Sourced from golangci/golangci-lint-action's releases.

v3.0.0

What's Changed

• Fix grammar in action.yml by @​abennett in golangci/golangci-lint-action#356
• Add description for permissions settings by @​sg0hsmt in golangci/golangci-lint-action#298
• Remove Setup-Go by @​StevenACoffman in golangci/golangci-lint-action#403
• Update all direct dependencies by @​SVilgelm in golangci/golangci-lint-action#404
• 139 Dependabot updates

New Contributors

• @​abennett made their first contribution in golangci/golangci-lint-action#356
• @​sg0hsmt made their first contribution in golangci/golangci-lint-action#298
• @​StevenACoffman made their first contribution in golangci/golangci-lint-action#403

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v2...v3.0.0

• c675eb7 Update all direct dependencies (#404)
• 423fbaf Remove Setup-Go (#403)
• bcfc6f9 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.25.4 (#402)
• d34ac2a build(deps): bump setup-go from v2.1.4 to v2.2.0 (#401)
• e4b538e build(deps-dev): bump @​types/node from 16.11.10 to 17.0.19 (#400)
• a288c0d build(deps): bump @​actions/cache from 1.0.8 to 1.0.9 (#399)
• b7a34f8 build(deps): bump @​types/tmp from 0.2.2 to 0.2.3 (#398)
• 129bcf9 build(deps-dev): bump @​types/uuid from 8.3.3 to 8.3.4 (#397)
• 153576c build(deps-dev): bump eslint-config-prettier from 8.3.0 to 8.4.0 (#396)
• a9a9dff build(deps): bump ansi-regex from 5.0.0 to 5.0.1 (#395)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.43.0

API Changes

• grpc: stabilize WithConnectParams DialOption (#4915)
  • Special Thanks: @​hypnoglow

Behavior Changes

• status: support wrapped errors in FromContextError (#4977)
  • Special Thanks: @​bestbeforetoday
• config: remove the environment variable to disable retry support (#4922)

New Features

• balancer: new field Authority in BuildOptions for server name to use in the authentication handshake with a remote load balancer (#4969)

Bug Fixes

• xds/resolver: fix possible ClientConn leak upon resolver initialization failure (#4900)
• client: fix nil panic in rare race conditions with the pick first LB policy (#4971)
• xds: improve RPC error messages when xDS connection errors occur (#5032, #5054)
• transport: do not create stream object in the face of illegal stream IDs (#4873)
  • Special Thanks: @​uds5501

Documentation

• client: clarify errors to indicate whether compressed or uncompressed messages exceeded size limits (#4918)
  • Special Thanks: @​uds5501

• 14c1138 Change version to 1.43.0 (#5039)
• ae29ac3 xds/client: send NewStream errors to the watchers (#5032)
• 296afc2 transport: better error message when per-RPC creds fail (#5033)
• e15d978 xds/client: send connection errors to all watchers (#5054)
• 46e883a Backport "xds/c2p: replace C2P resolver env var with experimental scheme suff...
• 3786ae1 xds/resolver: Add support for cluster specifier plugins (#4987)
• 512e894 rls: support extra_keys and constant_keys (#4995)
• f3bbd12 xds/bootstrap_config: add a string function to server config (#5031)
• 46935b9 fix possible nil before casting (#5017)
• c2bccd0 xds/kokoro: install go 1.17, and retry go build (#5015)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.51.0

Behavior Changes

• xds: NACK EDS resources with duplicate addresses in accordance with a recent spec change (#5715)
  • Special Thanks: @​erni27
• grpc: restrict status codes that can be generated by the control plane (gRFC A54) (#5653)

New Features

• client: set grpc-accept-encoding header with all registered compressors (#5541)
  • Special Thanks: @​jronak
• xds/weightedtarget: return a more meaningful error when all child policies are in TRANSIENT_FAILURE (#5711)
• gcp/observability: add "started rpcs" metric (#5768)
• xds: de-experimentalize the google-c2p-resolver (#5707)
• balancer: add experimental Producer types and methods (#5669)
• orca: provide a way for LB policies to receive OOB load reports (#5669)

Bug Fixes

• go.mod: upgrade x/text dependency to address CVE 2022-32149 (#5769)
• client: fix race that could lead to an incorrect connection state if it was closed immediately after the server's HTTP/2 preface was received (#5714)
  • Special Thanks: @​fuweid
• xds: ensure sum of the weights of all EDS localities at the same priority level does not exceed uint32 max (#5703)
  • Special Thanks: @​erni27
• client: fix binary logging bug which logs a server header on a trailers-only response (#5763)
• balancer/priority: fix a bug where unreleased references to removed child policies (and associated state) was causing a memory leak (#5682)
• xds/google-c2p: validate URI schema for no authorities (#5756)

