Bump github.com/xmidt-org/webpa-common/v2 from 2.0.7 to 2.2.2

[dependabot]

Bumps github.com/xmidt-org/webpa-common/v2 from 2.0.7 to 2.2.2.

Release notes

Sourced from github.com/xmidt-org/webpa-common/v2's releases.

v2.2.2

Changelog

Other Work

• 0d8c0be19b8fe8bc489667102dddc3969dd4b4fc: Bump github.com/aws/aws-sdk-go from 1.44.298 to 1.44.300 (#940) (@​dependabot[bot])
• 7a6d689ceaaccc80dd66116f4bf26943065b16d9: Bump github.com/aws/aws-sdk-go from 1.44.300 to 1.44.301 (#941) (@​dependabot[bot])
• 1545a7184e622544981f80ff6ab2f82fccb966f6: Bump github.com/aws/aws-sdk-go from 1.44.301 to 1.44.304 (#943) (@​dependabot[bot])
• badf839227c000627b591de861eda811519ca1c2: Bump github.com/aws/aws-sdk-go from 1.44.304 to 1.44.305 (#945) (@​dependabot[bot])
• 0f470e50ee7e26a4aceeb986f168af28979ac3f0: Bump github.com/aws/aws-sdk-go from 1.44.305 to 1.44.306 (#946) (@​dependabot[bot])
• d6661a20e28f433115cac930bd266836262933b2: Bump github.com/aws/aws-sdk-go from 1.44.306 to 1.44.307 (#947) (@​dependabot[bot])
• 51e3576d9a70a9705950379cbc2ca2f01f59c074: Bump github.com/aws/aws-sdk-go from 1.44.307 to 1.44.308 (#948) (@​dependabot[bot])
• eee580416b0e91ece686524f3e7f2e87bb6bb421: Bump github.com/aws/aws-sdk-go from 1.44.308 to 1.44.309 (#949) (@​dependabot[bot])
• 633e4ed5708c78b556f898454e53bb390eeb91af: Bump github.com/aws/aws-sdk-go from 1.44.309 to 1.44.312 (#951) (@​dependabot[bot])
• 687bef48f746c731cdd5a21e612f40ce3df78141: Bump github.com/aws/aws-sdk-go from 1.44.312 to 1.44.313 (#952) (@​dependabot[bot])
• 58cc16b0d174ead0e5fdd4535fefef0224c1b5a8: Bump github.com/aws/aws-sdk-go from 1.44.313 to 1.44.314 (#954) (@​dependabot[bot])
• e986f507d8fc7f9c843981fe595eea680e6b51f0: Bump github.com/aws/aws-sdk-go from 1.44.314 to 1.44.316 (#956) (@​dependabot[bot])
• a6029dd2add8338988e48431d9739e7e35c47d15: Bump github.com/aws/aws-sdk-go from 1.44.316 to 1.44.317 (#957) (@​dependabot[bot])
• 4f3a26dad12cbdc59f8566171f92d58638a0f2c8: Bump github.com/hashicorp/consul/api from 1.22.0 to 1.23.0 (#944) (@​dependabot[bot])
• a5c0e7572158576df03271711868727890d3aa06: Bump github.com/hashicorp/consul/api from 1.23.0 to 1.24.0 (#958) (@​dependabot[bot])
• a091fe76100e1f18a8606941200cd8006b19d2a3: Bump go.uber.org/zap from 1.24.0 to 1.25.0 (#953) (@​dependabot[bot])

