fix(deps): vuln major upgrades — 23 packages (major: 1 · unstable: 1 · minor: 21) [exp/khaudit]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 23 packages upgraded (MAJOR changes included)

Manifests changed:

• exp/khaudit (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
google.golang.org/grpc	v1.74.2	v1.80.0	minor	Transitive	3 CRITICAL
github.com/DataDog/KubeHound	v0.0.0-00010101000000-000000000000	v1.6.7	major	Direct	-
golang.org/x/sync	v0.18.0	v0.20.0	unstable	Direct	-
github.com/DataDog/appsec-internal-go	v1.9.0	v1.14.0	minor	Transitive	-
github.com/DataDog/datadog-go/v5	v5.6.0	v5.8.3	minor	Transitive	-
github.com/fxamacker/cbor/v2	v2.7.0	v2.9.1	minor	Transitive	-
github.com/go-ole/go-ole	v1.2.6	v1.3.0	minor	Transitive	-
github.com/go-playground/validator/v10	v10.25.0	v10.30.2	minor	Transitive	-
github.com/nicksnyder/go-i18n/v2	v2.4.1	v2.6.1	minor	Transitive	-
github.com/pelletier/go-toml/v2	v2.2.4	v2.3.0	minor	Transitive	-
github.com/philhofer/fwd	v1.1.3-0.20240612014219-fbbf4953d986	v1.2.0	minor	Transitive	-
github.com/spf13/afero	v1.12.0	v1.15.0	minor	Transitive	-
github.com/spf13/cast	v1.7.1	v1.10.0	minor	Transitive	-
github.com/spf13/viper	v1.19.0	v1.21.0	minor	Transitive	-
github.com/tinylib/msgp	v1.2.1	v1.6.4	minor	Transitive	-
go.opentelemetry.io/collector/pdata	v1.11.0	v1.56.0	minor	Transitive	-
go.opentelemetry.io/otel	v1.37.0	v1.43.0	minor	Transitive	-
go.opentelemetry.io/otel/metric	v1.37.0	v1.43.0	minor	Transitive	-
go.opentelemetry.io/otel/trace	v1.37.0	v1.43.0	minor	Transitive	-
gopkg.in/DataDog/dd-trace-go.v1	v1.72.1	v1.74.8	minor	Transitive	-
k8s.io/klog/v2	v2.130.1	v2.140.0	minor	Transitive	-
sigs.k8s.io/structured-merge-diff/v4	v4.4.2	v4.7.0	minor	Transitive	-
sigs.k8s.io/yaml	v1.4.0	v1.6.0	minor	Transitive	-

Packages marked with "-" are updated due to dependency constraints.

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (3 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/grpc	GHSA-p77j-4mvh-x3m3	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.74.2	1.79.3
google.golang.org/grpc	CVE-2026-33186	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.74.2	-
google.golang.org/grpc	GO-2026-4762	CRITICAL	Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc	v1.74.2	1.79.3

⚠️ Dependencies that have Reached EOL (2)

Dependency	Unsafe Version	EOL Date	New Version	Path
github.com/go-ole/go-ole	v1.2.6	-	v1.3.0	exp/khaudit/go.mod
github.com/philhofer/fwd	v1.1.3-0.20240612014219-fbbf4953d986	-	v1.2.0	exp/khaudit/go.mod

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical)

🤖 Generated by DataDog Automated Dependency Management System

[campaigner-prod]

Release Notes

google.golang.org/grpc (v1.74.2 → v1.80.0) — GitHub Release

v1.80.0

Behavior Changes

• balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see balancer: use case-sensitive balancer registries grpc/grpc-go#5288 for details. (balancer: introduce env flag for case-sensitive registry grpc/grpc-go#8837)
• xds: update resource error handling and re-resolution logic (xds: change cdsbalancer to use update from dependency manager grpc/grpc-go#8907)
  • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
  • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

• xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (xds/clusterresolver: implement gRFC A61 changes for LOGICAL_DNS clusters grpc/grpc-go#8733)
• credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (credentials/tls: verify overwritten authority against only leaf certificate grpc/grpc-go#8831)
• xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (xds: decouple A76 and A86 EDS metadata parsing grpc/grpc-go#8875)
• xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (xds/xdsclient: add EDS sum of endpoint weights does not exceed MaxUint32 grpc/grpc-go#8899)
  • Special Thanks: @RAVEYUS
• xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (xds: fix copy-paste bug in WeightExpirationPeriod config grpc/grpc-go#8915)
  • Special Thanks: @gregbarasch
• xds/rbac: handle addresses with ports in IP matchers. (xds/rbac: add additional handling for addresses with ports grpc/grpc-go#8990)

