Bump the dependencies group in /api with 5 updates

[dependabot]

Bumps the dependencies group in /api with 5 updates:

Package	From	To
github.com/go-sql-driver/mysql	1.6.0	1.8.1
github.com/labstack/echo/v4	4.8.0	4.11.4
github.com/stretchr/testify	1.8.0	1.8.4
go.uber.org/zap	1.23.0	1.27.0
golang.org/x/crypto	0.0.0-20220829220503-c86fa9a7ed90	0.17.0

Updates github.com/go-sql-driver/mysql from 1.6.0 to 1.8.1

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.8.1

What's Changed

Bugfixes:

• fix race condition when context is canceled in #1562 and #1570

Full Changelog: go-sql-driver/mysql@v1.8.0...v1.8.1

v1.8.0

What's Changed

Major changes

• Use SET NAMES charset COLLATE collation. by @​methane in go-sql-driver/mysql#1437

  • Older go-mysql-driver used collation_id in the handshake packet. But it caused collation mismatch in some situation.
  • If you don't specify charset nor collation, go-mysql-driver sends SET NAMES utf8mb4 for new connection. This uses server's default collation for utf8mb4.
  • If you specify charset, go-mysql-driver sends SET NAMES <charset>. This uses the server's default collation for <charset>.
  • If you specify collation and/or charset, go-mysql-driver sends SET NAMES charset COLLATE collation.

• PathEscape dbname in DSN. by @​methane in go-sql-driver/mysql#1432

  • This is backward incompatible in rare case. Check your DSN.

• Drop Go 1.13-17 support by @​methane in go-sql-driver/mysql#1420

  • Use Go 1.18+

• Parse numbers on text protocol too by @​methane in go-sql-driver/mysql#1452

  • When text protocol is used, go-mysql-driver passed bare []byte to database/sql for avoid unnecessary allocation and conversion.
  • If user specified *any to Scan(), database/sql passed the []byte into the target variabe.
  • This confused users because most user doesn't know when text/binary protocol used.
  • go-mysql-driver 1.8 converts integer/float values into int64/double even in text protocol. This doesn't increase allocation compared to []byte and conversion cost is negilible.

• New options start using the Functional Option Pattern to avoid increasing technical debt in the Config object. Future version may introduce Functional Option for existing options, but not for now.

  • Make TimeTruncate functional option by @​methane in go-sql-driver/mysql#1552
  • Add BeforeConnect callback to configuration object by @​ItalyPaleAle in go-sql-driver/mysql#1469

Other changes

• Adding DeregisterDialContext to prevent memory leaks with dialers we don't need anymore by @​jypelle in go-sql-driver/mysql#1422
• Make logger configurable per connection by @​frozenbonito in go-sql-driver/mysql#1408
• Fix ColumnType.DatabaseTypeName for mediumint unsigned by @​evanelias in go-sql-driver/mysql#1428
• Add connection attributes by @​Daemonxiao in go-sql-driver/mysql#1389
• Stop ColumnTypeScanType() from returning sql.RawBytes by @​methane in go-sql-driver/mysql#1424
• Exec() now provides access to status of multiple statements. by @​mherr-google in go-sql-driver/mysql#1309
• Allow to change (or disable) the default driver name for registration by @​dolmen in go-sql-driver/mysql#1499

... (truncated)

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

Version 1.8.1 (2024-03-26)

Bugfixes:

• fix race condition when context is canceled in #1562 and #1570

Version 1.8.0 (2024-03-09)

Major Changes:

• Use SET NAMES charset COLLATE collation. by @​methane in #1437
  • Older go-mysql-driver used collation_id in the handshake packet. But it caused collation mismatch in some situation.
  • If you don't specify charset nor collation, go-mysql-driver sends SET NAMES utf8mb4 for new connection. This uses server's default collation for utf8mb4.
  • If you specify charset, go-mysql-driver sends SET NAMES <charset>. This uses the server's default collation for <charset>.
  • If you specify collation and/or charset, go-mysql-driver sends SET NAMES charset COLLATE collation.
• PathEscape dbname in DSN. by @​methane in #1432
  • This is backward incompatible in rare case. Check your DSN.
• Drop Go 1.13-17 support by @​methane in #1420
  • Use Go 1.18+
• Parse numbers on text protocol too by @​methane in #1452
  • When text protocol is used, go-mysql-driver passed bare []byte to database/sql for avoid unnecessary allocation and conversion.
  • If user specified *any to Scan(), database/sql passed the []byte into the target variable.
  • This confused users because most user doesn't know when text/binary protocol used.
  • go-mysql-driver 1.8 converts integer/float values into int64/double even in text protocol. This doesn't increase allocation compared to []byte and conversion cost is negatable.
• New options start using the Functional Option Pattern to avoid increasing technical debt in the Config object. Future version may introduce Functional Option for existing options, but not for now.
  • Make TimeTruncate functional option by @​methane in 1552
  • Add BeforeConnect callback to configuration object by @​ItalyPaleAle in #1469

Other changes:

• Adding DeregisterDialContext to prevent memory leaks with dialers we don't need anymore by @​jypelle in go-sql-driver/mysql#1422
• Make logger configurable per connection by @​frozenbonito in go-sql-driver/mysql#1408
• Fix ColumnType.DatabaseTypeName for mediumint unsigned by @​evanelias in go-sql-driver/mysql#1428
• Add connection attributes by @​Daemonxiao in go-sql-driver/mysql#1389
• Stop ColumnTypeScanType() from returning sql.RawBytes by @​methane in go-sql-driver/mysql#1424
• Exec() now provides access to status of multiple statements. by @​mherr-google in go-sql-driver/mysql#1309
• Allow to change (or disable) the default driver name for registration by @​dolmen in go-sql-driver/mysql#1499
• Add default connection attribute '_server_host' by @​oblitorum in go-sql-driver/mysql#1506
• QueryUnescape DSN ConnectionAttribute value by @​zhangyangyu in go-sql-driver/mysql#1470
• Add client_ed25519 authentication by @​Gusted in go-sql-driver/mysql#1518

Version 1.7.1 (2023-04-25)

Changes:

• bump actions/checkout@v3 and actions/setup-go@v3 (#1375)
• Add go1.20 and mariadb10.11 to the testing matrix (#1403)
• Increase default maxAllowedPacket size. (#1411)

... (truncated)

Commits

• 4395c45 update changelog for releasing v1.8.1 (#1576)
• 7eeaba6 Fix issue 1567 (#1570) (#1571)
• 65395d8 fix race condition when context is canceled (#1565)
• 1e75613 add wrapper method to call mc.cfg.Logger (#1564)
• 33fa6e5 replace interface{} with any (#1561)
• 33b7747 Add BeforeConnect callback to configuration object (#1469)
• 6964272 Make TimeTruncate functional option (#1552)
• 097fe6e Update workflows (#1547)
• f019727 add TiDB support in README.md (#1333)
• 743e263 Introduce timeTruncate parameter for time.Time arguments (#1541)
• Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.8.0 to 4.11.4

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.11.4 upgrade dependencies

Security

• Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue #2562

Enhancements

• Update deps and mark Go version to 1.18 as this is what golang.org/x/* use #2563
• Request logger: add example for Slog https://pkg.go.dev/log/slog #2543

v4.11.3

Security

• 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #2541

Enhancements

• Tests: refactor context tests to be separate functions #2540
• Proxy middleware: reuse echo request context #2537
• Mark unmarshallable yaml struct tags as ignored #2536

v4.11.2

Security

• Bump golang.org/x/net to prevent CVE-2023-39325 / CVE-2023-44487 HTTP/2 Rapid Reset Attack #2527
• fix(sec): randomString bias introduced by #2490 #2492
• CSRF/RequestID mw: switch math/random usage to crypto/random #2490

Enhancements

• Delete unused context in body_limit.go #2483
• Use Go 1.21 in CI #2505
• Fix some typos #2511
• Allow CORS middleware to send Access-Control-Max-Age: 0 #2518
• Bump dependancies #2522

v4.11.1

Fixes

• Fix Gzip middleware not sending response code for no content responses (404, 301/302 redirects etc) #2481

v4.11.0

Fixes

• Fixes the proxy middleware concurrency issue of calling the Next() proxy target on Round Robin Balancer #2409
• Fix group.RouteNotFound not working when group has attached middlewares #2411
• Fix global error handler return error message when message is an error #2456
• Do not use global timeNow variables #2477

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.11.4 - 2023-12-20

Security

• Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue #2562

Enhancements

• Update deps and mark Go version to 1.18 as this is what golang.org/x/* use #2563
• Request logger: add example for Slog https://pkg.go.dev/log/slog #2543

v4.11.3 - 2023-11-07

Security

• 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #2541

Enhancements

• Tests: refactor context tests to be separate functions #2540
• Proxy middleware: reuse echo request context #2537
• Mark unmarshallable yaml struct tags as ignored #2536

v4.11.2 - 2023-10-11

Security

• Bump golang.org/x/net to prevent CVE-2023-39325 / CVE-2023-44487 HTTP/2 Rapid Reset Attack #2527
• fix(sec): randomString bias introduced by #2490 #2492
• CSRF/RequestID mw: switch math/random usage to crypto/random #2490

Enhancements

• Delete unused context in body_limit.go #2483
• Use Go 1.21 in CI #2505
• Fix some typos #2511
• Allow CORS middleware to send Access-Control-Max-Age: 0 #2518
• Bump dependancies #2522

v4.11.1 - 2023-07-16

Fixes

• Fix Gzip middleware not sending response code for no content responses (404, 301/302 redirects etc) #2481

v4.11.0 - 2023-07-14

... (truncated)

Commits

• 226e4f0 Changelog for v4.11.4 (#2564)
• 209c6a1 Update deps and mark Go version to 1.18 as this is what golang.org/x/* use. (...
• 287a82c Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue (#2562)
• 584cb85 request logger: add example for Slog https://pkg.go.dev/log/slog (#2543)
• 4b26cde Changelog for v4.11.3 (#2542)
• 14daeb9 Security: c.Attachment and c.Inline should escape name in `Content-Dispositio...
• 50ebcd8 refactor context tests to be separate functions (#2540)
• c7d6d43 proxy middleware: reuse echo request context (#2537)
• 69a0de8 Mark unmarshallable yaml struct tags as ignored (#2536)
• 98a5237 Changelog for v4.11.2 (#2529)
• Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.8.0 to 1.8.4

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.8.4

What's Changed

• Create GitHub release when new release tag is pushed by @​aldas in stretchr/testify#1354

New Contributors

• @​aldas made their first contribution in stretchr/testify#1354

Full Changelog: stretchr/testify@v1.8.3...v1.8.4

v1.8.3

What's Changed

• Compare public elements of struct by @​mchlp in stretchr/testify#1309
• assert: fix error message formatting for NotContains by @​wwade in stretchr/testify#1362
• allow testing for functional options by @​nbaztec in stretchr/testify#1023
• add EventuallyWithT assertion by @​tobikris in stretchr/testify#1264
• EqualExportedValues: Handle nested pointer, slice and map fields by @​HaraldNordgren in stretchr/testify#1379

New Contributors

• @​mchlp made their first contribution in stretchr/testify#1309
• @​wwade made their first contribution in stretchr/testify#1362
• @​nbaztec made their first contribution in stretchr/testify#1023
• @​tobikris made their first contribution in stretchr/testify#1264

Full Changelog: stretchr/testify@v1.8.2...v1.8.3

v1.8.2

What's Changed

• Add opportunity to trigger setup/teardown for subtest by @​qerdcv in stretchr/testify#1246
• fix: fix bug for check unsafe.Pointer isNil by @​sunpe in stretchr/testify#1319
• Fix Call.Unset() panic (issue #1236) by @​lisitsky in stretchr/testify#1250
• Fix CallerInfo() source file paths by @​bozaro in stretchr/testify#1288
• assert: Fix Subset/NotSubset when map is missing keys from the subset by @​danielwhite in stretchr/testify#1261

New Contributors

• @​qerdcv made their first contribution in stretchr/testify#1246
• @​sunpe made their first contribution in stretchr/testify#1319
• @​lisitsky made their first contribution in stretchr/testify#1250
• @​bozaro made their first contribution in stretchr/testify#1288
• @​danielwhite made their first contribution in stretchr/testify#1261

Full Changelog: stretchr/testify@v1.8.1...v1.8.2

v1.8.1

What's Changed

• Bump github.com/stretchr/objx from 0.4.0 to 0.5.0 by @​dependabot in stretchr/testify#1283

Full Changelog: stretchr/testify@v1.8.0...v1.8.1

Commits

• f97607b Create GitHub release when new release tag is pushed (#1354)
• 4c93d8f EqualExportedValues: Handle nested pointer, slice and map fields (#1379)
• 4b2f4d2 add EventuallyWithT assertion (#1264)
• b3106d7 allow testing for functional options (#1023)
• 437071b assert: fix error message formatting for NotContains (#1362)
• c5fc9d6 Compare public elements of struct (#1309)
• f36bfe3 Fix Subset/NotSubset when map is missing keys from the subset (#1261)
• 0ab3ce1 Fix CallerInfo() source file paths (#1288)
• 2b00d33 Fix Call.Unset() panic (issue #1236) (#1250)
• 9acc222 fix: fix bug for check unsafe.Pointer isNil (#1319)
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.23.0 to 1.27.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.0

Enhancements:

• #1378[]: Add WithLazy method for SugaredLogger.
• #1399[]: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility than NewLogger.
• #1406[]: Add Log, Logw, Logln methods for SugaredLogger.
• #1416[]: Add WithPanicHook option for testing panic logs.

Thanks to @​defval, @​dimmo, @​arxeiss, and @​MKrupauskas for their contributions to this release.

#1378: uber-go/zap#1378 #1399: uber-go/zap#1399 #1406: uber-go/zap#1406 #1416: uber-go/zap#1416

v1.26.0

Enhancements:

• #1297[]: Add Dict as a Field.
• #1319[]: Add WithLazy method to Logger which lazily evaluates the structured context.
• #1350[]: String encoding is much (~50%) faster now.

Thanks to @​hhk7734, @​jquirke, @​cdvr1993 for their contributions to this release.

#1297: uber-go/zap#1297 #1319: uber-go/zap#1319 #1350: uber-go/zap#1350

v1.25.0

This release contains several improvements including performance, API additions, and two new experimental packages whose APIs are unstable and may change in the future.

Enhancements:

• #1246[]: Add zap/exp/zapslog package for integration with slog.
• #1273[]: Add Name to Logger which returns the Logger's name if one is set.
• #1281[]: Add zap/exp/expfield package which contains helper methods Str and Strs for constructing String-like zap.Fields.
• #1310[]: Reduce stack size on Any.

Thanks to @​knight42, @​dzakaammar, @​bcspragu, and @​rexywork for their contributions to this release.

#1246: uber-go/zap#1246 #1273: uber-go/zap#1273 #1281: uber-go/zap#1281 #1310: uber-go/zap#1310

v1.24.0

... (truncated)

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.0 (20 Feb 2024)

Enhancements:

• #1378[]: Add WithLazy method for SugaredLogger.
• #1399[]: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility than NewLogger.
• #1406[]: Add Log, Logw, Logln methods for SugaredLogger.
• #1416[]: Add WithPanicHook option for testing panic logs.

Thanks to @​defval, @​dimmo, @​arxeiss, and @​MKrupauskas for their contributions to this release.

#1378: uber-go/zap#1378 #1399: uber-go/zap#1399 #1406: uber-go/zap#1406 #1416: uber-go/zap#1416

1.26.0 (14 Sep 2023)

Enhancements:

• #1297[]: Add Dict as a Field.
• #1319[]: Add WithLazy method to Logger which lazily evaluates the structured context.
• #1350[]: String encoding is much (~50%) faster now.

Thanks to @​hhk7734, @​jquirke, and @​cdvr1993 for their contributions to this release.

#1297: uber-go/zap#1297 #1319: uber-go/zap#1319 #1350: uber-go/zap#1350

1.25.0 (1 Aug 2023)

This release contains several improvements including performance, API additions, and two new experimental packages whose APIs are unstable and may change in the future.

Enhancements:

• #1246[]: Add zap/exp/zapslog package for integration with slog.
• #1273[]: Add Name to Logger which returns the Logger's name if one is set.
• #1281[]: Add zap/exp/expfield package which contains helper methods Str and Strs for constructing String-like zap.Fields.
• #1310[]: Reduce stack size on Any.

Thanks to @​knight42, @​dzakaammar, @​bcspragu, and @​rexywork for their contributions to this release.

#1246: uber-go/zap#1246 #1273: uber-go/zap#1273 #1281: uber-go/zap#1281 #1310: uber-go/zap#1310

1.24.0 (30 Nov 2022)

... (truncated)

Commits

• fcf8ee5 Release v1.27.0 (#1419)
• e5a56ee Add WithPanicHook logger option for panic log tests (#1416)
• 0e2aa4e assets: Fix logo color profile (#1418)
• 956a21c Add methods for logging with level as argument (#1406)
• 2a893f6 build(deps): bump golangci/golangci-lint-action from 3 to 4 (#1417)
• e5745d6 ci: Test with Go 1.22 (#1409)
• 7db06bc zapslog: rename Option to HandlerOption (#1411)
• 35ded09 zapslog: fix all with slogtest, support inline group, ignore empty group. (#1...
• 27b96e3 Make zaptest.NewTestingWriter public (#1399)
• 70f61bb zapslog: Bump zap from v1.24.0 to v1.26.0 (#1404)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.0.0-20220829220503-c86fa9a7ed90 to 0.17.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for golang-notes canceled.

Name	Link
🔨 Latest commit	35aef0d
🔍 Latest deploy log	https://app.netlify.com/sites/golang-notes/deploys/660b353d09dbdf0007e9d168

[github-actions]

Code Metrics Report

Coverage	Code to Test Ratio
65.2%	1:0.6

---

Reported by octocov

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.