Sourced from ossf/scorecard-action's releases.

v2.0.6

What's Changed

• Fix - Broken dockerfile by @​naveensrinivasan in ossf/scorecard-action#979

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6

v2.0.5

What's Changed

• Remove trailing space from example by @​jamacku in ossf/scorecard-action#955
• :seedling: Bump actions/cache from 3.0.8 to 3.0.10 by @​dependabot in ossf/scorecard-action#956
• :seedling: Bump github/codeql-action from 2.1.25 to 2.1.26 by @​dependabot in ossf/scorecard-action#957
• :seedling: Bump step-security/harden-runner from 1.4.5 to 1.5.0 by @​dependabot in ossf/scorecard-action#958
• :seedling: Bump debian from 5cf1d98 to b46fc4e by @​dependabot in ossf/scorecard-action#959
• :seedling: Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by @​dependabot in ossf/scorecard-action#962
• :seedling: Upgrade to go 1.19 by @​naveensrinivasan in ossf/scorecard-action#961
• :seedling: Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @​dependabot in ossf/scorecard-action#967
• :seedling: Bump golang from c2a98a5 to b850621 by @​dependabot in ossf/scorecard-action#966
• :seedling: Bump golang from b850621 to 25de7b6 by @​dependabot in ossf/scorecard-action#968
• New release for Scorecard v4.8.0 by @​naveensrinivasan in ossf/scorecard-action#969

New Contributors

• @​jamacku made their first contribution in ossf/scorecard-action#955

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.0.4...v2.0.5

v2.0.4

Fixes #856

What's Changed

• :seedling: Bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 by @​dependabot in ossf/scorecard-action#934
• feat: do not run signing on pull requests by @​laurentsimon in ossf/scorecard-action#935
• :seedling: Bump debian from 11.4-slim to 11.5-slim by @​dependabot in ossf/scorecard-action#936
• :seedling: Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 by @​dependabot in ossf/scorecard-action#938
• :seedling: Bump github/codeql-action from 2.1.22 to 2.1.24 by @​dependabot in ossf/scorecard-action#941
• 🐛 Restore behavior of ignoring scorecard runtime errors by @​spencerschrock in ossf/scorecard-action#948
• :seedling: Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by @​dependabot in ossf/scorecard-action#950
• :seedling: Bump github.com/sigstore/cosign from 1.12.0 to 1.12.1 by @​dependabot in ossf/scorecard-action#947
• :seedling: Bump github/codeql-action from 2.1.24 to 2.1.25 by @​dependabot in ossf/scorecard-action#949
• :seedling: Bump codecov/codecov-action from 3.1.0 to 3.1.1 by @​dependabot in ossf/scorecard-action#942
• Create v2.0.4 patch by @​spencerschrock in ossf/scorecard-action#952

New Contributors

• @​spencerschrock made their first contribution in ossf/scorecard-action#948

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.0.3...v2.0.4

v2.0.3

Patch for fix in #898

... (truncated)

• 99c5375 Fix - Broken dockerfile (#979)
• ff6221f New release for Scorecard v4.8.0 (#969)
• 608d088 :seedling: Bump golang from b850621 to 25de7b6 (#968)
• 5e97403 :seedling: Bump golang from c2a98a5 to b850621 (#966)
• 851b893 :seedling: Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#967)
• c986617 :seedling: Upgrade to go 1.19 (#961)
• c3d8fd9 :seedling: Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 (#962)
• 6075f42 :seedling: Bump debian from 5cf1d98 to b46fc4e (#959)
• f300553 :seedling: Bump step-security/harden-runner from 1.4.5 to 1.5.0 (#958)
• de0b2c5 :seedling: Bump github/codeql-action from 2.1.25 to 2.1.26 (#957)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/cilium/ebpf's releases.

v0.9.3 - Prevent livelocks loading BPF programs while profiling

This is a bugfix release for an endless loop that could occur when running a pprof session while loading a BPF program.