New Features

• ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (ringhash: enable behaviors of A76 by default grpc/grpc-go#8922)

Performance Improvements

• credentials/alts: pool write buffers to reduce memory allocations and usage. (credentials/alts: Pool write buffers grpc/grpc-go#8919)
• grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the WithSharedWriteBuffer dial option or the SharedWriteBuffer server

(truncated)

v1.79.3

Security

(truncated — see source for full notes)

github.com/DataDog/KubeHound (v0.0.0-00010101000000-000000000000 → v1.6.7) — GitHub Release

v1.6.7

What's Changed

• Fixing mongo URI to support user URI provided by @jt-dd in Fixing mongo URI to support user URI provided #363
• Wiping option for MongoDB resources during clusters ingestion (KHaaS only) by @jt-dd in Wiping option for MongoDB resources during clusters ingestion (KHaaS only) #364
• chore(deps): bump github.com/containerd/containerd/v2 from 2.0.5 to 2.0.7 by @dependabot[bot] in chore(deps): bump github.com/containerd/containerd/v2 from 2.0.5 to 2.0.7 #361
• chore(deps): bump github.com/docker/compose/v2 from 2.33.1 to 2.40.2 by @dependabot[bot] in chore(deps): bump github.com/docker/compose/v2 from 2.33.1 to 2.40.2 #360
• fix go.mod for buildx by @jt-dd in fix go.mod for buildx #366
• chore(deps): bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 by @dependabot[bot] in chore(deps): bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 #365

Full Changelog: v1.6.6...v1.6.7

v1.6.6

What's Changed

• fix(deps): Update gocloud.dev to fix AWS S3 Multipart upload issue by @Minosity-VR in fix(deps): Update gocloud.dev to fix AWS S3 Multipart upload issue #357

Full Changelog: v1.6.5...v1.6.6

v1.6.5

What's Changed

• chore(doc): document traversal related dsl returning paths. by @Zenithar in chore(doc): document traversal related dsl returning paths. #325
• (doc) More precise installation instructions by @Minosity-VR in (doc) More precise installation instructions #327
• chore(go): Update to Go 1.24 by @Zenithar in chore(go): Update to Go 1.24 #330
• fix(docs): fix typo in getting-started.md by @RiRa12621 in fix(docs): fix typo in getting-started.md #332
• fix(cli): add a newline to version output. by @Zenithar in fix(cli): add a newline to version output. #336
• fix(deps): CVE-2025-22870 by @Zenithar in fix(deps): CVE-2025-22870 #337
• feat(store): flag Secret volumes during ingestion. by @Zenithar in feat(store): flag Secret volumes during ingestion. #334
• docs/ui: Add jupyer+gremlin tricks by @Minosity-VR in docs/ui: Add jupyer+gremlin tricks #340
• chore(gha): update CSA. by @Zenithar in chore(gha): update CSA. #342
• chore(deps): bump github.com/containerd/containerd/v2 from 2.0.2 to 2.0.4 by @dependabot[bot] in chore(deps): bump github.com/containerd/containerd/v2 from 2.0.2 to 2.0.4 #338
• chore(deps): bump github.com/docker/buildx from 0.21.1 to 0.21.3 by @dependabot[bot] in chore(deps): bump github.com/docker/buildx from 0.21.1 to 0.21.3 #339
• chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot[bot] in chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 #341

(truncated — see source for full notes)

github.com/DataDog/appsec-internal-go (v1.9.0 → v1.14.0) — GitHub Release

v1.14.0

What's Changed

• Refine documentation for the proxy sample rate by @e-n-0 in Refine documentation for the proxy sample rate appsec-internal-go#53
• Update embedded AppSec Rules to 1.15.1 by @dd-k9-library-go[bot] in Update embedded AppSec Rules to 1.15.1 appsec-internal-go#55

Full Changelog: DataDog/appsec-internal-go@v1.13.0...v1.14.0

v1.13.0

What's Changed

• feat: proxy sampler by @e-n-0 in feat: proxy sampler appsec-internal-go#52

New Contributors

• @e-n-0 made their first contribution in feat: proxy sampler appsec-internal-go#52

Full Changelog: DataDog/appsec-internal-go@v1.12.0...v1.13.0

v1.12.0

What's Changed

• chore(ci): rollout ubuntu 20 in favor of ubuntu 24 by @eliottness in chore(ci): rollout ubuntu 20 in favor of ubuntu 24 appsec-internal-go#48
• feat(config): new default value obfuscation regex by @eliottness in feat(config): new default value obfuscation regex appsec-internal-go#45
• fix: make appsec.DefaultRuleset reutrn the ruleset as-is by @RomainMuller in fix: make appsec.DefaultRuleset reutrn the ruleset as-is appsec-internal-go#46

