build(deps): bump github.com/twmb/franz-go from 1.7.1 to 1.9.1 #271

Merged
dependabot[bot] merged 1 commits from dependabot/go_modules/github.com/twmb/franz-go-1.9.1 into master 2022-11-12 18:22:52 +03:00
dependabot[bot] commented 2022-11-01 17:22:55 +03:00 (Migrated from github.com)

Bumps github.com/twmb/franz-go from 1.7.1 to 1.9.1.

Changelog

Sourced from github.com/twmb/franz-go's changelog.

v1.9.1

This is a small patch release to work around two behavior problems, one with AWS and one with Redpanda. This is not an important bug release if you are using this library against Kafka itself.

For AWS, AWS is unexpectedly expiring certain permissions before the SASL lifetime is up. This manifests as GROUP_AUTHORIZATION_ERROR while consuming. Previously, we the client would mark connections to reauthenticate when the connection was within 3s of SASL expiry. We now are more pessimistic and reauthenticate within 95% to 98% of the lifetime, with a 2s minimum. This is similar to the Java client, which has always used 85 to 95% of the SASL lifetime and has no minimum.

For Redpanda, Redpanda's transaction support is nearly complete (v22.3 release imminent), but Redpanda can return UNKNOWN_SERVER_ERROR a bit more than Kafka does. These errors are being ironed out, but there is no harm in the client to pre-emptively handling these as retryable.

  • 3ecaff2 kgo txn: handle UNKNOWN_SERVER_ERROR more widely
  • eb6e3b5 kgo sasl reauth: be more pessimistic

v1.9.0

This release contains one important bugfix (sequence number int32 overflow) for long-lived producers, one minor bugfix that allows this client to work on 32 bit systems, and a few other small improvements.

This project now has integration tests ran on every PR (and it is now forbidden to push directly to master). These integration tests run against Kraft (Kafka + Raft), which itself seems to not be 100% polished. A good amount of investigation went into hardening the client internals to not fail when Kraft is going sideways.

This release also improves behavior when a consumer group leader using an instance ID restarts and changes the topics it wants to consume from. See the KIP-814 commit for more details.

It is now easier to setup a TLS dialer with a custom dial timeout, it is easier to detect if requests are failing due to missing SASL, and it is now possible to print attributes with RecordFormatter.

Lastly, the corresponding kadm v1.3.0 release adds new LeaveGroup admin APIs.

franz-go

  • b18341d kgo: work around KIP-814 limitations
  • 6cac810 kversions: bump Stable from 3.0 to 3.3

... (truncated)

Commits
  • 98802e5 Merge pull request #243 from twmb/release
  • 5fc4002 CHANGELOG: note incoming v1.9.1 release
  • 89cdc4d Merge pull request #242 from twmb/updates
  • 3ecaff2 kgo txn: handle UNKNOWN_SERVER_ERROR more widely
  • fd636b8 Merge pull request #236 from rmb938/fix235
  • 172c02e append partitions and topics to delete records request
  • eb6e3b5 kgo sasl reauth: be more pessimistic
  • 47eccba RecordFormatter: correct some documentation
  • b605610 Merge pull request #225 from twmb/redpanda
  • 0f20096 Merge pull request #233 from mihaitodor/redpanda-mihai
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/twmb/franz-go](https://github.com/twmb/franz-go) from 1.7.1 to 1.9.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/twmb/franz-go/blob/master/CHANGELOG.md">github.com/twmb/franz-go's changelog</a>.</em></p> <blockquote> <h1>v1.9.1</h1> <p>This is a small patch release to work around two behavior problems, one with AWS and one with Redpanda. This is not an important bug release if you are using this library against Kafka itself.</p> <p>For AWS, AWS is unexpectedly expiring certain permissions before the SASL lifetime is up. This manifests as <code>GROUP_AUTHORIZATION_ERROR</code> while consuming. Previously, we the client would mark connections to reauthenticate when the connection was within 3s of SASL expiry. We now are more pessimistic and reauthenticate within 95% to 98% of the lifetime, with a 2s minimum. This is similar to the Java client, which has always used 85 to 95% of the SASL lifetime and has no minimum.</p> <p>For Redpanda, Redpanda's transaction support is nearly complete (v22.3 release imminent), but Redpanda can return <code>UNKNOWN_SERVER_ERROR</code> a bit more than Kafka does. These errors are being ironed out, but there is no harm in the client to pre-emptively handling these as retryable.</p> <ul> <li><a href="https://github.com/twmb/franz-go/commit/3ecaff2"><code>3ecaff2</code></a> kgo txn: handle <code>UNKNOWN_SERVER_ERROR</code> more widely</li> <li><a href="https://github.com/twmb/franz-go/commit/eb6e3b5"><code>eb6e3b5</code></a> kgo sasl reauth: be more pessimistic</li> </ul> <h1>v1.9.0</h1> <p>This release contains one important bugfix (sequence number int32 overflow) for long-lived producers, one minor bugfix that allows this client to work on 32 bit systems, and a few other small improvements.</p> <p>This project now has integration tests ran on every PR (and it is now forbidden to push directly to master). These integration tests run against Kraft (Kafka + Raft), which itself seems to not be 100% polished. A good amount of investigation went into hardening the client internals to not fail when Kraft is going sideways.</p> <p>This release also improves behavior when a consumer group leader using an instance ID restarts <em>and</em> changes the topics it wants to consume from. See the KIP-814 commit for more details.</p> <p>It is now easier to setup a TLS dialer with a custom dial timeout, it is easier to detect if requests are failing due to missing SASL, and it is now possible to print attributes with <code>RecordFormatter</code>.</p> <p>Lastly, the corresponding kadm v1.3.0 release adds new LeaveGroup admin APIs.</p> <h4>franz-go</h4> <ul> <li><a href="https://github.com/twmb/franz-go/commit/b18341d"><code>b18341d</code></a> kgo: work around KIP-814 limitations</li> <li><a href="https://github.com/twmb/franz-go/commit/6cac810"><code>6cac810</code></a> kversions: bump Stable from 3.0 to 3.3</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twmb/franz-go/commit/98802e56e54f6e70bcbd424ac934eae7d340150d"><code>98802e5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/twmb/franz-go/issues/243">#243</a> from twmb/release</li> <li><a href="https://github.com/twmb/franz-go/commit/5fc40023097eb790930de931dfdf1e49abe14d65"><code>5fc4002</code></a> CHANGELOG: note incoming v1.9.1 release</li> <li><a href="https://github.com/twmb/franz-go/commit/89cdc4dbaae9cebbf321faee4414ab5e42078ae7"><code>89cdc4d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/twmb/franz-go/issues/242">#242</a> from twmb/updates</li> <li><a href="https://github.com/twmb/franz-go/commit/3ecaff277a88ecf1e9bbca9a493e3bcdfb20de6c"><code>3ecaff2</code></a> kgo txn: handle UNKNOWN_SERVER_ERROR more widely</li> <li><a href="https://github.com/twmb/franz-go/commit/fd636b842c94d6b61c5432cc25cdde281d50acfb"><code>fd636b8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/twmb/franz-go/issues/236">#236</a> from rmb938/fix235</li> <li><a href="https://github.com/twmb/franz-go/commit/172c02ebdc30c86df95d6762da86aca802044981"><code>172c02e</code></a> append partitions and topics to delete records request</li> <li><a href="https://github.com/twmb/franz-go/commit/eb6e3b584d88d0bb32c8d4a856f456e2b2eae913"><code>eb6e3b5</code></a> kgo sasl reauth: be more pessimistic</li> <li><a href="https://github.com/twmb/franz-go/commit/47eccba6910fadb9abe08a84c21ac47899a9bae4"><code>47eccba</code></a> RecordFormatter: correct some documentation</li> <li><a href="https://github.com/twmb/franz-go/commit/b6056109efdba9fdf58f0dae0b1eb22f43eb36a2"><code>b605610</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/twmb/franz-go/issues/225">#225</a> from twmb/redpanda</li> <li><a href="https://github.com/twmb/franz-go/commit/0f200961c6b670b24b917ce336c99f129d8ca910"><code>0f20096</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/twmb/franz-go/issues/233">#233</a> from mihaitodor/redpanda-mihai</li> <li>Additional commits viewable in <a href="https://github.com/twmb/franz-go/compare/v1.7.1...v1.9.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/twmb/franz-go&package-manager=go_modules&previous-version=1.7.1&new-version=1.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-11-01 17:23:10 +03:00
Sign in to join this conversation.
No description provided.