@​danobi published an article with a deep-dive into the problem: https://dxuuu.xyz/bpf-go-pprof.html.

If a thread receives a signal while blocked in BPF_PROG_LOAD, the verifier can cooperatively interrupt itself by checking pending signals for the thread and return -EAGAIN from the syscall to request userspace to retry.

During a Go pprof session, threads are routinely sent a SIGPROF to make them dump profiling information, which can lead to a runaway reaction if the program takes longer to verify than the interrupt frequency. To prevent this, the SIGPROF signal is now masked during BPF_PROG_LOAD.

What's Changed

• CI: test on 5.19 by @​lmb in cilium/ebpf#793
• prep work for BTF marshaling by @​lmb in cilium/ebpf#791
• cmd/bpf2go: test against clang-14 by default by @​lmb in cilium/ebpf#794
• btf: fix IntEncoding by @​lmb in cilium/ebpf#797
• bpf2go: use [16]byte instead of uint128 by @​Benjamin-Yim in cilium/ebpf#799
• Semaphore: remove manual Go installation, expedite 'cache restore' by @​ti-mo in cilium/ebpf#803
• Prevent pprof from causing BPF verifier livelocks by @​ti-mo in cilium/ebpf#805
• bpf2go: add flag for alternative filename stem by @​MarcusWichelmann in cilium/ebpf#770
• README: update to reflect the project's situation in H2 2022 by @​ti-mo in cilium/ebpf#804
• sys: use SIG_BLOCK and SIG_UNBLOCK from x/sys/unix by @​lmb in cilium/ebpf#807

New Contributors

• @​Benjamin-Yim made their first contribution in cilium/ebpf#799
• @​MarcusWichelmann made their first contribution in cilium/ebpf#770

Full Changelog: https://github.com/cilium/ebpf/compare/v0.9.2...v0.9.3

v0.9.2

This release contains an important bugfix for users of Program.Test() and .Benchmark(). A kernel change was made that disallows empty packet buffers, with knock-on effects to BPF_PROG_RUN and, as a result, ebpf-go's detection routine for said feature. Users are strongly encouraged to upgrade. See #788 for more details.

The new features.HaveMapFlag() API was merged in this release, congrats @​paulcacheux!

Likewise, the link.K(ret)probeMulti() API was added by @​mmat11, bringing blazingly-fast bulk kprobe attachments to kernels 5.18 and newer.

Some improvements were made to verifier log handling. The VerifierError.Truncated flag can now reliably be used to determine if a program load should be retried due to the provided buffer size being too small. Use this to retry with incrementally growing log buffers for large or complex programs. The Log* fields in ProgramOptions are now thoroughly documented to this effect.

It also bumps the minimum Go version to 1.18, since 1.19 is now out.

What's Changed

• run-tests: show curl error messages by @​lmb in cilium/ebpf#738
• elf_reader: only read data from PROGBITS sections, ignore NOBITS by @​ti-mo in cilium/ebpf#740
• program: support tracing of kernel modules by @​lmb in cilium/ebpf#737
• CI: Test against kernel 5.18 by @​ti-mo in cilium/ebpf#668
• internal: fix VerifierError output with empty log by @​lmb in cilium/ebpf#743
• elf_reader: Allow strings read-only global data sections by @​dylandreimerink in cilium/ebpf#742
• CI: expose individual test results by @​lmb in cilium/ebpf#748
• Fix arm64 testsuite failures by @​lmb in cilium/ebpf#745
• link: (u|k)probe: don't treat EINVAL as os.ErrNotExist by @​ti-mo in cilium/ebpf#751
• features: remove EPERM wrapping exception, automatically wrap errors by @​ti-mo in cilium/ebpf#749

... (truncated)

