datadog-agent
datadog-agent copied to clipboard
DataDog
Bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.1
Bumps github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.1.
Release notes
Sourced from github.com/CycloneDX/cyclonedx-go's releases.
v0.9.1
Changelog
Fixes
- 6f0e0cf025dd99ab903e33f8e043d92b28dab4f6: fix:
nilpointer dereference during evidence conversion (@nscuro)- ce43b6f4cb5707d3ef2db1af1d597f5b23bf0e15: fix: make linter happy (
@nscuro)- 5d799e634b9bed9c86621048544737b210e433e8: fix: remove deprecated goreleaser flag (
@nscuro)Building and Packaging
- 6d5bcb0e277207551dbc728eb29959f1d3cbd685: build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (
@dependabot[bot])- f34fc0c413da74d20d1cc240863aaf2eb6b274f7: build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (
@dependabot[bot])- 71cff221b8dbbc1d50f839fa76ecea4e42d83a2b: build(deps): bump gitpod/workspace-go from
8d15123to2a9e01c(@dependabot[bot])- ea693550558d230b3fbba810b6e75ac2eb0b55c8: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (
@dependabot[bot])- d5cbdad49dfbf54f2dab4ad95bd1a47c710a526c: build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (
@dependabot[bot])v0.9.0
Changelog
Features
- 729c284798ebe341ced210b661362f77d68cd655: feat: Add CycloneDX 1.6 fields swhid and omniborId (
@snyk-tim)- b5d35959767efce95f50e96bf752c47fbe374496: feat: add manufacturer and authors (
@snyk-tim)- c52e698d2fe3fbd60df6ff397f44e7b0ea15a4bc: feat: raise baseline go version to 1.20 (
@nscuro)Fixes
- 9166e10fdecaadd8a97ceed9636261d351d90a65: fix:
ioutil->io(@nscuro)- 349fc8cd072e90d81c0328f1d9dab16aa30fcf60: fix: add bom-ref to OrganizationalEntity/Contact (
@snyk-tim)- c97da90e259e0051e02e07300c75ad5e37a0311b: fix: handle breaking changes in skywalking-eyes (
@nscuro)Building and Packaging
- ec6291e9ce9efbbb5d0010de4d8668fcbd05d148: build(deps): bump actions/checkout from 4.1.1 to 4.1.5 (
@dependabot[bot])- 899fe391ca4d756f1d5ba84478d3bc8795003cba: build(deps): bump actions/checkout from 4.1.5 to 4.1.6 (
@dependabot[bot])- 8674ed5ecc38b65e03908b5a74308c95039068a9: build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (
@dependabot[bot])- db3a1144a2ce30b85e5985d2755fa3e4a81c5ca8: build(deps): bump apache/skywalking-eyes from 0.4.0 to 0.6.0 (
@dependabot[bot])- a3bd05518575f14d917685a02c689f81eedaad5c: build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (
@dependabot[bot])- 1179dd9051112c3b44a6cc577964c7d501a7258b: build(deps): bump gitpod/workspace-go from
8b9a0f6to8d15123(@dependabot[bot])- d98494ea11dbb6550705d46d2473aa2a4a18e642: build(deps): bump gitpod/workspace-go from
9118b93to8b9a0f6(@dependabot[bot])- 1e2a3a09e86d720729a3ab7ec55ed3ffa75164a5: build(deps): bump gitpod/workspace-go from
94ae638to9118b93(@dependabot[bot])- d4d6e35fcfb08d14589b4a693aac3f28978b640b: build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (
@dependabot[bot])- 521d1ce7b555013f2b78d8c4a21954815863ab44: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 (
@dependabot[bot])- f1ebafe5e2d2af3a3d551eb23c583a93b7ebccbf: build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (
@dependabot[bot])Others
- 16d2143b3d74b77af8a309b331e1bc46a445f495: Fix(1.6): Added missing omitempty in NistQuantumSecurityLevel (
@Petzys)- ffec473428073e1266169e97c1c64de95e89981b: chore: add license header (
@mcombuechen)- 1f8fdcc0047611a8baacfcd214c5ba3821fefd51: feat(1.6): add BOM.Declarations (
@mcombuechen)- 62b53429289d6cc6884b111256588150e3fed308: feat(1.6): add BOM.Definitions (
@mcombuechen)- c33b9cb58eaa14e89740182fbde2a0cc888bc457: feat(1.6): add CBOM types (
@Petzys)- 10e10c8bc8fcac6f90c914828786f11e404919b8: feat(1.6): add JSON schema, XML namespace (
@mcombuechen)- 2dc599a8ad0f2be20e9bfc55ba75764758e6c7b8: feat(1.6): add License.Acknowledgement (
@mcombuechen)- 7a32fde7e9e9e5fb44f8f8aafadd83a21ff82aaf: feat(1.6): add PostalAddress type (
@mcombuechen)- b8e4529773c3d12b172729567574ea6201231682: feat(1.6): add SpecVersion for v1.6 (
@mcombuechen)- c8778287f29dd21bff18a4f27f71f495de7b4991: feat(1.6): add environmentalConsiderations (
@mcombuechen)- e0e9c670e1617adbdd147cff7cc0747769a4e723: feat(1.6): add schema definitions for CycloneDX 1.6 (
@mcombuechen)- b1636c2d6bb8aca4161402958a8d894aab7d66b5: feat(1.6): extend EvidenceOccurrence (
@mcombuechen)- b4b3b94a60b1665c1d0492744032a9375ef751b1: fix(1.6): convert occurrences of OrganizationalEntity (
@mcombuechen)- 9332ca660b772bc538b3c274ceb3d9f81caa0eb8: fix(1.6): fix json, xml labels on BOM.Definitions (
@mcombuechen)
Commits
02759afMerge pull request #195 from CycloneDX/nscuro-patch-15d799e6fix: remove deprecated goreleaser flag39328d3Merge pull request #194 from CycloneDX/fix-nil-pointer-derefce43b6ffix: make linter happy6f0e0cffix:nilpointer dereference during evidence conversion6f53207Merge pull request #185 from CycloneDX/dependabot/github_actions/goreleaser/g...eef8882Merge pull request #188 from CycloneDX/dependabot/github_actions/actions/setu...094b2b6Merge pull request #191 from CycloneDX/dependabot/github_actions/golangci/gol...17e9df7Merge pull request #193 from CycloneDX/dependabot/docker/gitpod/workspace-go-...71cff22build(deps): bump gitpod/workspace-go from8d15123to2a9e01c- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Regression Detector
Regression Detector Results
Run ID: 824ac9c3-d712-4ddb-b2d0-0269807ae3b4 Metrics dashboard Target profiles
Baseline: 0a6c6130e8c2e1d7caeaf1402699e6b94cb335fc Comparison: db0cadb60ec96323e9cdf59808e1baec3a253126
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
No significant changes in experiment optimization goals
Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%
There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +0.47 | [+0.42, +0.53] | 1 | Logs |
| ➖ | idle | memory utilization | +0.35 | [+0.31, +0.40] | 1 | Logs bounds checks dashboard |
| ➖ | idle_all_features | memory utilization | +0.31 | [+0.22, +0.41] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_idle | memory utilization | +0.31 | [+0.26, +0.35] | 1 | Logs bounds checks dashboard |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.01 | [-0.09, +0.10] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.00 | [-0.01, +0.01] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | -0.01 | [-0.34, +0.33] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | -0.01 | [-0.23, +0.21] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | -0.03 | [-0.52, +0.45] | 1 | Logs |
| ➖ | file_to_blackhole_300ms_latency | egress throughput | -0.05 | [-0.23, +0.13] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | -0.13 | [-0.38, +0.12] | 1 | Logs |
| ➖ | quality_gate_idle_all_features | memory utilization | -0.19 | [-0.30, -0.09] | 1 | Logs bounds checks dashboard |
| ➖ | file_tree | memory utilization | -0.23 | [-0.35, -0.11] | 1 | Logs |
| ➖ | otel_to_otel_logs | ingress throughput | -0.42 | [-1.23, +0.38] | 1 | Logs |
| ➖ | pycheck_lots_of_tags | % cpu utilization | -0.59 | [-3.11, +1.94] | 1 | Logs |
| ➖ | basic_py_check | % cpu utilization | -0.78 | [-3.53, +1.97] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | -1.23 | [-1.94, -0.52] | 1 | Logs |
Bounds Checks
| perf | experiment | bounds_check_name | replicates_passed |
|---|---|---|---|
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_300ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 |
| ✅ | idle | memory_usage | 10/10 |
| ✅ | idle_all_features | memory_usage | 10/10 |
| ✅ | quality_gate_idle | memory_usage | 10/10 |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
:steam_locomotive: MergeQueue: waiting for PR to be ready
This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.
Use /merge -c to cancel this operation!
:steam_locomotive: MergeQueue: pull request added to the queue
The median merge time in main is 22m.
Use /merge -c to cancel this operation!