Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update gomod (major) #2598

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update gomod (major) #2598

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 7, 2024
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/go-jose/go-jose/v3 v3.0.3 -> v4.0.2 age adoption passing confidence
github.com/onsi/ginkgo v1.16.5 -> v2.19.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

go-jose/go-jose (github.com/go-jose/go-jose/v3)

v4.0.2: Version 4.0.2

Compare Source

What's Changed

New Contributors

Full Changelog: go-jose/go-jose@v4.0.1...v4.0.2

v4.0.1

Compare Source

Fixed

  • An attacker could send a JWE containing compressed data that used large
    amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
    Those functions now return an error if the decompressed data would exceed
    250kB or 10x the compressed size (whichever is larger). Thanks to
    Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@​zer0yu and @​chenjj)
    for reporting.

v4.0.0

Compare Source

This release makes some breaking changes in order to more thoroughly
address the vulnerabilities discussed in Three New Attacks Against JSON Web
Tokens, "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
token".

Changed

  • Limit JWT encryption types (exclude password or public key types) (#​78)
  • Enforce minimum length for HMAC keys (#​85)
  • jwt: match any audience in a list, rather than requiring all audiences (#​81)
  • jwt: accept only Compact Serialization (#​75)
  • jws: Add expected algorithms for signatures (#​74)
  • Require specifying expected algorithms for ParseEncrypted,
    ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
    jwt.ParseSignedAndEncrypted (#​69, #​74)
    • Usually there is a small, known set of appropriate algorithms for a program
      to use and it's a mistake to allow unexpected algorithms. For instance the
      "billion hash attack" relies in part on programs accepting the PBES2
      encryption algorithm and doing the necessary work even if they weren't
      specifically configured to allow PBES2.
  • Revert "Strip padding off base64 strings" (#​82)
  • The specs require base64url encoding without padding.
  • Minimum supported Go version is now 1.21

Added

  • ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
    • These allow parsing a specific serialization, as opposed to ParseSigned and
      ParseEncrypted, which try to automatically detect which serialization was
      provided. It's common to require a specific serialization for a specific
      protocol - for instance JWT requires Compact serialization.
onsi/ginkgo (github.com/onsi/ginkgo)

v2.19.0

Compare Source

2.19.0
Features

Label Sets allow for more expressive and flexible label filtering.

v2.18.0

Compare Source

2.18.0

Features
  • Add --slience-skips and --force-newlines [f010b65]
  • fail when no tests were run and --fail-on-empty was set [d80eebe]
Fixes
  • Fix table entry context edge case [42013d6]
Maintenance

v2.17.3

Compare Source

2.17.3

Fixes

ginkgo watch now ignores hidden files [bde6e00]

v2.17.2

Compare Source

2.17.2

Fixes
  • fix: close files [32259c8]
  • fix github output log level for skipped specs [780e7a3]
Maintenance

v2.17.1

Compare Source

2.17.1

Fixes
  • If the user sets --seed=0, make sure all parallel nodes get the same seed [af0330d]

v2.17.0

Compare Source

2.17.0

Features
  • add --github-output for nicer output in github actions [e8a2056]
Maintenance

v2.16.0

Compare Source

2.16.0

Features
  • add SpecContext to reporting nodes
Fixes
Maintenance

v2.15.0

Compare Source

2.15.0

Features
  • JUnit reports now interpret Label(owner:X) and set owner to X. [8f3bd70]
  • include cancellation reason when cancelling spec context [96e915c]
Fixes
  • emit output of failed go tool cover invocation so users can try to debug things for themselves [c245d09]
  • fix outline when using nodot in ginkgo v2 [dca77c8]
  • Document areas where GinkgoT() behaves differently from testing.T [dbaf18f]
  • bugfix(docs): use Unsetenv instead of Clearenv (#​1337) [6f67a14]
Maintenance

v2.14.0

Compare Source

2.14.0

Features

You can now use GinkgoTB() when you need an instance of testing.TB to pass to a library.

Prior to this release table testing only supported generating individual Its for each test entry. DescribeTableSubtree extends table testing support to entire testing subtrees - under the hood DescrieTableSubtree generates a new container for each entry and invokes your function to fill our the container. See the docs to learn more.

