fix(deps): update all#162

Open

renovate[bot] wants to merge 1 commit into

master from

renovate/all

Open

fix(deps): update all #162
renovate[bot] wants to merge 1 commit into
master from
renovate/all

Conversation

@renovate

@renovate renovate Bot commented Jul 16, 2020 •

edited

Loading

Copy link

Copy Markdown

i️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
ace (source)	minor	`1.2.0` → `1.43.3`	age	confidence
actions/cache	action	patch	`v2.1.4` → `v2.1.8`	age	confidence
angular-ui-bootstrap (source)	minor	`0.13.3` → `0.14.3`	age	confidence
github.com/gobuffalo/packr/v2	require	patch	`v2.8.0` → `v2.8.3`	age	confidence
github.com/golang/protobuf	require	patch	`v1.5.2` → `v1.5.4`	age	confidence
github.com/gorilla/handlers	require	minor	`v1.4.2` → `v1.5.2`	age	confidence
github.com/gorilla/mux	require	minor	`v1.7.3` → `v1.8.1`	age	confidence
github.com/grpc-ecosystem/grpc-gateway	require	minor	`v1.12.1` → `v1.16.0`	age	confidence
github.com/huandu/xstrings	require	minor	`v1.3.0` → `v1.5.0`	age	confidence
golang	stage	minor	`1.16-alpine` → `1.26-alpine`	age	confidence
google.golang.org/genproto	require	digest	`e1de0a7` → `7ab31c2`	age	confidence

Release Notes

ajaxorg/ace-builds (ace)

Features

update mouse selection at user's refresh rate (#5717) (90d72fc), closes #5716

Bug Fixes

editor.completer would init on enableBasicAutocompletion option true (#5756) (25a471a)
missing type aliases and MarkerGroup in ace-builds (#5782) (b20be1a)

1.40.2 (2025年05月02日)

1.40.1 (2025年04月23日)

Bug Fixes

gutter: add null check for session.foldWdigets (#5801) (6ca40e9)

`v1.41.0`

Compare Source

`v1.40.1`

Compare Source

`v1.40.0`

Compare Source

Features

gutter: added keyboard handling for experimental feature custom widgets (#5796) (8037400)

1.39.1 (2025年03月20日)

Features

Editing is disabled tooltip in readonly mode (#5771) (1098e53)

Bug Fixes

Fix is check in xml FoldMode (#5752) (810c465)
replace NodeList.foreach with for loop (#5769) (b3de3c1)
updateDocTooltip with undefined this.completions (#5754) (adde072)
wrong java keywords (#5759) (6b4c7a0)

`v1.39.1`

Compare Source

`v1.39.0`

Compare Source

Features

Multiline Search Support: line breaks \n (#5675) (06d51b9)

Bug Fixes

check if row is present when setting aria label of popup elements (#5750) (ff16482)
gutter hover tooltip a11y improvements (#5747) (fbe3ddc)
narrowing platform to be either win or mac (#5707) (18cc336)
set score completion item when skipfilter true (#5749) (a27e1e8)

`v1.38.0`

Compare Source

Features

popup: add supporting skipFilter flag for popup item (#5740) (0db7585)

Bug Fixes

AcePopup: fix aria-posinset issue on google chrome (#5719) (09a0c5a)
calling setMode just before destroy causes error reading getLength (#5727) (62b973e)
highlight indent guides with wrapped lines (#5621) (77b9fe1)
improve aria attributes of popup elements (#5739) (09fba2e)
types for setTimeout/setInterval calls (#5726) (9a76656)
VirtualRenderer: fix scrollbar overlap on autocompletion (#5713) (5acea6d)
wrong type of paste event and missing types for themelist extension (#5725) (a4b9d2d)

1.37.5 (2025年01月16日)

Bug Fixes

update aria-roledescription gutter (#5718) (7ae3a4c)

1.37.4 (2025年01月09日)

Bug Fixes

Remove unnecesary typeof from type imports in declarations (#5715) (2c8bf91)

1.37.3 (2025年01月07日)

