hexolan/stocklet
1
0
Fork 0
mirror of https://github.com/hexolan/stocklet.git synced 2026-03-26 11:41:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
35 Commits 6 Branches 1 Tag
main
Commit Graph

15 Commits

Author SHA1 Message Date
Declan Teevan
4a686228e1 fix: security dependency upgrades 
Prior to patch, occuring/reproducable when gRPC service is directly
exposed (not behind a reverse proxy / load balancer that enforces HTTP/2
compliance - path normalisation).

This would not present a public-facing issue within the current version
of this project; no user-facing gRPC routes are made avaliable that
aren't already behind `grpc-gateway` for enforcing the mappings.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
 2026-03-22 01:38:32 +00:00
dependabot[bot]
b9de8a60fa chore(deps): bump google.golang.org/grpc 
Bumps the go_modules group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `google.golang.org/grpc` from 1.59.0 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.59.0...v1.79.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-18 23:48:26 +00:00
dependabot[bot]
181b2a6673 chore(deps): bump go.opentelemetry.io/otel/sdk 
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel/sdk` from 1.21.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...v1.40.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 00:01:28 +00:00
dependabot[bot]
7885b5ffb7 chore(deps): bump golang.org/x/crypto 
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.36.0 to 0.45.0
- [Commits](https://github.com/golang/crypto/compare/v0.36.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 02:00:46 +00:00
dependabot[bot]
be933ab1bb chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.36.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-16 23:22:26 +00:00
dependabot[bot]
241e1dd014 chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-13 01:41:14 +00:00
dependabot[bot]
2f2ebc119a chore(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-21 19:13:04 +00:00
dependabot[bot]
cad44c7d0d chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-04 23:20:03 +00:00
Declan T.
e016e68672 Merge pull request #3 from hexolan/dependabot/go_modules/google.golang.org/protobuf-1.33.0 
chore(deps): bump google.golang.org/protobuf from 1.31.1-0.20231027082548-f4a6c1f6e5c1 to 1.33.0
 2024-09-05 00:18:42 +01:00
dependabot[bot]
21208da3d8 chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.18 to 2.0.21 
Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.0.18 to 2.0.21.
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes)
- [Commits](https://github.com/lestrrat-go/jwx/compare/v2.0.18...v2.0.21)

---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx/v2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-04 23:17:50 +00:00
dependabot[bot]
5b6a0bd255 chore(deps): bump google.golang.org/protobuf 
Bumps google.golang.org/protobuf from 1.31.1-0.20231027082548-f4a6c1f6e5c1 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-04 23:17:42 +00:00
Declan T.
534a5881eb Merge pull request #2 from hexolan/dependabot/go_modules/github.com/jackc/pgx/v5-5.5.4 
chore(deps): bump github.com/jackc/pgx/v5 from 5.3.1 to 5.5.4
 2024-09-05 00:15:29 +01:00
dependabot[bot]
dc9da32a99 chore(deps): bump github.com/jackc/pgx/v5 from 5.3.1 to 5.5.4 
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.3.1 to 5.5.4.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.3.1...v5.5.4)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-04 23:14:42 +00:00
dependabot[bot]
d74c7f09c3 chore(deps): bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.6+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.6)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-04 23:14:26 +00:00
Declan Teevan
531b5dabe2 chore: initial commit 2024-04-16 22:27:52 +01:00