Fixes
Maintenance

v2.13.2

Compare Source

2.13.2

Fixes

v2.13.1

Compare Source

2.13.1

Fixes

  • 1296 fix(precompiled test guite): exec bit check omitted on Windows (#​1301) [26eea01]

Maintenance
  • Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 (#​1291) [7161a9d]
  • Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#​1295) [7fc7b10]
  • Bump golang.org/x/tools from 0.12.0 to 0.14.0 (#​1282) [74bbd65]
  • Bump github.com/onsi/gomega from 1.27.10 to 1.29.0 (#​1290) [9373633]
  • Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#​1286) [6e3cf65]

v2.13.0

Compare Source

2.13.0

Features

Add PreviewSpect() to enable programmatic preview access to the suite report (fixes #​1225)

v2.12.1

Compare Source

2.12.1

Fixes
Maintenance

v2.12.0

Compare Source

2.12.0

Features
  • feat: allow MustPassRepeatedly decorator to be set at suite level (#​1266) [05de518]
Fixes
Maintenance

Various chores/dependency bumps.

v2.11.0

Compare Source

2.11.0

In prior versions of Ginkgo specs the CLI filter flags (e.g. --focus, --label-filter) would override any programmatic focus. This behavior has proved surprising and confusing in at least the following ways:

  • users cannot combine programmatic filters and CLI filters to more efficiently select subsets of tests
  • CLI filters can override programmatic focus on CI systems resulting in an exit code of 0 despite the presence of (incorrectly!) committed focused specs.

Going forward Ginkgo will AND all programmatic and CLI filters. Moreover, the presence of any programmatic focused tests will always result in a non-zero exit code.

This change is technically a change in Ginkgo's external contract and may require some users to make changes to successfully adopt. Specifically: it's possible some users were intentionally using CLI filters to override programmatic focus. If this is you please open an issue so we can explore solutions to the underlying problem you are trying to solve.

Fixes
  • Programmatic focus is no longer overwrriten by CLI filters [d6bba86]
Maintenance

v2.10.0

Compare Source

2.10.0

Features
  • feat(ginkgo/generators): add --tags flag (#​1216) [a782a77]
    adds a new --tags flag to ginkgo generate
Fixes
Maintenance

v2.9.7

Compare Source

2.9.7

Fixes
  • fix race when multiple defercleanups are called in goroutines [07fc3a0]

v2.9.6

Compare Source

2.9.6

Fixes
Maintenance
  • Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#​1202) [3e39231]

v2.9.5

Compare Source

2.9.5

Fixes
  • ensure the correct deterministic sort order is produced when ordered specs are generated by a helper function [7fa0b6b]
Maintenance

v2.9.4

Compare Source

2.9.4

Fixes

  • fix hang with ginkgo -p (#​1192) [15d4bdc] - this addresses a long standing issue related to Ginkgo hanging when a child process spawned by the test does not exit.

  • fix: fail fast may cause Serial spec or cleanup Node interrupted (#​1178) [8dea88b] - prior to this there was a small gap in which specs on other processes might start even if one process has tried to abort the suite.

Maintenance
  • Document run order when multiple setup nodes are at the same nesting level [903be81]

v2.9.3

Compare Source

2.9.3

Features
  • Add RenderTimeline to GinkgoT() [c0c77b6]
Fixes
Maintenance

v2.9.2

Compare Source

2.9.2

Maintenance

v2.9.1

Compare Source

2.9.1

Fixes

This release fixes a longstanding issue where ginkgo -coverpkg=./... would not work. This is now resolved and fixes #​1161 and #​995

  • Support -coverpkg=./... [26ca1b5]
  • document coverpkg a bit more clearly [fc44c3b]
Maintenance
  • bump various dependencies
  • Improve Documentation and fix typo (#​1158) [93de676]

v2.9.0

Compare Source

2.9.0

Features

  • AttachProgressReporter is an experimental feature that allows users to provide arbitrary information when a ProgressReport is requested [28801fe]

  • GinkgoT() has been expanded to include several Ginkgo-specific methods [2bd5a3b]

    The intent is to enable the development of third-party libraries that integrate deeply with Ginkgo using GinkgoT() to access Ginkgo's functionality.

v2.8.4

Compare Source

2.8.4

Features
Fixes
  • rename tools hack to see if it fixes things for downstream users [a8bb39a]
Maintenance

v2.8.3

Compare Source

2.8.3

Released to fix security issue in golang.org/x/net dependency

Maintenance
  • Bump golang.org/x/net from 0.6.0 to 0.7.0 (#​1141) [fc1a02e]
  • remove tools.go hack from documentation [0718693]

v2.8.2

Compare Source

2.8.2

Ginkgo now includes a tools.go file in the root directory of the ginkgo package. This should allow modules that simply go get github.com/onsi/ginkgo/v2 to also pull in the CLI dependencies. This obviates the need for consumers of Ginkgo to have their own tools.go file and makes it simpler to ensure that the version of the ginkgo CLI being used matches the version of the library. You can simply run go run github.com/onsi/ginkgo/v2/ginkgo to run the version of the cli associated with your package go.mod.