v2.2.1

Changelog

Other Work

• 67152463736a7238cfaf61e5119f15eaea88d28e: Bump github.com/aws/aws-sdk-go from 1.44.282 to 1.44.283 (#919) (@​dependabot[bot])
• 56ca22e65cc032a5c951654f4935c6876449b09f: Bump github.com/aws/aws-sdk-go from 1.44.283 to 1.44.284 (#920) (@​dependabot[bot])
• 932718bafe6a984c509ba4d51998517f3eb1aab0: Bump github.com/aws/aws-sdk-go from 1.44.284 to 1.44.285 (#923) (@​dependabot[bot])
• 0caa37308ab5c9f58c9aec3fc90ed36aba484a03: Bump github.com/aws/aws-sdk-go from 1.44.285 to 1.44.286 (#924) (@​dependabot[bot])
• 288ac7039709cfea5853a1b4706d152defa605a2: Bump github.com/aws/aws-sdk-go from 1.44.286 to 1.44.287 (#926) (@​dependabot[bot])
• 2a9512d84ddec048b15b2315c04ec5a4fc2f72ae: Bump github.com/aws/aws-sdk-go from 1.44.287 to 1.44.288 (#927) (@​dependabot[bot])
• 12463528d5ef479493c27fc0e38cce70431571e9: Bump github.com/aws/aws-sdk-go from 1.44.288 to 1.44.289 (#928) (@​dependabot[bot])
• 8de81738a08881dd0837009ee6915871740221a8: Bump github.com/aws/aws-sdk-go from 1.44.289 to 1.44.290 (#930) (@​dependabot[bot])
• cca089e1e9eb5b5883e62504d9a0eacac294c0bb: Bump github.com/aws/aws-sdk-go from 1.44.290 to 1.44.291 (#931) (@​dependabot[bot])
• 04f661eea6c7ac4007d7c36f1a5ff67c5460507a: Bump github.com/aws/aws-sdk-go from 1.44.291 to 1.44.292 (#932) (@​dependabot[bot])
• 61b7dcd7565b68cfcf5907e6903d44f649129ddb: Bump github.com/aws/aws-sdk-go from 1.44.292 to 1.44.293 (#933) (@​dependabot[bot])
• 51b8452cadecb79aa77cae2776fd026bf1fe4c9d: Bump github.com/aws/aws-sdk-go from 1.44.293 to 1.44.294 (#934) (@​dependabot[bot])
• 64747ac0f8eb1febb3219bf05f595bdf26d07290: Bump github.com/aws/aws-sdk-go from 1.44.294 to 1.44.296 (#936) (@​dependabot[bot])
• f659020bcde5d4e40a43ace5db31a1eb88258381: Bump github.com/aws/aws-sdk-go from 1.44.296 to 1.44.298 (#938) (@​dependabot[bot])
• d3f7f441e9c7b81b4eccc6403024dea9eb87b904: Bump github.com/hashicorp/consul/api from 1.21.0 to 1.22.0 (#929) (@​dependabot[bot])
• 55fa0f68452b2f43d186286a73d0de05c2557d16: Bump github.com/miekg/dns from 1.1.54 to 1.1.55 (#921) (@​dependabot[bot])
• 1956094ae80b2ddcc27efa49441db32644b53b04: Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#918) (@​dependabot[bot])

v2.1.4

Changelog

Other Work

• 1e6498b62defc90e4faffedbb0b208432d73f25c: Bump github.com/aws/aws-sdk-go from 1.44.277 to 1.44.279 (#911) (@​dependabot[bot])
• faf4ed6a07bbe8d68b3ef14501898ee01577c4ff: Bump github.com/aws/aws-sdk-go from 1.44.279 to 1.44.281 (#913) (@​dependabot[bot])
• 69590fd1f6e116da06d50f790a201ecf96dd91a7: Bump github.com/aws/aws-sdk-go from 1.44.281 to 1.44.282 (#915) (@​dependabot[bot])
• b5f4dee87698f4870ae945b2d644d4c124a63b15: Bump go.uber.org/fx from 1.19.3 to 1.20.0 (#914) (@​dependabot[bot])
• 26089fef0d7c5c45d901925d3ba80d625a891af8: added a metric for prometheus gauge (@​maurafortino)
• 389feaf372b723167b1f25c2ea1fe0ee184a3a5f: added prometheus gauges to registry interface (@​maurafortino)

... (truncated)

Changelog

Sourced from github.com/xmidt-org/webpa-common/v2's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased]

[v2.1.1]

• Removed gokit/logger and replaced with zap.logger as part of the webpa-common deprecation for scytale, caduceus, and talaria (xmidt-org/webpa-common#655)

[v2.1.0]

• Patch writePump performance hit #613
• [Remove logging package and replace go-kit/kit/log & go-kit/log with zap #686](xmidt-org/webpa-common#686)
• [Fix bookkeeping package tests #465](xmidt-org/webpa-common#465)
• removed packages not currently

