li> <li>goproxytest: add Setup by <a href="https://github.com/rogpeppe"><code>@rogpeppe</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/303">rogpeppe/go-internal#303</a></li> <li>update Go, fix, add <code>/@latest</code> to goproxytest by <a href="https://github.com/mvdan"><code>@mvdan</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/302">rogpeppe/go-internal#302</a></li> <li>internal/vcs: remove SYSTEMROOT workaround for Windows by <a href="https://github.com/mvdan"><code>@mvdan</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/299">rogpeppe/go-internal#299</a></li> <li>goproxytest: add overlay capability by <a href="https://github.com/rogpeppe"><code>@rogpeppe</code></a> in <a href="https://redirect.github.com/rogpeppe/go-internal/pull/304">rogpeppe/go-internal#304</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rogpeppe/go-internal/compare/v1.14.1...v1.15.0">https://github.com/rogpeppe/go-internal/compare/v1.14.1...v1.15.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rogpeppe/go-internal/commit/8b1dcd4611005f03b2e062b8af5ddf7ceb3590d1"><code>8b1dcd4</code></a> goproxytest: make .mod and .info files optional</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/02e5dd4b32865244bb1a4960c4d8db3288df059f"><code>02e5dd4</code></a> goproxytest: add overlay capability (<a href="https://redirect.github.com/rogpeppe/go-internal/issues/304">#304</a>)</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/3030644a6651fc95902ebe27e31581838861b233"><code>3030644</code></a> internal/vcs: remove SYSTEMROOT workaround for Windows</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/a4c00dcc1489c43e018711a4cf19c03fe458bbea"><code>a4c00dc</code></a> goproxytest: handle /<a href="https://github.com/latest"><code>@latest</code></a> endpoint</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/19311e852d49dbf76a37a675c490d55f5286e106"><code>19311e8</code></a> all: go fix ./...</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/74d131225ff109d843ce5a485ba35aa0478d8c4b"><code>74d1312</code></a> test on Go 1.25 and 1.26</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/aa1b1e25579a8bb2dbd991bc179ea2227232096d"><code>aa1b1e2</code></a> goproxytest: add Setup (<a href="https://redirect.github.com/rogpeppe/go-internal/issues/303">#303</a>)</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/5223effb313364ee36b8951aee816228675ebff1"><code>5223eff</code></a> testscript: protect against no-op uses of cmp</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/ee70938f5823866e5bcbee66da908d859a36b913"><code>ee70938</code></a> testscript: rewind last block if it was not in error</li> <li><a href="https://github.com/rogpeppe/go-internal/commit/a4ecbfbbaac506bbcef3691f7d0174ee989dd033"><code>a4ecbfb</code></a> testscript: add a non-failing block to the end of logging tests</li> <li>Additional commits viewable in <a href="https://github.com/rogpeppe/go-internal/compare/v1.14.1...v1.15.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/yuin/goldmark` from 1.7.16 to 1.8.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/yuin/goldmark/releases">github.com/yuin/goldmark's releases</a>.</em></p> <blockquote> <h2>v1.8.2</h2> <p>fix: setext headings positions</p> <h2>v1.8.1</h2> <p>fix: block positions</p> <h2>v1.8.0</h2> <ul> <li>feat: add position information to all nodes <ul> <li>add position information to all nodes, including inline nodes and link reference definition nodes.</li> <li>Now link reference definition nodes are represented as a new node type.</li> <li>Link and image nodes have a new field Reference which is a pointer to the reference link if this link is a reference link. This field is nil for non-reference links.</li> </ul> </li> </ul> <h2>v1.7.17 release</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17">https://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/yuin/goldmark/commit/379bf24a47e6ef07f34d7536aead86d8792ac300"><code>379bf24</code></a> fix: setext headings positions</li> <li><a href="https://github.com/yuin/goldmark/commit/e8f2337fccef96576bce4b811a9dcdaa3bf23405"><code>e8f2337</code></a> fix: block positions</li> <li><a href="https://github.com/yuin/goldmark/commit/dfa1ae1da52047c906b3345ad503ebc84a880734"><code>dfa1ae1</code></a> feat: add position information to all nodes</li> <li><a href="https://github.com/yuin/goldmark/commit/cb46bbc4eca29d55aa9721e04ad207c23ccc44f9"><code>cb46bbc</code></a> fix: prevent XSS by escaping dangerous URLs in links and images</li> <li><a href="https://github.com/yuin/goldmark/commit/d8b123c855fc895a2c8672c530ba9d9f2382d5ef"><code>d8b123c</code></a> refactor: simplify codes</li> <li><a href="https://github.com/yuin/goldmark/commit/db34c99a0722f927d5e414fc9533deb3474bddfb"><code>db34c99</code></a> Merge pull request <a href="https://redirect.github.com/yuin/goldmark/issues/535">#535</a> from Sebbito/master</li> <li><a href="https://github.com/yuin/goldmark/commit/5a2a2bfa203daca9b0d2ba38e4c4d607ccb1090b"><code>5a2a2bf</code></a> Merge pull request <a href="https://redirect.github.com/yuin/goldmark/issues/545">#545</a> from maxatome/fix-table-panic</li> <li><a href="https://github.com/yuin/goldmark/commit/9aca46208ebdae2e37585d93082206adbc9b012c"><code>9aca462</code></a> fix(table): if table cell attribute is a string, a panic occurs</li> <li><a href="https://github.com/yuin/goldmark/commit/ea86b3627a56a39961576ac232955dcc4d7327dd"><code>ea86b36</code></a> Fix doc error in markdown.go</li> <li>See full diff in <a href="https://github.com/yuin/goldmark/compare/v1.7.16...v1.8.2">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel` from 1.41.0 to 1.44.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel's changelog</a>.</em></p> <blockquote> <h2>[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27</h2> <h3>Added</h3> <ul> <li>Add <code>ByteSlice</code> and <code>ByteSliceValue</code> functions for new <code>BYTESLICE</code> attribute type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7948">#7948</a>)</li> <li>Apply attribute value limit to the <code>KindBytes</code> attribute type in <code>go.opentelemetry.io/otel/sdk/log</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li> <li>Apply attribute value limit to the <code>BYTESLICE</code> attribute type in <code>go.opentelemetry.io/otel/sdk/trace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/trace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Add <code>String</code> method for <code>Value</code> type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8142">#8142</a>)</li> <li>Add <code>Slice</code> and <code>SliceValue</code> functions for new <code>SLICE</code> attribute type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8166">#8166</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Apply <code>AttributeValueLengthLimit</code> to <code>attribute.SLICE</code> type attribute values in <code>go.opentelemetry.io/otel/sdk/trace</code>, recursively truncating contained string values. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8217">#8217</a>)</li> <li>Add <code>Error</code> field on <code>Record</code> type in <code>go.opentelemetry.io/otel/log/logtest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8148">#8148</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li> <li>Add <code>Settable</code> to <code>go.opentelemetry.io/otel/metric/x</code> to allow reusing attribute options. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8178">#8178</a>)</li> <li>Add experimental support for splitting metric data across multiple batches in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=<max_size></code> to enable for all periodic readers. See <code>go.opentelemetry.io/otel/sdk/metric/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8071">#8071</a>)</li> <li>Add experimental self-observability metrics in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment variable. See <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8192">#8192</a>)</li> <li>Add experimental self-observability metrics in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment variable. See <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8194">#8194</a>)</li> <li>Add experimental self-observability metrics in <code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>. Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment variable. See <code>go.opentelemetry.io/otel/stdout/stdoutlog/internal/x</code> for feature documentation. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8263">#8263</a>)</li> <li>Add <code>WithDefaultAttributes</code> to <code>go.opentelemetry.io/otel/metric/x</code> to support setting default attributes on instruments. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8135">#8135</a>)</li> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.41.0</code> package. The package contains semantic conventions from the <code>v1.41.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.41.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.40.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8324">#8324</a>)</li> <li>Add Observable variants of instruments to <code>go.opentelemetry.io/otel/semconv/v1.41.0</code> package. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8350">#8350</a>)</li> <li>Generate explicit histogram bucket boundaries from weaver configuration for HTTP and RPC duration instruments in <code>go.opentelemetry.io/otel/semconv/v1.41.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8002">#8002</a>)</li> </ul> <h3>Changed</h3> <ul> <li>⚠️ <strong>Breaking Change:</strong> <code>go.opentelemetry.io/otel/sdk/metric</code> now applies a default cardinality limit of 2000 to comply with the Metrics SDK specification recommendation. New attribute sets are dropped when the cardinality limit is reached. The measurement of these sets are aggregated into a special attribute set containing <code>attribute.Bool("otel.metric.overflow", true)</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b62d92831b2dd142f5a0cc89c828270274196877"><code>b62d928</code></a> Release 1.44.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8376">#8376</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/94132a0a729e94c5aa6e9e1ce7640c0f802dcfea"><code>94132a0</code></a> chore(deps): update golang.org/x/telemetry digest to 5997936 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8379">#8379</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/6fdcf82adfebc3becfb5d357957546d6d7258469"><code>6fdcf82</code></a> feat: add self-observability metrics to otlpmetricgrpc metric exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8192">#8192</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/761bbfc2f4ae002f4a54f8c57c12b8a58135a741"><code>761bbfc</code></a> fix(deps): update golang.org/x (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8377">#8377</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/3a91dc62d3852313bab40ff151bb3e11fae1745e"><code>3a91dc6</code></a> fix(deps): update googleapis to 3dc84a4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8375">#8375</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/f593185679130f56e14bed3c337fa7f8f60756b1"><code>f593185</code></a> exporters/otlp: default max request size to 64 MiB (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8365">#8365</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/f02feacf8652b69c051851cfa2945d2ed5f0d568"><code>f02feac</code></a> Merge commit from fork</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/36c2f1bfd1a6a789dc575f8886399093d7600586"><code>36c2f1b</code></a> semconvkit: add invariant test for histogram-exclusion rule (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8370">#8370</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/d0b6cbdff5346557923fd05bd3f5f34df002aeee"><code>d0b6cbd</code></a> sdk/metric: document unit-sensitivity of DefaultAggregationSelector (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8224">#8224</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9a68034bd45c6f24c481d9f9c87ebbee0a61482f"><code>9a68034</code></a> add self observability for stdout exporter (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8263">#8263</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.41.0...v1.44.0">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.37.0 to 1.44.