Maintenance

v2.8.1

Compare Source

2.8.1

Fixes
  • lock around default report output to avoid triggering the race detector when calling By from goroutines [2d5075a]
  • don't run ReportEntries through sprintf [febbe38]
Maintenance

v2.8.0

Compare Source

2.8.0

Features
  • Introduce GinkgoHelper() to track and exclude helper functions from potential CodeLocations [e19f556]

Modeled after testing.T.Helper(). Now, rather than write code like:

func helper(model Model) {
    Expect(model).WithOffset(1).To(BeValid())
    Expect(model.SerialNumber).WithOffset(1).To(MatchRegexp(/[a-f0-9]*/))
}

you can stop tracking offsets (which makes nesting composing helpers nearly impossible) and simply write:

func helper(model Model) {
    GinkgoHelper()
    Expect(model).To(BeValid())
    Expect(model.SerialNumber).To(MatchRegexp(/[a-f0-9]*/))
}
  • Introduce GinkgoLabelFilter() and Label().MatchesLabelFilter() to make it possible to programmatically match filters (fixes #​1119) [2f6597c]

You can now write code like this:

BeforeSuite(func() {
	if Label("slow").MatchesLabelFilter(GinkgoLabelFilter()) {
		// do slow setup
	}

	if Label("fast").MatchesLabelFilter(GinkgoLabelFilter()) {
		// do fast setup
	}
})

to programmatically check whether a given set of labels will match the configured --label-filter.

Maintenance

v2.7.1

Compare Source

2.7.1
Fixes
  • Bring back SuiteConfig.EmitSpecProgress to avoid compilation issue for consumers that set it manually [d2a1cb0]
Maintenance

v2.7.0

Compare Source

2.7.0

Features
  • Introduce ContinueOnFailure for Ordered containers [e0123ca] - Ordered containers that are also decorated with ContinueOnFailure will not stop running specs after the first spec fails.
  • Support for bootstrap commands to use custom data for templates (#​1110) [7a2b242]
  • Support for labels and pending decorator in ginkgo outline output (#​1113) [e6e3b98]
  • Color aliases for custom color support (#​1101) [49fab7a]
Fixes
  • correctly ensure deterministic spec order, even if specs are generated by iterating over a map [89dda20]
  • Fix a bug where timedout specs were not correctly treated as failures when determining whether or not to run AfterAlls in an Ordered container.
  • Ensure go test coverprofile outputs to the expected location (#​1105) [b0bd77b]

v2.6.1

Compare Source

2.6.1

Features
  • Override formatter colors from envvars - this is a new feature but an alternative approach involving config files might be taken in the future (#​1095) [60240d1]
Fixes
  • GinkgoRecover now supports ignoring panics that match a specific, hidden, interface [301f3e2]
Maintenance

v2.6.0

Compare Source

2.6.0

Features
  • ReportBeforeSuite provides access to the suite report before the suite begins.
  • Add junit config option for omitting leafnodetype (#​1088) [956e6d2]
  • Add support to customize junit report config to omit spec labels (#​1087) [de44005]
Fixes
  • Fix stack trace pruning so that it has a chance of working on windows [2165648]

v2.5.1

Compare Source

2.5.1

Fixes
Maintenance

v2.5.0

Compare Source

2.5.0

Ginkgo output now includes a timeline-view of the spec

This commit changes Ginkgo's default output. Spec details are now
presented as a timeline that includes events that occur during the spec
lifecycle interleaved with any GinkgoWriter content. This makes is much easier
to understand the flow of a spec and where a given failure occurs.

The --progress, --slow-spec-threshold, --always-emit-ginkgo-writer flags
and the SuppressProgressReporting decorator have all been deprecated. Instead
the existing -v and -vv flags better capture the level of verbosity to display. However,
a new --show-node-events flag is added to include node > Enter and < Exit events
in the spec timeline.