1.37.2 (2025年01月06日)

Bug Fixes

fix return type of supportsFile modelist (#5705) (de21d50)

1.37.1 (2024年12月20日)

Bug Fixes

hide gutter tooltip event missing from editor signal (#5701) (66a6736)

1.36.6 (2024年12月17日)

Bug Fixes

update contribuition guide to mandate test cases (#5694) (e6533b3)
wrong behaviour rules in modes (#5682) (442680c)

1.36.5 (2024年11月14日)

Features

exposing getter setter for widget manager created using line widgets (#5673) (f5d0c19)

Bug Fixes

vue-directives regex bug (#5671) (5e1e524)

1.36.4 (2024年11月04日)

Bug Fixes

a11y: update aria-label of textinput on cursor move (#5665) (6ff93a8)

1.36.3 (2024年10月21日)

Bug Fixes

readdirSync options recursive: true was added only in NodeJs v20.1.0 (#5645) (2953f72)

1.36.2 (2024年08月30日)

Bug Fixes

apply padding to right side multi-line markers (#5636) (c7549aa)

1.36.1 (2024年08月29日)

Bug Fixes

improve type getMarkerAtPosition markergroup (#5631) (89bd40a)
update cloudeditor light colours (#5633) (0e2813e)

`v1.37.5`

Compare Source

`v1.37.4`

Compare Source

`v1.37.3`

Compare Source

`v1.37.2`

Compare Source

`v1.37.1`

Compare Source

`v1.37.0`

Compare Source

`v1.36.5`

Compare Source

`v1.36.4`

Compare Source

`v1.36.3`

Compare Source

`v1.36.2`

Compare Source

`v1.36.1`

Compare Source

`v1.36.0`

Compare Source

Features

allow setting marker type for MarkerGroups (#5630) (214df9c)
forced-color: do not adjust the forced colors for the editor (#5624) (c8f9df8)

1.35.5 (2024年08月20日)

1.35.4 (2024年07月22日)

Bug Fixes

move right of cursor tokens to end of ghost text. (#5616) (063ef9b)

1.35.3 (2024年07月18日)

Bug Fixes

ghost text rendering of empty lines (#5615) (1ae0bdc)

1.35.2 (2024年07月01日)

1.35.1 (2024年06月27日)

Bug Fixes

explicitly construct Number from window zoom attribute (#5600) (2591c36)
use dom builder for gutter tooltip and inline widget (#5601) (e81a299)
workaround for safari rendering bug (#5573) (f9a152f)
wrong doc comment * insert behaviour (#5571) (16c95b3)

`v1.35.5`

Compare Source

`v1.35.4`

Compare Source

`v1.35.3`

Compare Source

`v1.35.2`

Compare Source

`v1.35.1`

Compare Source

`v1.35.0`

Compare Source

Features

allow '{n}' as placeholder for translated strings (#5581) (2206024)

Bug Fixes

allow setting the placeholder type for nls (#5584) (3e2d50f)
not closed generic state in case of left-shift operator (#5572) (e5bea6f)
wrong vue-directives regexp (#5586) (5f89a33)

1.34.2 (2024年05月27日)

1.34.1 (2024年05月24日)

Bug Fixes

always set aria-label to text input in a11y mode (#5563) (00346fd)
Folding for comments and different modes (#5533) (f4d0e33)

`v1.34.2`

Compare Source

`v1.34.1`

Compare Source

`v1.34.0`

Compare Source

Features

allow users to add arialabel to text input (#5560) (8d7dfb6)

1.33.3 (2024年05月21日)

Bug Fixes

contrast completion meta contrast cloud editor themes (#5558) (b8877f0)

1.33.2 (2024年05月13日)

Bug Fixes

Add soft wrap for ghost text (#5540) (6a26b27)
generator function's determination; wrong parameter highlighting (#5538) (ceca6f7)
incorrect spans style (#5539) (65a7f38)
not determined folding widgets for html tags (#5548) (7a51992)
wrong token type (#5535) (4041489)

1.33.1 (2024年04月23日)