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc's changelog</a>.</em></p> <blockquote> <h2>[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27</h2> <h3>Added</h3> <ul> <li>Add <code>ByteSlice</code> and <code>ByteSliceValue</code> functions for new <code>BYTESLICE</code> attribute type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7948">#7948</a>)</li> <li>Apply attribute value limit to the <code>KindBytes</code> attribute type in <code>go.opentelemetry.io/otel/sdk/log</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li> <li>Apply attribute value limit to the <code>BYTESLICE</code> attribute type in <code>go.opentelemetry.io/otel/sdk/trace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/trace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Support <code>BYTESLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li> <li>Add <code>String</code> method for <code>Value</code> type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8142">#8142</a>)</li> <li>Add <code>Slice</code> and <code>SliceValue</code> functions for new <code>SLICE</code> attribute type in <code>go.opentelemetry.io/otel/attribute</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8166">#8166</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Support <code>SLICE</code> attributes in <code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li> <li>Apply <code>AttributeValueLengthLimit</code> to <code>attribute.SLICE</code> type attribute values in <code>go.opentelemetry.io/otel/sdk/trace</code>, recursively truncating contained string values. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8217">#8217</a>)</li> <li>Add <code>Error</code> field on <code>Record</code> type in <code>go.opentelemetry.io/otel/log/logtest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8148">#8148</a>)</li> <li>Add <code>WithMaxRequestSize</code> option in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com…
…ds (gnolang#5301) Depends on: gnolang#5247 Only relevant commit is last. --- Allow `_` fields tagged with `amino:"reserved"` to consume a slot in the binary field-number sequence without being encoded or decoded. Genproto emits `reserved N;` for those slots. Use this to remove StaticBlock.Externs (field 10) while keeping Parent at field 11, preserving wire compatibility. This more generally allows us to remove fields in Amino while maintaining backward compatibility. It is still brittle (moving struct fields is not allowed); but at least gives us a first tool to work with. --------- Co-authored-by: ltzMaxwell <ltz.maxwell@gmail.com>
…ctions group (gnolang#5805) Bumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.36.1 to 4.36.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.36.2</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.36.2 - 04 Jun 2026</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>4.36.1 - 02 Jun 2026</h2> <p>No user facing changes.</p> <h2>4.36.0 - 22 May 2026</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>4.35.5 - 15 May 2026</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> <h2>4.35.2 - 15 Apr 2026</h2> <ul> <li>The undocumented TRAP cache cleanup feature that could be enabled using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the <code>trap-caching: false</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li> <li>The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. <a href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li> <li>Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. <a href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li> <li>Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e"><code>8aad20d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3949">#3949</a> from github/update-v4.36.2-dcb947ce1</li> <li><a href="https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a"><code>f521b08</code></a> Add additional changelog notes</li> <li><a href="https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08"><code>8aeff0f</code></a> Update changelog for v4.36.2</li> <li><a href="https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c"><code>dcb947c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3948">#3948</a> from github/update-bundle/codeql-bundle-v2.25.6</li> <li><a href="https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9"><code>c251bce</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c"><code>62953c1</code></a> Update default bundle to codeql-bundle-v2.25.6</li> <li><a href="https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37"><code>423b570</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3946">#3946</a> from github/dependabot/npm_and_yarn/npm-minor-5d507a...</li> <li><a href="https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496"><code>c35d1b1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3947">#3947</a> from github/dependabot/github_actions/dot-github/wor...</li> <li><a href="https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd"><code>cb1a588</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3937">#3937</a> from github/robertbrignull/waitForProcessing_backoff</li> <li><a href="https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206"><code>ba47406</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3943">#3943</a> from github/henrymercer/cache-cli-version-info</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/87557b9c84dde89fdd9b10e88954ac2f4248e463...8aad20d150bbac5944a9f9d289da16a4b0d87c1e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…dates (gnolang#5801) Bumps the npm_and_yarn group with 2 updates in the /gno.land/pkg/gnoweb/frontend directory: [minimatch](https://github.com/isaacs/minimatch) and [glob](https://github.com/isaacs/node-glob). Updates `minimatch` from 10.0.3 to 10.2.5 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/minimatch/blob/main/changelog.md">minimatch's changelog</a>.</em></p> <blockquote> <h1>change log</h1> <h2>10.2</h2> <ul> <li>Add <code>braceExpandMax</code> option</li> </ul> <h2>10.1</h2> <ul> <li>Add <code>magicalBraces</code> option for <code>escape</code></li> <li>Fix <code>makeRe</code> when <code>partial: true</code> is set.</li> <li>Fix <code>makeRe</code> when pattern ends in a final <code>**</code> path part.</li> </ul> <h2>10.0</h2> <ul> <li>Require node 20 or 22 and higher</li> </ul> <h2>9.0</h2> <ul> <li>No default export, only named exports.</li> </ul> <h2>8.0</h2> <ul> <li>Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions</li> <li>Bump required Node.js version</li> </ul> <h2>7.4</h2> <ul> <li>Add <code>escape()</code> method</li> <li>Add <code>unescape()</code> method</li> <li>Add <code>Minimatch.hasMagic()</code> method</li> </ul> <h2>7.3</h2> <ul> <li>Add support for posix character classes in a unicode-aware way.</li> </ul> <h2>7.2</h2> <ul> <li>Add <code>windowsNoMagicRoot</code> option</li> </ul> <h2>7.1</h2> <ul> <li>Add <code>optimizationLevel</code> configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so <em>most</em> things that matched with optimizationLevel 1 or 0 <em>should</em> match with level 2 as well. However, level 1 is the default, out of an abundance of caution.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112"><code>693c823</code></a> 10.2.5</li> <li><a href="https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa"><code>7953af1</code></a> do not allow .. to consume drive letter on Windows</li> <li><a href="https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24"><code>1caf918</code></a> lint and format</li> <li><a href="https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45"><code>7783ed6</code></a> ignore docs</li> <li><a href="https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5"><code>6d9b356</code></a> update deps etc</li> <li><a href="https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d"><code>c36addb</code></a> 10.2.4</li> <li><a href="https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4"><code>26b9002</code></a> docs: add warning about ReDoS</li> <li><a href="https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab"><code>3a0d83b</code></a> fix partial matching of globstar patterns</li> <li><a href="https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35"><code>ea94840</code></a> 10.2.3</li> <li><a href="https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93"><code>0873fba</code></a> update deps</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/minimatch/compare/v10.0.3...v10.2.5">compare view</a></li> </ul> </details> <br /> Updates `glob` from 11.0.3 to 11.1.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-glob/blob/main/changelog.md">glob's changelog</a>.</em></p> <blockquote> <h1>changeglob</h1> <h2>13</h2> <ul> <li>Move the CLI program out to a separate package, <code>glob-bin</code>. Install that if you'd like to continue using glob from the command line.</li> </ul> <h2>12</h2> <ul> <li>Remove the unsafe <code>--shell</code> option. The <code>--shell</code> option is now ONLY supported on known shells where the behavior can be implemented safely.</li> </ul> <h2>11.1</h2> <p><a href="https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2">GHSA-5j98-mcp5-4vw2</a></p> <ul> <li>Add the <code>--shell</code> option for the command line, with a warning that this is unsafe. (It will be removed in v12.)</li> <li>Add the <code>--cmd-arg</code>/<code>-g</code> as a way to <em>safely</em> add positional arguments to the command provided to the CLI tool.</li> <li>Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding <code>shell:true</code> execution.</li> </ul> <h2>11.0</h2> <ul> <li>Drop support for node before v20</li> </ul> <h2>10.4</h2> <ul> <li>Add <code>includeChildMatches: false</code> option</li> <li>Export the <code>Ignore</code> class</li> </ul> <h2>10.3</h2> <ul> <li>Add <code>--default -p</code> flag to provide a default pattern</li> <li>exclude symbolic links to directories when <code>follow</code> and <code>nodir</code> are both set</li> </ul> <h2>10.2</h2> <ul> <li>Add glob cli</li> </ul> <h2>10.1</h2> <ul> <li>Return <code>'.'</code> instead of the empty string <code>''</code> when the current working directory is returned as a match.</li> <li>Add <code>posix: true</code> option to return <code>/</code> delimited paths, even on</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-glob/commit/2551fb51440d402fa2120457bf460e546ee9964d"><code>2551fb5</code></a> 11.1.0</li> <li><a href="https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"><code>47473c0</code></a> bin: Do not expose filenames to shell expansion</li> <li><a href="https://github.com/isaacs/node-glob/commit/bc33fe1c6a47abd497703d79ad96036e7891ff62"><code>bc33fe1</code></a> skip tilde test on systems that lack tilde expansion</li> <li><a href="https://github.com/isaacs/node-glob/commit/59bf9ca211bda5636c4fe9e32d41530c90a4f30d"><code>59bf9ca</code></a> fix notes</li> <li><a href="https://github.com/isaacs/node-glob/commit/dde4fa66c87e24b37bb5be28ed10c6e12019edac"><code>dde4fa6</code></a> docs(README): add #anchor and improve <code>note</code>s</li> <li><a href="https://github.com/isaacs/node-glob/commit/0559b0ed13c0f8147cd2ac9d48bb49684caaf20e"><code>0559b0e</code></a> docs: add better links to path-scurry docs</li> <li><a href="https://github.com/isaacs/node-glob/commit/c9773c249b4b9ed6b2447222c226f9d20c6ce916"><code>c9773c2</code></a> fix: correct typos in <code>README.md</code></li> <li><a href="https://github.com/isaacs/node-glob/commit/13e68eadbc4f0aacd9d6ffbcb4b28a34d5d8512c"><code>13e68ea</code></a> Fix punctuation in traversal function documentation</li> <li><a href="https://github.com/isaacs/node-glob/commit/1527e2b8107e95122ab6e9b6f6312f121693d53d"><code>1527e2b</code></a> fix repo url</li> <li><a href="https://github.com/isaacs/node-glob/commit/7e190e8776a7fa66fba40827de5f9effd1c52f9d"><code>7e190e8</code></a> fix typo <code>maths</code> → <code>paths</code></li> <li>Additional commits viewable in <a href="https://github.com/isaacs/node-glob/compare/v11.0.3...v11.1.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gnolang/gno/network/alerts). </details>