• 8fceee5 internal/unix: add some documentation and tidy up stubs
• 7038129 sys: use SIG_BLOCK and SIG_UNBLOCK from x/sys/unix
• d0f3bfb README: update to reflect the project's situation in H2 2022
• 1f78277 bpf2go: add flag for alternative output stem
• e78a613 sys: mask SIGPROF during BPF_PROG_LOAD to prevent livelocks
• c384e23 sys: add (un)maskProfilerSignal to disable SIGPROF
• 0f5eeda sys: implement sigsetAdd
• 9dd7b53 x/sys: bump to 220927 for PthreadSigmask
• fd7d28b features: fix typo in createProgLoadAttr
• 682bccb Semaphore: remove manual Go installation, expedite 'cache restore'
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from ossf/scorecard-action's releases.

v1.0.4

Summary

This release fixes null repository and branch issues: see ossf/scorecard-action#106, ossf/scorecard-action#84 and ossf/scorecard-action#73

What's Changed

• Update codeql-analysis.yml by @​jauderho in ossf/scorecard-action#76
• use GITHUB_REPOSITORY in shell script by @​laurentsimon in ossf/scorecard-action#83
• Bump github/codeql-action from 1.0.30 to 1.0.31 by @​dependabot in ossf/scorecard-action#81
• ✨ Add warning for empty repo token by @​laurentsimon in ossf/scorecard-action#71
• 🐛 Fix default parameter requirement by @​laurentsimon in ossf/scorecard-action#89
• :sparkles: Initial porting the shellscript to go by @​naveensrinivasan in ossf/scorecard-action#87
• :seedling: Golang CI for clean code. by @​naveensrinivasan in ossf/scorecard-action#90
• Bump github/codeql-action from 1.0.31 to 1.0.32 by @​dependabot in ossf/scorecard-action#93
• :seedling: Porting shell script to Go by @​naveensrinivasan in ossf/scorecard-action#94
• 🌱 More tests by @​naveensrinivasan in ossf/scorecard-action#95
• 🐛 Fix null is fork in script by @​laurentsimon in ossf/scorecard-action#98
• :seedling: Porting of shell script to go by @​naveensrinivasan in ossf/scorecard-action#99
• Bump github/codeql-action from 1.0.32 to 1.1.0 by @​dependabot in ossf/scorecard-action#102
• Bump actions/setup-go from 2.1.5 to 2.2.0 by @​dependabot in ossf/scorecard-action#101
• :seedling: Final bits of porting the shell to go by @​naveensrinivasan in ossf/scorecard-action#103
• :seedling: Dependabot for go by @​naveensrinivasan in ossf/scorecard-action#104
• :seedling: Verify clean env in build by @​naveensrinivasan in ossf/scorecard-action#105

New Contributors

• @​dependabot made their first contribution in ossf/scorecard-action#81

Full Changelog: https://github.com/ossf/scorecard-action/compare/v1.0.3...v1.0.4

• c1aec4a :seedling: Verify clean env in build
• 750f598 :seedling: Dependabot for go
• 322c6e0 :seedling: Final bits of porting the shell to go
• 5b4ee38 Bump actions/setup-go from 2.1.5 to 2.2.0
• 0550e75 Bump github/codeql-action from 1.0.32 to 1.1.0
• 9e79f66 :seedling: Porting of shell script to go
• 60701bb ./entrypoints.sh: updated SCORECARD_IS_FORK (#98)
• 869bc60 :seedling: More unit tests for porting to Go
• 57f3e8a :seedling: Porting shell script to Go
• 682b53e :seedling: Porting shell script to Go
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from ossf/scorecard-action's releases.

v1.1.1

What's Changed

Fix for ossf/scorecard-action#323

Full Changelog: https://github.com/ossf/scorecard-action/compare/v1.1.0...v1.1.1

v1.1.0

Main changes

This release lets you run Scorecards without creating a PAT token. If you don't provide a PAT token, Scorecards will use the default GITHUB_TOKEN available in the workflow. Due to limitations of the permissions model and GitHub APIs, be aware of the following limitations:

1. Without a PAT, the Branch-Protection is not supported, so it will be disabled. You will not receive alerts for this check.
2. Scorecards only supports PAT on private repositories. If you want to install Scorecards on a private repository, you still need to use a PAT.

For more information, visit the README.md

New Contributors

• @​rohankh532 made their first contribution in ossf/scorecard-action#112
• @​justaugustus made their first contribution in ossf/scorecard-action#126
• @​jamietanna made their first contribution in ossf/scorecard-action#145
• @​jonasbb made their first contribution in ossf/scorecard-action#129
• @​azeemshaikh38 made their first contribution in ossf/scorecard-action#247

Full Changelog: https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0

v1.0.4

Summary

This release fixes null repository and branch issues: see ossf/scorecard-action#106, ossf/scorecard-action#84 and ossf/scorecard-action#73

What's Changed

• Update codeql-analysis.yml by @​jauderho in ossf/scorecard-action#76
• use GITHUB_REPOSITORY in shell script by @​laurentsimon in ossf/scorecard-action#83
• Bump github/codeql-action from 1.0.30 to 1.0.31 by @​dependabot in ossf/scorecard-action#81
• ✨ Add warning for empty repo token by @​laurentsimon in ossf/scorecard-action#71
• 🐛 Fix default parameter requirement by @​laurentsimon in ossf/scorecard-action#89
• :sparkles: Initial porting the shellscript to go by @​naveensrinivasan in ossf/scorecard-action#87
• :seedling: Golang CI for clean code. by @​naveensrinivasan in ossf/scorecard-action#90
• Bump github/codeql-action from 1.0.31 to 1.0.32 by @​dependabot in ossf/scorecard-action#93
• :seedling: Porting shell script to Go by @​naveensrinivasan in ossf/scorecard-action#94
• 🌱 More tests by @​naveensrinivasan in ossf/scorecard-action#95
• 🐛 Fix null is fork in script by @​laurentsimon in ossf/scorecard-action#98
• :seedling: Porting of shell script to go by @​naveensrinivasan in ossf/scorecard-action#99
• Bump github/codeql-action from 1.0.32 to 1.1.0 by @​dependabot in ossf/scorecard-action#102
• Bump actions/setup-go from 2.1.5 to 2.2.0 by @​dependabot in ossf/scorecard-action#101
• :seedling: Final bits of porting the shell to go by @​naveensrinivasan in ossf/scorecard-action#103
• :seedling: Dependabot for go by @​naveensrinivasan in ossf/scorecard-action#104
• :seedling: Verify clean env in build by @​naveensrinivasan in ossf/scorecard-action#105

New Contributors

• @​dependabot made their first contribution in ossf/scorecard-action#81

... (truncated)

• 3e15ea8 ✨ Bump container hash to use scorecard v4.3.1 (#324)
• 6c071ac :seedling: Bump actions/setup-go from 3.1.0 to 3.2.0
• 51fbe79 :seedling: Bump debian from fbaacd5 to 06a93cb
• d8a25b2 :seedling: Bump github.com/caarlos0/env/v6 from 6.9.2 to 6.9.3
• cd3637b Update README.md (#319)
• 77f5e34 :seedling: .github: Add dependency review action (#165)
• ef34fe9 📖 docs/e2e: Add information about golang-staging branch tests (#170)
• 1aa187d :seedling: Bump github/codeql-action from 2.1.10 to 2.1.11 (#311)
• 049eb0c :seedling: Bump github.com/ossf/scorecard/v4 from 4.2.0 to 4.3.0 (#313)
• 5c8bc69 multi-repo-action: Cleanups (1/n) (#301)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/prometheus/client_golang's releases.

1.12.2 / 2022-05-13

• [CHANGE] Added collectors.WithGoCollections that allows to choose what collection of Go runtime metrics user wants: Equivalent of MemStats structure configured using GoRuntimeMemStatsCollection, new based on dedicated runtime/metrics metrics represented by GoRuntimeMetricsCollection option, or both by specifying GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection flag.
• [CHANGE] :warning: Change in collectors.NewGoCollector metrics: Reverting addition of new ~80 runtime metrics by default. You can enable this back with GoRuntimeMetricsCollection option or GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection for smooth transition.
• [BUGFIX] Fixed the bug that causes generated histogram metric names to end with _total. ⚠️ This changes 3 metric names in the new Go collector that was reverted from default in this release.
  • go_gc_heap_allocs_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes,
  • go_gc_heap_frees_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes
  • go_gc_pauses_seconds_total -> go_gc_pauses_seconds.
• [CHANCE] Removed -Inf buckets from new Go Collector histograms.