Bug Fixes

account for this.popup being potentially undefined in completion mousewheel listener (#5537) (6c3a9a6)

`v1.33.3`

Compare Source

`v1.33.2`

Compare Source

`v1.33.1`

Compare Source

`v1.33.0`

Compare Source

Features

Make translation system key based and add annotation type to gutter icon aria labels (#5524) (bb8256d)

Bug Fixes

Contrast is too low for searched items (#5523) (507ae2f)

1.32.9 (2024年03月29日)

Bug Fixes

apply class to autocomplete popup for no suggestions state (#5522) (a66f861)

1.32.8 (2024年03月22日)

Bug Fixes

allow completers to trigger on newline characters (#5519) (6e870fd)
don't detach completion popup while typing when prefix is empty (#5517) (7937e53)
scroll cursor line to top editor for long inline preview (#5514) (529473b)
SwiftHighlightRules exports (#5516) (f493ab0)

1.32.7 (2024年03月01日)

Bug Fixes

swap blue/red in cloudeditor themes to reduces usage of red (#5492) (0e8f549)

1.32.6 (2024年02月07日)

1.32.5 (2024年01月30日)

1.32.4 (2024年01月29日)

Bug Fixes

Improve contrast of completion popup in CloudEditor theme (#5473) (273c7f1)
update JSX mode to reflect React JSX (#5451) (66789a7)

1.32.3 (2023年12月29日)

Bug Fixes

improve prefixing for inline preview (#5439) (51006bb)
update ghost text if on same line popup (12f4664)
updated red color in cloud-editor dark theme (#5432) (142b607)

1.32.2 (2023年12月14日)

Bug Fixes

themes: changed the solarized theme primary color from [#93](https://redirect.github.com/ajaxorg/ace/issues/93)A1A1 to [#839496](https://redirect.github.com/ajaxorg/ace/issues/839496). (#5422) (114a5c1), closes #93A1A1

1.32.1 (2023年12月11日)

Bug Fixes

don't show loading state when empty completer array is provided (7a8a929)
prevent browser scroll while scrolling over the tooltip (#5414) (c6475c0)
switch aria-selected to aria-current for webkit (#5416) (bf1a4ea), closes #5403
yaml worker errors at undefined row/column (06cc12a)

`v1.32.9`

Compare Source

`v1.32.8`

Compare Source

`v1.32.7`

Compare Source

`v1.32.6`

Compare Source

`v1.32.5`

Compare Source

`v1.32.4`

Compare Source

`v1.32.3`

Compare Source

`v1.32.2`

Compare Source

`v1.32.1`

Compare Source

`v1.32.0`

Compare Source

Features

adding CloudEditor theme (#5404) (b0ee067)

Bug Fixes

autocomplete tests (#5407) (cf6999d)
set completion popup role to 'menu' for safari (6845905)
stop rendering the completion popup disconnected from the editor for long ghost text (#5401) (94d68a7)
try to scroll inline preview into view (#5400) (95af560)

1.31.2 (2023年11月15日)

Bug Fixes

inline preview with loading state (05db94f)

1.31.1 (2023年10月30日)

Bug Fixes

improve yaml folding (5c80e3c)

`v1.31.2`

Compare Source

`v1.31.1`

Compare Source

`v1.31.0`

Compare Source

Features

add nasal language (#5342) (4fff99e)

Bug Fixes

doc tooltip not filtering properly (e5034c7)

`v1.30.0`

Compare Source

Features

Add support for time units in PRQL (#5324) (8b9175b)

`v1.29.0`

Compare Source

Features

allow setting completion.ignoreCaption (5618046)

`v1.28.0`

Compare Source

Features

Keep focus on same item in completion popup when slow completer delivers results. (#5322) (0983134)

`v1.27.0`

Compare Source

Features

Allow not showing inline preview for completers when inlineEnabled is set to true. (#5315) (f3e3330)

`v1.26.0`

Compare Source

Features

Allow to set setSelectOnHover for Autocomplete (#5317) (dccbcc2)

Bug Fixes

Improve PRQL syntax highlightning (#5313) (7d677f1)

