New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cut 1.19.1 #1494
Cut 1.19.1 #1494
Conversation
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0. - [Commits](golang/sys@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: lukasauk <lukas.aukscionis@hostinger.com>
7e08225
to
b2b6d8d
Compare
@lukasauk, first and foremost, thank you for taking the initiative to open this pull request. Typically, a maintainer manages the release process to ensure consistency and alignment with the project's roadmap. Additionally, we tend to reserve minor releases for situations of urgency, such as critical bug fixes or addressing high-severity security vulnerabilities. Could you share more details about the objectives you aim to achieve with this release? |
What a warm welcome, @kakkoyun, basically would like to resolve security vulnerabilities on my repositories, thought if the next minor or major will come after a while, would be nice to have a patch for that. But totally understood your point, for reserving patches for more critical occasions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! This makes sense, sorry for massive lag.
Sucks we missed this, added issue to track automation to get dependabot on latest releases. |
Released: https://github.com/prometheus/client_golang/releases/tag/v1.19.1 Thanks! |
Automation would massively help #1512 |
@bwplotka yeah, created this PR before 1502 looks like, but I do really appreciate that you released a minor with security patches, was waiting for that 💜 |
Cherry-picked two dependabot commits to apply security patches, did not update changelog since it has no user impacting changes.