Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update go deps (major) #848

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update go deps (major) #848

wants to merge 2 commits into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 11, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/gammazero/deque v0.2.1 -> v1.0.0 age adoption passing confidence
github.com/go-jose/go-jose/v3 v3.0.3 -> v4.0.4 age adoption passing confidence
github.com/pion/webrtc/v3 v3.2.28 -> v4.0.2 age adoption passing confidence

Release Notes

gammazero/deque (github.com/gammazero/deque)

v1.0.0

Compare Source

What's Changed

  • Add Grow function to grow deque, if necessary, so that it has space for at least n additional items.
  • Add Swap function to exchange two items in deque
  • Allow Insert with out of range indexes, inserting item at front or back of deque.
  • Update required go version to 1.22
  • BREAKING Replace SetMinCapacity with SetBaseCap to set base capacity, so that deque always has space reserved for at least the specified number of items.
  • BREAKING Remove New function as it is not needed to initialize Deque with initial size and base capacity. Use Grow and SetBaseCap for this.

Full Changelog: gammazero/deque@v0.2.1...v1.0.0

go-jose/go-jose (github.com/go-jose/go-jose/v3)

v4.0.4

Compare Source

Fixed

  • Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a
    breaking change. See #​136 / #​137.

v4.0.3

Compare Source

Changed

  • Allow unmarshalling JSONWebKeySets with unsupported key types (#​130)
  • Document that OpaqueKeyEncrypter can't be implemented (for now) (#​129)
  • Dependency updates

v4.0.2

Compare Source

Changed

  • Improved documentation of Verify() to note that JSONWebKeySet is a supported
    argument type (#​104)
  • Defined exported error values for missing x5c header and unsupported elliptic
    curves error cases (#​117)

v4.0.1

Compare Source

Fixed

  • An attacker could send a JWE containing compressed data that used large
    amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
    Those functions now return an error if the decompressed data would exceed
    250kB or 10x the compressed size (whichever is larger). Thanks to
    Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@​zer0yu and @​chenjj)
    for reporting.

v4.0.0

Compare Source

This release makes some breaking changes in order to more thoroughly
address the vulnerabilities discussed in Three New Attacks Against JSON Web
Tokens, "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
token".

Changed

  • Limit JWT encryption types (exclude password or public key types) (#​78)
  • Enforce minimum length for HMAC keys (#​85)
  • jwt: match any audience in a list, rather than requiring all audiences (#​81)
  • jwt: accept only Compact Serialization (#​75)
  • jws: Add expected algorithms for signatures (#​74)
  • Require specifying expected algorithms for ParseEncrypted,
    ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
    jwt.ParseSignedAndEncrypted (#​69, #​74)
    • Usually there is a small, known set of appropriate algorithms for a program
      to use and it's a mistake to allow unexpected algorithms. For instance the
      "billion hash attack" relies in part on programs accepting the PBES2
      encryption algorithm and doing the necessary work even if they weren't
      specifically configured to allow PBES2.
  • Revert "Strip padding off base64 strings" (#​82)
  • The specs require base64url encoding without padding.
  • Minimum supported Go version is now 1.21

Added

  • ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
    • These allow parsing a specific serialization, as opposed to ParseSigned and
      ParseEncrypted, which try to automatically detect which serialization was
      provided. It's common to require a specific serialization for a specific
      protocol - for instance JWT requires Compact serialization.
pion/webrtc (github.com/pion/webrtc/v3)

v4.0.2

Compare Source

Changelog

  • 2fd3640 Only collect single fingerprints/ICE credentials
  • 363e017 Update module github.com/pion/dtls/v3 to v3.0.4
  • 8c06e02 Update module golang.org/x/net to v0.30.0
  • e53cbc4 Fix race when closing ICE Transport
  • ae89317 Test that NULL Protection Profile is disabled
  • 271ab55 Add WithPayloader to TrackLocalStatic

v4.0.1

Compare Source

What's Changed

Full Changelog: pion/webrtc@v4.0.0...v4.0.1

v4.0.0

Compare Source

Changelog

  • 3f1622a Add v4 Release Notes to README
  • bb41f23 Don't use JitterBuffer in SampleBuilder
  • dc1f8ff Add ice transport api to get selected pair stats

v3.3.4

Compare Source

Changelog

  • 90222f6 Update ICE version
  • c3c7178 Add ice transport api to get selected pair stats

v3.3.3

Compare Source

Changelog

v3.3.2

Compare Source

Changelog

  • 8bf9954 Return object icluding stat id for selected pair

v3.3.1

Compare Source

Changelog

  • f99d4ed Don't reuse transceiver in one round negotiation
  • 540af5b Prevent ICETransport start/stop deadlock
  • 6ac4b71 Fix concurrent pc.GracefulClose

v3.3.0

Compare Source

New Feature

peerconnection.SCTPTransport now provides an OnClose callback that can be used to detect remote peer connection close similar to the OnError callback.