Full Changelog: DataDog/appsec-internal-go@v1.11.2...v1.12.0

v1.11.2

What's Changed

• fix: allow system tests to override API Security sampling interval by @RomainMuller in fix: allow system tests to override API Security sampling interval appsec-internal-go#44

Full Changelog: DataDog/appsec-internal-go@v1.11.1...v1.11.2

v1.11.1

What's Changed

• fix: un-do breaking changes from v1.10.0 by @RomainMuller in fix: un-do breaking changes from v1.10.0 appsec-internal-go#40
• feat: upgrade built-in rules to v1.14.1 by @RomainMuller in feat: upgrade built-in rules to v1.14.1 appsec-internal-go#42
• chore: fix broken tests; remove || true in CI by @RomainMuller in chore: fix broken tests; remove || true in CI appsec-internal-go#41
• feat: update embedded rules to v1.14.2 by @RomainMuller in feat: update embedded rules to v1.14.2 appsec-internal-go#43

Full Changelog: DataDog/appsec-internal-go@v1.11.0...v1.11.1

v1.11.0

What's Changed

• apisec: new sampler implementation by @RomainMuller in apisec: new sampler implementation appsec-internal-go#39

Full Changelog: DataDog/appsec-internal-go@v1.10.0...v1.11.0

v1.10.0

What's Changed

• chore: upgrade go versions and CI runners by @eliottness in chore: upgrade go versions and CI runners appsec-internal-go#35
• Update third party actions by @genesor in Update third party actions appsec-internal-go#38

(truncated — see source for full notes)

github.com/DataDog/datadog-go/v5 (v5.6.0 → v5.8.3) — GitHub Release

v5.8.3

• [IMPROVEMENT] Shard aggregator lock. See [https://github.com/Shard aggregator lock datadog-go#351][], thanks [@opsengine][].
• [IMPROVEMENT] Fix race condition in statsd external_env initialization. See [https://github.com/Fix race condition in statsd external_env initialization datadog-go#352][], thanks [@jprobinson][].

See the CHANGELOG for the details on previous releases.

v5.8.2

• [IMPROVEMENT] Optimistic allocation for Count and Set metrics. See Optimistic allocation for Count and Set metrics datadog-go#308, thanks @opsengine.

See the CHANGELOG for the details on previous releases.

v5.8.1

See the Changelog for the details.

v5.8.0

See the Changelog for the details.

v5.7.1

Retracting v5.7.0 as it included a breaking change.

v5.7.0

See the Changelog for the details.

github.com/fxamacker/cbor/v2 (v2.7.0 → v2.9.1) — GitHub Release

v2.9.1

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR Fix several issues related to keyasint tag option fxamacker/cbor#757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR Fix several issues related to keyasint tag option fxamacker/cbor#757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR Fix several issues related to keyasint tag option fxamacker/cbor#757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR Small bugfixes, defensive checks, and improvements fxamacker/cbor#753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR Small bugfixes, defensive checks, and improvements fxamacker/cbor#753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR Reject encoding nil inside CBOR indefinite-length string fxamacker/cbor#750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR Small bugfixes, defensive checks, and improvements fxamacker/cbor#753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @fxamacker in Add TimeMode encoding option TimeRFC3339NanoUTC fxamacker/cbor#688
• Use actual negative zero in tests by @makew0rld in Use actual negative zero in tests fxamacker/cbor#708
• Reject encoding nil inside CBOR indefinite-length string by @fxamacker in Reject encoding nil inside CBOR indefinite-length string fxamacker/cbor#750
• Refactor and add tests by @fxamacker in Refactor and add tests fxamacker/cbor#752
• Small bugfixes, defensive checks, and improv

(truncated)

v2.9.0

v2.9.0 adds new features, refactors tests, and improves docs. New features improve interoperability/transcoding between CBOR & JSON.

(truncated — see source for full notes)

github.com/go-playground/validator/v10 (v10.25.0 → v10.30.2) — GitHub Release

v10.30.2

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @dependabot[bot] in chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 go-playground/validator#1523
• feat: add translations for alphaspace and alphanumspace tags in indonesian by @savioruz in feat: add translations for alphaspace and alphanumspace tags in indonesian go-playground/validator#1522
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @dependabot[bot] in chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 go-playground/validator#1526
• feat: add cmyk(color) to validator by @thenicolau in feat: add cmyk(color) to validator go-playground/validator#1528
• chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @dependabot[bot] in chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 go-playground/validator#1534
• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @dependabot[bot] in chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 go-playground/validator#1533
• Go 1.26 support by @nodivbyzero in Go 1.26 support go-playground/validator#1535
• fix: prevent panic in unique validation with nil pointer elements by @nodivbyzero in fix: prevent panic in unique validation with nil pointer elements go-playground/validator#1532
• docs: fix typos by @alexandear in docs: fix typos go-playground/validator#1527
• feat: implement ValidatorValuer interface feature by @thommeo in feat: implement ValidatorValuer interface feature go-playground/validator#1416
• docs: add Valuer interface documentation and example by @wofiporia in docs: add Valuer interface documentation and example go-playground/validator#1540
• chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @dependabot[bot] in chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 go-playground/validator#1545
• chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @dependabot[bot] in chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 go-playground/validator#1546
• feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG) by @j-ibarra in feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG) go-playground/validator#1547
• fix(fqdn): allow hyphens in last domain label by @alihasan070707 in fix(fqdn): allow hyphens in last domain label go-playground/validator#1548

New Contributors

• @savioruz ma

(truncated)

v10.30.1

What's Changed

• Feat: uds_exists validator by @barash-asenov in Feat: uds_exists validator go-playground/validator#1482
• fix: Revert min limit of e164 regex by @zemzale in fix: Revert min limit of e164 regex go-playground/validator#1516
• Fix 1513 update ISO 3166-2 codes by @xyz27900 in Fix 1513 update ISO 3166-2 codes go-playground/validator#1514

New Contributors

• @barash-asenov made their first contribution in Feat: uds_exists validator go-playground/validator#1482
• @xyz27900 made their first contribution in Fix 1513 update ISO 3166-2 codes go-playground/validator#1514

(truncated — see source for full notes)

github.com/nicksnyder/go-i18n/v2 (v2.4.1 → v2.6.1) — GitHub Release

v2.6.1

What's Changed

• Update to CLDR v48 by @nicksnyder in Update to CLDR v48 nicksnyder/go-i18n#398
• Replace unmaintained gopkg.in/yaml.v3 with go.yaml.in/yaml/v3 by @SaschaSchwarze0 in Replace unmaintained gopkg.in/yaml.v3 with go.yaml.in/yaml/v3 nicksnyder/go-i18n#397
• Upgrade golang.org/x/text to v0.32.0 by @nicksnyder in Upgrade deps nicksnyder/go-i18n#399
• Upgrade github.com/BurntSushi/toml to v1.6.0 by @nicksnyder in Upgrade deps nicksnyder/go-i18n#399

New Contributors

• @SaschaSchwarze0 made their first contribution in Replace unmaintained gopkg.in/yaml.v3 with go.yaml.in/yaml/v3 nicksnyder/go-i18n#397

Full Changelog: nicksnyder/go-i18n@v2.6.0...v2.6.1

v2.6.0

Key changes

• go-i18n extract will error if it finds a message ID that has been duplicated but contains different content.
• Upgraded to CLDR v47 data
• Minimum version of Go increased from 1.18 to 1.23.

All changes

• Extract errors for duplicate message ids by @nicksnyder in Extract errors for duplicate message ids nicksnyder/go-i18n#359
• Go 1.24 and golangci-lint v2.0 by @nicksnyder in Go 1.24 and golangci-lint v2.0 nicksnyder/go-i18n#369
• chore: fix typo in comment by @luozexuan in chore: fix typo in comment nicksnyder/go-i18n#365
• Bump github.com/BurntSushi/toml from 1.4.0 to 1.5.0 by @dependabot in Bump github.com/BurntSushi/toml from 1.4.0 to 1.5.0 nicksnyder/go-i18n#366
• CLDR v47 by @nicksnyder in CLDR v47 nicksnyder/go-i18n#370
• Require go 1.23 by @nicksnyder in Require go 1.23 nicksnyder/go-i18n#371
• Bump golang.org/x/text from 0.21.0 to 0.23.0 by @dependabot in Bump golang.org/x/text from 0.21.0 to 0.23.0 nicksnyder/go-i18n#367
• Bump codecov/codecov-action from 4 to 5 by @dependabot in Bump codecov/codecov-action from 4 to 5 nicksnyder/go-i18n#350

New Contributors

• @luozexuan made their first contribution in chore: fix typo in comment nicksnyder/go-i18n#365

Full Changelog: nicksnyder/go-i18n@v2.5.1...v2.6.0

v2.5.1

What's Changed

• Fix case sensitivity with message keys by @nicksnyder in Fix case sensitivity with message keys nicksnyder/go-i18n#358
  Note: There have always been a small number of reserved words that cannot be used in message keys: id, description, hash, leftdelim, rightdelim, zero, one, two, few, many, other. Prior to this release, only the lowercase versions were reserved. As of this release, any casing of these words are reserved (e.g. "Description", "ID"). This should have always been the case to align with the case insensitivity of message parsing, and the fact that it wasn't is a bug that is now fixed.

(truncated — see source for full notes)

github.com/pelletier/go-toml/v2 (v2.2.4 → v2.3.0) — GitHub Release

v2.3.0

This is the first release built largely with the help of AI coding agents. Highlights include the complete removal of the unsafe package. go-toml is now fully safe Go code, with a geomean overhead of only ~1.4% vs v2.2.4 and zero additional allocations on benchmarks. This release also adds omitzero struct tag support, improves UnmarshalText/Unmarshaler handling for tables and array tables, and fixes several bugs including nil pointer marshaling, leap second handling, and datetime unmarshaling panics.

What's Changed

What's new

• marshal: don't escape quotes unnecessarily by @virtuald in marshal: don't escape quotes unnecessarily pelletier/go-toml#991
• Add omitzero tag support by @NathanBaulch in Add omitzero tag support pelletier/go-toml#998
• Support custom IsZero() methods with omitzero tag by @pelletier in Support custom IsZero() methods with omitzero tag pelletier/go-toml#1020
• UnmarshalText fallbacks to struct unmarshaling for tables and arrays by @pelletier in UnmarshalText fallbacks to struct unmarshaling for tables and arrays pelletier/go-toml#1026
• [unstable] Support Unmarshaler interface for tables and array tables by @pelletier in [unstable] Support Unmarshaler interface for tables and array tables pelletier/go-toml#1027

Fixed bugs

• Add missing UnmarshalTOML call by @pelletier in Add missing UnmarshalTOML call pelletier/go-toml#996
• Handle array table into an empty slice by @pelletier in Handle array table into an empty slice pelletier/go-toml#997
• Unwrap strict errors by @bersace in Unwrap strict errors pelletier/go-toml#1012
• Fix leap second handling found by fuzz by @pelletier in Fix leap second handling found by fuzz pelletier/go-toml#1019
• Fix nil pointer map values not being marshaled by @pelletier in Fix nil pointer map values not being marshaled pelletier/go-toml#1025
• Fix panic when unmarshaling datetime values to incompatible types (panic unmarshalling LocalDateTime into incompatible Go type pelletier/go-toml#1028) by @pelletier in Fix panic when unmarshaling datetime values to incompatible types (#1028) pelletier/go-toml#1029
• Fix parser error pointing to wrong line at EOF without trailing newline by @pelletier in https://github

(truncated)

github.com/spf13/afero (v1.12.0 → v1.15.0) — GitHub Release

v1.15.0

What's Changed

• Bump golangci/golangci-lint-action from 6.5.1 to 6.5.2 by @dependabot[bot] in Bump golangci/golangci-lint-action from 6.5.1 to 6.5.2 spf13/afero#479
• Lint by @sagikazarmark in Lint spf13/afero#492
• build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @dependabot[bot] in build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 spf13/afero#494
• build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @dependabot[bot] in build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 spf13/afero#493
• Bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot[bot] in Bump actions/setup-go from 5.3.0 to 5.4.0 spf13/afero#480
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 spf13/afero#496
• support aliyun oss storage with third-party link by @messikiller in support aliyun oss storage with third-party link spf13/afero#491
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 spf13/afero#497
• chore: update x/test by @sagikazarmark in chore: update x/test spf13/afero#502
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot[bot] in build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 spf13/afero#503
• build(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.1 by @dependabot[bot] in build(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.1 spf13/afero#505
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 spf13/afero#506
• fix(gcsfs): update object not exist check logic by @ahkui in fix(gcsfs): update object not exist check logic spf13/afero#485
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 spf13/afero#508
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.4 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.28.18 to 3.29.4 spf13/afero#519
• build(deps): bump github/codeql-action from 3.29.4 to 3.29.7 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.29.4 to 3.29.7 spf13/afero#524
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.1 by @dependabot[bot] in https:

(truncated)

v1.14.0

What's Changed

• Split gcsfs and sftpfs into separate modules by @sagikazarmark in Split gcsfs and sftpfs into separate modules spf13/afero#462

Full Changelog: spf13/afero@v1.13.0...v1.14.0

v1.13.0

What's Changed

• Bump actions/setup-go from 5.2.0 to 5.3.0 by @dependabot in Bump actions/setup-go from 5.2.0 to 5.3.0 spf13/afero#446
• Bump golangci/golangci-lint-action from 6.1.1 to 6.3.0 by @dependabot in Bump golangci/golangci-lint-action from 6.1.1 to 6.3.0 spf13/afero#451

(truncated — see source for full notes)

github.com/spf13/cast (v1.7.1 → v1.10.0) — GitHub Release

v1.10.0

What's Changed

• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 spf13/cast#275
• build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 spf13/cast#277
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.5 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.28.19 to 3.29.5 spf13/cast#289
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 spf13/cast#296
• build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 by @dependabot[bot] in build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 spf13/cast#295
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in build(deps): bump actions/checkout from 4.2.2 to 5.0.0 spf13/cast#293
• build(deps): bump github/codeql-action from 3.29.10 to 3.30.1 by @dependabot[bot] in build(deps): bump github/codeql-action from 3.29.10 to 3.30.1 spf13/cast#301
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 spf13/cast#300
• build(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 by @dependabot[bot] in build(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 spf13/cast#298
• Always return empty map instead of nil when conversion fails by @andig in Always return empty map instead of nil when conversion fails spf13/cast#283

New Contributors

• @andig made their first contribution in Always return empty map instead of nil when conversion fails spf13/cast#283

Full Changelog: spf13/cast@v1.9.2...v1.10.0

v1.9.2

What's Changed

• fix: float string to number parsing by @sagikazarmark in fix: float string to number parsing spf13/cast#276

Full Changelog: spf13/cast@v1.9.1...v1.9.2

v1.9.1

What's Changed

• fix: indirection of typed nils by @sagikazarmark in fix: indirection of typed nils spf13/cast#273

Full Changelog: spf13/cast@v1.9.0...v1.9.1

v1.9.0

Notable new features 🎉

• Casting from type aliases is now supported for basic types
• Added generic functions: To/ToE, Must, ToNumber/ToNumberE
• Increased test coverage
• Converting float numbers from string is now supported

[!WARNING]
Since cast now supports converting float values from strings, a related edge case behaves differently:

In previous versions, attempting to convert an empty string to a float resulted in an error.

Starting with this version, the same operation no longer raises an error.

To maintain consistency with the rest of the library, an empty string now converts to the float value 0.0.

What's Changed

(truncated — see source for full notes)

github.com/spf13/viper (v1.19.0 → v1.21.0) — GitHub Release

v1.21.0

What's Changed

Enhancements 🚀

• Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice by @nmvalera in Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice spf13/viper#2015
• feat: use maintained yaml library by @sagikazarmark in feat: use maintained yaml library spf13/viper#2040

Bug Fixes 🐛

• fix(config): get config type from v.configType or config file ext by @GuillaumeBAECHLER in fix(config): get config type from v.configType or config file ext spf13/viper#2003
• fix: config type check when loading any config by @sagikazarmark in fix: config type check when loading any config spf13/viper#2007

Dependency Updates ⬆️

• Update dependencies by @sagikazarmark in Update dependencies spf13/viper#1993
• build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 by @dependabot[bot] in build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 spf13/viper#2017
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @dependabot[bot] in build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 spf13/viper#2013
• build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 by @dependabot[bot] in build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 spf13/viper#2008
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote by @dependabot[bot] in build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote spf13/viper#2016
• build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 by @dependabot[bot] in build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 spf13/viper#2020
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 spf13/viper#2028
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 spf13/viper#2035
• build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @dependabot[bot] in build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 spf13/viper#2036
• build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @dependabot[bot] in build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 spf13/viper#2012
• build(deps): bump github.com/stretchr

(truncated)

v1.20.1

What's Changed

Bug Fixes 🐛

• Backport config type fixes to 1.20.x by @sagikazarmark in Backport config type fixes to 1.20.x spf13/viper#2005

Full Changelog: spf13/viper@v1.20.0...v1.20.1

v1.20.0

[!WARNING]

(truncated — see source for full notes)

github.com/tinylib/msgp (v1.2.1 → v1.6.4) — GitHub Release

v1.6.4

What's Changed

• msgp: Reader: reset limits on cached readers by @philhofer in msgp: Reader: reset limits on cached readers tinylib/msgp#435
• JSON: Support integer map keys by @klauspost in JSON: Support integer map keys tinylib/msgp#434

Full Changelog: tinylib/msgp@v1.6.3...v1.6.4

v1.6.3

• Remove debug println.

Full Changelog: tinylib/msgp@v1.6.2...v1.6.3

v1.6.2

What's Changed

• Fix vartuple handling for nested objects by @UladzimirTrehubenka in Fix vartuple handling for nested objects tinylib/msgp#431
• Add (Reader).ReadBytesLimit by @klauspost in Add (Reader).ReadBytesLimit tinylib/msgp#432

Full Changelog: tinylib/msgp@v1.6.1...v1.6.2

v1.6.1

What's Changed

• Fix WriteBytes/WriteString/WriteStringFromBytes limit by @klauspost in Fix WriteBytes/WriteString/WriteStringFromBytes limit tinylib/msgp#429 (regression in v1.6.0)

Full Changelog: tinylib/msgp@v1.6.0...v1.6.1

v1.6.0

What's Changed

• Add support for aliased map/slice/arrays by @klauspost in Add support for aliased map/slice/arrays tinylib/msgp#418
• Add binary marshal by @klauspost in Add binary marshal tinylib/msgp#426
• Implement limit directive for msgp array/map size bounds checking by @klauspost in Implement limit directive for msgp array/map size bounds checking tinylib/msgp#419
• Allow ignore directives to contain regex by @klauspost in Allow ignore directives to contain regex tinylib/msgp#423
• Fix embedded generic interface by @klauspost in Fix embedded interface tinylib/msgp#417
• setof speed improvement and tests by @klauspost in setof speed improvement and tests tinylib/msgp#420

New Contributors

• @alexandear made their first contribution in remove redundant // +build directives tinylib/msgp#421

Full Changelog: tinylib/msgp@v1.5.0...v1.6.0

v1.5.0

What's Changed

• Support generic types by @klauspost in feat: Support generic types tinylib/msgp#410 - docs
• Handle atomic values by @klauspost in Handle atomic values tinylib/msgp#405
• Add array/map iterators by @klauspost in Add array/map iterators tinylib/msgp#403
• Add Coerce functions to Number by @klauspost in Add Coerce functions to Number tinylib/msgp#404
• Add Number.CoerceFloat by @klauspost in Add Number.CoerceFloat tinylib/msgp#407
• Handle aliased types by @klauspost in Handle aliased types tinylib/msgp#406
• Add "setof" helpers by @klauspost in Add "setof" helpers tinylib/msgp#408
• msgp: fuzz test: fix overflow on 32-bit systems by @philhofer in msgp: fuzz test: fix overflow on 32-bit systems tinylib/msgp#412

(truncated — see source for full notes)

go.opentelemetry.io/collector/pdata (v1.11.0 → v1.56.0) — Changelog

💡 Enhancements 💡

• all: Update semconv package from 1.38.0 to 1.40.0 (bump semconv to 1.40.0 open-telemetry/opentelemetry-collector#15095)
• cmd/mdatagen: Only allow the ToVersion feature flag attribute to be set for the Stable and Deprecated stages. (Disallow the usage of ToVersion for any stage other than stable or deprecated open-telemetry/opentelemetry-collector#15040)
  To better match the feature flag README
  (https://github.com/open-telemetry/opentelemetry-collector/blob/main/featuregate/README.md#feature-lifecycle).

🧰 Bug fixes 🧰

• exporter/debug: Guard from out of bounds profiles dictionary indices ([exporter/debug] should check for index out of range for profiles dictionary open-telemetry/opentelemetry-collector#14803)

• pdata/pprofile: create a copy when the input is marked as read-only (file exporter panics with "invalid access to shared data" when exporting profiles together with debug exporter open-telemetry/opentelemetry-collector#15080)

• pkg/otelcol: Fix missing default values in unredacted print-config command by introducing confmap.WithUnredacted MarshalOption. (Bug: otelcol print-config mode=unredacted output omits default values, making results very different from redacted mode open-telemetry/opentelemetry-collector#14750)
  Resolves an issue where the unredacted mode output omitted all default-valued options. By introducing a new MarshalOption to disable redaction directly at the confmap encoding level, the unredacted mode now preserves all component defaults natively without requiring post-processing.

• pkg/service: Headers on the internal telemetry OTLP exporter are now redacted when the configuration is marshaled (Redact headers when exporting internal telemetry through OTLP open-telemetry/opentelemetry-collector#14756)

go.opentelemetry.io/otel (v1.37.0 → v1.43.0) — GitHub Release

v1.43.0

Added

• Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
  for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
• Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
• Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
  Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
• Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

(truncated — see source for full notes)

go.opentelemetry.io/otel/metric (v1.37.0 → v1.43.0) — GitHub Release

v1.43.0

Added

• Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
  for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
• Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
• Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
  Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
• Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

(truncated — see source for full notes)

go.opentelemetry.io/otel/trace (v1.37.0 → v1.43.0) — GitHub Release

v1.43.0

Added

• Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
  for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
• Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
• Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
• Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
  Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
• Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

(truncated — see source for full notes)

gopkg.in/DataDog/dd-trace-go.v1 (v1.72.1 → v1.74.8) — GitHub Release

v1.74.7

[!NOTE]
This is the last minor release for v1. The Go tracer v1 transitional version is a wrapper that preserves the API from v1 but uses v2 under the hood.

[!WARNING]
This release has been retracted due to problematic upgrades to the minimum Go version. Please use the latest v1.74.x version instead.

This transitional version is the only v1 version that allows both v1 and v2 to be imported in the same service—enabling you to migrate a service gradually. Using this v1 transitional version doesn’t require any code changes, but it also won’t support any new features introduced in the new v2 tracer.

Changes

Updates github.com/DataDog/dd-trace-go/v2 from v2.2.3 to v2.3.0

Full Changelog: DataDog/dd-trace-go@v1.74.6...v1.74.7

v1.74.6

What's Changed

This patch release fixes a significant bug that caused dropped spans due to local sampling rules overriding the sampling decision already present in inbound distributed trace context.

[!IMPORTANT]
Depending on your sampling rules, and especially if you have trace sampling rules,, you may notice an increase in ingested spans. This increase is expected and the consequence of not applying trace sampling rules when there is a head sampling decision. If the ingested volume is problematic, reduce it using APM Ingestion Controls. For any questions or issues, please contact Datadog Support.

Application Performance Monitoring (APM)

• fix(ddtrace/tracer): keep correct trace+span sampling with propagated sampling decision by @darccio in fix(ddtrace/tracer): keep correct trace+span sampling with propagated sampling decision dd-trace-go#3856
• chore: update the remoteconfig dependency by @andreimatei in chore: update the remoteconfig dependency dd-trace-go#3883

Full Changelog: DataDog/dd-trace-go@v1.74.5...v1.74.6

v1.74.5

[!NOTE]
This is the last minor release for v1. The Go tracer v1 transitional version is a wrapper that preserves the API from v1 but uses v2 under the hood.

This transitional version is the only v1 version that allows both v1 and v2 to be imported in the same service—enabling you to migrate a service gradually. Using this v1 transitional version doesn’t require any code changes, but it also won’t support any new features introduced in the new v2 tracer.

Changes

Updates github.com/DataDog/dd-trace-go/v2 from v2.1.0 to v2.2.2

(truncated — see source for full notes)

k8s.io/klog/v2 (v2.130.1 → v2.140.0) — GitHub Release

v2.140.0

What's Changed

• Add dependabot by @lucacome in Add dependabot kubernetes/klog#410
• Use strconv.AppendQuote instead of strconv.Quote for message formatting by @astef in Use strconv.AppendQuote instead of strconv.Quote for message formatting kubernetes/klog#413
• de-duplication of key/value pairs by @pohly in de-duplication of key/value pairs kubernetes/klog#415
• Fix: Ensure constant format strings in fmt and printf calls by @mikelolasagasti in Fix: Ensure constant format strings in fmt and printf calls kubernetes/klog#417
• Remove old note on Go version requirements by @guettli in Remove old note on Go version requirements kubernetes/klog#425
• test with 1.24 and 1.25 by @pohly in test with 1.24 and 1.25 kubernetes/klog#428
• ktesting: fix vmodule support by @pohly in ktesting: fix vmodule support kubernetes/klog#431
• ktesting: support multi-line result from AnyToStringHook by @pohly in ktesting: support multi-line result from AnyToStringHook kubernetes/klog#433
• textlogger: optionally turn off header by @pohly in textlogger: optionally turn off header kubernetes/klog#430
• feat: fix stderrthreshold not honored when logtostderr is set (stderrthreshold not honored when logtostderr is set kubernetes/klog#212) + two new flags by @pierluigilenoci in feat: fix stderrthreshold not honored when logtostderr is set (#212) + two new flags kubernetes/klog#432

New Contributors

• @lucacome made their first contribution in Add dependabot kubernetes/klog#410
• @astef made their first contribution in Use strconv.AppendQuote instead of strconv.Quote for message formatting kubernetes/klog#413
• @mikelolasagasti made their first contribution in Fix: Ensure constant format strings in fmt and printf calls kubernetes/klog#417
• @guettli made their first contribution in Remove old note on Go version requirements kubernetes/klog#425
• @pierluigilenoci made their first contribution in feat: fix stderrthreshold not honored when logtostderr is set (#212) + two new flags kubernetes/klog#432

Full Changelog: kubernetes/klog@v2.130.1...v2.140.0

---

Generated by ADMS Sources: 17 GitHub Releases, 1 Changelog, 5 not available.

[seberm-6]

Hey, sorry for the noise. This was caused by a bug in our automated dependency update system that incorrectly included upstream changelog content in PR comments, triggering notifications to external contributors. The feature flag has been turned off and we're working on a fix. Sorry about that again.