Commits

• 36ecf9d Merge pull request #960 from xmidt-org/denopink/patch/pprof
• c06c579 chore: patch pprof
• a5c0e75 Bump github.com/hashicorp/consul/api from 1.23.0 to 1.24.0 (#958)
• a6029dd Bump github.com/aws/aws-sdk-go from 1.44.316 to 1.44.317 (#957)
• e986f50 Bump github.com/aws/aws-sdk-go from 1.44.314 to 1.44.316 (#956)
• a091fe7 Bump go.uber.org/zap from 1.24.0 to 1.25.0 (#953)
• 58cc16b Bump github.com/aws/aws-sdk-go from 1.44.313 to 1.44.314 (#954)
• 687bef4 Bump github.com/aws/aws-sdk-go from 1.44.312 to 1.44.313 (#952)
• 633e4ed Bump github.com/aws/aws-sdk-go from 1.44.309 to 1.44.312 (#951)
• eee5804 Bump github.com/aws/aws-sdk-go from 1.44.308 to 1.44.309 (#949)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guardrails]

⚠️ We detected 76 security issues in this pull request:

Vulnerable Libraries (76)

Severity	Details
Medium	pkg:golang/github.com/hashicorp/consul/api@v1.12.0 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781 upgrade to: 0.7.0
N/A	pkg:golang/golang.org/x/net@v0.0.0-20210525063256-abc453219eb5 upgrade to: 1.16.12,1.17.5,0.0.0-20211209124913-491a49abca63
N/A	pkg:golang/golang.org/x/text@0.3.7 upgrade to: 0.3.8
High	pkg:golang/gopkg.in/yaml.v2@v2.4.0 - no patch available
Critical	pkg:golang/github.com/jinzhu/gorm@v1.9.16 - no patch available
Medium	pkg:golang/github.com/yuin/goldmark@v1.1.32 - no patch available
Critical	pkg:golang/github.com/gogo/protobuf@v1.3.2 - no patch available
High	pkg:golang/github.com/hashicorp/consul/api@v1.7.0 - no patch available
High	pkg:golang/github.com/prometheus/client_golang@v1.4.0 upgrade to: 1.11.1
High	pkg:golang/github.com/gorilla/websocket@v1.5.0 - no patch available
High	pkg:golang/github.com/hashicorp/consul/sdk@v0.3.0 - no patch available
N/A	pkg:golang/github.com/aws/aws-sdk-go@v1.40.45 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190801041406-cbf593c0f2f3 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/github.com/apache/thrift@v0.12.0 upgrade to: 0.13.0
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191204072324-ce4227a45e2e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/miekg/dns@v1.1.26 - no patch available
N/A	pkg:golang/github.com/aws/aws-sdk-go@v1.44.83 - no patch available
High	pkg:golang/github.com/hashicorp/consul/api@v1.1.0 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190726091711-fc99dfbffb4e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/github.com/gorilla/sessions@v1.2.1 - no patch available
High	pkg:golang/github.com/hashicorp/consul/sdk@v0.1.1 - no patch available
High	pkg:golang/github.com/hashicorp/consul/sdk@v0.4.0 - no patch available
N/A	pkg:golang/k8s.io/apimachinery@v0.0.0-20180821005732-488889b0007f upgrade to: 0.0.0-20190927203648-9ce6eca90e73
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190904154756-749cb33beabd upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/hashicorp/vault/sdk@v0.1.13 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190523142557-0e01d883c5c5 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191120155948-bd437916bb0e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/hashicorp/consul/sdk@v0.6.0 - no patch available
High	pkg:golang/github.com/gorilla/websocket@v1.4.2 - no patch available
High	pkg:golang/github.com/hashicorp/vault/api@v1.0.4 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191026070338-33540a1f6037 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/gopkg.in/yaml.v2@v2.4.0 - no patch available
N/A	pkg:golang/k8s.io/apimachinery@v0.0.0-20190223001710-c182ff3b9841 upgrade to: 0.0.0-20190927203648-9ce6eca90e73