In addition, JUnit reports now include the timeline (rendered with -vv) and custom JUnit
reports can be configured and generated using
GenerateJUnitReportWithConfig(report types.Report, dst string, config JunitReportConfig)

Code should continue to work unchanged with this version of Ginkgo - however if you have tooling that
was relying on the specific output format of Ginkgo you may run into issues. Ginkgo's console output is not guaranteed to be stable for tooling and automation purposes. You should, instead, use Ginkgo's JSON format
to build tooling on top of as it has stronger guarantees to be stable from version to version.

Features
  • Provide details about which timeout expired [0f2fa27]
Fixes
  • Add Support Policy to docs [c70867a]
Maintenance
  • Bump github.com/onsi/gomega from 1.22.1 to 1.23.0 (#​1070) [bb3b4e2]

v2.4.0

Compare Source

2.4.0

Features
Fixes
Maintenance

v2.3.1

Compare Source

2.3.1
Fixes

Several users were invoking ginkgo by installing the latest version of the cli via go install github.com/onsi/ginkgo/v2/ginkgo@latest. When 2.3.0 was released this resulted in an influx of issues as CI systems failed due to a change in the internal contract between the Ginkgo CLI and the Ginkgo library. Ginkgo only supports running the same version of the library as the cli (which is why both are packaged in the same repository).

With this patch release, the ginkgo CLI can now identify a version mismatch and emit a helpful error message.

  • Ginkgo cli can identify version mismatches and emit a helpful error message [bc4ae2f]
  • further emphasize that a version match is required when running Ginkgo on CI and/or locally [2691dd8]
Maintenance

v2.3.0

Compare Source

2.3.0

Interruptible Nodes and Timeouts

Ginkgo now supports per-node and per-spec timeouts on interruptible nodes. Check out the documentation for all the details but the gist is you can now write specs like this:

It("is interruptible", func(ctx SpecContext) { // or context.Context instead of SpecContext, both are valid.
    // do things until `ctx.Done()` is closed, for example:
    req, err := http.NewRequestWithContext(ctx, "POST", "/build-widgets", nil)
    Expect(err).NotTo(HaveOccured())
    _, err := http.DefaultClient.Do(req)
    Expect(err).NotTo(HaveOccured())

    Eventually(client.WidgetCount).WithContext(ctx).Should(Equal(17))
}, NodeTimeout(time.Second*20), GracePeriod(5*time.Second))

and have Ginkgo ensure that the node completes before the timeout elapses. If it does elapse, or if an external interrupt is received (e.g. ^C) then Ginkgo will cancel the context and wait for the Grace Period for the node to exit before proceeding with any cleanup nodes associated with the spec. The ctx provided by Ginkgo can also be passed down to Gomega's Eventually to have all assertions within the node governed by a single deadline.

Features
  • Ginkgo now records any additional failures that occur during the cleanup of a failed spec. In prior versions this information was quietly discarded, but the introduction of a more rigorous approach to timeouts and interruptions allows Ginkgo to better track subsequent failures.
  • SpecContext also provides a mechanism for third-party libraries to provide additional information when a Progress Report is generated. Gomega uses this to provide the current state of an Eventually().WithContext() assertion when a Progress Report is requested.
  • DescribeTable now exits with an error if it is not passed any Entries [a4c9865]

Fixes

  • fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dependency [92c88d5]
  • Make the outline command able to use the DSL import [1be2427]

Maintenance

  • chore(docs): delete no meaning d [57c373c]
  • chore(docs): Fix hyperlinks [30526d5]
  • chore(docs): fix code blocks without language settings [cf611c4]
  • fix intra-doc link [b541bcb]

v2.2.0

Compare Source

2.2.0
Generate real-time Progress Reports [f91377c]

Ginkgo can now generate Progress Reports to point users at the current running line of code (including a preview of the actual source code) and a best guess at the most relevant subroutines.

These Progress Reports allow users to debug stuck or slow tests without exiting the Ginkgo process. A Progress Report can be generated at any time by sending Ginkgo a SIGINFO (^T on MacOS/BSD) or SIGUSR1.

In addition, the user can specify --poll-progress-after and --poll-progress-interval to have Ginkgo start periodically emitting progress reports if a given node takes too long. These can be overriden/set on a per-node basis with the PollProgressAfter and PollProgressInterval decorators.

