chore(deps): Update go deps

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/bufbuild/protovalidate-go	require	patch	v0.3.3 -> v0.3.4
github.com/cerbos/cerbos/api/genpb	require	digest	7e6b062 -> f134903
github.com/golangci/golangci-lint	require	minor	v1.54.2 -> v1.55.1
github.com/lestrrat-go/jwx/v2	require	patch	v2.0.13 -> v2.0.15
google.golang.org/grpc	require	minor	v1.58.3 -> v1.59.0

---

Release Notes

bufbuild/protovalidate-go (github.com/bufbuild/protovalidate-go)

v0.3.4

Compare Source

What's Changed

• Make DefaultResolver public by @​oliversun9 in https://github.com/bufbuild/protovalidate-go/pull/59
• Update minimum required Go version from 1.18 to 1.19 by @​nicksnyder in https://github.com/bufbuild/protovalidate-go/pull/62
• Fix ignore path for resolver.go by @​nicksnyder in https://github.com/bufbuild/protovalidate-go/pull/63

New Contributors

• @​nicksnyder made their first contribution in https://github.com/bufbuild/protovalidate-go/pull/62

Full Changelog: bufbuild/protovalidate-go@v0.3.3...v0.3.4

golangci/golangci-lint (github.com/golangci/golangci-lint)

v1.55.1

Compare Source

v1.55.0

Compare Source

1. new linters
   • gochecksumtype: https://github.com/alecthomas/go-check-sumtype
   • inamedparam: https://github.com/macabu/inamedparam
   • perfsprint: https://github.com/catenacyber/perfsprint
   • protogetter: https://github.com/ghostiam/protogetter
   • sloglint: https://github.com/go-simpler/sloglint
   • testifylint: https://github.com/Antonboom/testifylint
2. updated linters
   • bidichk: from 0.2.4 to 0.2.7
   • decorder: from 0.4.0 to 0.4.1
   • dupword: from 0.0.12 to 0.0.13
   • errchkjson: from 0.3.1 to 0.3.6
   • gci: from 0.11.0 to 0.11.2
   • ginkgolinter: from 0.13.5 to 0.14.0
   • go-errorlint: from 1.4.4 to 1.4.5
   • gocognit: from 1.0.7 to 1.1.0
   • goconst: from 1.5.1 to 1.6.0
   • godot: from 1.4.14 to 1.4.15
   • gofmt: update to HEAD
   • goimports: update to HEAD
   • gosec: from 2.17.0 to 2.18.1
   • gosmopolitan: from 1.2.1 to 1.2.2
   • govet: add appends analyzer
   • ireturn: from 0.2.0 to 0.2.1
   • protogetter: from 0.2.2 to 0.2.3
   • revgrep: from 745bb2f to v0.5.0
   • revive: from 1.3.2 to 1.3.4
   • sqlclosecheck: from 0.4.0 to 0.5.1
   • staticcheck: from 0.4.5 to 0.4.6
   • tagalign: from 1.3.2 to 1.3.3
   • unused: support passing in options
3. misc.
   • Add a pre-commit hook to check all files
4. Documentation
   • add source options to exclude-rules docs
   • gosec: add G602 to includes/excludes inside .golangci.reference.yml

lestrrat-go/jwx (github.com/lestrrat-go/jwx/v2)

v2.0.15

Compare Source

v2.0.15 19 20 Oct 2023
[Bug fixes]
  * [jws] jws.Sign() now properly check for valid algorithm / key type pair when
    the key implements crypto.Signer. This was caused by the fact that when 
    jws.WithKey() accepted keys that implemented crypto.Signer, there really
    is no way to robustly check what algorithm the crypto.Signer implements.

    The code has now been modified to check for KNOWN key types, i.e. those
    that are defined in Go standard library, and those that are defined in
    this library. For example, now calling jws.Sign() with jws.WithKey(jwa.RS256, ecdsaKey)
    where ecdsaKey is either an instance of *ecdsa.PrivateKey or jwk.ECDSAPrivateKey
    will produce an error.

    However, if you use a separate library that wraps some KMS library which implements
    crypto.Signer, this same check will not be performed due to the fact that
    it is an unknown library to us. And there's no way to query a crypto.Signer
    for its algorithm family.

v2.0.14

Compare Source

v2.0.14 17 Oct 2023
  [New Features]
  * [jwk] jwk.IsPrivateKey(), as well as jwk.AsymmetricKey has been added.
    The function can be used to tell if a jwk.Key is a private key of an
    asymmetric key pair.
  [Security]
  * golang.org/x/crypto has been updated to 0.14.0. The update contains a fix for HTTP/2
    rapid reset DoS vulnerability, which some security scanning softwares may flag.
    However, do note that this library is NOT affected by the issue, as it does not have
    the capability to serve as an HTTP/2 server. This is included in this release
    document so that users will be able to tell why this library may be flagged
    when/if their scanning software do so.

grpc/grpc-go (google.golang.org/grpc)

v1.59.0: Release 1.59.0

Compare Source

Behavior Changes

• balancer: grpc will switch to case-sensitive balancer names soon; log a warning if a capital letter is encountered in an LB policy name (#​6647)
• server: allow applications to send arbitrary data in the grpc-status-details-bin trailer (#​6662)
• client: validate grpc-status-details-bin trailer and pass through the trailer to the application directly (#​6662)

New Features

• tap (experimental): Add Header metadata to tap handler (#​6652)
  • Special Thanks: @​pstibrany
• grpc: channel idleness enabled by default with an idle_timeout of 30m (#​6585)

Documentation

• examples: add an example of flow control behavior (#​6648)

Bug Fixes

• xds: fix hash policy header to skip "-bin" headers and read content-type header as expected (#​6609)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.