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20181026203630-95b1ffbd15a5 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/hashicorp/consul/api@v1.3.0 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190922100055-0a153f010e69 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20180909124046-d0be0721c37e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/hashicorp/consul/api@v1.14.0 - no patch available
N/A	pkg:golang/github.com/hashicorp/consul/api@v1.4.0 - no patch available
N/A	pkg:golang/golang.org/x/text@v0.3.7 upgrade to: 0.3.8
Medium	pkg:golang/gopkg.in/yaml.v2@v2.0.0-20170812160011-eb3733d160e7 upgrade to: 2.2.8
Medium	pkg:golang/github.com/hashicorp/consul/sdk@v0.10.0 - no patch available
N/A	pkg:golang/github.com/gogo/protobuf@v1.1.1 upgrade to: 1.3.2
N/A	pkg:golang/gopkg.in/yaml.v2@v2.2.3 upgrade to: 2.2.8
N/A	pkg:golang/github.com/gogo/protobuf@v1.2.0 upgrade to: 1.3.2
Medium	pkg:golang/github.com/hashicorp/consul/api@v1.10.1 - no patch available
Critical	pkg:golang/github.com/influxdata/influxdb@v1.7.7 - no patch available
Medium	pkg:golang/gopkg.in/yaml.v2@v2.2.4 upgrade to: 2.2.8
N/A	pkg:golang/golang.org/x/text@v0.3.4 upgrade to: 0.3.7
High	pkg:golang/github.com/gorilla/websocket@v0.0.0-20170926233335-4201258b820c upgrade to: 1.4.1
N/A	pkg:golang/github.com/gorilla/websocket@v1.4.0 upgrade to: 1.4.1
High	pkg:golang/golang.org/x/net@v0.0.0-20210316092652-d523dce5a7f4 - no patch available
High	pkg:golang/github.com/hashicorp/consul/sdk@v0.8.0 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20210503060351-7fd8e65b6420 upgrade to: 1.16.12,1.17.5,0.0.0-20211209124913-491a49abca63
N/A	pkg:golang/github.com/miekg/dns@v1.0.14 upgrade to: 1.1.25-0.20191211073109-8ebf2e419df7
N/A	pkg:golang/golang.org/x/net@v0.0.0-20220425223048-2871e0cb64e4 upgrade to: 1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c
High	pkg:golang/golang.org/x/crypto@v0.0.0-20210920023735-84f357641f63 upgrade to: 0.0.0-20211202192323-5770296d904e
N/A	pkg:golang/github.com/aws/aws-sdk-go@v1.25.41 upgrade to: 1.34.0,1.34.0
N/A	pkg:golang/github.com/gogo/protobuf@v1.2.1 upgrade to: 1.3.2
N/A	pkg:golang/github.com/dgrijalva/jwt-go@v3.2.0+incompatible upgrade to: 4.0.0-preview1
High	pkg:golang/golang.org/x/net@v0.0.0-20181114220301-adae6a3d119a upgrade to: 0.0.0-20190125002852-4b62a64f59f7,0.0.0-20190125002852-4b62a64f59f7
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20210421170649-83a5a9bb288b - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20201209123823-ac852fbbde11 upgrade to: 1.15.12,1.16.4,0.0.0-20210428140749-89ef3d95e781
N/A	pkg:golang/golang.org/x/net@v0.0.0-20220412020605-290c469a71a5 upgrade to: 1.18.9,1.19.4,0.4.0
N/A	pkg:golang/golang.org/x/net@v0.0.0-20181220203305-927f97764cc3 upgrade to: 1.11.13,1.12.8,0.0.0-20190813141303-74dc4d7220e7
N/A	pkg:golang/github.com/coredns/coredns@v1.1.2 upgrade to: 1.6.6
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.31.6 upgrade to: 1.34.0
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.8.12 upgrade to: 1.34.0
N/A	pkg:golang/gopkg.in/yaml.v2@v2.2.5 upgrade to: 2.2.8
Medium	pkg:golang/github.com/nats-io/nats-server/v2@v2.5.0 upgrade to: 2.7.4,0.24.3
N/A	pkg:golang/golang.org/x/net@v0.0.0-20200822124328-c89045814202 upgrade to: 1.18.9,1.19.4,0.4.0
Medium	pkg:golang/github.com/hashicorp/consul@v1.4.2 upgrade to: 1.11.9,1.12.5,1.13.2
Medium	pkg:golang/github.com/hashicorp/consul@v1.7.0 upgrade to: 1.10.2,1.9.9,1.8.15
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.27.0 upgrade to: 1.34.0
N/A	pkg:golang/github.com/nats-io/nats-server/v2@v2.1.2 upgrade to: 2.7.2,0.24.1

More info on how to fix Vulnerable Libraries in Go.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[dependabot]

Superseded by #71.