Progress Reports are emitted to stdout, and also stored in the machine-redable report formats that Ginkgo supports.

Ginkgo also uses this progress reporting infrastructure under the hood when handling timeouts and interrupts. This yields much more focused, useful, and informative stack traces than previously.

Features

  • BeforeSuite, AfterSuite, SynchronizedBeforeSuite, SynchronizedAfterSuite, and ReportAfterSuite now support (the relevant subset of) decorators. These can be passed in after the callback functions that are usually passed into these nodes.

    As a result the signature of these methods has changed and now includes a trailing args ...interface{}. For most users simply using the DSL, this change is transparent. However if you were assigning one of these functions to a custom variable (or passing it around) then your code may need to change to reflect the new signature.

Maintenance
  • Modernize the invocation of Ginkgo in github actions [0ffde58]
  • Update reocmmended CI settings in docs [896bbb9]
  • Speed up unnecessarily slow integration test [6d3a90e]

v2.1.6

Compare Source

2.1.6
Fixes
  • Add SuppressProgressReporting decorator to turn off --progress announcements for a given node [dfef62a]
  • chore: remove duplicate word in comments [7373214]

v2.1.5

Compare Source

2.1.5
Fixes
  • drop -mod=mod instructions; fixes #​1026 [6ad7138]
  • Ensure CurrentSpecReport and AddReportEntry are thread-safe [817c09b]
  • remove stale importmap gcflags flag test [3cd8b93]
  • Always emit spec summary [5cf23e2] - even when only one spec has failed
  • Fix ReportAfterSuite usage in docs [b1864ad]
  • fixed typo (#​997) [219cc00]
  • TrimRight is not designed to trim Suffix [71ebb74]
  • refactor: replace strings.Replace with strings.ReplaceAll (#​978) [143d208]
  • fix syntax in examples (#​975) [b69554f]
Maintenance

v2.1.4

Compare Source

Fixes
  • Numerous documentation typos
  • Prepend when when using When (this behavior was in 1.x but unintentionally lost during the 2.0 rewrite) [efce903]
  • improve error message when a parallel process fails to report back [a7bd1fe]
  • guard against concurrent map writes in DeprecationTracker [0976569]
  • Invoke reporting nodes during dry-run (fixes #​956 and #​935) [aae4480]
  • Fix ginkgo import circle [f779385]

v2.1.3

Compare Source

See https://onsi.github.io/ginkgo/MIGRATING_TO_V2 for details on V2.

Fixes
  • Calling By in a container node now emits a useful error. [ff12cee]

v2.1.2

Compare Source

Fixes
  • Track location of focused specs correctly in ginkgo unfocus [a612ff1]
  • Profiling suites with focused specs no longer generates an erroneous failure message [8fbfa02]
  • Several documentation typos fixed. Big thanks to everyone who helped catch them and report/fix them!

v2.1.1

Compare Source

See https://onsi.github.io/ginkgo/MIGRATING_TO_V2 for details on V2.

Fixes
  • Suites that only import the new dsl packages are now correctly identified as Ginkgo suites [ec17e17]

v2.1.0

Compare Source

See https://onsi.github.io/ginkgo/MIGRATING_TO_V2 for details on V2.

2.1.0 is a minor release with a few tweaks:

  • Introduce new DSL packages to enable users to pick-and-choose which portions of the DSL to dot-import. [90868e2] More details here.
  • Add error check for invalid/nil parameters to DescribeTable [6f8577e]
  • Myriad docs typos fixed (thanks everyone!) [718542a, ecb7098, 146654c, a8f9913, 6bdffde, 03dcd7e]

v2.0.0: Ginkgo v2.0.0

Compare Source

Ginkgo v2.0.0 is a major new release of Ginkgo.

The changes to Ginkgo are substantial and wide-ranging, however care has been given to ensure that most users will experience a smooth migration from V1 to V2 with relatively little work. A combined changelog and migration guides is available here and the Ginkgo docs have been updated to capture the new functionality in V2.

Configuration

📅 Schedule: Branch creation - "after 8am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner April 7, 2024 09:44
@github-actions github-actions bot added the dependencies Pull requests that update a dependency file label Apr 7, 2024
@renovate renovate bot force-pushed the renovate/major-gomod branch 3 times, most recently from 7852a21 to 27ccc4e Compare May 14, 2024 00:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants