This change replaces [gorp] with [borp].
The changes consist of a mass renaming of the import and comments / doc
fixups, plus modifications of many call sites to provide a
context.Context everywhere, since gorp newly requires this (this was one
of the motivating factors for the borp fork).
This also refactors `github.com/letsencrypt/boulder/db.WrappedMap` and
`github.com/letsencrypt/boulder/db.Transaction` to not embed their
underlying gorp/borp objects, but to have them as plain fields. This
ensures that we can only call methods on them that are specifically
implemented in `github.com/letsencrypt/boulder/db`, so we don't miss
wrapping any. This required introducing a `NewWrappedMap` method along
with accessors `SQLDb()` and `BorpDB()` to get at the internal fields
during metrics and logging setup.
Fixes#6944
Over on the community forum, there's been requests for the new .vn
domains. weppos/publicsuffix-go hasn't had a release tagged in a little
while, so this is the result of:
go get github.com/weppos/publicsuffix-go@latest
go mod tidy
go mod vendor
This upgrades otel to v1.15.0, and the /contrib/ packages to v0.41.0.
Several dependencies are upgraded as dependencies, notably grpc.
This contains a change to grpc, only mapping some grpc.Errors into span
errors if it's Unknown, DeadlineExceeded, Unimplemented, Internal,
Unavailable, or DataLoss, which should be helpful for us as we use grpc
errors semantically in Boulder, especially NotFound.
Add a new shared config stanza which all boulder components can use to
configure their Open Telemetry tracing. This allows components to
specify where their traces should be sent, what their sampling ratio
should be, and whether or not they should respect their parent's
sampling decisions (so that web front-ends can ignore sampling info
coming from outside our infrastructure). It's likely we'll need to
evolve this configuration over time, but this is a good starting point.
Add basic Open Telemetry setup to our existing cmd.StatsAndLogging
helper, so that it gets initialized at the same time as our other
observability helpers. This sets certain default fields on all
traces/spans generated by the service. Currently these include the
service name, the service version, and information about the telemetry
SDK itself. In the future we'll likely augment this with information
about the host and process.
Finally, add instrumentation for the HTTP servers and grpc
clients/servers. This gives us a starting point of being able to monitor
Boulder, but is fairly minimal as this PR is already somewhat unwieldy:
It's really only enough to understand that everything is wired up
properly in the configuration. In subsequent work we'll enhance those
spans with more data, and add more spans for things not automatically
traced here.
Fixes https://github.com/letsencrypt/boulder/issues/6361
---------
Co-authored-by: Aaron Gable <aaron@aarongable.com>
Update github.com/eggsampler/acme from v3.3.0 to v3.4.0.
Changelog: https://github.com/eggsampler/acme/compare/v3.3.0...v3.4.0
Update the ARI integration test to use the eggampler/acme client's new
ARI capabilities for making both GET and POST requests. This simplifies
and streamlines the test significantly, and lets us test the POST path.
Fixes#6781
Update all golang.org/x/ deps to their latest available version:
- https://golang.org/x/crypto from 0.7.0 to 0.8.0
- https://golang.org/x/exp from v0.0.0-20230118134722-a68e582fa157 to
v0.0.0-20230321023759-10a507213a29
- https://golang.org/x/net from 0.8.0 to 0.9.0
- https://golang.org/x/text from 0.8.0 to 0.9.0
- https://golang.org/x/mod from 0.8.0 to 0.10.0
- https://golang.org/x/tools from 0.6.0 to 0.8.0
This only affects vendored files for /x/exp, /x/net/, and /x/tools/.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aaron Gable <aaron@letsencrypt.org>
Bumps https://github.com/jmhodges/clock from
0.0.0-20160418191101-880ee4c33548 to 1.2.0.
This update contains no code changes, but does get us off
of a pseudoversion.
- Require `letsencrypt/validator` package.
- Add a framework for registering configuration structs and any custom
validators for each Boulder component at `init()` time.
- Add a `validate` subcommand which allows you to pass a `-component`
name and `-config` file path.
- Expose validation via exported utility functions
`cmd.LookupConfigValidator()`, `cmd.ValidateJSONConfig()` and
`cmd.ValidateYAMLConfig()`.
- Add unit test which validates all registered component configuration
structs against test configuration files.
Part of #6052
Upgrade grpc to v1.53.0, as preparation for introducing OpenTelemetry,
which depends on that grpc version.
Two changes to our own code were necessitated by upstream changes:
1. Add a stub implementation of GetOrBuildProducer: this was added to
the balancer.SubConn interface by grpc v1.51.0
2. Change use of Endpoint field to Endpoint() method: the field was
removed and replaced by a method in
https://github.com/grpc/grpc-go/pull/5852. This also means that our
tests can't set the .Endpoint field, so the tests are updated to use the
.URL field instead, and a helper has been added to make that easy.
Part of #6361
Remove tracing using Beeline from Boulder. The only remnant left behind
is the deprecated configuration, to ensure deployability.
We had previously planned to swap in OpenTelemetry in a single PR, but
that adds significant churn in a single change, so we're doing this as
multiple steps that will each be significantly easier to reason about
and review.
Part of #6361
Bumps
[github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2)
from 1.18.9 to 1.18.12.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3f28b5134e"><code>3f28b51</code></a>
Release 2023-02-03</li>
<li><a
href="6e8d17fd21"><code>6e8d17f</code></a>
Regenerated Clients</li>
<li><a
href="60dbdbb0da"><code>60dbdbb</code></a>
Update endpoints model</li>
<li><a
href="212910ac25"><code>212910a</code></a>
Update API model</li>
<li><a
href="eb8cb66b44"><code>eb8cb66</code></a>
Upgrade smithy to 1.27.2, correct query empty list serialization</li>
<li><a
href="24db9f5f6e"><code>24db9f5</code></a>
Update processcreds.CredentialProcessResponse visibility to public (<a
href="https://github-redirect.dependabot.com/aws/aws-sdk-go-v2/issues/1921">#1921</a>)</li>
<li><a
href="bd3003e29f"><code>bd3003e</code></a>
dependency: upgrade smithy to 1.27.2 and correct query empty list
serialization</li>
<li><a
href="0d94f223e8"><code>0d94f22</code></a>
Release 2023-02-02</li>
<li><a
href="2eec85ed13"><code>2eec85e</code></a>
Regenerated Clients</li>
<li><a
href="4ca6e32eed"><code>4ca6e32</code></a>
Update endpoints model</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.9...config/v1.18.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This reverts commit fdfea0d469.
With a Go security release out this week we prefer to do a single
release on the new Go version rather than trying to deploy the new
go-sql-driver version.
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.4.0 to
0.6.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec5565b1b7"><code>ec5565b</code></a>
README.md: update documentation of module versioning</li>
<li><a
href="c8236a6712"><code>c8236a6</code></a>
unicode/bidi: remove unused global</li>
<li><a
href="ada7473102"><code>ada7473</code></a>
all: remove redundant type conversion</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.4.0...v0.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
From the go-jose/go-jose v2.6.1 merge commit:
> The square/go-jose repo had one commit "Fix EC thumbprint template"
> which existed on the v2.6.0 tag but not on the v2 branch. This means
that
> it was missed in the recent PR which merged square's v2 branch into
this
> repository's v2 branch. This also means that the current v2.6.0 tag in
this
> repo points to a commit which is not on any branch in this repo.
Now that Aaron has pushed a go-jose/go-jose v2.6.1 tag, we can upgrade
to that and remove the indirect reference to square/go-jose v2.6.0.
Related to https://github.com/letsencrypt/boulder/issues/6573
Simplify the control flow of the FinalizeOrder handler to make it easier
to read and reason about:
- Move all validation to before we set the order to Processing, and put
it all in a single helper funcion.
- Move almost all logEvent/trace handling directly into FinalizeOrder so
it cannot be missed.
- Flatten issueCertificate and issueCertificateInner into a single
helper function, now that they're no longer being called from both
ACMEv1 and v2 entry points.
- Other minor cleanups, such as making SolvedBy not return a pointer and
making matchesCSR private.
This paves the way for making both issueCertificateInner and failOrder
asynchronous, which we plan to do in the near future.
Part of #6575
Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.27.1 to 1.30.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md">github.com/aws/aws-sdk-go-v2/service/s3's
changelog</a>.</em></p>
<blockquote>
<h1>Release (2023-01-10)</h1>
<h2>Module Highlights</h2>
<ul>
<li><code>github.com/aws/aws-sdk-go-v2/service/location</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/location/CHANGELOG.md#v1210-2023-01-10">v1.21.0</a>
<ul>
<li><strong>Feature</strong>: This release adds support for two new
route travel models, Bicycle and Motorcycle which can be used with Grab
data source.</li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/rds</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/rds/CHANGELOG.md#v1400-2023-01-10">v1.40.0</a>
<ul>
<li><strong>Feature</strong>: This release adds support for configuring
allocated storage on the CreateDBInstanceReadReplica,
RestoreDBInstanceFromDBSnapshot, and RestoreDBInstanceToPointInTime
APIs.</li>
</ul>
</li>
</ul>
<h1>Release (2023-01-09)</h1>
<h2>Module Highlights</h2>
<ul>
<li><code>github.com/aws/aws-sdk-go-v2/service/ecrpublic</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/ecrpublic/CHANGELOG.md#v1150-2023-01-09">v1.15.0</a>
<ul>
<li><strong>Feature</strong>: This release for Amazon ECR Public makes
several change to bring the SDK into sync with the API.</li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/kendraranking</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/kendraranking/CHANGELOG.md#v100-2023-01-09">v1.0.0</a>
<ul>
<li><strong>Release</strong>: New AWS service client module</li>
<li><strong>Feature</strong>: Introducing Amazon Kendra Intelligent
Ranking, a new set of Kendra APIs that leverages Kendra semantic ranking
capabilities to improve the quality of search results from other search
services (i.e. OpenSearch, ElasticSearch, Solr).</li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/networkfirewall</code>:
<a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/networkfirewall/CHANGELOG.md#v1230-2023-01-09">v1.23.0</a>
<ul>
<li><strong>Feature</strong>: Network Firewall now supports the Suricata
rule action reject, in addition to the actions pass, drop, and
alert.</li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/workspacesweb</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/workspacesweb/CHANGELOG.md#v190-2023-01-09">v1.9.0</a>
<ul>
<li><strong>Feature</strong>: This release adds support for a new portal
authentication type: AWS IAM Identity Center (successor to AWS Single
Sign-On).</li>
</ul>
</li>
</ul>
<h1>Release (2023-01-06)</h1>
<h2>Module Highlights</h2>
<ul>
<li><code>github.com/aws/aws-sdk-go-v2/service/acmpca</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/acmpca/CHANGELOG.md#v1210-2023-01-06">v1.21.0</a>
<ul>
<li><strong>Feature</strong>: Added revocation parameter validation:
bucket names must match S3 bucket naming rules and CNAMEs conform to
RFC2396 restrictions on the use of special characters in URIs.</li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/auditmanager</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/auditmanager/CHANGELOG.md#v1230-2023-01-06">v1.23.0</a>
<ul>
<li><strong>Feature</strong>: This release introduces a new data
retention option in your Audit Manager settings. You can now use the
DeregistrationPolicy parameter to specify if you want to delete your
data when you deregister Audit Manager.</li>
</ul>
</li>
</ul>
<h1>Release (2023-01-05)</h1>
<h2>General Highlights</h2>
<ul>
<li><strong>Dependency Update</strong>: Updated to the latest SDK module
versions</li>
</ul>
<h2>Module Highlights</h2>
<ul>
<li><code>github.com/aws/aws-sdk-go-v2/service/accessanalyzer</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/accessanalyzer/CHANGELOG.md#v1190-2023-01-05">v1.19.0</a>
<ul>
<li><strong>Feature</strong>: Add
<code>ErrorCodeOverride</code><code>aws/smithy-go#401</code></li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/account</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/account/CHANGELOG.md#v180-2023-01-05">v1.8.0</a>
<ul>
<li><strong>Feature</strong>: Add
<code>ErrorCodeOverride</code><code>aws/smithy-go#401</code></li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/acm</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/acm/CHANGELOG.md#v1170-2023-01-05">v1.17.0</a>
<ul>
<li><strong>Feature</strong>: Add
<code>ErrorCodeOverride</code><code>aws/smithy-go#401</code></li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/acmpca</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/acmpca/CHANGELOG.md#v1200-2023-01-05">v1.20.0</a>
<ul>
<li><strong>Feature</strong>: Add
<code>ErrorCodeOverride</code><code>aws/smithy-go#401</code></li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/alexaforbusiness</code>:
<a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/alexaforbusiness/CHANGELOG.md#v1150-2023-01-05">v1.15.0</a>
<ul>
<li><strong>Feature</strong>: Add
<code>ErrorCodeOverride</code><code>aws/smithy-go#401</code></li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/amp</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/amp/CHANGELOG.md#v1160-2023-01-05">v1.16.0</a>
<ul>
<li><strong>Feature</strong>: Add
<code>ErrorCodeOverride</code><code>aws/smithy-go#401</code></li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/amplify</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/amplify/CHANGELOG.md#v1130-2023-01-05">v1.13.0</a>
<ul>
<li><strong>Feature</strong>: Add
<code>ErrorCodeOverride</code><code>aws/smithy-go#401</code></li>
</ul>
</li>
<li><code>github.com/aws/aws-sdk-go-v2/service/amplifybackend</code>: <a
href="https://github.com/aws/aws-sdk-go-v2/blob/main/service/amplifybackend/CHANGELOG.md#v1140-2023-01-05">v1.14.0</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="116a622a26"><code>116a622</code></a>
Release 2023-01-05</li>
<li><a
href="ce039452b6"><code>ce03945</code></a>
Regenerated Clients</li>
<li><a
href="095bbfff59"><code>095bbff</code></a>
Update API model</li>
<li><a
href="2998a9800a"><code>2998a98</code></a>
Regenerate clients with <code>ErrorCodeOverride</code> (<a
href="https://github-redirect.dependabot.com/aws/aws-sdk-go-v2/issues/1969">#1969</a>)</li>
<li><a
href="1b0a07d93d"><code>1b0a07d</code></a>
Release 2023-01-04</li>
<li><a
href="ff5b1c7a27"><code>ff5b1c7</code></a>
Regenerated Clients</li>
<li><a
href="cabea36bb4"><code>cabea36</code></a>
Update API model</li>
<li><a
href="cd385dc3b8"><code>cd385dc</code></a>
Update links to point to smithy.io</li>
<li><a
href="4dd79b8978"><code>4dd79b8</code></a>
Rename SyntheticClone to Synthetic</li>
<li><a
href="b302f0a86c"><code>b302f0a</code></a>
Release 2023-01-03</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.27.1...service/s3/v1.30.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In live.go we use a semaphore to limit how many inflight signing
requests we can have, so a flood of OCSP traffic doesn't flood our CA
instances. If traffic exceeds our capacity to sign responses for long
enough, we want to eventually start fast-rejecting inbound requests that
are unlikely to get serviced before their deadline is reached. To do
that, add a MaxSigningWaiters config field to the OCSP responder.
Note that the files in //semaphore are forked from x/sync/semaphore,
with modifications to add the MaxWaiters field and functionality.
Fixes#6392
Bumps
[github.com/prometheus/client_model](https://github.com/prometheus/client_model)
from 0.2.0 to 0.3.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="63fb9822ca"><code>63fb982</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/prometheus/client_model/issues/63">#63</a>
from prometheus/sparsehistogram</li>
<li><a
href="fdb567dcc1"><code>fdb567d</code></a>
Add note about native histograms to README</li>
<li><a
href="7f720d2282"><code>7f720d2</code></a>
Add note about experimental state of native histograms</li>
<li><a
href="1f8dcad122"><code>1f8dcad</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/prometheus/client_model/issues/59">#59</a>
from prometheus/beorn7/histogram</li>
<li><a
href="a7ff7138f2"><code>a7ff713</code></a>
Flatten the buckets of native histograms</li>
<li><a
href="421ad2b045"><code>421ad2b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/prometheus/client_model/issues/58">#58</a>
from prometheus/beorn7/histogram</li>
<li><a
href="0da3265134"><code>0da3265</code></a>
Explain Span layout better</li>
<li><a
href="8171e83b1d"><code>8171e83</code></a>
Add float histograms and gauge histograms to proto spec</li>
<li><a
href="408689db4e"><code>408689d</code></a>
Merge branch 'master' into sparsehistogram</li>
<li><a
href="5c16fa2528"><code>5c16fa2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/prometheus/client_model/issues/57">#57</a>
from prometheus/repo_sync</li>
<li>Additional commits viewable in <a
href="https://github.com/prometheus/client_model/compare/v0.2.0...v0.3.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Thing brings in a number of new lints, including those which check for
correct encoding of the KeyUsage bitstring, which has led to incidents
for a number of CAs recently.
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8)
This also transitively updates x/tools and x/sync, which is good because those
are unversioned packages which are otherwise ignored by dependabot.
Note that we are not affected by the vulnerability which prompted the release
of version 0.3.8; the affected files are in the language subpackage which we
do not use or vendor.
dependabot[bot]