Bump the security group across 1 directory with 7 updates #88

dependabot · 2025-04-14T12:21:00Z

Bumps the security group with 4 updates in the / directory: github.com/gofiber/fiber/v2, github.com/spf13/pflag, github.com/stretchr/testify and github.com/vmware-tanzu/velero.

Updates github.com/gofiber/fiber/v2 from 2.52.5 to 2.52.6

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.6

🐛 Bug Fixes

Use Content-Length for bytesReceived and bytesSent tags in Logger Middleware in v2 by @gaby in gofiber/fiber#3067

Fix handle un-matched open brackets in the query params by @dojutsu-user in gofiber/fiber#3121

Middleware/CORS: Remove Scheme Restriction by @zingi in gofiber/fiber#3168

Respect Immutable config for Body() by @nickajacks1 in gofiber/fiber#3246

Support Square Bracket Notation in Multipart Form data by @ReneWerner87 in gofiber/fiber#3268

📚 Documentation

Add detailed documentation for the templates guide by @grivera64 in gofiber/fiber#3113

🛠️ Maintenance

Update benchmark-action to v1.20.3 by @gaby in gofiber/fiber#3084

Add CODEOWNERS file by @gaby in gofiber/fiber#3124

Update dependencies by @gaby in gofiber/fiber#3254

Add parallel benchmark for Next() by @gaby in gofiber/fiber#3259

Full Changelog: gofiber/fiber@v2.52.5...v2.52.6

Commits

e04f815 prepare release v2.52.6
7eb9d25 Support Square Bracket Notation in Multipart Form data (#3268)
47be681 🧹 chore: Add parallel benchmark for Next() (#3259)
c9ff17d 🧹 chore: Update dependencies (#3254)
56ff2de 🐛 fix: Respect Immutable config for Body() (#3246)
8c84b0f 🩹 fix: Middleware/CORS Remove Scheme Restriction (#3168)
6e74114 v2: Add CODEOWNERS file (#3124)
cb06bc5 🩹 Fix: handle un-matched open brackets in the query params (#3121)
bfcf91d fix template markdown
ca935c3 📚 Doc: Add detailed documentation for the templates guide (#3113)
Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.5 to 1.0.6

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.6

What's Changed

Add exported functions to preserve pkg/flag compatibility by @mckern in spf13/pflag#220

remove dead code for checking error nil by @yashbhutwala in spf13/pflag#282

Add IPNetSlice and unit tests by @rpothier in spf13/pflag#170

allow for blank ip addresses by @duhruh in spf13/pflag#316

add github actions by @sagikazarmark in spf13/pflag#419

New Contributors

@mckern made their first contribution in spf13/pflag#220

@yashbhutwala made their first contribution in spf13/pflag#282

@rpothier made their first contribution in spf13/pflag#170

@duhruh made their first contribution in spf13/pflag#316

@sagikazarmark made their first contribution in spf13/pflag#419

Full Changelog: spf13/pflag@v1.0.5...v1.0.6

Commits

5ca8134 Merge pull request #419 from spf13/ci
100ab0e disable unsupported dependency graph for now
a0f4ddd fix govet
f48cbd1 add github actions
d5e0c06 allow for blank ip addresses (#316)
85dd5c8 Add IPNetSlice and unit tests (#170)
6971c29 remove dead code for checking error nil (#282)
81378bb Add exported functions to preserve pkg/flag compatibility (#220)
See full diff in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

Add PanicAssertionFunc by @fahimbagar in stretchr/testify#1337

assert: deprecate CompareType by @dolmen in stretchr/testify#1566

assert: make YAML dependency pluggable via build tags by @dolmen in stretchr/testify#1579

assert: new assertion NotElementsMatch by @hendrywiranto in stretchr/testify#1600

mock: in order mock calls by @ReyOrtiz in stretchr/testify#1637

Add assertion for NotErrorAs by @palsivertsen in stretchr/testify#1129

Record Return Arguments of a Call by @jayd3e in stretchr/testify#1636

assert.EqualExportedValues: accepts everything by @redachl in stretchr/testify#1586

Fixes

assert: make tHelper a type alias by @dolmen in stretchr/testify#1562

Do not get argument again unnecessarily in Arguments.Error() by @TomWright in stretchr/testify#820

Fix time.Time compare by @myxo in stretchr/testify#1582

assert.Regexp: handle []byte array properly by @kevinburkesegment in stretchr/testify#1587

assert: collect.FailNow() should not panic by @marshall-lee in stretchr/testify#1481

mock: simplify implementation of FunctionalOptions by @dolmen in stretchr/testify#1571

mock: caller information for unexpected method call by @spirin in stretchr/testify#1644

suite: fix test failures by @stevenh in stretchr/testify#1421

Fix issue #1662 (comparing infs should fail) by @ybrustin in stretchr/testify#1663

NotSame should fail if args are not pointers #1661 by @sikehish in stretchr/testify#1664

Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI by @sikehish in stretchr/testify#1667

fix: compare functional option names for indirect calls by @arjun-1 in stretchr/testify#1626

Documentation, Build & CI

.gitignore: ignore "go test -c" binaries by @dolmen in stretchr/testify#1565

mock: improve doc by @dolmen in stretchr/testify#1570

mock: fix FunctionalOptions docs by @snirye in stretchr/testify#1433

README: link out to the excellent testifylint by @brackendawson in stretchr/testify#1568

assert: fix typo in comment by @JohnEndson in stretchr/testify#1580

Correct the EventuallyWithT and EventuallyWithTf example by @JonCrowther in stretchr/testify#1588

CI: bump softprops/action-gh-release from 1 to 2 by @dependabot in stretchr/testify#1575

mock: document more alternatives to deprecated AnythingOfTypeArgument by @dolmen in stretchr/testify#1569

assert: Correctly document EqualValues behavior by @brackendawson in stretchr/testify#1593

fix: grammar in godoc by @miparnisari in stretchr/testify#1607

.github/workflows: Run tests for Go 1.22 by @HaraldNordgren in stretchr/testify#1629

Document suite's lack of support for t.Parallel by @brackendawson in stretchr/testify#1645

assert: fix typos in comments by @alexandear in stretchr/testify#1650

mock: fix doc comment for NotBefore by @alexandear in stretchr/testify#1651

Generate better comments for require package by @Neokil in stretchr/testify#1610

README: replace Testify V2 notice with @dolmen's V2 manifesto by @hendrywiranto in stretchr/testify#1518

New Contributors

@fahimbagar made their first contribution in stretchr/testify#1337

@TomWright made their first contribution in stretchr/testify#820

@snirye made their first contribution in stretchr/testify#1433

@myxo made their first contribution in stretchr/testify#1582

@JohnEndson made their first contribution in stretchr/testify#1580

... (truncated)

Commits

89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
07bac60 Merge pull request #1667 from sikehish/flaky
716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
118fb83 NotSame should fail if args are not pointers #1661 (#1664)
7d99b2b attempt 2
05f87c0 more similar
ea7129e better fmt
a1b9c9e Merge pull request #1663 from ybrustin/master
8302de9 Merge branch 'master' into master
89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
Additional commits viewable in compare view

Updates github.com/vmware-tanzu/velero from 1.14.1 to 1.16.0

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.16.0

v1.16

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.16.0

Container Image

velero/velero:v1.16.0

Documentation

https://velero.io/docs/v1.16/

Upgrading

https://velero.io/docs/v1.16/upgrade-to-1.16/

Highlights

Windows cluster support

In v1.16, Velero supports to run in Windows clusters and backup/restore Windows workloads, either stateful or stateless:

Hybrid build and all-in-one image: the build process is enhanced to build an all-in-one image for hybrid CPU architecture and hybrid platform. For more information, check the design https://github.com/vmware-tanzu/velero/blob/main/design/multiple-arch-build-with-windows.md

Deployment in Windows clusters: Velero node-agent, data mover pods and maintenance jobs now support to run in both linux and Windows nodes

Data mover backup/restore Windows workloads: Velero built-in data mover supports Windows workloads throughout its full cycle, i.e., discovery, backup, restore, pre/post hook, etc. It automatically identifies Windows workloads and schedules data mover pods to the right group of nodes

Check the epic issue vmware-tanzu/velero#8289 for more information.

Parallel Item Block backup

v1.16 now supports to back up item blocks in parallel. Specifically, during backup, correlated resources are grouped in item blocks and Velero backup engine creates a thread pool to back up the item blocks in parallel. This significantly improves the backup throughput, especially when there are large scale of resources.
Pre/post hooks also belongs to item blocks, so will also run in parallel along with the item blocks.
Users are allowed to configure the parallelism through the --item-block-worker-count Velero server parameter. If not configured, the default parallelism is 1.

For more information, check issue vmware-tanzu/velero#8334.

Data mover restore enhancement in scalability

In previous releases, for each volume of WaitForFirstConsumer mode, data mover restore is only allowed to happen in the node that the volume is attached. This severely degrades the parallelism and the balance of node resource(CPU, memory, network bandwidth) consumption for data mover restore (vmware-tanzu/velero#8044).

In v1.16, users are allowed to configure data mover restores running and spreading evenly across all nodes in the cluster. The configuration is done through a new flag ignoreDelayBinding in node-agent configuration (vmware-tanzu/velero#8242).

Data mover enhancements in observability

In 1.16, some observability enhancements are added:

Output various statuses of intermediate objects for failures of data mover backup/restore (vmware-tanzu/velero#8267)

Output the errors when Velero fails to delete intermediate objects during clean up (vmware-tanzu/velero#8125)

The outputs are in the same node-agent log and enabled automatically.

CSI snapshot backup/restore enhancement in usability

In previous releases, a unnecessary VolumeSnapshotContent object is retained for each backup and synced to other clusters sharing the same backup storage location. And during restore, the retained VolumeSnapshotContent is also restored unnecessarily.

In 1.16, the retained VolumeSnapshotContent is removed from the backup, so no unnecessary CSI objects are synced or restored.

For more information, check issue vmware-tanzu/velero#8725.

... (truncated)

Commits

8f31599 Merge pull request #8849 from Lyndon-Li/release-1.16
f8ae149 Merge branch 'release-1.16' into release-1.16
b469d9f Bump base image to 0.2.57 to fix CVEs. (#8853)
87084ce issue 8847: inherit pod info from node-agent-windows
3df026f Merge pull request #8834 from Lyndon-Li/release-1.16
406a730 pin velero image
e5c7c7f Merge pull request #8829 from blackpiglet/align_upgrade_cli_and_image_version
6002d56 Align the E2E upgrade test's CLI and image version.
6df1424 Merge pull request #8828 from blackpiglet/bump_e2e_upgrade_migration_source_v...
07fd98e Merge pull request #8824 from Lyndon-Li/1.16-change-log
Additional commits viewable in compare view

Updates k8s.io/api from 0.31.1 to 0.31.3

Commits

b7783ab Update dependencies to v0.31.3 tag
See full diff in compare view

Updates k8s.io/apimachinery from 0.31.1 to 0.31.3

Commits

See full diff in compare view

Updates k8s.io/client-go from 0.31.1 to 0.31.3

Commits

ef98edc Update dependencies to v0.31.3 tag
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the security group with 4 updates in the / directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber), [github.com/spf13/pflag](https://github.com/spf13/pflag), [github.com/stretchr/testify](https://github.com/stretchr/testify) and [github.com/vmware-tanzu/velero](https://github.com/vmware-tanzu/velero). Updates `github.com/gofiber/fiber/v2` from 2.52.5 to 2.52.6 - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](gofiber/fiber@v2.52.5...v2.52.6) Updates `github.com/spf13/pflag` from 1.0.5 to 1.0.6 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.5...v1.0.6) Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.9.0...v1.10.0) Updates `github.com/vmware-tanzu/velero` from 1.14.1 to 1.16.0 - [Release notes](https://github.com/vmware-tanzu/velero/releases) - [Changelog](https://github.com/vmware-tanzu/velero/blob/main/CHANGELOG.md) - [Commits](vmware-tanzu/velero@v1.14.1...v1.16.0) Updates `k8s.io/api` from 0.31.1 to 0.31.3 - [Commits](kubernetes/api@v0.31.1...v0.31.3) Updates `k8s.io/apimachinery` from 0.31.1 to 0.31.3 - [Commits](kubernetes/apimachinery@v0.31.1...v0.31.3) Updates `k8s.io/client-go` from 0.31.1 to 0.31.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.31.1...v0.31.3) --- updated-dependencies: - dependency-name: github.com/gofiber/fiber/v2 dependency-version: 2.52.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/spf13/pflag dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/stretchr/testify dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: github.com/vmware-tanzu/velero dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/api dependency-version: 0.31.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/apimachinery dependency-version: 0.31.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/client-go dependency-version: 0.31.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependabot go type::security labels Apr 14, 2025

dependabot bot force-pushed the dependabot/go_modules/security-a1a9d5fabd branch from f0a420b to 50af5b7 Compare April 24, 2025 22:31

emosbaugh approved these changes Sep 19, 2025

View reviewed changes

emosbaugh merged commit 0073a66 into main Sep 19, 2025
5 checks passed

emosbaugh deleted the dependabot/go_modules/security-a1a9d5fabd branch September 19, 2025 16:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the security group across 1 directory with 7 updates #88

Bump the security group across 1 directory with 7 updates #88

Uh oh!

dependabot bot commented on behalf of github Apr 14, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the security group across 1 directory with 7 updates #88

Bump the security group across 1 directory with 7 updates #88

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.52.6

🐛 Bug Fixes

📚 Documentation

🛠️ Maintenance

v1.0.6

What's Changed

New Contributors

v1.10.0

What's Changed

Functional Changes

Fixes

Documentation, Build & CI

New Contributors

v1.16.0

v1.16

Download

Container Image

Documentation

Upgrading

Highlights

Windows cluster support

Parallel Item Block backup

Data mover restore enhancement in scalability

Data mover enhancements in observability

CSI snapshot backup/restore enhancement in usability

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Apr 14, 2025 •

edited

Loading