build(deps): bump the dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the dependencies group with 7 updates in the / directory:

Package	From	To
github.com/getsentry/sentry-go	0.28.1	0.29.0
github.com/prometheus/client_golang	1.20.0	1.20.4
github.com/prometheus/common	0.55.0	0.59.1
github.com/sagernet/sing	0.4.2	0.4.3
github.com/sagernet/sing-box	1.9.4	1.9.6
github.com/xtls/xray-core	1.8.23	1.8.24
modernc.org/sqlite	1.32.0	1.33.1

Updates github.com/getsentry/sentry-go from 0.28.1 to 0.29.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.29.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.29.0.

Breaking Changes

• Remove the sentrymartini integration (#861)
• The WrapResponseWriter has been moved from the sentryhttp package to the internal/httputils package. If you've imported it previosuly, you'll need to copy the implementation in your project. (#871)

Features

• Add new convenience methods to continue a trace and propagate tracing headers for error-only use cases. (#862)

  If you are not using one of our integrations, you can manually continue an incoming trace by using sentry.ContinueTrace() by providing the sentry-trace and baggage header received from a downstream SDK.

  hub := sentry.CurrentHub()
  sentry.ContinueTrace(hub, r.Header.Get(sentry.SentryTraceHeader), r.Header.Get(sentry.SentryBaggageHeader)),

  You can use hub.GetTraceparent() and hub.GetBaggage() to fetch the necessary header values for outgoing HTTP requests.

  hub := sentry.GetHubFromContext(ctx)
  req, _ := http.NewRequest("GET", "http://localhost:3000", nil)
  req.Header.Add(sentry.SentryTraceHeader, hub.GetTraceparent())
  req.Header.Add(sentry.SentryBaggageHeader, hub.GetBaggage())

Bug Fixes

• Initialize HTTPTransport.limit if nil (#844)
• Fix sentry.StartTransaction() returning a transaction with an outdated context on existing transactions (#854)
• Treat Proxy-Authorization as a sensitive header (#859)
• Add support for the http.Hijacker interface to the sentrynegroni package (#871)
• Go version >= 1.23: Use value from http.Request.Pattern for HTTP transaction names when using sentryhttp & sentrynegroni (#875)
• Go version >= 1.21: Fix closure functions name grouping (#877)

Misc

• Collect span origins (#849)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.29.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.29.0.

Breaking Changes

• Remove the sentrymartini integration (#861)
• The WrapResponseWriter has been moved from the sentryhttp package to the internal/httputils package. If you've imported it previosuly, you'll need to copy the implementation in your project. (#871)

Features

• Add new convenience methods to continue a trace and propagate tracing headers for error-only use cases. (#862)

  If you are not using one of our integrations, you can manually continue an incoming trace by using sentry.ContinueTrace() by providing the sentry-trace and baggage header received from a downstream SDK.

  hub := sentry.CurrentHub()
  sentry.ContinueTrace(hub, r.Header.Get(sentry.SentryTraceHeader), r.Header.Get(sentry.SentryBaggageHeader)),

  You can use hub.GetTraceparent() and hub.GetBaggage() to fetch the necessary header values for outgoing HTTP requests.

  hub := sentry.GetHubFromContext(ctx)
  req, _ := http.NewRequest("GET", "http://localhost:3000", nil)
  req.Header.Add(sentry.SentryTraceHeader, hub.GetTraceparent())
  req.Header.Add(sentry.SentryBaggageHeader, hub.GetBaggage())

Bug Fixes

• Initialize HTTPTransport.limit if nil (#844)
• Fix sentry.StartTransaction() returning a transaction with an outdated context on existing transactions (#854)
• Treat Proxy-Authorization as a sensitive header (#859)
• Add support for the http.Hijacker interface to the sentrynegroni package (#871)
• Go version >= 1.23: Use value from http.Request.Pattern for HTTP transaction names when using sentryhttp & sentrynegroni (#875)
• Go version >= 1.21: Fix closure functions name grouping (#877)

Misc

• Collect span origins (#849)

Commits

• 1c2b1d2 release: 0.29.0
• 17096d2 Prepare 0.29.0 (#883)
• 61d84f8 Revert "Add ability to skip frames (#852)" (#882)
• 871a366 Move ResponseWriter wrapper to internal (#880)
• 24ffea5 Tracing without performance improvements (#862)
• 7085a1d fix(http): use route name from 'r.Pattern' instead (#875)
• e5d46d5 Implement hijacker interface for Negroni integration (#871)
• bff876d Function grouping prefix fix (#877)
• 72f3bff ci: add go1.23 (#872)
• 11d3c79 build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#867)
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.20.0 to 1.20.4

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.4

• [BUGFIX] histograms: Fix a possible data race when appending exemplars vs metrics gather. #1623

v1.20.3

• [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608

v1.20.2

• [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

v1.20.1

This release contains the critical fix for the issue. Thanks to @​geberl, @​CubicrootXYZ, @​zetaab and @​timofurrer for helping us with the investigation!

• [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on Linux machines. #1587

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

• [BUGFIX] histograms: Fix possible data race when appending exemplars vs metrics gather. #1623

1.20.3 / 2024-09-05

• [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608

1.20.2 / 2024-08-23

• [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

• [BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587

Commits

• 05fcde9 Merge pull request #1623 from krajorama/data-race-in-histogram-write
• 209f4c0 Add changelog
• 1e398cc native histogram: Fix race between Write and addExemplar
• ef2f87e Merge pull request #1620 from prometheus/arthursens/prepare-1.20.3
• 937ac63 Add changelog entry for 1.20.3
• 6e9914d Merge pull request #1608 from krajorama/index-out-of-range-native-histogram-e...
• d6b8c89 Update comments with more explanations
• 504566f Use simplified solution from #1609 for the data race
• dc8e9a4 fix: native histogram: Simplify and fix addExemplar
• dc819ce Use a trivial solution to #1605
• Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.55.0 to 0.59.1

Release notes

Sourced from github.com/prometheus/common's releases.

v0.59.1

What's Changed

• fix(utf8): Fix multiple metric name inside braces validation by @​fedetorres93 in prometheus/common#691

Full Changelog: prometheus/common@v0.59.0...v0.59.1

v0.59.0

What's Changed

• expfmt: Add WithEscapingScheme to help construct Formats by @​ywwg in prometheus/common#688
• Change the default escape method to UnderscoreEscaping by @​ywwg in prometheus/common#690

Full Changelog: prometheus/common@v0.58.0...v0.59.0

v0.58.0

What's Changed

• docs: mention new promslog package in package list in README by @​tjhop in prometheus/common#683
• Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 by @​dependabot in prometheus/common#684
• Bump golang.org/x/net from 0.27.0 to 0.28.0 by @​dependabot in prometheus/common#685
• Remove secret file existence check in Validate for headers by @​roidelapluie in prometheus/common#687

Full Changelog: prometheus/common@v0.57.0...v0.58.0

v0.57.0

What's Changed

• feat: new promslog and promslog/flag packages to wrap log/slog by @​tjhop in prometheus/common#677

New Contributors

• @​tjhop made their first contribution in prometheus/common#677

Full Changelog: prometheus/common@v0.56.0...v0.57.0

v0.56.0

What's Changed

• Don't always fetch a OAuth2 token, if the secret from a file didn't change by @​multani in prometheus/common#647
• remove dependency to github.com/prometheus/client_golang by @​ilius in prometheus/common#662
• Bump github.com/aws/aws-sdk-go from 1.54.7 to 1.54.11 in /sigv4 by @​dependabot in prometheus/common#661
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#664
• Revert #576 and add deprecation notice by @​SuperQ in prometheus/common#665
• Bump golang.org/x/net from 0.26.0 to 0.27.0 by @​dependabot in prometheus/common#667
• use basic string in IsValidLegacyMetricName by @​ywwg in prometheus/common#668
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#672
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#674
• Bump github.com/aws/aws-sdk-go from 1.54.19 to 1.55.5 in /sigv4 by @​dependabot in prometheus/common#671
• sigv4: support nil body by @​roidelapluie in prometheus/common#673
• Fix overflows of untyped int constants on 32-bit by @​dswarbrick in prometheus/common#675
• Update client_golang by @​SuperQ in prometheus/common#676
• Update golangci lint by @​roidelapluie in prometheus/common#679

... (truncated)

Commits

• be8a747 fix(utf8): Fix multiple metric name inside braces validation (#691)
• bf4843e Merge pull request #690 from ywwg/owilliams/default-escaping
• 01da226 Change the default escape method to UnderscoreEscaping
• 4f8e8f4 expfmt: Add WithEscapingScheme to help construct Formats (#688)
• b1880d0 Merge pull request #687 from roidelapluie/checkheader
• 334963d Change the logic for SetDirectory
• d64a747 Remove secret file existence check in Validate for headers
• 06c2425 Bump golang.org/x/net from 0.27.0 to 0.28.0 (#685)
• 4606c0a Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#684)
• d98411b Merge pull request #683 from tjhop/docs/promslog-README
• Additional commits viewable in compare view

Updates github.com/sagernet/sing from 0.4.2 to 0.4.3

Commits

• f7cd94b Fix cached conn eats up read deadlines
• See full diff in compare view

Updates github.com/sagernet/sing-box from 1.9.4 to 1.9.6

Release notes

Sourced from github.com/sagernet/sing-box's releases.

1.9.6

📝 Release Notes

• Fixes and improvements

1.9.5

📝 Release Notes

• Update quic-go to v0.47.0
• Fix direct dialer not resolving domain
• Fix no error return when empty DNS cache retrieved
• Fix build with go1.23
• Fix stream sniffer
• Fix bad redirect in clash-api
• Fix wireguard events chan leak
• Fix cached conn eats up read deadlines
• Fix disconnected interface selected as default in windows
• Update Bundle Identifiers for Apple platform clients 1

1:

See Migration.

We are still working on getting all sing-box apps back on the App Store, which should be completed within a week (SFI on the App Store and others on TestFlight are already available).

Changelog

Sourced from github.com/sagernet/sing-box's changelog.

1.9.6

• Fixes and improvements

1.9.5

• Update quic-go to v0.47.0
• Fix direct dialer not resolving domain
• Fix no error return when empty DNS cache retrieved
• Fix build with go1.23
• Fix stream sniffer
• Fix bad redirect in clash-api
• Fix wireguard events chan leak
• Fix cached conn eats up read deadlines
• Fix disconnected interface selected as default in windows
• Update Bundle Identifiers for Apple platform clients 1

1:

See Migration.

We are still working on getting all sing-box apps back on the App Store, which should be completed within a week (SFI on the App Store and others on TestFlight are already available).

1.10.0-beta.8

• Fixes and improvements

With the help of a netizen, we are in the process of getting sing-box apps back on the App Store, which should be completed within a month (TestFlight is already available).

1.10.0-beta.7

• Update quic-go to v0.47.0
• Fixes and improvements

1.10.0-beta.6

• Add RDP sniffer
• Fixes and improvements

1.10.0-beta.5

• Add PNA support for Clash API
• Fixes and improvements

1.10.0-beta.3

• Add SSH sniffer
• Fixes and improvements

... (truncated)

Commits

• e586d9e Bump version
• 8c7eaa4 Fix docker build
• 8464c8c Fix version script
• 39d7127 Revert "Fix stream sniffer"
• e207700 documentation: Update client status
• 700a8eb Minor fixes
• 3b0cba0 Fix wireguard start
• f5554dd Bump version
• 4d0362d Update macOS build workflow
• 97ccd2c documentation: Add sponsors page
• Additional commits viewable in compare view

Updates github.com/xtls/xray-core from 1.8.23 to 1.8.24

Release notes

Sourced from github.com/xtls/xray-core's releases.

Xray-core v1.8.24

Donation & NFTs

在等待 SplitHTTP multiplex controller 期间，main 分支已经积累了大量重要更新，所以我们决定先发一个版本，主要有：

• SplitHTTP 的 header padding，H3 支持 dialerProxy，以及一些修复
• Socks 入站默认兼容 HTTP 代理请求（mixed）
• Fragment 支持 tlshello 被分片后在同一个 TCP 帧中发送
• UDP noise（preview，下个版本可能会改）

And we have created Project VLESS for non-Chinese participants (Russian mainly).

此外，我们开始通过 NFT 的形式接受捐款，详见 [Announcement of NFTs by Project X #3633](XTLS/Xray-core#3633)

正如大家所看到的，Xray-core v1.8 已经不小心持续了一年多的时间，我们发现流式更新是一个不错的形式。然而由于传统版本号的存在，为每个版本规划功能、进行排期已经严重阻碍了新功能的开发、合并、发布。就像这次本来在等 multiplex controller，以及已经有很多 PR 在等 v1.9，并且我们还给 v1.10 及以后的版本号规划了更多功能，要很久才能排到。

所以我们决定从下个版本开始弃用传统的版本号，改用发版日期作为版本号，如 v24.8.30，并取消版本规划，全面采用流式更新，写好的功能直接合并，不再等待，预计每月月底发一个版本。 毕竟对于反审查软件来说，相较于传统的版本号，新功能的及时性、每月更新更为重要，而不是发一个功能确定的版本并长期维护，我们也没有过这样的习惯。

补充：并不一定按月更新，changes 突然积累多了同样可以发版，如果新版有 bug 的话应当给至少一天冷静期，不会同一天发两个版本。下个版本会移除一些历史久远的代码，以后日常积累新代码、提醒迁移，跨年新版删代码、breaking。

我们相信有了各位的捐款以及对发版形式的革新，Xray-core 这个项目会发展得更好。

Changes

• Freedom: Add UDP noise #3711 @​dragonbreath2000 @​mmmray
• DNS: Support queryStrategy config for UDP NameServer #3728 @​xiaorouji
• Mux server: Fix data leak between connections #3718 @​mmmray
• Issues template: Add require for latest version XTLS/Xray-core@34e0a2f @​Fangliding
• SplitHTTP: Fix connection leaks and crashes #3710 @​mmmray
• Pin protobuf packages #3715 @​mmmray
• Chore: Fix some comment typos #3716 @​curlwget
• Wireguard inbound: Fix no route when bind to interface #3698 @​chise0713
• SplitHTTP client: Do not produce too large upload #3691 @​mmmray
• Config: Combine filename and format into a new struct #3687 @​jadeydi
• Log: Add "from" before source address XTLS/Xray-core@11b0480 @​RPRX
• Socks inbound: Support HTTP inbound by default #3682 @​Fangliding @​RPRX
• Commands: Use creflect.MarshalToJson() as output #3674 @​yuhan6665
• DialerProxy: Fix SplitHTTP H3 dialerProxy #3570 @​mmmray
• SplitHTTP server: Add "Cache-Control: no-store" to GET response #3652 @​PoneyClairDeLune
• SplitHTTP server: Only "ok" to older clients #3671 @​mmmray
• SplitHTTP: Replace responseOkPadding with xPaddingBytes #3643 @​mmmray
• Commands: Add convert with two sub-commands #3661 @​vrnobody
• SplitHTTP client: Raise idle timeout to 5 minutes, Add h*KeepalivePeriod #3624 @​mmmray
• Freedom: Combine fragmented tlshello if interval is 0 #3663 @​Fangliding @​RPRX @​radioactiveAHM
• API: Improve MarshalToJson() in common/reflect/marshal.go #3655 @​vrnobody
• Docker: Fix permissions of geosite and geodat #3634 @​definitio
• Socks4a server: Check if the client sends an IP address as domain #3628 @​Fangliding

以及更新 README，升级一些依赖，使用 Go 1.23 进行编译。

Commits

• 6baad79 v1.8.24
• 98e85b7 Bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#3740)
• 002d08b UDP noise (#3711)
• 8674ed5 Support DNS queryStrategy config for UDP NameServer (#3728)
• 815a959 Fix freedom PacketReader/PacketWriter type assertion (#3734)
• 1cfed96 README.md: Add Project VLESS to Telegram
• 592c2da Update go 1.23 (#3730)
• 5d7dfbb Bump github.com/vishvananda/netlink from 1.2.1 to 1.3.0 (#3729)
• 3dd3bf9 Fix data leak between mux.cool connections (#3718)
• c0c23fd Bump github.com/vishvananda/netlink (#3719)
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.65.0 to 1.66.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.66.0

New Features

• metadata: stabilize ValueFromIncomingContext (#7368)
  • Special Thanks: @​KarthikReddyPuli
• client: stabilize the WaitForStateChange and GetState methods, which were previously experimental. (#7425)
• xds: Implement ADS flow control mechanism (#7458)
  • See grpc/grpc#34099 for context.
• balancer/rls: Add metrics for data cache and picker internals (#7484, #7495)
• xds: LRS load reports now include the total_issued_requests field. (#7544)

Bug Fixes

• grpc: Clients now return status code INTERNAL instead of UNIMPLEMENTED when the server uses an unsupported compressor. This is consistent with the gRPC compression spec. (#7461)
  • Special Thanks: @​Gayathri625
• transport: Fix a bug which could result in writes busy looping when the underlying conn.Write returns errors (#7394)
  • Special Thanks: @​veshij
• client: fix race that could lead to orphaned connections and associated resources. (#7390)
• xds: use locality from the connected address for load reporting with pick_first (#7378)
  • without this fix, if a priority contains multiple localities with pick_first, load was reported for the wrong locality
• client: prevent hanging during ClientConn.Close() when the network is unreachable (#7540)

Performance Improvements

• transport: double buffering is avoided when using an http connect proxy and the target server waits for client to send the first message. (#7424)
• codec: Implement a new Codec which uses buffer recycling for encoded message (#7356)
  • introduce a mem package to facilitate buffer reuse (#7432)
  • Special Thanks: @​PapaCharlie

Commits

• 00d3ec8 Change version to 1.66.0 (#7518)
• 973e3dc xdsclient: Populate total_issued_requests count in LRS load reports (#7544) (...
• 8e3596c cherry-pick #7557 to v1.66.x branch (#7564)
• 62baa5f cherry-pick #7356 to v1.66.x branch (#7546)
• f857020 cherry-pick #7523 to v1.66.x branch (#7547)
• 35e915e cherry-pick: transport: add timeout for writing GOAWAY on http2Client.Close()...
• 63853fd rls: update picker synchronously on configuration update (#7412)
• 86135c3 csds: unskip e2e test (#7502)
• 5d07b63 transport: change *http2Client to interface ClientTransport (#7512)
• c98235b grpclog: refactor to move implementation to grpclog/internal (#7465)
• Additional commits viewable in compare view

Updates modernc.org/sqlite from 1.32.0 to 1.33.1

Commits

• ad49d64 retract v1.33.0
• cc08747 use internal/libc, updates #177
• 8794efa use internal/libc, updates #177
• b550c20 replace modernc.org/libc => ./internal/libc, updates #177
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.