…dates (gnolang#5803) Bumps the go_modules group with 1 update in the /contribs/gnofaucet directory: [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go). Bumps the go_modules group with 2 updates in the /contribs/gnomd directory: [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/image](https://github.com/golang/image). Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.36.0 to 1.43.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp's changelog</a>.</em></p> <blockquote> <h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2> <h3>Added</h3> <ul> <li>Add <code>IsRandom</code> and <code>WithRandom</code> on <code>TraceFlags</code>, and <code>IsRandom</code> on <code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code> for <a href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C Trace Context Level 2 Random Trace ID Flag</a> support. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li> <li>Add service detection with <code>WithService</code> in <code>go.opentelemetry.io/otel/sdk/resource</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li> <li>Add <code>DefaultWithContext</code> and <code>EnvironmentWithContext</code> in <code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing <code>context.Context</code> through default and environment detectors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Add support for per-series start time tracking for cumulative metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li> <li>Add <code>WithCardinalityLimitSelector</code> for metric reader for configuring cardinality limits specific to the instrument kind. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Introduce the <code>EMPTY</code> Type in <code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty value is now a valid value, with <code>INVALID</code> remaining as a deprecated alias of <code>EMPTY</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Improve slice handling in <code>go.opentelemetry.io/otel/attribute</code> to optimize short slice values with fixed-size fast paths. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li> <li>Improve performance of span metric recording in <code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if self-observability is not enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li> <li>Improve formatting of metric data diffs in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecate <code>INVALID</code> in <code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Return spec-compliant <code>TraceIdRatioBased</code> description. This is a breaking behavioral change, but it is necessary to make the implementation <a href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li> <li>Fix a race condition in <code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><code>WithHostID</code> detector in <code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for <code>kenv</code> command on BSD. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li>Fix missing <code>request.GetBody</code> in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to correctly handle HTTP2 GOAWAY frame. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> </ul> <h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2> <h3>Added</h3> <ul> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package. The package contains semantic conventions from the <code>v1.40.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a> Release v1.43.0 / v0.65.0 / v0.19.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a> chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a> chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a> limit response body size for OTLP HTTP exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a> Use an absolute path when calling bsd kenv (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a> fix(deps): update module google.golang.org/grpc to v1.80.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a> fix: support getBody in otelploghttp (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a> fix(deps): update googleapis to 9d38bb4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a> chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a> chore(deps): update fossas/fossa-action action to v1.9.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel/sdk` from 1.36.0 to 1.43.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/sdk's changelog</a>.</em></p> <blockquote> <h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2> <h3>Added</h3> <ul> <li>Add <code>IsRandom</code> and <code>WithRandom</code> on <code>TraceFlags</code>, and <code>IsRandom</code> on <code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code> for <a href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C Trace Context Level 2 Random Trace ID Flag</a> support. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li> <li>Add service detection with <code>WithService</code> in <code>go.opentelemetry.io/otel/sdk/resource</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li> <li>Add <code>DefaultWithContext</code> and <code>EnvironmentWithContext</code> in <code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing <code>context.Context</code> through default and environment detectors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Add support for per-series start time tracking for cumulative metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li> <li>Add <code>WithCardinalityLimitSelector</code> for metric reader for configuring cardinality limits specific to the instrument kind. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Introduce the <code>EMPTY</code> Type in <code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty value is now a valid value, with <code>INVALID</code> remaining as a deprecated alias of <code>EMPTY</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Improve slice handling in <code>go.opentelemetry.io/otel/attribute</code> to optimize short slice values with fixed-size fast paths. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li> <li>Improve performance of span metric recording in <code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if self-observability is not enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li> <li>Improve formatting of metric data diffs in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecate <code>INVALID</code> in <code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Return spec-compliant <code>TraceIdRatioBased</code> description. This is a breaking behavioral change, but it is necessary to make the implementation <a href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li> <li>Fix a race condition in <code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><code>WithHostID</code> detector in <code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for <code>kenv</code> command on BSD. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li>Fix missing <code>request.GetBody</code> in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to correctly handle HTTP2 GOAWAY frame. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> </ul> <h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2> <h3>Added</h3> <ul> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package. The package contains semantic conventions from the <code>v1.40.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a> Release v1.43.0 / v0.65.0 / v0.19.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a> chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a> chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a> limit response body size for OTLP HTTP exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a> Use an absolute path when calling bsd kenv (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a> fix(deps): update module google.golang.org/grpc to v1.80.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a> fix: support getBody in otelploghttp (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a> fix(deps): update googleapis to 9d38bb4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a> chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a> chore(deps): update fossas/fossa-action action to v1.9.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/crypto` from 0.40.0 to 0.49.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/982eaa62dfb7273603b97fc1835561450096f3bd"><code>982eaa6</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/159944f128e9b3fdeb5a5b9b102a961904601a87"><code>159944f</code></a> ssh,acme: clean up tautological/impossible nil conditions</li> <li><a href="https://github.com/golang/crypto/commit/a408498e55412f2ae2a058336f78889fb1ba6115"><code>a408498</code></a> acme: only require prompt if server has terms of service</li> <li><a href="https://github.com/golang/crypto/commit/cab0f718548e8a858701b7b48161f44748532f58"><code>cab0f71</code></a> all: upgrade go directive to at least 1.25.0 [generated]</li> <li><a href="https://github.com/golang/crypto/commit/2f26647a795e74e712b3aebc2655bca60b2686f9"><code>2f26647</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/e08b06753d6a72f1fe375b6e0fefefb39917c165"><code>e08b067</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/7d0074ccc6f17acbf2ebb10db06d492e08f887dc"><code>7d0074c</code></a> scrypt: fix panic on parameters <= 0</li> <li><a href="https://github.com/golang/crypto/commit/506e022208b864bc3c9c4a416fe56be75d10ad24"><code>506e022</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9"><code>7dacc38</code></a> chacha20poly1305: error out in fips140=only mode</li> <li><a href="https://github.com/golang/crypto/commit/19acf81bd7bc7b558d18a550e8e023df2c33e742"><code>19acf81</code></a> go.mod: update golang.org/x dependencies</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.40.0...v0.49.0">compare view</a></li> </ul> </details> <br /> Updates `google.golang.org/grpc` from 1.72.1 to 1.80.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.80.0</h2> <h1>Behavior Changes</h1> <ul> <li>balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see <a href="https://redirect.github.com/grpc/grpc-go/issues/5288">#5288</a> for details. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8837">#8837</a>)</li> <li>xds: update resource error handling and re-resolution logic (<a href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>) <ul> <li>Re-resolve all <code>LOGICAL_DNS</code> clusters simultaneously when re-resolution is requested.</li> <li>Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.</li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: support the LB policy configured in <code>LOGICAL_DNS</code> cluster resources instead of defaulting to <code>pick_first</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8733">#8733</a>)</li> <li>credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8831">#8831</a>)</li> <li>xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8875">#8875</a>)</li> <li>xds: validate that the sum of endpoint weights in a locality does not exceed the maximum <code>uint32</code> value. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8899">#8899</a>) <ul> <li>Special Thanks: <a href="https://github.com/RAVEYUS"><code>@RAVEYUS</code></a></li> </ul> </li> <li>xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where <code>blackout_period</code> was used instead of <code>weight_expiration_period</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8915">#8915</a>) <ul> <li>Special Thanks: <a href="https://github.com/gregbarasch"><code>@gregbarasch</code></a></li> </ul> </li> <li>xds/rbac: handle addresses with ports in IP matchers. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)</li> </ul> <h1>New Features</h1> <ul> <li>ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8922">#8922</a>)</li> </ul> <h1>Performance Improvements</h1> <ul> <li>credentials/alts: pool write buffers to reduce memory allocations and usage. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li> <li>grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the <a href="https://pkg.go.dev/google.golang.org/grpc#WithSharedWriteBuffer">WithSharedWriteBuffer</a> dial option or the <a href="https://pkg.go.dev/google.golang.org/grpc#SharedWriteBuffer">SharedWriteBuffer</a> server option to disable this feature. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a>)</li> <li>xds/priority: stop caching child LB policies removed from the configuration. This will help reduce memory and cpu usage when localities are constantly switching between priorities. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a>)</li> <li>mem: add a faster tiered buffer pool; use the experimental <a href="https://pkg.go.dev/google.golang.org/grpc/mem@master#NewBinaryTieredBufferPool">mem.NewBinaryTieredBufferPool</a> function to create such pools. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8775">#8775</a>)</li> </ul> <h2>Release 1.79.3</h2> <h1>Security</h1> <ul> <li>server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like <code>grpc/authz</code>. Any request with a non-canonical path is now immediately rejected with an <code>Unimplemented</code> error. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li> </ul> <h2>Release 1.79.2</h2> <h1>Bug Fixes</h1> <ul> <li>stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (<a href="https://redirect.github.com/grpc/grpc-go/pull/8874">grpc/grpc-go#8874</a>)</li> </ul> <h2>Release 1.79.1</h2> <h1>Bug Fixes</h1> <ul> <li>grpc: Remove the <code>-dev</code> suffix from the User-Agent header. (<a href="https://redirect.github.com/grpc/grpc-go/pull/8902">grpc/grpc-go#8902</a>)</li> </ul> <h2>Release 1.79.0</h2> <h1>API Changes</h1> <ul> <li>mem: Add experimental API <code>SetDefaultBufferPool</code> to change the default buffer pool. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8806">#8806</a>) <ul> <li>Special Thanks: <a href="https://github.com/vanja-p"><code>@vanja-p</code></a></li> </ul> </li> <li>experimental/stats: Update <code>MetricsRecorder</code> to require embedding the new <code>UnimplementedMetricsRecorder</code> (a no-op struct) in all implementations for forward compatibility. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8780">#8780</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/397e45edaa68f8763773bbaaf539cf7894169cd2"><code>397e45e</code></a> Change version to 1.80.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8948">#8948</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/64ebf0a600005838970e6ba1eb0a9e46e528ed73"><code>64ebf0a</code></a> Cherry-pick <a href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a> to v1.80.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/9027">#9027</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/e45ed241865981b6973cdd0dd69571456d570282"><code>e45ed24</code></a> xds/rbac: add additional handling for addresses with ports (<a href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>) (<a href="https://redirect.github.com/grpc/grpc-go/issues/9022">#9022</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/c78d26e03e129f5cb357b757037fcded2333b74e"><code>c78d26e</code></a> Cherry-pick <a href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a> to v1.80.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/9007">#9007</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/bd7cd3c1abbd27fb751275a58886444d52103482"><code>bd7cd3c</code></a> grpc: enforce strict path checking for incoming requests on the server (<a href="https://redirect.github.com/grpc/grpc-go/issues/8987">#8987</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/b6597b3d328c1ed6b003f9a23b942af7148352ca"><code>b6597b3</code></a> xds/clusterimpl: use xdsConfig for updates and remove redundant fields from L...</li> <li><a href="https://github.com/grpc/grpc-go/commit/1d4fa8a7b772553e82137b059ad4a8f632a1c522"><code>1d4fa8a</code></a> xds: change cdsbalancer to use update from dependency manager (<a href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/8f47d364511c8eb0517b47e1a39f13a1370c6a10"><code>8f47d36</code></a> attributes: Replace internal map with linked list (<a href="https://redirect.github.com/grpc/grpc-go/issues/8933">#8933</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/22e1ee8085952b4bdadf2928c187d665f6daff99"><code>22e1ee8</code></a> xds: add panic recovery in xdsclient resource unmarshalling. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8895">#8895</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/7136e99ee323c26984174eb3cec85c201fef9946"><code>7136e99</code></a> credentials/alts: Pool write buffers (<a href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.72.1...v1.80.0">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.36.0 to 1.43.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp's changelog</a>.</em></p> <blockquote> <h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2> <h3>Added</h3> <ul> <li>Add <code>IsRandom</code> and <code>WithRandom</code> on <code>TraceFlags</code>, and <code>IsRandom</code> on <code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code> for <a href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C Trace Context Level 2 Random Trace ID Flag</a> support. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li> <li>Add service detection with <code>WithService</code> in <code>go.opentelemetry.io/otel/sdk/resource</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li> <li>Add <code>DefaultWithContext</code> and <code>EnvironmentWithContext</code> in <code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing <code>context.Context</code> through default and environment detectors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Add support for per-series start time tracking for cumulative metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li> <li>Add <code>WithCardinalityLimitSelector</code> for metric reader for configuring cardinality limits specific to the instrument kind. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Introduce the <code>EMPTY</code> Type in <code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty value is now a valid value, with <code>INVALID</code> remaining as a deprecated alias of <code>EMPTY</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Improve slice handling in <code>go.opentelemetry.io/otel/attribute</code> to optimize short slice values with fixed-size fast paths. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li> <li>Improve performance of span metric recording in <code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if self-observability is not enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li> <li>Improve formatting of metric data diffs in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecate <code>INVALID</code> in <code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Return spec-compliant <code>TraceIdRatioBased</code> description. This is a breaking behavioral change, but it is necessary to make the implementation <a href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li> <li>Fix a race condition in <code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><code>WithHostID</code> detector in <code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for <code>kenv</code> command on BSD. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li>Fix missing <code>request.GetBody</code> in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to correctly handle HTTP2 GOAWAY frame. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> </ul> <h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2> <h3>Added</h3> <ul> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package. The package contains semantic conventions from the <code>v1.40.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a> Release v1.43.0 / v0.65.0 / v0.19.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a> chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a> chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a> limit response body size for OTLP HTTP exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a> Use an absolute path when calling bsd kenv (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a> fix(deps): update module google.golang.org/grpc to v1.80.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a> fix: support getBody in otelploghttp (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a> fix(deps): update googleapis to 9d38bb4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a> chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a> chore(deps): update fossas/fossa-action action to v1.9.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel/sdk` from 1.36.0 to 1.43.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/sdk's changelog</a>.</em></p> <blockquote> <h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2> <h3>Added</h3> <ul> <li>Add <code>IsRandom</code> and <code>WithRandom</code> on <code>TraceFlags</code>, and <code>IsRandom</code> on <code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code> for <a href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C Trace Context Level 2 Random Trace ID Flag</a> support. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li> <li>Add service detection with <code>WithService</code> in <code>go.opentelemetry.io/otel/sdk/resource</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li> <li>Add <code>DefaultWithContext</code> and <code>EnvironmentWithContext</code> in <code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing <code>context.Context</code> through default and environment detectors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Add support for per-series start time tracking for cumulative metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li> <li>Add <code>WithCardinalityLimitSelector</code> for metric reader for configuring cardinality limits specific to the instrument kind. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Introduce the <code>EMPTY</code> Type in <code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty value is now a valid value, with <code>INVALID</code> remaining as a deprecated alias of <code>EMPTY</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Improve slice handling in <code>go.opentelemetry.io/otel/attribute</code> to optimize short slice values with fixed-size fast paths. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li> <li>Improve performance of span metric recording in <code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if self-observability is not enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li> <li>Improve formatting of metric data diffs in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecate <code>INVALID</code> in <code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Return spec-compliant <code>TraceIdRatioBased</code> description. This is a breaking behavioral change, but it is necessary to make the implementation <a href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li> <li>Fix a race condition in <code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><code>WithHostID</code> detector in <code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for <code>kenv</code> command on BSD. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li>Fix missing <code>request.GetBody</code> in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to correctly handle HTTP2 GOAWAY frame. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> </ul> <h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2> <h3>Added</h3> <ul> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package. The package contains semantic conventions from the <code>v1.40.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a> Release v1.43.0 / v0.65.0 / v0.19.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a> chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a> chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a> limit response body size for OTLP HTTP exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a> Use an absolute path when calling bsd kenv (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a> fix(deps): update module google.golang.org/grpc to v1.80.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a> fix: support getBody in otelploghttp (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a> fix(deps): update googleapis to 9d38bb4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a> chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a> chore(deps): update fossas/fossa-action action to v1.9.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/crypto` from 0.40.0 to 0.49.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/982eaa62dfb7273603b97fc1835561450096f3bd"><code>982eaa6</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/159944f128e9b3fdeb5a5b9b102a961904601a87"><code>159944f</code></a> ssh,acme: clean up tautological/impossible nil conditions</li> <li><a href="https://github.com/golang/crypto/commit/a408498e55412f2ae2a058336f78889fb1ba6115"><code>a408498</code></a> acme: only require prompt if server has terms of service</li> <li><a href="https://github.com/golang/crypto/commit/cab0f718548e8a858701b7b48161f44748532f58"><code>cab0f71</code></a> all: upgrade go directive to at least 1.25.0 [generated]</li> <li><a href="https://github.com/golang/crypto/commit/2f26647a795e74e712b3aebc2655bca60b2686f9"><code>2f26647</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/e08b06753d6a72f1fe375b6e0fefefb39917c165"><code>e08b067</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/7d0074ccc6f17acbf2ebb10db06d492e08f887dc"><code>7d0074c</code></a> scrypt: fix panic on parameters <= 0</li> <li><a href="https://github.com/golang/crypto/commit/506e022208b864bc3c9c4a416fe56be75d10ad24"><code>506e022</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9"><code>7dacc38</code></a> chacha20poly1305: error out in fips140=only mode</li> <li><a href="https://github.com/golang/crypto/commit/19acf81bd7bc7b558d18a550e8e023df2c33e742"><code>19acf81</code></a> go.mod: update golang.org/x dependencies</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.40.0...v0.49.0">compare view</a></li> </ul> </details> <br /> Updates `google.golang.org/grpc` from 1.72.1 to 1.80.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.80.0</h2> <h1>Behavior Changes</h1> <ul> <li>balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see <a href="https://redirect.github.com/grpc/grpc-go/issues/5288">#5288</a> for details. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8837">#8837</a>)</li> <li>xds: update resource error handling and re-resolution logic (<a href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>) <ul> <li>Re-resolve all <code>LOGICAL_DNS</code> clusters simultaneously when re-resolution is requested.</li> <li>Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.</li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: support the LB policy configured in <code>LOGICAL_DNS</code> cluster resources instead of defaulting to <code>pick_first</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8733">#8733</a>)</li> <li>credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8831">#8831</a>)</li> <li>xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8875">#8875</a>)</li> <li>xds: validate that the sum of endpoint weights in a locality does not exceed the maximum <code>uint32</code> value. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8899">#8899</a>) <ul> <li>Special Thanks: <a href="https://github.com/RAVEYUS"><code>@RAVEYUS</code></a></li> </ul> </li> <li>xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where <code>blackout_period</code> was used instead of <code>weight_expiration_period</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8915">#8915</a>) <ul> <li>Special Thanks: <a href="https://github.com/gregbarasch"><code>@gregbarasch</code></a></li> </ul> </li> <li>xds/rbac: handle addresses with ports in IP matchers. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)</li> </ul> <h1>New Features</h1> <ul> <li>ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8922">#8922</a>)</li> </ul> <h1>Performance Improvements</h1> <ul> <li>credentials/alts: pool write buffers to reduce memory allocations and usage. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li> <li>grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the <a href="https://pkg.go.dev/google.golang.org/grpc#WithSharedWriteBuffer">WithSharedWriteBuffer</a> dial option or the <a href="https://pkg.go.dev/google.golang.org/grpc#SharedWriteBuffer">SharedWriteBuffer</a> server option to disable this feature. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a>)</li> <li>xds/priority: stop caching child LB policies removed from the configuration. This will help reduce memory and cpu usage when localities are constantly switching between priorities. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a>)</li> <li>mem: add a faster tiered buffer pool; use the experimental <a href="https://pkg.go.dev/google.golang.org/grpc/mem@master#NewBinaryTieredBufferPool">mem.NewBinaryTieredBufferPool</a> function to create such pools. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8775">#8775</a>)</li> </ul> <h2>Release 1.79.3</h2> <h1>Security</h1> <ul> <li>server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like <code>grpc/authz</code>. Any request with a non-canonical path is now immediately rejected with an <code>Unimplemented</code> error. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li> </ul> <h2>Release 1.79.2</h2> <h1>Bug Fixes</h1> <ul> <li>stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (<a href="https://redirect.github.com/grpc/grpc-go/pull/8874">grpc/grpc-go#8874</a>)</li> </ul> <h2>Release 1.79.1</h2> <h1>Bug Fixes</h1> <ul> <li>grpc: Remove the <code>-dev</code> suffix from the User-Agent header. (<a href="https://redirect.github.com/grpc/grpc-go/pull/8902">grpc/grpc-go#8902</a>)</li> </ul> <h2>Release 1.79.0</h2> <h1>API Changes</h1> <ul> <li>mem: Add experimental API <code>SetDefaultBufferPool</code> to change the default buffer pool. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8806">#8806</a>) <ul> <li>Special Thanks: <a href="https://github.com/vanja-p"><code>@vanja-p</code></a></li> </ul> </li> <li>experimental/stats: Update <code>MetricsRecorder</code> to require embedding the new <code>UnimplementedMetricsRecorder</code> (a no-op struct) in all implementations for forward compatibility. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8780">#8780</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/397e45edaa68f8763773bbaaf539cf7894169cd2"><code>397e45e</code></a> Change version to 1.80.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8948">#8948</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/64ebf0a600005838970e6ba1eb0a9e46e528ed73"><code>64ebf0a</code></a> Cherry-pick <a href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a> to v1.80.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/9027">#9027</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/e45ed241865981b6973cdd0dd69571456d570282"><code>e45ed24</code></a> xds/rbac: add additional handling for addresses with ports (<a href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>) (<a href="https://redirect.github.com/grpc/grpc-go/issues/9022">#9022</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/c78d26e03e129f5cb357b757037fcded2333b74e"><code>c78d26e</code></a> Cherry-pick <a href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a> to v1.80.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/9007">#9007</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/bd7cd3c1abbd27fb751275a58886444d52103482"><code>bd7cd3c</code></a> grpc: enforce strict path checking for incoming requests on the server (<a href="https://redirect.github.com/grpc/grpc-go/issues/8987">#8987</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/b6597b3d328c1ed6b003f9a23b942af7148352ca"><code>b6597b3</code></a> xds/clusterimpl: use xdsConfig for updates and remove redundant fields from L...</li> <li><a href="https://github.com/grpc/grpc-go/commit/1d4fa8a7b772553e82137b059ad4a8f632a1c522"><code>1d4fa8a</code></a> xds: change cdsbalancer to use update from dependency manager (<a href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/8f47d364511c8eb0517b47e1a39f13a1370c6a10"><code>8f47d36</code></a> attributes: Replace internal map with linked list (<a href="https://redirect.github.com/grpc/grpc-go/issues/8933">#8933</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/22e1ee8085952b4bdadf2928c187d665f6daff99"><code>22e1ee8</code></a> xds: add panic recovery in xdsclient resource unmarshalling. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8895">#8895</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/7136e99ee323c26984174eb3cec85c201fef9946"><code>7136e99</code></a> credentials/alts: Pool write buffers (<a href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.72.1...v1.80.0">compare view</a></li> </ul> </details> <br /> Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.36.0 to 1.43.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp's chan…
…nolang#5672) NotAborts was incorrectly delegating to uassert.NotPanics, which catches both same-realm panics and cross-realm aborts. Match the function name and docstring by delegating to uassert.NotAborts, which only catches cross-realm aborts via revive().
…5350) fix gnolang#5347 Display per-realm storage byte diffs in filetest output and in unit test --print-runtime-metrics output. Storage is only shown when there are non-zero diffs (i.e., realm state changed). Example: ``` --- PASS: ./x_filetest.gno (elapsed: 0.00s, gas: 64733, storage: gno.land/r/xx:+5b) ``` --------- Co-authored-by: Morgan <morgan@morganbaz.com>
…tdlib (gnolang#5385) Adds `errors.Unwrap`, `errors.Is`, and `errors.Join` to the Gno stdlib and switches `uassert` to use `errors.Is`. fix gnolang#486 Depends on gnolang#5713: a regression test in `wrap_test.gno` locks in correct `Is` behaviour for uncomparable types, which only holds once gnolang#5713 makes the VM panic on comparing uncomparable types.\
Adds owner and token-existence validation to grc721 `SetTokenMetadata`, mirroring `SetTokenRoyalty`: it now returns `ErrInvalidTokenId` for unknown tokens and `ErrCallerIsNotOwner` when the caller is not the owner, taking the caller as an explicit first arg like the other mutating methods. Depends on gnolang#5385. The test asserts these via `uassert.ErrorIs`, which only checks the error once gnolang#5385 switches `uassert` to `errors.Is`, so this is stacked on that branch: review the final commit, and the diff reduces to the grc721 change once gnolang#5385 merges.