1.25.1 (2023年09月14日)

`v1.25.1`

Compare Source

`v1.25.0`

Compare Source

Features

Add syntax highlighting for PRQL (#5307) (24862cd)

1.24.2 (2023年09月08日)

Bug Fixes

Added project details in index.html file (#5300) (6e83505)
autocompletion threshold doesn't apply to trigger characters (84bbc88)
Update php_highlight_rules.js (#5288) (caedd0c)

1.24.1 (2023年08月15日)

`v1.24.2`

Compare Source

`v1.24.1`

Compare Source

`v1.24.0`

Compare Source

Features

Add support for Unicode boundaries (#5265) (1e6fcf3)
Allow more lines in hidden textarea to improve screen reader experience on Windows (#5225) (bccff5a)
Cuttlefish mode (#5278) (9cddf64)

Bug Fixes

add missing SQL keywords: IS and IN (#5263) (c731164)
bug in lua.lua example file kitchen-sink (#5258) (6549570)
support more environments (#5266) (b196806)

1.23.4 (2023年07月12日)

Bug Fixes

filterText triggered selection range removal when completions range was present (#5249) (b586e4d)

1.23.3 (2023年07月10日)

Bug Fixes

android bug when deleting multiple lines (#5248) (bd066ff), closes #5087
update jshint version to 2.13.6; change esversion to target ECMAScript 11 (#5243) (301aee9)

1.23.2 (2023年07月07日)

Bug Fixes

autocomplete: fix a11y violations (#5241) (decb615)
bug in guttertooltip when tooltipsFollowsMouse set to false (#5217) (67d318e)
typo in function name (#5229) (6e99055)

1.23.1 (2023年06月27日)

`v1.23.4`

Compare Source

`v1.23.3`

Compare Source

`v1.23.2`

Compare Source

`v1.23.1`

Compare Source

`v1.23.0`

Compare Source

Features

autocomplete: ellipsis is shown when suggestions is longer than popover width (#5204) (de4234b)
signal gutterkeydown in keyboard accessibility mode (#5202) (538b18c)

Bug Fixes

Fix vite build and webpack warning (#5192) (e14902e)
gutter tooltip class fix (#5211) (5bdb944)
Improve ARIA labelling fold controls (#5205) (dad5e6f)
regression in setting breakpoints on folded lines (51326eb)

1.22.1 (2023年06月11日)

Bug Fixes

don't throw unhandled errors in TabstopManager when EditSession becomes undefined (#5193) (cd55932)
include ace-modes to the npm package (a074fa4)
jsdoc comment foldings (#5197) (065af41)

`v1.22.1`

Compare Source

`v1.22.0`

Compare Source

Features

add odin mode (#5169) (d455e9b)

1.21.1 (2023年05月16日)

Bug Fixes

console error when hovering over empty gutter cell with tooltipFollowsMouse set to false (#5173) (5ff8d4c)

`v1.21.1`

Compare Source

`v1.21.0`

Compare Source

Features

Custom empty message when no completion found (#5158) (204aafa)
Special trigger characters to start autocomplete (#5147) (c2cfc5a)

Bug Fixes

command bar command type (#5168) (64c8253)

`v1.20.0`

Compare Source

Features

Add gutter controls to keyboard accessibility mode (#5146) (5f2face)
Inline autocomplete tooltip UX redesign (#5149) (8d56c84)

`v1.19.0`

Compare Source

Features

publishing generated styling files to ace-code package (1fa223e)

1.18.1 (2023年05月03日)

Bug Fixes

add mode types, improve type definitions (e22bd5c)
hide $getindent from the SyntaxMode (2b1c65b)
remove '$' fields for types that don't require exposing them (2db9d4e)
remove or update badly formatted declarations (1e7b022)
replaceRange could now be implemented as an instance of the Range interface, rather than being an instance of the Range class (e1bdccc)
wrong next state in regex state (c5ed709)

`v1.18.1`

Compare Source

`v1.18.0`

Compare Source

Features

marker groups (#5113) (01d4605)
summary of annotations in folded lines (#5117) (dc63ba9)

`v1.17.0`

Compare Source

Features

Add annotation level information to gutter tooltip (#5101) (3cd28b8)
Add option to prevent keyboard focus trapping (#5114) (fe5d1bf)
Add option to use SVG gutter icons (#5107) (82eb439)
add ResizeObserver to make calling editor.resize optional (51d5e4d)

Bug Fixes

adds missing 'on' method for 'guttermousedown' (7212042)
Fix bracket highlighting for brackets in open/close tags (#5108) (3c149a9)
Improves Liquid Support (#5098) (0ae8dbb)

`v1.16.0`

Compare Source

Features

Added Editor API to set the ghost text (#5036) (958d573)
Inline autocompletion (#5084) (eb834a1)

Bug Fixes

add updated monospace font for Windows (#5091) (a981972)
Added highlighting for TIES keyword introduced in PostgreSQL 13 (#5033) (9588086)
Added lateral keyword introduced in MySQL 8.0.14 (#5053) (3250956)
editor shadow appears under the selected line background when horizontal scroll is active (#5020) (ab4f788)
Fix bug with missing token in latex folding (#5093) (44b3a3e), closes #5090
Implement highlight mode for PL/SQL (Oracle) dialect (#5037) (159aa70)
Improve MySQL highlighting mode (#5050) (00f6089)
Option to determine specific prefixes for quote insertion (#5067) (34e769c), closes #5063
Remove broken keybinding from vscode mode (#5032) (68ff964)

1.15.3 (2023年03月02日)

1.15.2 (2023年02月16日)

1.15.1 (2023年02月13日)

Bug Fixes

Added lateral keyword introduced in MySQL 8.0.14 ([#5053](https://r

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from moul as a code owner

July 16, 2020 06:26

@auto-add-label auto-add-label Bot added the dependencies label

Jul 16, 2020

@trafico-bot trafico-bot Bot added the 🔍 Ready for Review label

Jul 16, 2020

@moul-bot moul-bot force-pushed the master branch from 57c04e0 to 5c194ed Compare

September 1, 2020 08:11

@renovate renovate Bot force-pushed the renovate/all branch from 1784b2f to 204d1f8 Compare

September 6, 2020 17:54

@renovate renovate Bot force-pushed the renovate/all branch from 204d1f8 to 9129e54 Compare

September 23, 2020 05:10

@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 4a47e76 to 38aeafc Compare

October 8, 2020 12:57

@renovate renovate Bot force-pushed the renovate/all branch from 38aeafc to 8639ff8 Compare

October 11, 2020 20:35

@renovate renovate Bot force-pushed the renovate/all branch from 8639ff8 to 28e71d7 Compare

February 17, 2021 10:31

@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 657835d to 3f76a37 Compare

April 29, 2021 19:45

@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 45026ab to 04a744e Compare

May 4, 2021 15:11

@djale1k

djale1k commented May 4, 2021

Copy link

Copy Markdown

Collaborator

@moul deps are safe for BUMP
tidy deps only needed here.

@renovate renovate Bot force-pushed the renovate/all branch from 04a744e to 05baf90 Compare

