Bump the go_modules group across 1 directory with 10 updates

[dependabot]

Bumps the go_modules group with 9 updates in the / directory:

Package	From	To
github.com/btcsuite/btcd	0.22.0-beta.0.20211005184431-e3449998be39	0.23.2
github.com/docker/docker	20.10.22+incompatible	24.0.9+incompatible
github.com/lightningnetwork/lnd	0.14.2-beta	0.15.4-beta
google.golang.org/grpc	1.44.0	1.56.3
github.com/docker/distribution	2.8.1+incompatible	2.8.2+incompatible
github.com/jackc/pgproto3/v2	2.1.1	2.3.3
github.com/jackc/pgx/v4	4.13.0	4.18.2
github.com/prometheus/client_golang	1.11.0	1.11.1
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	0.20.0	0.46.0

Updates github.com/btcsuite/btcd from 0.22.0-beta.0.20211005184431-e3449998be39 to 0.23.2

Release notes

Sourced from github.com/btcsuite/btcd's releases.

btcd v0.23.2

What's Changed

• MuSig2: Catch up to 0.4.0 by @​sputn1ck in btcsuite/btcd#1865
• Bump btcd version in btcutil package by @​darioush in btcsuite/btcd#1866
• doc: fix Tor hidden service setup link by @​shyba in btcsuite/btcd#1883
• build: bump golang base image version to 1.17 by @​tochicool in btcsuite/btcd#1882
• wire: remove erroneous witness size check in wire parsing by @​Roasbeef in btcsuite/btcd#1896
• build: bump version to v0.23.2 by @​Roasbeef in btcsuite/btcd#1898

New Contributors

• @​sputn1ck made their first contribution in btcsuite/btcd#1865
• @​darioush made their first contribution in btcsuite/btcd#1866
• @​shyba made their first contribution in btcsuite/btcd#1883
• @​tochicool made their first contribution in btcsuite/btcd#1882

Full Changelog: btcsuite/btcd@v0.23.1...v0.23.2

btcd v0.23.1-beta

What's Changed

• btcjson: Update WalletCreateFundedPsbtOpts.FeeRate type by @​gnasr in btcsuite/btcd#1729
• rpcserverhelp: Remove extra period for gettxout--synopsis by @​kcalvinalvin in btcsuite/btcd#1733
• mempool: export isDust for use in other projects by @​Crypt-iQ in btcsuite/btcd#1739
• Switch irc to libera.chat by @​jcvernaleo in btcsuite/btcd#1725
• rpcclient: Export symbols needed for custom commands by @​JeremyRand in btcsuite/btcd#1457
• btcec: check if recovered pk is at point of infinity by @​MariusVanDerWijden in btcsuite/btcd#1750
• mempool: introduce GetDustThreshold to export dust limit calculation by @​Crypt-iQ in btcsuite/btcd#1742
• build: bump min Go version to 1.16.8 add Go 1.17.1 by @​Roasbeef in btcsuite/btcd#1753
• Upgraded the docker version to 1.16 by @​naveensrinivasan in btcsuite/btcd#1755
• peer+server: add new config option to optionally disable stall detection by @​Roasbeef in btcsuite/btcd#1752
• addrmgr: make KnownAddress methods thread-safe by @​chappjc in btcsuite/btcd#1763
• comment improvement by @​pyh4 in btcsuite/btcd#1762
• Included permissions for GitHub action by @​naveensrinivasan in btcsuite/btcd#1756
• connmgr: Fix stale comment in TestRemovePendingConnection by @​sloorush in btcsuite/btcd#1749
• rpcclient: Add retry with backoffs to HTTP POST requests by @​3nprob in btcsuite/btcd#1743
• txscript: backport tokenizer from dcrd by @​Roasbeef in btcsuite/btcd#1769
• go.mod, go.sum: Update goleveldb by @​kcalvinalvin in btcsuite/btcd#1770
• reduce redundant memory allocation - resolves btcsuite/btcd#1699 by @​ziollek in btcsuite/btcd#1759
• rpcclient+rpcserver+integration: GetNetworkHashPS3 must be float64 by @​mattbajorek in btcsuite/btcd#1778
• multi: move the btcutil repo into btcd as a sub-module by @​Roasbeef in btcsuite/btcd#1785
• btcutil: update modules to replace to top-level btcd repo by @​Roasbeef in btcsuite/btcd#1788
• chaincfg+blockchain: abstract/refactor BIP 9 version bits implementation to work w/ BIP 8 block heights by @​Roasbeef in btcsuite/btcd#1700
• btcec: create new btcec/v2 module that type aliases into the dcrec module by @​Roasbeef in btcsuite/btcd#1773
• btcec/v2: create new schnorr package for BIP-340, move existing ecdsa implementation into new ecdsa package by @​Roasbeef in btcsuite/btcd#1777
• build: update to btcec v2.1.0 by @​Roasbeef in btcsuite/btcd#1801
• build: retract bogus tags from btcd fork by @​Roasbeef in btcsuite/btcd#1805
• mempool/estimatefee: Fix negative index bug by @​kcalvinalvin in btcsuite/btcd#1813
• Replace github.com/btcsuite/goleveldb imports with github.com/syndtr/goleveldb by @​anupcshan in btcsuite/btcd#1780
• Remove circular dependency issue between btcec/v2 and main package by @​guggero in btcsuite/btcd#1823
• Fixes coveralls coverage report by @​vpereira01 in btcsuite/btcd#1814
• Update LICENSE by @​MarnixCroes in btcsuite/btcd#1809

... (truncated)

Commits

• See full diff in compare view

Updates github.com/docker/docker from 20.10.22+incompatible to 24.0.9+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.9

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.9 milestone
• moby/moby, 24.0.9 milestone

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE	Component	Fix version	Severity
CVE-2024-21626	runc	1.1.12	High, CVSS 8.6
CVE-2024-24557	Docker Engine	24.0.9	Medium, CVSS 6.9

Important ⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

• CVE-2024-23651
• CVE-2024-23652
• CVE-2024-23653
• CVE-2024-23650

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

• CVE-2024-21626
• CVE-2024-24557

Packaging updates

• Upgrade runc to v1.1.12. moby/moby#47269
• Upgrade containerd to v1.7.13 (static binaries only). moby/moby#47280

v24.0.8

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.8 milestone
• moby/moby, 24.0.8 milestone

Bug fixes and enhancements

• Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857

... (truncated)

Commits

• fca702d Merge pull request from GHSA-xw73-rw38-6vjc
• f78a772 Merge pull request #47281 from thaJeztah/24.0_backport_bump_containerd_binary...
• 61afffe Merge pull request #47270 from thaJeztah/24.0_backport_bump_runc_binary_1.1.12
• b38e74c Merge pull request #47276 from thaJeztah/24.0_backport_bump_runc_1.1.12
• dac5663 update containerd binary to v1.7.13
• 20e1af3 vendor: github.com/opencontainers/runc v1.1.12
• 858919d update runc binary to v1.1.12
• 141ad39 Merge pull request #47266 from vvoland/ci-fix-makeps1-templatefail-24
• db968c6 hack/make.ps1: Fix go list pattern
• 61c51fb Merge pull request #47221 from vvoland/pkg-pools-close-noop-24
• Additional commits viewable in compare view

Updates github.com/lightningnetwork/lnd from 0.14.2-beta to 0.15.4-beta

Release notes

Sourced from github.com/lightningnetwork/lnd's releases.

lnd v0.15.4-beta

This is an emergency hot fix release to fix a bug that can cause lnd nodes to be unable to parse certain transactions that have a very large number of witness inputs.

This release contains no major features, and is instead just a hotfix applied on top of v0.15.3.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightningnetwork/lnd/master/scripts/keys/guggero.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-guggero-v0.15.4-beta.sig and manifest-v0.15.4-beta.txt are in the current directory) with:

gpg --verify manifest-guggero-v0.15.4-beta.sig manifest-v0.15.4-beta.txt

You should see the following if the verification was successful:

gpg: Signature made Di 01 Nov 2022 14:00:20 CET
gpg:                using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-guggero-v0.15.4-beta.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-guggero-v0.15.4-beta.sig.ots -f manifest-guggero-v0.15.4-beta.sig

Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.18.2, which is required by verifiers to arrive at the same ones. They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, neutrinorpc, routerrpc, watchtowerrpc, monitoring, peersrpc, kvdb_postrgres, and kvdb_etcd. Note that these are already included in the release script, so they do not need to be provided.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

... (truncated)

Commits

• 96fe51e Merge pull request #7098 from lightningnetwork/btcd-bump-23-3
• c8a3fbe funding: fix linter error
• 64f20b6 build: bump version to v0.15.4-beta
• 77cd2bf docs: add release notes for 0.15.4-beta
• d65833f mod: bump btcd to v0.23.3
• b4e7131 build: bump version to v0.15.3-beta
• f674960 Merge pull request #7017 from Roasbeef/v0-15-3-branch
• 34cd2f5 build: bump version to v0.15.3-beta.rc1
• 4c6f9ec docs: update remote signing update hint to v0.15.3-beta [skip ci]
• 69b7d96 funding: ignore maxWaitNumBlocksFundingConf for zero conf channels
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.44.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
• cd6a794 Update version.go to v1.56.2-dev (#6387)
• 5b67e5e Update version.go to v1.56.1 (#6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
• 997c1ea Change version to 1.56.1-dev (#6345)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.30.0

Updates github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.2

What's Changed

• Revert registry/client: set Accept: identity header when getting layers by @​ndeloof in distribution/distribution#3783
• Parse http forbidden as denied by @​vvoland in distribution/distribution#3914
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2

v2.8.2-beta.2

What's Changed

• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.2

v2.8.2-beta.1

NOTE: This is a pre-release that does not contain any artifacts!

What's Changed

• Fix runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah in distribution/distribution#3650
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.1

Commits

• 7c354a4 Merge pull request #3915 from distribution/2.8.2-release-notes
• a173a9c Add v2.8.2 release notes
• 4894d35 Merge pull request #3914 from vvoland/handle-forbidden-28
• f067f66 Merge pull request #3783 from ndeloof/accept-encoding-28
• 483ad69 registry/errors: Parse http forbidden as denied
• 2b0f84d Revert "registry/client: set Accept: identity header when getting layers"
• 320d6a1 Merge pull request #3912 from distribution/2.8.2-beta.2-release-notes
• 5f3ca1b Add release notes for 2.8.2-beta.2 release
• cb840f6 Merge pull request #3911 from thaJeztah/2.8_backport_fix_releaser_filenames
• e884644 Dockerfile: fix filenames of artifacts
• Additional commits viewable in compare view

Updates github.com/jackc/pgproto3/v2 from 2.1.1 to 2.3.3

Commits

• 945c212 Backport fixes from pgx v5
• 0c0f7b0 Add pgx v5 note
• f59ff94 UnmarshalJSON: removing hex decode
• fd427c0 Don't panic when receiving zero bytes with "slice bounds out of range"
• 175856f add GSS authentication to pgproto3
• c6ccb4b Addressing feedback
• e145003 Addressing feedback
• 1d7886b Adding UTs
• fa2b096 fix: Adding overall format before appending ColumnFormatCodes
• 40ecac4 Remove unimplemented JSON marshalling for FunctionCall type.
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v4 from 4.13.0 to 4.18.2

Changelog

Sourced from github.com/jackc/pgx/v4's changelog.

4.18.2 (March 4, 2024)

Fix CVE-2024-27289

SQL injection can occur when all of the following conditions are met:

1. The non-default simple protocol is used.
2. A placeholder for a numeric value must be immediately preceded by a minus.
3. There must be a second placeholder for a string value after the first placeholder; both must be on the same line.
4. Both parameter values must be user-controlled.

Thanks to Paul Gerste for reporting this issue.

Fix CVE-2024-27304

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Thanks to Paul Gerste for reporting this issue.

• Fix *dbTx.Exec not checking if it is already closed

4.18.1 (February 27, 2023)

• Fix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)

4.18.0 (February 11, 2023)

• Upgrade pgconn to v1.14.0
• Upgrade pgproto3 to v2.3.2
• Upgrade pgtype to v1.14.0
• Fix query sanitizer when query text contains Unicode replacement character
• Fix context with value in BeforeConnect (David Harju)
• Support pgx v4 and v5 stdlib in same program (Vitalii Solodilov)

4.17.2 (September 3, 2022)

• Fix panic when logging batch error (Tom Möller)

4.17.1 (August 27, 2022)

• Upgrade puddle to v1.3.0 - fixes context failing to cancel Acquire when acquire is creating resource which was introduced in v4.17.0 (James Hartig)
• Fix atomic alignment on 32-bit platforms

4.17.0 (August 6, 2022)

• Upgrade pgconn to v1.13.0
• Upgrade pgproto3 to v2.3.1
• Upgrade pgtype to v1.12.0

... (truncated)

Commits

• 14690df Update changelog
• 779548e Update required Go version to 1.17
• 80e9662 Update github.com/jackc/pgconn to v1.14.3
• 0bf9ac3 Fix erroneous test case
• f94eb0e Always wrap arguments in parentheses in the SQL sanitizer
• 826a892 Fix SQL injection via line comment creation in simple protocol
• 7d882f9 Fix *dbTx.Exec not checking if it is already closed
• 1d07b8b go mod tidy
• 13468eb Release v4.18.1
• 7fed69b simplify duplicate pgx registration guard
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.11.0 to 1.11.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in prometheus/client_golang#987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.19.0 / 2023-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

• [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
• [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

1.17.0 / 2023-09-27

• [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
• [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
• [ENHANCEMENT] Enable detection of a native histogram without observations. #1314

1.16.0 / 2023-06-15

• [BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. #1252
• [BUGFIX] api: Fix undefined execution order in return statements. #1260
• [BUGFIX] native histograms: Fix bug in bucket key calculation. #1279
• [ENHANCEMENT] Reduce constrainLabels allocations for all metrics. #1272
• [ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. #1278
• [ENHANCEMENT] promlint: Improve metricUnits runtime. #1286

1.15.1 / 2023-05-3

• [BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary),
  causing panics. #1253

1.15.0 / 2023-04-13

• [BUGFIX] Fix issue with atomic variables on ppc64le. #1171
• [BUGFIX] Support for multiple samples within same metric. #1181
• [BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149. #1187
• [ENHANCEMENT] Add exemplars and middleware examples. #1173
• [ENHANCEMENT] Add more context to "duplicate label names" error to enable debugging. #1177
• [ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs. #1151
• [ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package. #1183
• [ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation. #1066
• [ENHANCEMENT] Add ability to Pusher to add custom headers. #1218
• [ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage. #1225
• [ENHANCEMENT] Added (official) support for go 1.20. #1234

... (truncated)

Commits

• 989baa3 promhttp: Check validity of method and code label values (#962) (#987)
• See full diff in compare view

Updates go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.20.0 to 0.46.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases.

Release v0.36.2

Changed

• Upgrade dependencies of the OpenTelemetry Go Metric SDK to use the new v0.32.2 release
• Avoid getting a new Tracer for every RPC in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#2835)
• Conditionally compute message size for tracing events using proto v2 API rather than legacy v1 API in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#2647)

Deprecated

• The Inject function in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc is deprecated. (#2838)
• The Extract function in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc is deprecated. (#2838)

Release v0.36.1

Changed

• Upgrade dependencies of the OpenTelemetry Go Metric SDK to use the new v0.32.1 release.

Release v0.36.0

Changed

• Upgrade dependencies of the OpenTelemetry Go Metric SDK to use the new v0.32.0 release. (#2781, #2756, #2758, #2760, #2762)

Release v0.24.0

0.24.0 - 2021-09-21

Update dependency on the go.opentelemetry.io/otel project to v1.0.0.

v0.23.0

0.23.0 - 2021-09-09

Added

• Add WithoutSubSpans, WithRedactedHeaders, WithoutHeaders, and WithInsecureHeaders options for otelhttptrace.NewClientTrace. (#879)

Changed

• Split go.opentelemetry.io/contrib/propagators module into b3, jaeger, ot modules. (#985)
• otelmongodb span attributes, name and span status now conform to specification. (#769)
• Migrated EC2 resource detector support from root module go.opentelemetry.io/contrib/detectors/aws to a separate EC2 resource detector module go.opentelemetry.io/contrib/detectors/aws/ec2 (#1017)
• Add cloud.provider and cloud.platform to AWS detectors. (#1043)
• otelhttptrace.NewClientTrace now redacts known sensitive headers by default. (#879)

Fixed

• Fix span not marked as error in otelhttp.Transport when RoundTrip fails with an error. (#950)

Release v0.22.0

Added

• Add the zpages span processor. (#894)

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's changelog.

[1.26.0/0.51.0/0.20.0/0.6.0/0.1.0] - 2024-04-24

Added

• NewSDK in go.opentelemetry.io/contrib/config now returns a configured SDK with a valid MeterProvider. (#4804)

Changed

• Change the scope name for the prometheus bridge to go.opentelemetry.io/contrib/bridges/prometheus to match the package. (#5396)

Fixed

• Fix bug where an empty exemplar was added to counters in go.opentelemetry.io/contrib/bridges/prometheus. (#5395)
• Fix bug where the last histogram bucket was missing in go.opentelemetry.io/contrib/bridges/prometheus. (#5395)

[1.25.0/0.50.0/0.19.0/0.5.0/0.0.1] - 2024-04-05

Added

• Implemented setting the cloud.resource_id resource attribute in go.opentelemetry.io/detectors/aws/ecs based on the ECS Metadata v4 endpoint. (#5091)
• The go.opentelemetry.io/contrib/bridges/otelslog module. This module provides an OpenTelemetry logging bridge for "log/slog". (#5335)

Fixed

• Update all dependencies to address [GO-2024-2687]. (#5359)

Removed

• Drop support for [Go 1.20]. (#5163)

[1.24.0/0.49.0/0.18.0/0.4.0] - 2024-02-23

This release is the last to support [Go 1.20]. The next release will require at least [Go 1.21].

Added

• Support [Go 1.22]. (#5082)
• Add support for Summary metrics to go.opentelemetry.io/contrib/bridges/prometheus. (#5089)
• Add support for Exponential (native) Histograms in go.opentelemetry.io/contrib/bridges/prometheus. (#5093)

Removed

• The deprecated RequestCount constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
• The deprecated RequestContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
• The deprecated ResponseContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
• The deprecated ServerLatency constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)

Fixed

... (truncated)

Commits

• b4b06bc Release v1.21.0/v0.46.0/v0.15.0/v0.1.0 (#4546)
• c1ac303 config: Prepare module for release (#4541)
• fe68fe9 host: fix typo (#4540)
• 016b46f otelgrpc: Use net.Listen in TestStatsHandler (

[dependabot]

Superseded by #9.