…gnoweb/frontend in the npm_and_yarn group across 1 directory (gnolang#5823)
…e panic (gnolang#5738) ## Summary Indexing an array (or pointer-to-array) past its length raised a native Go `runtime error: index out of range`, which escaped as a host panic and could not be caught by a deferred `recover()` — unlike slice/string OOB (see `recover14`). `ArrayValue.GetPointerAtIndexInt2` now bounds-checks `ii` on both the `Data == nil` and `Data != nil` branches and panics with a Gno `&Exception{...}`. Placed at the value layer because it's the convergence point for every array-access path (direct index, slice-over-array, pointer rebind, convenience helper) — matching where the slice/string/map checks already live. ## Test plan - [x] New filetest `gnovm/tests/files/recover25.gno` - [x] `go test ./gnovm/pkg/gnolang/ -run Files -test.short`
Alternative to gnolang#5543 Fix action item `post-deploy success message with realm URL`: gnolang#5460 **Note:** This only print the PKGPATH of the deployed package, not the exact Gnoweb URL. Doing so require updating the dependence of a low level production tool for a developer feature. This new feature is especially useful when doing air-gap transaction. References: gnolang#5584 (comment), gnolang#5543 (review) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## Problem `make(map[K]V, n)` routed the size hint through `Allocator.NewMap` → `AllocateMap`, which charged `allocMap + allocMapItem*n` up front. Two problems: - **Double-charged gas.** The per-item cost (`allocMapItem`) is *also* charged on every actual insertion via `AllocateMapItem`. A hinted map that gets filled pays `allocMap + 2*allocMapItem*n` — the up-front charge is for `MapListItem`s that don't exist yet and get charged again when inserted. - **Overflow panic.** A hint large enough that `allocMap + allocMapItem*n` overflows int64 panicked with the internal `"addition overflow"` / `"multiplication overflow"` instead of behaving gracefully. The hint is also never persisted: on state recovery the map is rebuilt from its actual item count (`realm.go`: `make(map[MapKey]*MapListItem, cv.List.Size)`), so any preallocation benefit is ephemeral anyway. ## Fix Ignore the size hint entirely. The map is created empty and grows on insertion, with each item charged once (via `AllocateMapItem`). This drops the `items` / `size` / `c` parameters from `AllocateMap` / `NewMap` / `MakeMap` and stops the `make(map, …)` builtin from reading the hint. Doing it end-to-end removes the double-charge, the overflow, and a third hazard in one stroke: had we only zeroed the gas charge but kept passing the hint to Go's `make`, a large hint (e.g. `make(map, 10e9)`) would trigger a Go-level bucket preallocation of hundreds of GB with no gas charged. Alternative to gnolang#5770, which clamped only the int64-overflow corner while leaving the double-charge and the per-hint accounting in place. ### Note on Go semantics This deliberately **diverges** from Go. Go's `makemap` *honors* the hint by preallocating buckets for any in-range hint (it only forces a 0 hint when the hint is negative or large enough to overflow its size math). GnoVM forgoes that optimization because the hint isn't persisted and can't be charged for cheaply. The only behavior that matches Go is the edge contract: a bad map hint never panics (unlike `make([]T, n)`). ## Gas impact `make(map, n)` with `n > 0` now costs less gas (header up front, items on insertion). Maps with no hint or hint `0` — including all map literals, the overwhelmingly common case — are unaffected (old charge was `allocMap + allocMapItem*0 = allocMap`, identical to the new charge). The change only ever lowers map cost, so no transaction that previously fit its gas will now exceed it. ## Changes Core: - `alloc.go` — `AllocateMap()` charges only the map header; `NewMap(t Type)` drops the `size` param. - `values.go` — `MakeMap()` no longer takes a capacity hint. - `uverse.go` — `make(map, …)` builtin merges `case 0` / `case 1` and ignores the hint (its expression is still evaluated upstream, so no side effects are lost). - `op_expressions.go` — map-literal construction updated to the new `NewMap` signature. Tests: - `alloc_test.go` — new `TestNewMapChargesHeaderOnly` pins the header-only charge plus the per-item insertion charge. - `gnovm/tests/files/make19.gno` — new filetest: negative and MaxInt hints don't panic and the map stays usable. - `bench_ops_test.go`, `bench_gc_test.go` — benchmark `MakeMap` call sites updated to the new signature. ## Verification - `go test ./gno.land/pkg/sdk/vm/ -run Gas` — pass (no gas golden updates needed) - `go test ./gno.land/pkg/integration/ -run TestTestdata` — pass - `go test ./gnovm/pkg/gnolang/ -run Files -short` — map filetests pass
…lang#5723) Co-authored-by: Morgan <morgan@morganbaz.com>
…me (gnolang#5829) follow up gnolang#5723. - Oversized fixed-size arrays (`[N]T`, `[N]T{...}`, `[...]T{idx: v}`) only failed at runtime as a recoverable allocation panic; now rejected at preprocess time like Go (`larger than address space`), via a shared `checkArrayLenFits` mirroring the allocator overflow threshold (go/types misses it — it is a gc-backend check). - `[...]T` ellipsis keys: a `MaxInt64` key (length `k+1` overflows int64) is rejected as an out-of-bounds index matching Go; larger keys (`bigint overflows target kind`) and negative keys are already caught upstream at key conversion. - The byte-vs-`TypedValue` per-element size now comes from a shared `arrayItemAllocSize` in `alloc.go`, co-located with the allocator dispatch it mirrors so the preprocess check cannot drift. - Tests: filetests make20–25 (each array form plus the key-boundary regimes) and a `TestCheckArrayLenFits` unit test; verified with `Files -test.short`, Gas, and integration testdata suites. --------- Co-authored-by: Morgan <morgan@morganbaz.com>
…g#5438) The greatest gas cost in gno.land is disk IO, and the iavl tree in particular. The B+32 tree is a drop-in replacement for the IAVL tree with comparatively short Merkle proofs with drastically less disk reads/writes. ------ Implements tm2/pkg/bptree, a versioned persistent B+ tree with branching factor 32, as a complete alternative to tm2/pkg/iavl for blockchain state storage. Includes a tm2/pkg/store/bptree CommitStore wrapper that satisfies the same interfaces as the IAVL store. The core motivation: IAVL's binary tree has ~28 levels for 100M items, meaning 28 disk reads per GET and 28 COW'd node writes per SET. The B+32 tree has ~6 levels for the same data — ~4x fewer disk operations per mutation. Key design choices - B=32 branching factor — 6 levels for 100M items, all inner nodes fit in a 43MB cache - Out-of-line values — leaves store key + SHA256(value), values stored separately by content hash - Mini merkle per node — binary merkle over 32 slots with RFC 6962 domain separation (0x00/0x01/0x02), maps cleanly to ICS23 InnerOp chain - Sentinel short-circuit — empty subtrees at all depths hash to the same sentinel, enabling ICS23 EmptyChild for non-membership proofs - No leaf sibling pointers — stack-based iteration avoids COW cascade on splits - 90/10 split for sequential keys (leaves stay ~97% full vs 50% with naive splits) - Lazy node loading — LoadVersion loads only the root; children loaded on demand via sync.Mutex-guarded getChild - Dual-tree-walk pruning — no orphan index; compares child hash sets between adjacent versions Disk I/O comparison (100M items, 10K node cache) ┌───────────────┬──────┬──────┬───────────┐ │ Operation │ B+32 │ IAVL │ IAVL+fast │ ├───────────────┼──────┼──────┼───────────┤ │ GET reads │ 3 │ 15 │ 1 │ ├───────────────┼──────┼──────┼───────────┤ │ SET reads │ 2 │ 15 │ 15 │ ├───────────────┼──────┼──────┼───────────┤ │ SET writes │ 7 │ 28 │ 29 │ ├───────────────┼──────┼──────┼───────────┤ │ SET total ops │ 9 │ 43 │ 44 │ └───────────────┴──────┴──────┴───────────┘ Full analysis in PERFORMANCE.md covering cold/warm cache, batched workloads, and bytes-per-SET tradeoffs. Files - tm2/pkg/bptree/ — 25 source files, 318 tests - tm2/pkg/store/bptree/ — CommitStore wrapper with Query, Iterator, proof integration - tm2/pkg/store/rootmulti/proof.go — registers BptreeCommitmentOpDecoder alongside IAVL Test plan - go test ./tm2/pkg/bptree/ ./tm2/pkg/store/bptree/ -race — 318 tests, zero races - Verify IAVL tests still pass: go test ./tm2/pkg/iavl/ - Verify store tests still pass: go test ./tm2/pkg/store/... - Review PLAN.md for resolved design questions - Review PERFORMANCE.md for methodology and assumptions --------- Co-authored-by: ltzMaxwell <ltz.maxwell@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: clockwork <alex@clockwork.gr> Co-authored-by: Lee ByeongJun <lbj199874@gmail.com>
…olang#5767) ## Summary Revert the chain-side validator-set trust-level and cooldown limits introduced by gnolang#4834. - remove the trust-level overlap check from `r/sys/validators/v3` proposal execution - remove the 24-hour cooldown checks and their governance setters - remove the dedicated limit tests and cooldown-disable setup from integration scenarios - preserve later validator safeguards such as operator deduplication, KeepRunning enforcement, signing-key re-resolution, and empty-set rejection - add a regression test proving that a full validator-set replacement is allowed ## Why The previous implementation applied a Tendermint light-client trust-level rule at the chain governance layer. That rule belongs to light-client verification for non-adjacent headers. For adjacent headers, CometBFT verifies the committed next-validator hash without applying the overlap threshold. If a skipped update cannot be verified directly, a relayer can submit intermediate headers until verification reaches adjacent heights. The 24-hour cooldown is also not required by the IBC or CometBFT specifications. In particular, it would prevent future AtomOne Interchain Security (ICS) provider-validator-set mirroring from applying updates to gno.land when AtomOne changes its validator set without a matching cooldown constraint. This is separate from IBC light-client verification. The rationale is documented in `gno.land/adr/pr5767_revert_valset_trust_level_cooldown.md`. ## Validation - `go run ./gnovm/cmd/gno fmt -w examples/gno.land/r/sys/validators/v3/proposal.gno examples/gno.land/r/sys/validators/v3/proposal_test.gno` - `go run ./gnovm/cmd/gno test -C examples/gno.land/r/sys/validators/v3 . -v` - `go test ./gno.land/pkg/integration -run 'TestTestdata/(params_valset_proposal_e2e|params_valset_proposal_power_update|params_valset_proposal_remove|params_valset_keeprunning_optout_bypass)$' -count=1 -v` - `bash -n misc/val-scenarios/scenarios/18_govdao_v3_add_remove_validator.sh` - `git show --check --stat --oneline HEAD` ## AI-assisted contribution This PR was prepared with an AI coding agent. The responsible human owner is @omarsy. Co-authored-by: Thomas <thomas.bruyelle@tendermint.com>
Following account session support in gnokey, this PR adds support in gnoclient. * Add `QuerySessionAccount` (similar to `QueryAccount`) * Add `CreateSession`, `RevokeSession` and `RevokeAllSessions` * In the `Signer` interface, add `GetMaster()`. If provided, use it to query the session account for account and sequence numbers, and to set `SessionAddr` in the signature * The `Sign` method of the `Signer` interface finds the signature to update by scanning the list from `tx.GetSigners()` . Update it to search for the master address if provided. This works because we only expect one signature associated with the master address due to the limitations described in issue gnolang#5731 and demonstrated in PR gnolang#5793 * We set the signature `SessionAddr` in `SignTx`, not lower down in the `Sign` method. We do this because gnokey [sets the `SessionAddr`](https://github.com/gnolang/gno/blob/16b40ab598b6f43d55d7ea0b25b7386b9f1625b1/tm2/pkg/crypto/keys/client/maketx.go#L260-L262) in `SignAndBroadcastHandler` (not lower down in `generateSignature`). Also, this approach keeps the `Sign` method simpler in each of the implementations of this interface. --------- Signed-off-by: Jeff Thompson <jeff@thefirst.org> Co-authored-by: moul <94029+moul@users.noreply.github.com>
- marking assisted work as agent activity dilutes the owner's responsibility onto the tool and undersells the review that happened - the marker is for unattended activity; on reviewed work it's just noise
…ent + listener endpoints (gnolang#5717) Co-authored-by: jaekwon <jae@tendermint.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Antoine Eddi <5222525+aeddi@users.noreply.github.com> Co-authored-by: Thomas Bruyelle <thomas.bruyelle@tendermint.com>
This adds a test for the problem in issue gnolang#5731 . Please see the detailed description of each test function. `TestTwoSessionSignaturesTwoMasters` passes because it is the nominal case with two session account signatures with different master accounts. But the other tests fail because they show the edge cases which aren't handled. This PR also updates test helper functions to help with creating multiple master and sub accounts: * Factor out new function `setupSessionFromEnv` from `setupSessionEnv` * Factor out new function `NewSessionTestSignature` from `NewSessionTestTx` --------- Signed-off-by: Jeff Thompson <jeff@thefirst.org> Co-authored-by: David <60177543+davd-gzl@users.noreply.github.com> Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
The code base has [Example gno test files](https://github.com/gnolang/gno/blob/b997675dc6cf87584ec12fa020ffb7819859027e/gnovm/stdlibs/encoding/base32/example_test.gno#L15-L21), but the expected `Output` is currently ignored. This PR adds support to check the expected output. * Add file `util_go2gno.go` with `exampleOutput` (adapted from golang/go code) to extract the expected Output comment * We need to collect the expected Output comment from the test function. In `Go2Gno`, when processing a `FuncDecl` and the function name has prefix "Example", call `exampleOutput` and set the new attributes `ATTR_EXAMPLE_OUTPUT` and `ATTR_OUTPUT_UNORDERED` * Since `exampleOutput` needs the file comments, add param `fileComments` to `Go2Gno` which can be nil. (Note that `Go2Gno` recursively calls itself, so need to add this param throughout the function.) * In package `test`, add the helper function `loadExampleTestFuncs`, similar to `loadTestFuncs` * In `testing.gno` add `RunExampleTest` which recovers a panic and prints the stack trace. * In `runTestFiles`, call `loadExampleTestFuncs` in a loop similar to the loop which runs ordinary test functions. Use `opts.outWriter.tee` to capture the output. Run the test with the `RunExampleTest` wrapper. Add file `util_example.go` with `processExampleResult` (adapted from the golang/go code) which prints the error if the Output doesn't match * Now that we check the expected Output in the many Example test files, we need to update `gnovm/stdlibs/math/rand/example_test.gno` to imitate the golang `tabwriter` to get the expected output * Thanks to @davd-gzl, add `example_test_panic_recovery.txtar` * As a limited demonstration, we convert the simple filetests in `gno.land/r/demo/releases_example` and the complex `zsolitaire_test` into example tests. --------- Signed-off-by: Jeff Thompson <jeff@thefirst.org> Co-authored-by: David <60177543+davd-gzl@users.noreply.github.com> Co-authored-by: moul <94029+moul@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: 6h057 <15034695+omarsy@users.noreply.github.com> Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
… consensus pubkey (gnolang#5842) Signed-off-by: D4ryl00 <d4ryl00@gmail.com>
…Testdata leak (gnolang#5839) ## Problem `TestTestdata` boots an in-memory node per txtar script. `NodesManager` — created once for the whole suite — keeps every node in a map, but the per-script teardown only stops nodes; it never removes them (`Delete` runs solely on an explicit `gnoland stop`, which most scripts don't issue). Each retained node pins its ~50 MB GnoVM store/stdlib cache, so live heap grows ~50–60 MB/script, reaching ~12 GiB and OOM-killing high-core/low-RAM runs. ## Fix `Delete` the node from `NodesManager` in the teardown defer, so it and its store become collectable when the script ends. ## Verification Sequential live-heap-after-GC stays flat (~400 MB) instead of climbing to ~1.9 GiB; full suite at `-parallel=16` on a 16-core / ~11 GiB box peaks at 7.26 GiB (vs ~12.3 GiB → OOM before) and passes in 68 s.
Includes a filetest for the GVM-01 append-persist regression. Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
…ads (gnolang#5812) > [!NOTE] > **Part 2 of 6** of the gnovm performance stack (split from gnolang#5800), to be merged in order: > 1. gnolang#5811 — perf(gnovm): parallelize test suites and add gno test -jobs > 2. gnolang#5812 — perf(gnovm): avoid heap-boxed byte access in copy, range and index reads > 3. gnolang#5813 — perf(gnovm): recycle runtime blocks through a per-machine pool > 4. gnolang#5814 — perf(gnovm): share interface-held values when copying arrays (gas-visible) > 5. gnolang#5815 — ci(gnovm): skip print-only coverage instrumentation > 6. gnolang#5816 — perf(gnovm): reduce per-call and per-op allocations > > Each PR is based on the previous one's branch; this one diffs against part 1. Together: `ci / gnovm` ~14m → 6m18s; `pkg/gnolang` test time −64%; VM heap allocations −84% on the heaviest suite. ## Summary Profiling the gnovm test suites (dominated by interpreted Gno) showed ~50% of CPU in Go GC/malloc, with **67% of all heap allocations (694M objects in the bytes stdlib suite alone)** coming from the per-element pointer getter (`ArrayValue.GetElementPointer`, renamed below) materializing a heap `*TypedValue` + boxed `DataByteValue` per byte accessed: - the `copy()` builtin allocated **two boxes per byte copied** (554M objects; the code carried a `TODO: consider an optimization if dstv.Data != nil` that had sat untouched since the builtin's first implementation in 2021); - `for i, c := range byteslice` allocated three objects per iteration (the index TypedValue escaping through `GetPointerAtIndex(&iv)`, plus the view box) that `Deref` immediately discarded; - `b[i]` reads in `doOpIndex1` did the same box-then-Deref dance. This adds `TypedValue.GetByteAtIndexInt` — a read-only fast path mirroring `GetPointerAtIndex`'s bounds checks and panics for strings and Data-backed arrays/slices — used by `doOpIndex1` and the range loop, and gives `copy()` direct byte copies when both sides are Data-backed (or the source is a string). **Recover semantics preserved**: the fast path raises the same recoverable Gno `*Exception` on out-of-range indices that `GetPointerAtIndex` does (strings, arrays and slices), so `recover()` still catches byte out-of-bounds reads instead of seeing an un-recoverable Go-native panic (see gnolang#5738). `copy()`'s direct-byte path keeps the readonly-taint check and the top-level `DidUpdate` (dirty-marking + cross-realm write permissions), matching what `append` does for its in-place byte writes. **Gas is unchanged**: the view boxes were raw Go allocations never charged to the VM allocator, and CPU gas for `copy()` was already charged before the per-element loops. Verified empirically: no existing filetest golden changed (including `Gas:` and MAXALLOC-sensitive alloc tests), plus `gno.land/pkg/sdk/vm` gas tests, the txtar suite, examples, and cmd/gno all pass. ## Naming cleanup The index-accessor family had accreted inconsistent names; renamed for legibility: - `TypedValue.GetValueAtIntIndex` → `GetByteAtIndexInt` (fixes the `AtIntIndex`/`AtIndexInt` word-order flip vs `GetPointerAtIndexInt`, and names its actual byte-only domain) - `ArrayValue`/`SliceValue.GetPointerAtIndexInt2` → `GetElementPointer` (drops the meaningless `2`; signals the container-element layer) ## Tests - `copy5e.gno` — copying into an external-realm, Data-backed `[]byte` exercises the new `copy()` byte fast path and asserts the readonly-taint check still fires. The existing `copy5`/`copy5c` only use `[]int` (the non-byte slow path), so the fast path's cross-realm guard was previously uncovered. ## Measurements | | before | after | |---|---|---| | `TestStdlibs/bytes` solo | 151.5s | **105.2s** (−31%) | | heap objects allocated (bytes suite) | 1.03G | 0.30G (−71%) | | `BenchmarkOpIndex1_ByteArray` | 185.7ns | 130.0ns | | full `pkg/gnolang` long mode, 16 cores | 245.0s | 184.6s | Untouched paths benchmark flat (`OpRangeIter_1000` 30.9µs → 30.2µs, `OpIndex1_MapHit_100` 187.0ns → 187.7ns). Byte *writes* (`b[i] = x`) still box — the pointer protocol spans multiple ops; left as follow-up. --------- Co-authored-by: ltzmaxwell <ltz.maxwell@gmail.com>
fixes gnolang#3704 This PR reworks gas simulation and out-of-gas UX end-to-end, with a clear split of responsibilities: - **Server**: executes tx and reports consistent out-of-gas (OOG) errors. - **Client (`gnokey`)**: chooses simulation gas ceiling and provides guidance to users. ## High-level changes - Moved simulation gas-ceiling behavior to the **client**. - `gnokey` queries consensus max gas and uses it for simulation. - If unavailable, it uses a large fallback ceiling. - Standardized OOG messaging across execution paths. - Errors now explain whether the limit hit was tx gas wanted vs max block gas. - Messages include operation context and simulation guidance when relevant. - Improved simulation feedback. - Adds a `suggested gas-wanted` value (+5% margin). - Preserves fee estimation info in output. - Improved failed-tx output UX in CLI. - Failure path now prints the same useful metrics users see on success. ## User impact - Better gas estimation workflow. - Clearer and more actionable OOG errors. - More predictable behavior between `simulate only` and `simulate skip` (with explicit messaging when they differ due to simulation ceiling behavior). ## Usage ### Before ``` gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=105000 -gas-fee=500ugnot test1 Enter password. TX HASH: INFO: --= Error =-- Data: out of gas error Msg Traces: 0 gno/tm2/pkg/errors/errors.go:103 - deliver transaction failed: log:out of gas, gasWanted: 105000, gasUsed: 110998 location: GetObjectPerByte --= /Error =-- ``` GAS USED is the gas used until the panic during the simulation stage. ### Now ``` gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=105000 -gas-fee=500ugnot test1 Enter password. GAS WANTED: 105000 GAS USED: 1732814 HEIGHT: 0 STORAGE DELTA: 5 bytes STORAGE FEE: 500ugnot TOTAL TX COST: 1000ugnot EVENTS: [{"bytes_delta":5,"fee_delta":{"denom":"ugnot","amount":500},"pkg_path":"gno.land/r/demo/counter"}] INFO: suggested gas-wanted (gas used + 5%): 1819455 TX HASH: --= Error =-- Data: out of gas error Msg Traces: 0 github.com/gnolang/gno/tm2/pkg/errors/errors.go:103 - deliver transaction failed: log:gas used (1732814) exceeds tx's gas wanted (105000) during operation: simulation --= /Error =-- ``` GAS USED is the total gas used of the transaction, now calculate during the simulation stage. ``` gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=105000 -gas-fee=500ugnot -simulate skip test1 Enter password. --= Error =-- Data: out of gas error Msg Traces: 0 github.com/gnolang/gno/tm2/pkg/errors/errors.go:103 - check transaction failed: log:--= Error =-- Data: std.OutOfGasError{abciError:std.abciError{}} Msg Traces: 0 gno/tm2/pkg/std/errors.go:117 - gas used (179810) exceeds tx's gas wanted (105000) during operation: DepthReadFlat; simulate with consensus maximum (10000000000) to get real transaction usage Stack Trace: 0 gno/tm2/pkg/errors/errors.go:93 ... ``` Message updated: GAS USED is the gas used UNTIL the panic (no simulation). ``` gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=100 -gas-fee=500ugnot -simulate skip test1 Enter password. --= Error =-- Data: out of gas error Msg Traces: 0 github.com/gnolang/gno/tm2/pkg/errors/errors.go:103 - check transaction failed: log:--= Error =-- Data: std.OutOfGasError{abciError:std.abciError{}} Msg Traces: 0 gno/tm2/pkg/std/errors.go:117 - gas used (2800) exceeds tx's gas wanted (100) during operation: txSize; simulate with consensus maximum (10000000000) to get real transaction usage Stack Trace: 0 gno/tm2/pkg/errors/errors.go:93 ... ``` Message updated: GAS USED is the gas used UNTIL the panic (before running the tx). --------- Signed-off-by: D4ryl00 <d4ryl00@gmail.com> Signed-off-by: Jeff Thompson <jeff@thefirst.org> Co-authored-by: Morgan <morgan@morganbaz.com> Co-authored-by: Jeff Thompson <jeff@thefirst.org>
accidentally pushed to my fork rather than d4ryl's. This PR simplifies the func signatures for OnTxSuccess and OnTxFailure, as they all require an `io`, unifies the default behaviour into `Default` functions, fixes `execBroadcast` not printing the full tx metrics by default, simplifies the logic for the oog errors, and correctly states in the error message that if the RPC call fails, the user's max-gas will be used. --------- Signed-off-by: D4ryl00 <d4ryl00@gmail.com> Signed-off-by: Jeff Thompson <jeff@thefirst.org> Co-authored-by: D4ryl00 <d4ryl00@gmail.com> Co-authored-by: Jeff Thompson <jeff@thefirst.org>
…nolang#5834) gnoclient PR gnolang#5657 adds `QuerySessionAccount` which returns `std.BaseAccount` . This is because it was originally written to imitate `QueryAccount` just for the purpose of getting the [account number and sequence number](https://github.com/gnolang/gno/blob/8a5426c29eef6919df42dec09b9635bd1f593bbc/gno.land/pkg/gnoclient/client_txs.go#L414-L420) while signing. But there is no reason why `QuerySessionAccount` can't return the [full `GnoSessionAccount `object](https://github.com/gnolang/gno/blob/8a5426c29eef6919df42dec09b9635bd1f593bbc/gno.land/pkg/gnoclient/client_queries.go#L86) which has all the other session information like expire time. This PR updates `QuerySessionAccount` to return `GnoSessionAccount` and updates the test to check the returned fields. (Technically, this is a breaking change to the `QuerySessionAccount` API, but the PR was just merged and no external applications are using it yet.) --------- Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Collaborator
🛠 PR Checks SummaryAll Automated Checks passed. ✅ Manual Checks (for Reviewers):
Read More🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers. ✅ Automated Checks (for Contributors):No automated checks match this pull request. ☑️ Contributor Actions:
☑️ Reviewer Actions:
📚 Resources:Debug
|
13 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is against the playground2 branch of #5421 .