What's Changed

Full Changelog: pion/webrtc@v3.2.51...v3.3.0

v3.2.51

Compare Source

What's Changed

Full Changelog: pion/webrtc@v3.2.50...v3.2.51

v3.2.50

Compare Source

Changelog

  • 2364173 Fix our-of-order twcc fb cause by rtx blocked
  • 69cd4e4 Close unhandled rtcp simulcast streams
  • a598bab Bump ice to v2.3.31

v3.2.49

Compare Source

Changelog

  • 5437ff5 Added support for SRTP_NULL_HMAC_SHA1_80 cipher

v3.2.48

Compare Source

Changelog

  • bd3aaae Fix TestPeerConnection_Simulcast
  • af63d2b Properly handle non-media probes
  • 482d9eb Updated pion modules to latest versions
  • 48cfc63 Hold pc.mu while populating local candidates

v3.2.47

Compare Source

Changelog

  • 7407903 Match header extensions to remote media sections

v3.2.46

Compare Source

Changelog

v3.2.45

Compare Source

Changelog

v3.2.44

Compare Source

What's Changed

Full Changelog: pion/webrtc@v3.2.43...v3.2.44

v3.2.43

Compare Source

What's Changed

Full Changelog: pion/webrtc@v3.2.42...v3.2.43

v3.2.42

Compare Source

Changelog

  • 43a6a69 Reset state machine after negotiationNeededOp

v3.2.41

Compare Source

What's Changed

Full Changelog: pion/webrtc@v3.2.40...v3.2.41

v3.2.40

Compare Source

Changelog

  • 7cad104 Update module github.com/pion/ice/v2 to v2.3.24

v3.2.39

Compare Source

Changelog

  • e7cf3ba Update RtxSSRC for simulcast track remote

v3.2.38

Compare Source

Changelog
  • 7be0482 Update module github.com/pion/sctp to v1.8.16
  • 9d76240 Update module github.com/pion/ice/v2 to v2.3.15

v3.2.37

Compare Source

Changelog

  • a43143e Add padding support to TrackLocalStaticSample

v3.2.36

Compare Source

Changelog

  • 2f0fe93 Declare Go 1.17 as minimum version

v3.2.35

Compare Source

Changelog

  • f53f0a9 Update github.com/pion/transport/v2 to v2.2.4
  • c1e5386 Declare Go 1.19 as minimum version

v3.2.34

Compare Source

Changelog

  • cb8ab4a Update github.com/pion/sctp to v1.8.14

v3.2.33

Compare Source

Changelog

v3.2.32

Compare Source

Changelog

  • 4c25aa6 Include msid-semantic in Session Attributes

v3.2.31

Compare Source

Changelog

  • b84753e Update github.com/pion/rtp to v1.8.5

v3.2.30

Compare Source

Changelog

  • 10dca09 Update github.com/pion/sdp/v3 to v3.0.9
  • de2e7b7 Put SCTP Zero Checksum behind SettingEngine
  • 39919d7 SampleBuilder: Deprecate PopWithTimestamp

v3.2.29

Compare Source

Changelog

  • 0b447fd Update module github.com/pion/sdp to v3.0.8

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Oct 11, 2024
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 16 additional dependencies were updated

Details:

Package Change
github.com/pion/sdp/v3 v3.0.6 -> v3.0.9
github.com/pion/datachannel v1.5.5 -> v1.5.9
github.com/pion/dtls/v2 v2.2.7 -> v2.2.12
github.com/pion/ice/v2 v2.3.13 -> v2.3.36
github.com/pion/interceptor v0.1.25 -> v0.1.37
github.com/pion/rtcp v1.2.12 -> v1.2.14
github.com/pion/rtp v1.8.3 -> v1.8.9
github.com/pion/sctp v1.8.12 -> v1.8.33
github.com/pion/srtp/v2 v2.0.18 -> v2.0.20
github.com/pion/transport/v2 v2.2.3 -> v2.2.10
github.com/pion/turn/v2 v2.1.3 -> v2.1.6
golang.org/x/crypto v0.25.0 -> v0.28.0
golang.org/x/net v0.27.0 -> v0.30.0
golang.org/x/sync v0.7.0 -> v0.8.0
golang.org/x/sys v0.22.0 -> v0.26.0
golang.org/x/text v0.16.0 -> v0.19.0

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 11, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: 62f2d1c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

💥 An error occurred when fetching the changed packages and changesets in this PR 
Some errors occurred when validating the changesets config:
The package or glob expression "github.com/livekit/protocol" specified in the `fixed` option does not match any package in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.

@renovate renovate bot changed the title Update go deps to v4 (major) fix(deps): update go deps to v4 (major) Oct 15, 2024
@renovate renovate bot changed the title fix(deps): update go deps to v4 (major) Update go deps to v4 (major) Oct 31, 2024
@renovate renovate bot force-pushed the renovate/major-go-deps branch 2 times, most recently from 2b71871 to 7574146 Compare November 15, 2024 10:03
@renovate renovate bot changed the title Update go deps to v4 (major) Update go deps (major) Nov 15, 2024
@renovate
Update go deps
62f2d1c 
Generated by renovateBot
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Nov 16, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants