{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":56342508,"defaultBranch":"main","name":"jaeger","ownerLogin":"jaegertracing","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-04-15T18:49:02.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/28545596?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1715615541.0","currentOid":""},"activityList":{"items":[{"before":"1b0e9e2ff3753a5a78ed857c9475cb3e8d27bc80","after":"c1ae67e758881f2c4b9dd04b1eef6054cccd2b72","ref":"refs/heads/dependabot/go_modules/google.golang.org/protobuf-1.34.1","pushedAt":"2024-05-13T15:54:53.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump google.golang.org/protobuf from 1.34.0 to 1.34.1\n\nBumps google.golang.org/protobuf from 1.34.0 to 1.34.1.\n\n---\nupdated-dependencies:\n- dependency-name: google.golang.org/protobuf\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump google.golang.org/protobuf from 1.34.0 to 1.34.1"}},{"before":"ec1ae1137ba443b68506951be549dc79877f1224","after":"11ff7e768085befc68c98cb4f6ed634fb3acb9ca","ref":"refs/heads/dependabot/go_modules/github.com/prometheus/client_golang-1.19.1","pushedAt":"2024-05-13T15:52:48.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1\n\nBumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1.\n- [Release notes](https://github.com/prometheus/client_golang/releases)\n- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/prometheus/client_golang\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1"}},{"before":"5af4ad1eb520af1b0b46655ad8949780901f25a9","after":null,"ref":"refs/heads/dependabot/github_actions/ossf/scorecard-action-2.3.3","pushedAt":"2024-05-13T15:52:21.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"3709b29fbfee294e5dd5cf05363c8970c696ee4d","after":"9b32f34d4b193f07e780b743fab760d7e7051a53","ref":"refs/heads/main","pushedAt":"2024-05-13T15:52:15.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#5445)\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)\r\nfrom 2.3.1 to 2.3.3.\r\n
\r\nRelease notes\r\n

Sourced from ossf/scorecard-action's\r\nreleases.

\r\n
\r\n

v2.3.3

\r\n
\r\n

[!NOTE]
\r\nThere is no v2.3.2 release as a step was skipped in the release process.\r\nThis was fixed and re-released under the v2.3.3 tag

\r\n
\r\n

What's Changed

\r\n
    \r\n
  • :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\r\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock\r\nin ossf/scorecard-action#1366
    • \r\n
  • :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\r\nv5.0.0-rc2 by @​spencerschrock\r\nin ossf/scorecard-action#1374
    • \r\n
  • :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock\r\nin ossf/scorecard-action#1377
    • \r\n
\r\n

For a full changelist of what these include, see the v5.0.0-rc1\r\nand v5.0.0-rc2\r\nrelease notes.

\r\n

Documentation

\r\n
    \r\n
  • :book: Move token discussion out of main README. by @​spencerschrock\r\nin ossf/scorecard-action#1279
    • \r\n
  • :book: link to ossf/scorecard workflow instead of\r\nmaintaining an example by @​spencerschrock\r\nin ossf/scorecard-action#1352
    • \r\n
  • :book: update api links to new scorecard.dev site by @​spencerschrock\r\nin ossf/scorecard-action#1376
    • \r\n
\r\n

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • dc50aa9\r\n:seedling: Bump docker tag for v2.3.3 release (#1368)
    • \r\n
  • 8ff5700\r\n:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0....
    • \r\n
  • 8ba5e73\r\nupdate api links to new scorecard.dev site (#1376)
    • \r\n
  • 92ddde3\r\nBump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
    • \r\n
  • 6c55905\r\n:seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
    • \r\n
  • 09bb953\r\n:seedling: Bump distroless/base in the docker-images group (#1372)
    • \r\n
  • 1511e13\r\n:seedling: Bump the github-actions group across 1 directory with 6\r\nupdates (#...
    • \r\n
  • df66cd8\r\n:seedling: Bump the docker-images group with 2 updates (#1370)
    • \r\n
  • fad9a3c\r\n:seedling: Bump distroless/base in the docker-images group (#1364)
    • \r\n
  • 1e01a30\r\n:seedling: Bump the github-actions group with 3 updates (#1365)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.3.1&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#5445)"}},{"before":"3e8546ce0155c0915705180dce2f2cce64f9f582","after":null,"ref":"refs/heads/dependabot/go_modules/hashicorp-8aa7a72b71","pushedAt":"2024-05-13T15:51:51.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"5757c56cbf302a08838e830020163bf23671dd6a","after":"3709b29fbfee294e5dd5cf05363c8970c696ee4d","ref":"refs/heads/main","pushedAt":"2024-05-13T15:51:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Remove github.com/hashicorp/go-plugin dependency (#5446)\n\nPart of #4647\r\n* remove dependabot group\r\n* `go mod tidy` to remove dependencies\r\n\r\n---------\r\n\r\nSigned-off-by: dependabot[bot] \r\nSigned-off-by: Yuri Shkuro \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>\r\nCo-authored-by: Yuri Shkuro ","shortMessageHtmlLink":"Remove github.com/hashicorp/go-plugin dependency (#5446)"}},{"before":"784576138f3ed9aa82f86982406abf0364068e4d","after":null,"ref":"refs/heads/dependabot/github_actions/actions/checkout-4.1.5","pushedAt":"2024-05-13T15:51:17.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"37b62a7b1b580c3ae55f3345e0d4724a68dec2bb","after":"3e8546ce0155c0915705180dce2f2cce64f9f582","ref":"refs/heads/dependabot/go_modules/hashicorp-8aa7a72b71","pushedAt":"2024-05-13T15:48:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"remove hashicorp dependabot group\n\nSigned-off-by: Yuri Shkuro ","shortMessageHtmlLink":"remove hashicorp dependabot group"}},{"before":null,"after":"37b62a7b1b580c3ae55f3345e0d4724a68dec2bb","ref":"refs/heads/dependabot/go_modules/hashicorp-8aa7a72b71","pushedAt":"2024-05-13T04:34:40.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump github.com/hashicorp/go-plugin in the hashicorp group\n\nBumps the hashicorp group with 1 update: [github.com/hashicorp/go-plugin](https://github.com/hashicorp/go-plugin).\n\n\nUpdates `github.com/hashicorp/go-plugin` from 1.6.0 to 1.6.1\n- [Release notes](https://github.com/hashicorp/go-plugin/releases)\n- [Changelog](https://github.com/hashicorp/go-plugin/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/hashicorp/go-plugin/compare/v1.6.0...v1.6.1)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/hashicorp/go-plugin\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: hashicorp\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump github.com/hashicorp/go-plugin in the hashicorp group"}},{"before":null,"after":"5af4ad1eb520af1b0b46655ad8949780901f25a9","ref":"refs/heads/dependabot/github_actions/ossf/scorecard-action-2.3.3","pushedAt":"2024-05-13T04:20:26.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.\n- [Release notes](https://github.com/ossf/scorecard-action/releases)\n- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)\n- [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534)\n\n---\nupdated-dependencies:\n- dependency-name: ossf/scorecard-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump ossf/scorecard-action from 2.3.1 to 2.3.3"}},{"before":null,"after":"784576138f3ed9aa82f86982406abf0364068e4d","ref":"refs/heads/dependabot/github_actions/actions/checkout-4.1.5","pushedAt":"2024-05-13T04:20:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump actions/checkout from 4.1.2 to 4.1.5\n\nBumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.5.\n- [Release notes](https://github.com/actions/checkout/releases)\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b)\n\n---\nupdated-dependencies:\n- dependency-name: actions/checkout\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump actions/checkout from 4.1.2 to 4.1.5"}},{"before":"a2a9188f3b73f7d983352688e91a43fd3b633875","after":"5757c56cbf302a08838e830020163bf23671dd6a","ref":"refs/heads/main","pushedAt":"2024-05-12T17:05:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"[v2] Replace e2e span_reader grpc.DialContext with NewClient (#5443)","shortMessageHtmlLink":"[v2] Replace e2e span_reader grpc.DialContext with NewClient (#5443)"}},{"before":"84ea40e6b197194d50dc88c366d68fd46c372280","after":"a2a9188f3b73f7d983352688e91a43fd3b633875","ref":"refs/heads/main","pushedAt":"2024-05-12T13:35:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"[query/tests] Use grpc.NewClient (#5391)","shortMessageHtmlLink":"[query/tests] Use grpc.NewClient (#5391)"}},{"before":"98abc11c834eea10ce742acae504dc8622305c07","after":"84ea40e6b197194d50dc88c366d68fd46c372280","ref":"refs/heads/main","pushedAt":"2024-05-12T02:36:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Replace grpc-plugin storage type name with just grpc (#5442)\n\n## Which problem is this PR solving?\r\n- Resolves #4647\r\n\r\n## Description of the changes\r\n- Add new storage type `grpc` and log warning if the old value\r\n`grpc-plugin` is used.\r\n\r\n## How was this change tested?\r\n- CII\r\n\r\nSigned-off-by: Yuri Shkuro ","shortMessageHtmlLink":"Replace grpc-plugin storage type name with just grpc (#5442)"}},{"before":"e9c819dd400defdeb41df76330402f7ddaf5b8f0","after":"98abc11c834eea10ce742acae504dc8622305c07","ref":"refs/heads/main","pushedAt":"2024-05-11T21:36:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Stop running integration tests for Elasticsearch v5/v6 (#5440)\n\n## Which problem is this PR solving?\r\n- Part of #5439\r\n\r\n## Description of the changes\r\n- Stop running integration tests for Elasticsearch v5/v6\r\n\r\n## How was this change tested?\r\n- CI\r\n\r\nSigned-off-by: Yuri Shkuro ","shortMessageHtmlLink":"Stop running integration tests for Elasticsearch v5/v6 (#5440)"}},{"before":"299d94262393c7656375b96050e4315cac926b7e","after":"e9c819dd400defdeb41df76330402f7ddaf5b8f0","ref":"refs/heads/main","pushedAt":"2024-05-11T21:35:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Deprecate gRPC-Plugin support (#5388)\n\n## Which problem is this PR solving?\r\n- Part of [#4647 ](https://github.com/jaegertracing/jaeger/issues/4647)\r\n\r\n## Description of the changes\r\n- Remove sidecar plugin support based on hashicorp go-plugin library.\r\n\r\n\r\n\r\n## Checklist\r\n- [x] I have read\r\nhttps://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md\r\n- [x] I have signed all commits\r\n- [ ] I have added unit tests for the new functionality\r\n- [x] I have run lint and test steps successfully\r\n - for `jaeger`: `make lint test`\r\n - for `jaeger-ui`: `yarn lint` and `yarn test`\r\n\r\n---------\r\n\r\nSigned-off-by: Ashutosh Srivastava \r\nSigned-off-by: Yuri Shkuro \r\nSigned-off-by: Yuri Shkuro \r\nCo-authored-by: Yuri Shkuro \r\nCo-authored-by: Yuri Shkuro ","shortMessageHtmlLink":"Deprecate gRPC-Plugin support (#5388)"}},{"before":"7d32d369b8b0c5c48f2268ee21ec1487faeea455","after":"299d94262393c7656375b96050e4315cac926b7e","ref":"refs/heads/main","pushedAt":"2024-05-11T20:03:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"[grpc-storage] Use grpc.NewClient (#5393)\n\n## Which problem is this PR solving?\r\n- Part of #5330\r\n\r\n## Description of the changes\r\n- use grpc.NewClient\r\n- add extra test\r\n\r\n## How was this change tested?\r\n- CI\r\n\r\n---------\r\n\r\nSigned-off-by: Yuri Shkuro ","shortMessageHtmlLink":"[grpc-storage] Use grpc.NewClient (#5393)"}},{"before":"3613a58f5502d1c68fa357369e6dd365b1aaaa8f","after":null,"ref":"refs/heads/dependabot/github_actions/step-security/harden-runner-2.7.1","pushedAt":"2024-05-11T18:43:08.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"7621fc910b0c7873e63b69057f24e7dbd270044b","after":null,"ref":"refs/heads/dependabot/github_actions/actions/dependency-review-action-4.3.2","pushedAt":"2024-05-11T18:42:48.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"81037e24f812b88ee691c1c4243be59428d62bf5","after":"7d32d369b8b0c5c48f2268ee21ec1487faeea455","ref":"refs/heads/main","pushedAt":"2024-05-11T18:42:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Bump actions/dependency-review-action from 4.2.5 to 4.3.2 (#5425)\n\nBumps\r\n[actions/dependency-review-action](https://github.com/actions/dependency-review-action)\r\nfrom 4.2.5 to 4.3.2.\r\n
\r\nRelease notes\r\n

Sourced from actions/dependency-review-action's\r\nreleases.

\r\n
\r\n

v4.3.2

\r\n

What's Changed

\r\n
    \r\n
  • Fix package-url parsing for allow-dependencies-licenses by @​juxtin in actions/dependency-review-action#761
    • \r\n
\r\n

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2

\r\n

v4.3.1

\r\n

What's Changed

\r\n

This release fixes some bugs related to package-url parsing that were\r\nintroduced in 4.3.0. See actions/dependency-review-action#753.

\r\n

Full Changelog: https://github.com/actions/dependency-review-action/compare/V4.3.0...v4.3.1

\r\n

v4.3.0

\r\n

New Features

\r\n
    \r\n
  • The deny-packages option can now be used without a\r\nversion number to exclude all versions of a package.
    • \r\n
\r\n

What's Changed

\r\n
    \r\n
  • Fix action variable name for scorecard by @​lukehinds in actions/dependency-review-action#735
    • \r\n
  • Fix extra https:// in summary by @​jhutchings1 in\r\nactions/dependency-review-action#748
    • \r\n
  • Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in actions/dependency-review-action#744
    • \r\n
  • Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in actions/dependency-review-action#737
    • \r\n
  • Show denied packages with red X by @​juxtin in actions/dependency-review-action#750
    • \r\n
  • deny-packages configuration option can deny specified version or all\r\npackages by @​febuiles and @​bteng22 in actions/dependency-review-action#733
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​bteng22 made\r\ntheir first contribution in actions/dependency-review-action#733
    • \r\n
  • @​lukehinds\r\nmade their first contribution in actions/dependency-review-action#735
    • \r\n
\r\n

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.2.5...V4.3.0

\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 0c155c5\r\nMerge pull request #762\r\nfrom actions/juxtin/prepare-4.3.2
    • \r\n
  • f3dac32\r\nMerge pull request #761\r\nfrom actions/juxtin/fix-allow-dependencies-licenses
    • \r\n
  • d0d5cc3\r\nUpdate version number to 4.3.2
    • \r\n
  • 49fbbe0\r\nFix package-url parsing for allow-dependencies-licenses
    • \r\n
  • e58c696\r\nMerge pull request #758\r\nfrom actions/juxtin/prepare-4.3.1
    • \r\n
  • 9b7c72d\r\nChange version to 4.3.1
    • \r\n
  • 7dcfabf\r\nMerge pull request #753\r\nfrom actions/juxtin/debug-purl
    • \r\n
  • 5f0808f\r\nValidate that deny-packages purls are complete
    • \r\n
  • fcc66c2\r\nRefine purl parsing and tests
    • \r\n
  • 1dd418b\r\nBasic tests for PURL validation in config
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.2.5&new-version=4.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump actions/dependency-review-action from 4.2.5 to 4.3.2 (#5425)"}},{"before":"465a7694b0fbd3fbdfd2976cd004595247b177c0","after":"ec1ae1137ba443b68506951be549dc79877f1224","ref":"refs/heads/dependabot/go_modules/github.com/prometheus/client_golang-1.19.1","pushedAt":"2024-05-11T18:41:41.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1\n\nBumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1.\n- [Release notes](https://github.com/prometheus/client_golang/releases)\n- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/prometheus/client_golang\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1"}},{"before":"e27403d14e031e01a77e7865eeec138c55e28f21","after":"1b0e9e2ff3753a5a78ed857c9475cb3e8d27bc80","ref":"refs/heads/dependabot/go_modules/google.golang.org/protobuf-1.34.1","pushedAt":"2024-05-11T18:41:40.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump google.golang.org/protobuf from 1.34.0 to 1.34.1\n\nBumps google.golang.org/protobuf from 1.34.0 to 1.34.1.\n\n---\nupdated-dependencies:\n- dependency-name: google.golang.org/protobuf\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump google.golang.org/protobuf from 1.34.0 to 1.34.1"}},{"before":"72ae4bfcfa3197c6f13fcab1cb55c5fa272fd005","after":null,"ref":"refs/heads/dependabot/go_modules/golang.org/x/net-0.25.0","pushedAt":"2024-05-11T18:40:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"fb5c804f17bda5a4b8fb0abab0870c7597004b42","after":"81037e24f812b88ee691c1c4243be59428d62bf5","ref":"refs/heads/main","pushedAt":"2024-05-11T18:40:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Bump golang.org/x/net from 0.24.0 to 0.25.0 (#5427)\n\nBumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to\r\n0.25.0.\r\n
\r\nCommits\r\n
    \r\n
  • d27919b\r\ngo.mod: update golang.org/x dependencies
    • \r\n
  • e0324fc\r\nhttp2: use net.ErrClosed
    • \r\n
  • b20cd59\r\nquic: initiate key rotation earlier in connections
    • \r\n
  • f95a3b3\r\nhtml: fix typo in package doc
    • \r\n
  • 0a24555\r\nhttp/httpguts: speed up ValidHeaderFieldName
    • \r\n
  • ec05fdc\r\nhttp2: don't retry the first request on a connection on GOAWAY\r\nerror
    • \r\n
  • b67a0f0\r\nhttp2: send correct LastStreamID in stream-caused GOAWAY
    • \r\n
  • a130fcc\r\nquic: don't consider goroutines running when tests start as leaked
    • \r\n
  • See full diff in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.24.0&new-version=0.25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump golang.org/x/net from 0.24.0 to 0.25.0 (#5427)"}},{"before":"bf242a2632e22856076b08f419605a10a7a802a1","after":null,"ref":"refs/heads/dependabot/github_actions/actions/setup-go-5.0.1","pushedAt":"2024-05-11T18:39:08.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"5ddcaa98811e34f7b1292ceb8fe0ff781640b678","after":"fb5c804f17bda5a4b8fb0abab0870c7597004b42","ref":"refs/heads/main","pushedAt":"2024-05-11T17:16:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"[v2] Remove temporary SkipBinaryAttrs flag from e2e tests (#5436)\n\n## Which problem is this PR solving?\r\n- PR #5322 temporarily added a SkipBinaryAttrs flag to avoid checking\r\nspan's tags with a binary type since the OTEL Jaeger translator has a\r\nbug that converts binary tags into string tags. Since it has been fixed,\r\nwe will delete this flag.\r\n\r\n## Description of the changes\r\n- Delete the SkipBinaryAttrs flag from StorageIntegration.\r\n\r\n## How was this change tested?\r\n- Tested locally by running all the e2e storage tests. e.g.\r\n`STORAGE=grpc SPAN_STORAGE_TYPE=memory make\r\njaeger-v2-storage-integration-test`\r\n\r\n## Checklist\r\n- [x] I have read\r\nhttps://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md\r\n- [x] I have signed all commits\r\n- [ ] I have added unit tests for the new functionality\r\n- [x] I have run lint and test steps successfully\r\n - for `jaeger`: `make lint test`\r\n - for `jaeger-ui`: `yarn lint` and `yarn test`\r\n\r\nSigned-off-by: James Ryans ","shortMessageHtmlLink":"[v2] Remove temporary SkipBinaryAttrs flag from e2e tests (#5436)"}},{"before":null,"after":"465a7694b0fbd3fbdfd2976cd004595247b177c0","ref":"refs/heads/dependabot/go_modules/github.com/prometheus/client_golang-1.19.1","pushedAt":"2024-05-10T04:35:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1\n\nBumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1.\n- [Release notes](https://github.com/prometheus/client_golang/releases)\n- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/prometheus/client_golang\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1"}},{"before":"12aa9da9e2b0512c55497c40bb6bd481131c5b67","after":"5ddcaa98811e34f7b1292ceb8fe0ff781640b678","ref":"refs/heads/main","pushedAt":"2024-05-08T23:11:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yurishkuro","name":"Yuri Shkuro","path":"/yurishkuro","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3523016?s=80&v=4"},"commit":{"message":"Add tests for internal/extension/jaegerquery (#5123)\n\n## Which problem is this PR solving?\r\n- Part of #5068\r\n\r\n## Description of the changes\r\n- This commit adds tests for the\r\n`cmd/jaeger/internal/extension/jaegerquery` package.\r\n\r\n## How was this change tested?\r\n- make test\r\n\r\n## Checklist\r\n- [x] I have read\r\nhttps://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md\r\n- [x] I have signed all commits\r\n- [x] I have added unit tests for the new functionality\r\n- [x] I have run lint and test steps successfully\r\n - for `jaeger`: `make lint test`\r\n - for `jaeger-ui`: `yarn lint` and `yarn test`\r\n\r\n---------\r\n\r\nSigned-off-by: VaibhavMalik4187 \r\nSigned-off-by: Yuri Shkuro \r\nSigned-off-by: Yuri Shkuro \r\nCo-authored-by: Yuri Shkuro \r\nCo-authored-by: Yuri Shkuro ","shortMessageHtmlLink":"Add tests for internal/extension/jaegerquery (#5123)"}},{"before":"82232b4c1180a760fca1a39bf904efedcd93cdc6","after":"3613a58f5502d1c68fa357369e6dd365b1aaaa8f","ref":"refs/heads/dependabot/github_actions/step-security/harden-runner-2.7.1","pushedAt":"2024-05-08T16:44:42.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump step-security/harden-runner from 2.7.0 to 2.7.1\n\nBumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.7.0 to 2.7.1.\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/63c24ba6bd7ba022e95695ff85de572c04a18142...a4aa98b93cab29d9b1101a6143fb8bce00e2eac4)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump step-security/harden-runner from 2.7.0 to 2.7.1"}},{"before":"70371baa0e63142c36b4a9d77f76c702d3a4f06a","after":"bf242a2632e22856076b08f419605a10a7a802a1","ref":"refs/heads/dependabot/github_actions/actions/setup-go-5.0.1","pushedAt":"2024-05-08T16:44:40.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump actions/setup-go from 5.0.0 to 5.0.1\n\nBumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.0 to 5.0.1.\n- [Release notes](https://github.com/actions/setup-go/releases)\n- [Commits](https://github.com/actions/setup-go/compare/0c52d547c9bc32b1aa3301fd7a9cb496313a4491...cdcb36043654635271a94b9a6d1392de5bb323a7)\n\n---\nupdated-dependencies:\n- dependency-name: actions/setup-go\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump actions/setup-go from 5.0.0 to 5.0.1"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAESJb0_gA","startCursor":null,"endCursor":null}},"title":"Activity · jaegertracing/jaeger"}