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2

1.12.1 / 2022-01-29

• [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
  • Use simpler locking in the Go 1.17 collector #975
• [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
• [ENHANCEMENT] API client: make HTTP reads more efficient #976

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.12.0...v1.12.1

1.12.0 / 2022-01-19

• [CHANGE] example/random: Move flags and metrics into main() #935
• [FEATURE] API client: Support wal replay status api #944
• [FEATURE] Use the runtime/metrics package for the Go collector for 1.17+ #955
• [ENHANCEMENT] API client: Update /api/v1/status/tsdb to include headStats #925
• [SECURITY FIX] promhttp: Check validity of method and code label values #962 (Addressed CVE-2022-21698)

What's Changed

• Address minor issues on the changelog by @​kakkoyun in prometheus/client_golang#879
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#888
• Update status badgets by @​SuperQ in prometheus/client_golang#885
• Updating dependency versions + cleanup by @​sivabalan in prometheus/client_golang#881
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#892
• add ExponentialBucketsRange function by @​sbunce in prometheus/client_golang#899
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#909
• Update cespare/xxhash dependency by @​dtrudg in prometheus/client_golang#913
• example/random: Move flags and metrics into main() by @​beorn7 in prometheus/client_golang#935
• Fix typo by @​gozeloglu in prometheus/client_golang#939
• Add support for go 1.17 by @​mrueg in prometheus/client_golang#950
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#928
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#952
• API: support wal replay status api by @​yeya24 in prometheus/client_golang#944
• Update /api/v1/status/tsdb to include headStats by @​prymitive in prometheus/client_golang#925
• Use the runtime/metrics package for the Go collector for 1.17+ by @​mknyszek in prometheus/client_golang#955
• promhttp: Check validity of method and code label values by @​kakkoyun in prometheus/client_golang#962
• go.*: Update dependencies by @​kakkoyun in prometheus/client_golang#965

New Contributors

• @​sivabalan made their first contribution in prometheus/client_golang#881
• @​sbunce made their first contribution in prometheus/client_golang#899
• @​dtrudg made their first contribution in prometheus/client_golang#913

... (truncated)

Sourced from github.com/prometheus/client_golang's changelog.

1.12.2 / 2022-01-29

• [CHANGE] Added collectors.WithGoCollections that allows to choose what collection of Go runtime metrics user wants: Equivalent of MemStats structure configured using GoRuntimeMemStatsCollection, new based on dedicated runtime/metrics metrics represented by GoRuntimeMetricsCollection option, or both by specifying GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection flag.
• [CHANGE] :warning: Change in collectors.NewGoCollector metrics: Reverting addition of new ~80 runtime metrics by default. You can enable this back with GoRuntimeMetricsCollection option or GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection for smooth transition.
• [BUGFIX] Fixed the bug that causes generated histogram metric names to end with _total. ⚠️ This changes 3 metric names in the new Go collector that was reverted from default in this release.
  • go_gc_heap_allocs_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes,
  • go_gc_heap_frees_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes
  • go_gc_pauses_seconds_total -> go_gc_pauses_seconds.
• [CHANCE] Removed -Inf buckets from new Go Collector histograms.

1.12.1 / 2022-01-29

• [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
  • Use simpler locking in the Go 1.17 collector #975
• [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
• [ENHANCEMENT] API client: make HTTP reads more efficient #976

1.12.0 / 2022-01-19

• [CHANGE] example/random: Move flags and metrics into main() #935
• [FEATURE] API client: Support wal replay status api #944
• [FEATURE] Use the runtime/metrics package for the Go collector for 1.17+ #955
• [ENHANCEMENT] API client: Update /api/v1/status/tsdb to include headStats #925
• [ENHANCEMENT] promhttp: Check validity of method and code label values #962

• e203144 Merge branch 'release-1.12' of github.com:prometheus/client_golang into relea...
• 0e136d1 Cut v1.12.2 (#1052)
• a27b6d7 Fix conflicts
• 5fe1d33 Remove -Inf buckets from go collector histograms (#1049)
• 049d0fe prometheus: Fix convention violating names for generated collector metrics (#...
• 7eb9d11 gocollector: Reverted client_golang v1.12 addition of runtime/metrics metrics...
• d498b3c gocollector: Added options to Go Collector for changing the (#1031)
• 585540a Fix deprecated NewBuildInfoCollector API
• 39cf574 Cut v1.12.1 (#978)
• 9b785b0 Reduce granularity of histogram buckets for Go 1.17 collector (#974)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• a3513ad Update versions in README
• bc75e5c Add working-directory option
• 6bdaa7e Support setting -checks flag
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/checkout's changelog.

Changelog

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

• Update to node 16

v2.3.1

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

• Fallback to the default branch

v2.2.0

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

• Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

v2.0.0

• Do not pass cred on command line
• Add input persist-credentials
• Fallback to REST API to download repo

... (truncated)

• 3ba5ee6 Add in explicit reference to private checkout options (#1050)
• 8856415 Implement branch list using callbacks from exec function (#1045)
• 755da8c 3.2.0 (#1039)
• 26d48e8 Update @​actions/io to 1.1.2 (#1029)
• bf08527 wrap pipeline commands for submoduleForeach in quotes (#964)
• 5c3ccc2 Replace datadog/squid with ubuntu/squid Docker image (#1002)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/checkout's changelog.

Changelog

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

• Update to node 16

v2.3.1

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

• Fallback to the default branch

v2.2.0

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

• Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

v2.0.0

• Do not pass cred on command line
• Add input persist-credentials
• Fallback to REST API to download repo

... (truncated)

• ac59398 Fix comment typos (that got added in #770) (#1057)
• 3ba5ee6 Add in explicit reference to private checkout options (#1050)
• 8856415 Implement branch list using callbacks from exec function (#1045)
• 755da8c 3.2.0 (#1039)
• 26d48e8 Update @​actions/io to 1.1.2 (#1029)
• bf08527 wrap pipeline commands for submoduleForeach in quotes (#964)
• 5c3ccc2 Replace datadog/squid with ubuntu/squid Docker image (#1002)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.1.37 - 14 Dec 2022

• Update default CodeQL bundle version to 2.11.6. #1433

2.1.36 - 08 Dec 2022

• Update default CodeQL bundle version to 2.11.5. #1412
• Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. #1393
• Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify virtualenvs.in-project = true in their poetry.toml. #1419.

2.1.35 - 01 Dec 2022

No user facing changes.

2.1.34 - 25 Nov 2022

• Update default CodeQL bundle version to 2.11.4. #1391
• Fixed a bug where some the init action and the analyze action would have different sets of experimental feature flags enabled. #1384

2.1.33 - 16 Nov 2022

• Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in CodeQL Action version 2.1.27. #1322
• Bump the minimum CodeQL bundle version to 2.6.3. #1358

2.1.32 - 14 Nov 2022

• Update default CodeQL bundle version to 2.11.3. #1348
• Update the ML-powered additional query pack for JavaScript to version 0.4.0. #1351

2.1.31 - 04 Nov 2022

• The rb/weak-cryptographic-algorithm Ruby query has been updated to no longer report uses of hash functions such as MD5 and SHA1 even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the github/codeql repository. #1344

2.1.30 - 02 Nov 2022

• Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as ubuntu-22.04 that uses glibc version 2.34 and later. #1334

2.1.29 - 26 Oct 2022

• Update default CodeQL bundle version to 2.11.2. #1320

2.1.28 - 18 Oct 2022

• Update default CodeQL bundle version to 2.11.1. #1294

... (truncated)

• 959cbb7 Merge pull request #1436 from github/update-v2.1.37-d58039a1
• 10ca836 Update changelog for v2.1.37
• d58039a Merge pull request #1435 from github/orhantoy/add-CODE_SCANNING_REF-tests
• 37a4496 Merge pull request #1433 from github/henrymercer/use-codeql-2.11.6
• b7028af Make sure env is reset between tests
• f629dad Merge branch 'main' into henrymercer/use-codeql-2.11.6
• ccee4c6 Add tests for CODE_SCANNING_REF
• 899bf9c Merge pull request #1432 from github/henrymercer/init-post-telemetry
• dd7c3ef Remove debugging log statements
• b7b875e Reuse existing fields in post-init status report
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/swaggo/swag's releases.

v1.8.9

Changelog

a10fb9a Just optimize code about parsing extensions (#1399) 4ccbeaf chore: increment version (#1423) 8139731 chore: parse escaped double colon (\:) example struct tag (#1402) 2c530ea chore: release candidate (#1403) e3151c1 chore: release candidate (#1404) e50db3e enhancement for enums (#1400) 7c20f30 feat: parse only specific extension tag (#1219) 80d5221 feat: support json tags in embedded structs (#1396) 4519064 feat: use enums in request (#1417) 9a4fa5d fix issue 1414 (#1419) 30684a2 fix parsing bug affected by fmt (#1398) 7867c24 fix: don't error on empty comment line (#1415) dfce6c8 parse self-nested generic struct (#1420) ba5df82 record token.FileSet for every file so that the position of parsing error can be acquired (#1393) 3fe9ca2 revert docker login-action (#1405)

v1.8.9-rc3

Changelog

97634c6 chore: v1.8.9-rc3 7c20f30 feat: parse only specific extension tag (#1219) 4519064 feat: use enums in request (#1417) 9a4fa5d fix issue 1414 (#1419) 7867c24 fix: don't error on empty comment line (#1415) dfce6c8 parse self-nested generic struct (#1420) 3fe9ca2 revert docker login-action (#1405)

v1.8.9-rc2

Changelog

a10fb9a Just optimize code about parsing extensions (#1399) 8139731 chore: parse escaped double colon (\:) example struct tag (#1402) 2c530ea chore: release candidate (#1403) e3151c1 chore: release candidate (#1404) e50db3e enhancement for enums (#1400) 80d5221 feat: support json tags in embedded structs (#1396) 30684a2 fix parsing bug affected by fmt (#1398) ba5df82 record token.FileSet for every file so that the position of parsing error can be acquired (#1393)

v1.8.8

Changelog

07690e9 Add check for nil otherTypeDef (#1372) eaed517 Enhancements: search imports sequencely, till find the type. (#1374) 0da94ff Fix generics with package alias (#1360) 29d3d30 add properties to $ref (#1391)

... (truncated)

• 4ccbeaf chore: increment version (#1423)
• dfce6c8 parse self-nested generic struct (#1420)
• 4519064 feat: use enums in request (#1417)
• 9a4fa5d fix issue 1414 (#1419)
• 7867c24 fix: don't error on empty comment line (#1415)
• 7c20f30 feat: parse only specific extension tag (#1219)
• 3fe9ca2 revert docker login-action (#1405)
• e3151c1 chore: release candidate (#1404)
• 2c530ea chore: release candidate (#1403)
• e50db3e enhancement for enums (#1400)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/setup-go's releases.

Add support for stable and oldstable aliases

In scope of this release we introduce aliases for the go-version input. The stable alias instals the latest stable version of Go. The oldstable alias installs previous latest minor release (the stable is 1.19.x -> the oldstable is 1.18.x).

Stable

steps:
  - uses: actions/[email protected]
  - uses: actions/[email protected]
    with:
      go-version: 'stable'
  - run: go run hello.go

OldStable

steps:
  - uses: actions/[email protected]
  - uses: actions/[email protected]
    with:
      go-version: 'oldstable'
  - run: go run hello.go

Add support for go.work and pass the token input through on GHES

In scope of this release we added support for go.work file to pass it in go-version-file input.

steps:
  - uses: actions/[email protected]
  - uses: actions/[email protected]
    with:
      go-version-file: go.work
  - run: go run hello.go

Besides, we added support to pass the token input through on GHES.

• 6edd440 fix log for stable aliases (#303)
• 38dbe75 Add stable and oldstable aliases (#300)
• 30c39bf Merge pull request #301 from jongwooo/chore/use-cache-in-check-dist
• 8377b69 Use cache in check-dist.yml
• d0a58c1 Merge pull request #294 from JamesMGreene/patch-1
• 3dcd9d6 Update to latest actions/publish-action
• e983b65 Merge pull request #283 from koba1t/add_support_gowork_for_go-version-file
• 27b43e1 Pass the token input through on GHES (#277)
• 7678c83 add support gowork for go-version-file
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/go-chi/chi/v5's releases.

v5.0.8

• middleware.RealIP: few improvements go-chi/chi#665 go-chi/chi#684
• middleware.Vary: fix go-chi/chi#640
• middleware.Recoverer: dont recover http.ErrAbortHandler go-chi/chi#624
• History of changes, see: https://github.com/go-chi/chi/compare/v5.0.7...v5.0.8

Sourced from github.com/go-chi/chi/v5's changelog.

v5.0.8 (2022-12-07)

• History of changes: see https://github.com/go-chi/chi/compare/v5.0.7...v5.0.8

• da69873 v5.0.8
• 0fe6bf1 Use RoutePath in URLFormat middleware (#718)
• 42a41a8 update comment in source
• e5529d9 Update Makefile (#739)
• b6a2c5a go 1.19.x in ci (#743)
• 9db25e5 middleware: fix broken comment on go doc (#735)
• b75b525 test with go 1.18, update action versions (#728)
• 9e71a0d README.md: CloudFlare -> Cloudflare (#725)
• c97bc98 Remove unsed mux test structs (#705)
• 7dbe9a0 recoverer: don't recover http.ErrAbortHandler (#624)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/prometheus/client_golang's releases.

1.14.0 / 2022-11-08

It might look like a small release, but it's quite opposite 😱 There were many non user facing changes and fixes and enormous work from engineers from Grafana to add native histograms in 💪🏾 Enjoy! 😍

What's Changed

• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

New Contributors

• @​hairyhenderson made their first contribution in prometheus/client_golang#1118
• @​rfratto made their first contribution in prometheus/client_golang#1103
• @​donotnoot made their first contribution in prometheus/client_golang#1125
• @​rogerogers made their first contribution in prometheus/client_golang#1130
• @​balintzs made their first contribution in prometheus/client_golang#1148
• @​fstab made their first contribution in prometheus/client_golang#1146
• @​jessicalins made their first contribution in prometheus/client_golang#1152

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.13.1...v1.14.0

1.13.1 / 2022-11-02

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
• [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.13.0...v1.13.1

Sourced from github.com/prometheus/client_golang's changelog.

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
• [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

• 254e546 Merge pull request #1162 from kakkoyun/cut-1.14.0
• c8a3d32 Cut v1.14.0
• 07d3a81 Merge pull request #1161 from prometheus/release-1.13
• 870469e Test and support 1.19 (#1160)
• b785d0c Fix go_collector_latest_test Fail on go1.19 (#1136)
• 4d54769 Fix float64 comparison test failure on archs using FMA (#1133)
• 53e51c4 Merge pull request #1157 from prometheus/cut-1.13.1
• 79ca0eb Added tip from Björn + Grammarly.
• 078f11f Cut 1.13.1 release (+ documenting release process).
• ddd7f0e Fix race condition with Exemplar in Counter (#1146)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)