• eeb9afa Change version to 1.51.0 (#5782)
• 72812fe gcp/observability: filter logging from cloud ops endpoints calls (#5765)
• 0ae33e6 xdsclient: remove unused test code (#5772)
• 824f449 go.mod: upgrade x/text to v0.4 to address CVE (#5769)
• 7f23df0 xdsclient: switch xdsclient watch deadlock test to e2e style (#5697)
• 32f969e o11y: Added started rpc metric in o11y plugin (#5768)
• b597a8e xdsclient: improve authority watchers test (#5700)
• e41e894 orca: create ORCA producer for LB policies to use to receive OOB load reports...
• 36d14db Fix binary logging bug which logs a server header on a trailers only response...
• fcb8bdf xds/google-c2p: validate url for no authorities (#5756)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from benc-uk/workflow-dispatch's releases.

v1.2.2 - Fix ref regression

Fixes this issue benc-uk/workflow-dispatch#50

v1.2.1 - Minor

Adds

• When triggering disabled workflows the action logs a warning and does not fail

v1.1 - August 2020 Update

• Supports specifying workflow both by ID and by name
• Fix for repos with more than 30 actions, thanks @​eerichmond !

• d3ba672 version bump
• 4c6b4c7 loggin
• 829745d skip disabled workflows
• ae600ac changed mind about the workflow ref
• 228ff68 Removing dual use of workflow from tests
• 64b7a44 Merge branch 'risk-and-safety-list-workflows-paging'
• 4cedbac Merge branch 'list-workflows-paging' into master
• 6b22730 Automated publish: Sun Aug 9 20:58:18 UTC 2020 9c0039460fcd2d790f9143083767c...
• 9c00394 Merge branch 'master' of https://github.com/benc-uk/workflow-dispatch
• 5bdddda Add list workflows paging for monorepos
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b747d7c Bump github.com/stretchr/objx from 0.4.0 to 0.5.0 (#1283)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.50.1

New Features

• gcp/observability: support new configuration defined in public preview user guide

• 4c776ec Cherry-pick observability changes from master to v1.50.x and update version t...
• 6576007 Change version to 1.50.1-dev (#5686)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.50.0

Behavior Changes

• client: use proper "@" semantics for connecting to abstract unix sockets. (#5678)
  • This is technically a bug fix; the result is that the address was including a trailing NULL byte, which it should not have. This may break users creating the socket in Go by prefixing a NULL instead of an "@", though, so calling it out as a behavior change.
  • Special Thanks: @​jachor

New Features

• metadata: add experimental ValueFromIncomingContext to more efficiently retrieve a single value (#5596)
  • Special Thanks: @​horpto
• stats: provide peer information in HandleConn context (#5589)
  • Special Thanks: @​feihu-stripe
• xds: add support for Outlier Detection, enabled by default (#5435, #5673)

Bug Fixes

• client: fix deadlock in transport caused by GOAWAY racing with stream creation (#5652)
  • This should only occur with an HTTP/2 server that does not follow best practices of an advisory GOAWAY (not a grpc-go server).
• xds/xdsclient: fix a bug which was causing routes with cluster_specifier_plugin set to be NACKed when GRPC_EXPERIMENTAL_XDS_RLS_LB was off (#5670)
• xds/xdsclient: NACK cluster resource if config_source_specifier in lrs_server is not self (#5613)
• xds/ringhash: fix a bug which sometimes prevents the LB policy from retrying connection attempts (#5601)
• xds/ringhash: do nothing when asked to exit IDLE instead of falling back on the default channel behavior of connecting to all addresses (#5614)
• xds/rls: fix a bug which was causing the channel to be stuck in IDLE (#5656)
• alts: fix a bug which was setting WaitForReady on handshaker service RPCs, thereby delaying fallback when required (#5620)
• gcp/observability: fix End() to cleanup global state correctly (#5623)

• c1d7d7a Change version to 1.50.0 (#5685)
• 1451c62 internal/transport: optimize grpc-message encoding/decoding (#5654)
• be4b63b test: minor test cleanup (#5679)
• d83070e Changed Outlier Detection Env Var to default true (#5673)
• 54521b2 client: remove trailing null from unix abstract socket address (#5678)
• 36e4810 orca: cleanup old code, and get grpc package to use new code (#5627)
• e8866a8 build: harden GitHub Workflow permissions (#5660)
• 8458251 xdsclient: ignore routes with cluster_specifier_plugin when GRPC_EXPERIMENTAL...
• a238ceb xDS: Outlier Detection Env Var not hardcoded to false (#5664)
• b1d7f56 transport: Fix deadlock in transport caused by GOAWAY race with new stream cr...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.49.0

New Features

• gcp/observability: add support for Environment Variable GRPC_CONFIG_OBSERVABILITY_JSON (#5525)
• gcp/observability: add support for custom tags (#5565)