May 5, 2021 15:40

@renovate

renovate Bot commented May 5, 2021 •

edited

Loading

Copy link

Copy Markdown

Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻️ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you check the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: docker run --rm --name=renovate_go --label=renovate_child -v "/mnt/renovate/gh/moul/protoc-gen-gotemplate":"/mnt/renovate/gh/moul/protoc-gen-gotemplate" -v "/tmp/renovate-cache":"/tmp/renovate-cache" -v "/tmp/renovate-cache/others/go":"/tmp/renovate-cache/others/go" -e GOPATH -e CGO_ENABLED -w "/mnt/renovate/gh/moul/protoc-gen-gotemplate" docker.io/renovate/go:1.13.15 bash -l -c "git config --global url.\"https://**redacted**@github.com/\".insteadOf \"https://github.com/\" && go get -d ./... && go mod vendor"
go: finding google.golang.org/genproto 4a47615972c2
go: downloading github.com/huandu/xstrings v1.3.2
go: downloading github.com/gobuffalo/packr/v2 v2.8.1
go: downloading github.com/golang/protobuf v1.5.2
go: downloading google.golang.org/genproto v0.0.0-20210506142907-4a47615972c2
go: downloading github.com/Masterminds/sprig v2.22.0+incompatible
go: extracting github.com/huandu/xstrings v1.3.2
go: extracting github.com/gobuffalo/packr/v2 v2.8.1
go: extracting github.com/Masterminds/sprig v2.22.0+incompatible
go: downloading github.com/markbates/safe v1.0.1
go: downloading github.com/gorilla/mux v1.8.0
go: downloading github.com/google/uuid v1.1.2
go: extracting github.com/golang/protobuf v1.5.2
go: extracting github.com/google/uuid v1.1.2
go: downloading github.com/imdario/mergo v0.3.8
go: extracting github.com/markbates/safe v1.0.1
go: extracting github.com/gorilla/mux v1.8.0
go: downloading github.com/markbates/oncer v1.0.0
go: extracting github.com/imdario/mergo v0.3.8
go: extracting github.com/markbates/oncer v1.0.0
go: downloading google.golang.org/protobuf v1.26.0
go: downloading github.com/mitchellh/copystructure v1.0.0
go: downloading github.com/gobuffalo/logger v1.0.3
go: extracting github.com/mitchellh/copystructure v1.0.0
go: downloading github.com/grpc-ecosystem/grpc-gateway v1.16.0
go: downloading github.com/gorilla/handlers v1.5.1
go: extracting github.com/gobuffalo/logger v1.0.3
go: downloading github.com/markbates/errx v1.1.0
go: downloading github.com/sirupsen/logrus v1.4.2
go: extracting github.com/gorilla/handlers v1.5.1
go: downloading github.com/karrick/godirwalk v1.15.8
go: extracting github.com/sirupsen/logrus v1.4.2
go: extracting github.com/markbates/errx v1.1.0
go: downloading github.com/felixge/httpsnoop v1.0.1
go: extracting github.com/felixge/httpsnoop v1.0.1
go: extracting github.com/grpc-ecosystem/grpc-gateway v1.16.0
go: extracting github.com/karrick/godirwalk v1.15.8
go: downloading github.com/mitchellh/reflectwalk v1.0.1
go: downloading github.com/Masterminds/goutils v1.1.0
go: extracting github.com/mitchellh/reflectwalk v1.0.1
go: extracting github.com/Masterminds/goutils v1.1.0
go: extracting google.golang.org/protobuf v1.26.0
go: downloading github.com/ghodss/yaml v1.0.0
go: extracting github.com/ghodss/yaml v1.0.0
go: downloading golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4
go: downloading github.com/gobuffalo/packd v1.0.0
go: downloading github.com/Masterminds/semver v1.5.0
go: downloading gopkg.in/yaml.v2 v2.2.7
go: downloading github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
go: extracting github.com/Masterminds/semver v1.5.0
go: extracting github.com/gobuffalo/packd v1.0.0
go: downloading github.com/konsorten/go-windows-terminal-sequences v1.0.2
go: extracting github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
go: extracting gopkg.in/yaml.v2 v2.2.7
go: extracting github.com/konsorten/go-windows-terminal-sequences v1.0.2
go: extracting golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4
go: extracting google.golang.org/genproto v0.0.0-20210506142907-4a47615972c2
go: extracting gopkg.in/yaml.v2 v2.2.7
moul.io/protoc-gen-gotemplate/helpers imports
	github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway/descriptor imports
	github.com/ghodss/yaml imports
	gopkg.in/yaml.v2: fstatat /tmp/renovate-cache/others/go/pkg/mod/gopkg.in/yaml.v2@v2.2.7: permission denied

@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from cf7b000 to 6779f52 Compare

May 10, 2021 20:52

@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from dd51b41 to f9277d9 Compare

May 20, 2021 16:09

@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 43699f0 to 0a5e8e6 Compare

May 27, 2021 17:17

@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 84640dc to 9f6a797 Compare

October 5, 2021 16:09

@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from f262e80 to f9f30bb Compare

October 13, 2021 03:27

@renovate renovate Bot force-pushed the renovate/all branch 6 times, most recently from d5d3021 to 889d3d6 Compare

October 21, 2021 16:32

@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from aa9d5de to c4ca74f Compare

October 27, 2021 16:12

@renovate renovate Bot force-pushed the renovate/all branch 6 times, most recently from 08c2a72 to d18e4f6 Compare

November 19, 2021 16:41

@renovate renovate Bot force-pushed the renovate/all branch from d18e4f6 to 4186d01 Compare

March 7, 2022 13:29

@renovate

renovate Bot commented Jun 4, 2024 •

edited

Loading

Copy link

Copy Markdown

Author

i Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.13` -> `1.24.0`

@socket-security

socket-security Bot commented Oct 6, 2025 •

edited

Loading

Copy link

Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn	Critical	Critical CVE: nats-io/jwt not enforcing checking of Import token permissions in golang `github.com/nats-io/jwt` CVE: GHSA-62mh-w5cv-p88c nats-io/jwt not enforcing checking of Import token permissions (CRITICAL) Affected versions: <= 1.2.2 Patched version: No patched versions From: `?` → `golang/github.com/nats-io/jwt@v0.3.2` i Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/nats-io/jwt@v0.3.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	Critical	Critical CVE: Incorrect handling of credential expiry by /nats-io/nats-server in golang `github.com/nats-io/jwt` CVE: GHSA-4w5x-x539-ppf5 Incorrect handling of credential expiry by /nats-io/nats-server (CRITICAL) Affected versions: < 1.1.0 Patched version: 1.1.0 From: `?` → `golang/github.com/nats-io/jwt@v0.3.2` i Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/nats-io/jwt@v0.3.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `codeberg.org/go-pdf/fpdf` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/codeberg.org/go-pdf/fpdf@v0.10.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/codeberg.org/go-pdf/fpdf@v0.10.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `gioui.org/x` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/gioui.org/x@v0.2.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/gioui.org/x@v0.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/apache/arrow/go/v14` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/apache/arrow/go/v14@v14.0.2` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/apache/arrow/go/v14@v14.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/aws/aws-sdk-go-v2/service/sts` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.33.17` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.33.17`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/bazelbuild/rules_go` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/bazelbuild/rules_go@v0.49.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/bazelbuild/rules_go@v0.49.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/envoyproxy/go-control-plane/envoy` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/envoyproxy/go-control-plane/envoy` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/envoyproxy/go-control-plane/envoy` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/envoyproxy/go-control-plane/envoy` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/envoyproxy/go-control-plane/envoy` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/envoyproxy/go-control-plane/envoy` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/godbus/dbus/v5` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/godbus/dbus/v5@v5.0.6` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/godbus/dbus/v5@v5.0.6`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/gogo/googleapis` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/gogo/googleapis@v1.1.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/gogo/googleapis@v1.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/googleapis/enterprise-certificate-proxy` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.15` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.15`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/hashicorp/go.net` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/hashicorp/go.net@v0.0.1` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/hashicorp/go.net@v0.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/leodido/go-urn` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/leodido/go-urn@v1.2.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/leodido/go-urn@v1.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/modern-go/reflect2` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/modern-go/reflect2@v1.0.2` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/modern-go/reflect2@v1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/pierrec/lz4` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/pierrec/lz4@v2.0.5+incompatible` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/pierrec/lz4@v2.0.5+incompatible`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `github.com/planetscale/vtprotobuf` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `go.etcd.io/etcd/api/v3` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/go.etcd.io/etcd/api/v3@v3.5.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/go.etcd.io/etcd/api/v3@v3.5.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn	High	Obfuscated code: golang `golang.org/x/tools` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa` → `golang/google.golang.org/genproto@v0.0.0-20260610212136-7ab31c22f7ad` → `golang/github.com/gobuffalo/packr/v2@v2.8.3` → `golang/github.com/grpc-ecosystem/grpc-gateway@v1.16.0` → `golang/golang.org/x/tools@v0.44.0` i Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/tools@v0.44.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate

renovate Bot commented Dec 10, 2025 •

edited

Loading

Copy link

Copy Markdown

Author

i️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.13` -> `1.25.0`

@socket-security

socket-security Bot commented Feb 23, 2026 •

edited

Loading

Copy link

Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
Updated	github.com/grpc-ecosystem/grpc-gateway@v1.12.1 ⏵ v1.16.0	73 ⁺¹	100	100	75	100
Updated	google.golang.org/protobuf@v1.27.1 ⏵ v1.36.11	75 ⁺¹	100 ⁺²	100	100	100
Updated	google.golang.org/genproto@v0.0.0-20200113173426-e1de0a7b01eb ⏵ v0.0.0-20260610212136-7ab31c22f7ad	77 ^-23	100	100	100	100
Added	google.golang.org/genproto/googleapis/api@v0.0.0-20260526163538-3dc84a4a5aaa	80	100	100	100	100
Updated	github.com/gorilla/handlers@v1.4.2 ⏵ v1.5.2	93 ⁺¹	100	100	100	100
Updated	github.com/gobuffalo/packr/v2@v2.8.0 ⏵ v2.8.3	97 ⁺¹	100	100	100	100
Updated	github.com/golang/protobuf@v1.5.2 ⏵ v1.5.4	97 ⁺¹	100	100	100	100
Updated	github.com/gorilla/mux@v1.7.3 ⏵ v1.8.1	98	100	100	100	100
Updated	github.com/huandu/xstrings@v1.3.0 ⏵ v1.5.0	100	100	100	100	100

View full report

@renovate


 fix(deps): update all

44f2ccd

Labels

dependencies 🔍 Ready for Review

1 participant

@djale1k

Uh oh!

Conversation

@renovate renovate Bot commented Jul 16, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Features

Bug Fixes

1.40.2 (2025年05月02日)

1.40.1 (2025年04月23日)

Bug Fixes

Features

1.39.1 (2025年03月20日)

Features

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

1.37.5 (2025年01月16日)

Bug Fixes

1.37.4 (2025年01月09日)

Bug Fixes

1.37.3 (2025年01月07日)

1.37.2 (2025年01月06日)

Bug Fixes

1.37.1 (2024年12月20日)

Bug Fixes

1.36.6 (2024年12月17日)

Bug Fixes

1.36.5 (2024年11月14日)

Features

Bug Fixes

1.36.4 (2024年11月04日)

Bug Fixes

1.36.3 (2024年10月21日)

Bug Fixes

1.36.2 (2024年08月30日)

Bug Fixes

1.36.1 (2024年08月29日)

Bug Fixes

Features

1.35.5 (2024年08月20日)

1.35.4 (2024年07月22日)

Bug Fixes

1.35.3 (2024年07月18日)

Bug Fixes

1.35.2 (2024年07月01日)

1.35.1 (2024年06月27日)

Bug Fixes

Features

Bug Fixes

1.34.2 (2024年05月27日)

1.34.1 (2024年05月24日)

Bug Fixes

Features

1.33.3 (2024年05月21日)

Bug Fixes

1.33.2 (2024年05月13日)

Bug Fixes

1.33.1 (2024年04月23日)

Bug Fixes

Features

Bug Fixes

1.32.9 (2024年03月29日)

Bug Fixes

1.32.8 (2024年03月22日)

Bug Fixes

1.32.7 (2024年03月01日)

Bug Fixes

1.32.6 (2024年02月07日)

1.32.5 (2024年01月30日)

1.32.4 (2024年01月29日)

Bug Fixes

1.32.3 (2023年12月29日)

Bug Fixes

1.32.2 (2023年12月14日)

Bug Fixes

1.32.1 (2023年12月11日)

Bug Fixes

Features

@renovate renovate Bot commented Jul 16, 2020 •

edited

Loading