Behavior Changes

• server: reduce log level from Warning to Info for early connection establishment errors (#5524)
  • Special Thanks: @​jpkrohling

Bug Fixes

• client: fix race in flow control that could lead to unexpected EOF errors (#5494)
• client: fix a race that could cause RPCs to time out instead of failing more quickly with UNAVAILABLE (#5503)
• client & server: fix a panic caused by passing a nil stats handler to grpc.WithStatsHandler or grpc.StatsHandler (#5543)
• transport/server: fix a race that could cause a stray header to be sent (#5513)
• balancer: give precedence to IDLE over TRANSIENT_FAILURE when aggregating connectivity state (#5473)
• xds/xdsclient: request correct resource name when user specifies a new style resource name with empty authority (#5488)
• xds/xdsclient: NACK endpoint resources with zero weight (#5560)
• xds/xdsclient: fix bug that would reset resource version information after ADS stream restart (#5422)
• xds/xdsclient: fix goroutine leaks when load reporting is enabled (#5505)
• xds/ringhash: fix config update processing to recreate ring and picker when min/max ring size changes (#5557)
• xds/ringhash: avoid recreating subChannels when update doesn't change address weight information (#5431)
• xds/priority: fix bug which could cause priority LB to block all traffic after a config update (#5549)
• xds: fix bug when environment variable GRPC_EXPERIMENTAL_ENABLE_OUTLIER_DETECTION is set to true (#5537)

• 1c29e07 Change version to 1.49.0 (#5583)
• 8e5a84e xds/resolver: generate channel ID randomly (#5603)
• 92cee34 gcp/observability: Add logging filters for logging, tracing, and metrics API ...
• c7fe135 O11Y: Added support for custom tags (#5565)
• 7981af4 test/kokoro: add missing image tagging to the xDS interop url map buildscript...
• 6f34b7a xdsclient: NACK endpoint resource if load_balancing_weight is specified and i...
• f9409d3 ringhash: handle config updates properly (#5557)
• 946dde0 xdsclient: NACK endpoint resources with zero weight (#5560)
• b89f49b xdsclient: deflake Test/LDSWatch_PartialValid (#5552)
• 9bc72de grpc: remove mentions of WithBalancerName from comments (#5555)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/protobuf's releases.

v1.28.1

This release contains protoc-gen-go binaries for arm64.

Notable changes since v1.28.0:

• CL/418677: internal/impl: improve MessageInfo.New performance
• CL/411377: proto: short-circuit Equal when inputs are identical
• CL/419714: all: Add prebuild binaries for arm64

• 6875c3d all: release v1.28.1
• 881da6e all: Add prebuild binaries for arm64
• 2a74a0e A+C: delete AUTHORS and CONTRIBUTORS
• de9682a internal/impl: improve MessageInfo.New performance
• b0a9446 all: reformat with go1.19 gofmt
• c1bbc5d all: make integration test work on darwin/arm64
• 5f429f7 proto: fix compilation failure in tests
• fc44d00 proto: use reflect.Ptr for backward compatibility
• 380c339 proto: short-circuit Equal when inputs are identical
• 784c482 all: remove shorthand import aliases
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/spf13/afero's releases.

v1.9.2

What's Changed

• Make mem.File implement fs.ReadDirFile by @​bep in spf13/afero#371

Full Changelog: https://github.com/spf13/afero/compare/v1.9.1...v1.9.2

v1.9.1

What's Changed

• Fix sorting in IOFS.ReadDir by @​bep in spf13/afero#372

Full Changelog: https://github.com/spf13/afero/compare/v1.9.0...v1.9.1

• 2a70f2b Make mem.File implement fs.ReadDirFile
• 0aa65ed Fix sorting in IOFS.ReadDir
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/spf13/afero's releases.

v1.9.0

What's Changed

• Update go.mod to reflect that afero requires go >= 1.15.10 by @​jeffwidman in spf13/afero#346
• Move CI tests to GitHub Action by @​bep in spf13/afero#367
• Misc build/test fixes by @​bep in spf13/afero#368
• Fix staticcheck lint errors by @​bep in spf13/afero#369
• Make IOFS.ReadDir check for fs.ReadDirFile by @​bep in spf13/afero#366

New Contributors

• @​jeffwidman made their first contribution in spf13/afero#346

Full Changelog: https://github.com/spf13/afero/compare/v1.8.2...v1.9.0

• b0a534a Update README.md
• c92ae36 Make IOFS.ReadDir check for fs.ReadDirFile
• 52b6417 Fix staticcheck lint errors
• 939bf3d Fix test failures on Windows
• 9439436 all: Run gofmt -s -w
• 015be45 Move CI tests to GitHub Action
• 100c9a6 Merge pull request #346 from jeffwidman/bump-minimum-go-version
• c45d7c7 Bump minimum go version to 1.16
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)