Bump the global group with 2 updates

[dependabot]

Bumps the global group with 2 updates: github.com/chia-network/go-modules and golang.org/x/sys.

Updates github.com/chia-network/go-modules from 0.0.8 to 0.0.9

Release notes

Sourced from github.com/chia-network/go-modules's releases.

v0.0.9

What's Changed

• Update Managed Files by @​ChiaAutomation in Chia-Network/go-modules#55
• Update Managed Files by @​ChiaAutomation in Chia-Network/go-modules#57
• Bump golang.org/x/crypto from 0.25.0 to 0.31.0 by @​dependabot in Chia-Network/go-modules#56
• Updated License by @​ChiaAutomation in Chia-Network/go-modules#58
• Bump golang.org/x/sys from 0.28.0 to 0.29.0 in the global group by @​dependabot in Chia-Network/go-modules#59
• Bump github.com/aws/aws-sdk-go from 1.55.5 to 1.55.6 in the global group by @​dependabot in Chia-Network/go-modules#60
• Bump golang.org/x/sys from 0.29.0 to 0.30.0 in the global group by @​dependabot in Chia-Network/go-modules#61
• Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 in the global group by @​dependabot in Chia-Network/go-modules#62
• Bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 in the global group by @​dependabot in Chia-Network/go-modules#63
• Bump golang.org/x/sys from 0.30.0 to 0.31.0 in the global group by @​dependabot in Chia-Network/go-modules#64
• Add retry package by @​cmmarslender in Chia-Network/go-modules#65

Full Changelog: Chia-Network/go-modules@v0.0.8...v0.0.9

Commits

• ea80c65 Add retry package (#65)
• 302ff76 Bump golang.org/x/sys from 0.30.0 to 0.31.0 in the global group (#64)
• e0c8df8 Bump github.com/prometheus/client_golang in the global group (#63)
• 54583b5 Merge pull request #62 from Chia-Network/dependabot/go_modules/global-26c1dae6df
• 490bc9c go mod tidy
• 9a9febe Bump github.com/prometheus/client_golang in the global group
• a4766a8 Merge pull request #61 from Chia-Network/dependabot/go_modules/global-fc70d95b2e
• 682d3e5 Bump golang.org/x/sys from 0.29.0 to 0.30.0 in the global group
• 1fb6f86 Bump github.com/aws/aws-sdk-go from 1.55.5 to 1.55.6 in the global group (#60)
• 5246a24 Bump golang.org/x/sys from 0.28.0 to 0.29.0 in the global group (#59)
• Additional commits viewable in compare view

Updates golang.org/x/sys from 0.31.0 to 0.32.0

Commits

• 01aaa83 all: simplify code by using modern Go constructs
• 1b2bd6b windows: replace all StringToUTF16 calls with UTF16FromString
• 1c3b72f unix: update Linux kernel to 6.14
• c175b6b windows: add cmsghdr and pktinfo structures
• 3330b5e unix: support Readv, Preadv, Writev and Pwritev for darwin
• 7401cce cpu: replace specific instructions with WORD in the function get_cpucfg on lo...
• b8f7da6 cpu: add support for detecting cpu features on loong64
• f2ce62c windows: add constants for PMTUD socket options
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Reviewers

The following users could not be added as reviewers: starttoaster. Either the username does not exist or it does not have the correct permissions to be added as a reviewer.

Labels

The following labels could not be found: Changed, dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
golang/github.com/chia-network/go-modules@v0.0.8 ➜ v0.0.9	None	0	48.4 kB
golang/golang.org/x/sys@v0.31.0 ➜ v0.32.0	None	0	9.4 MB

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	CI
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/aws/aws-sdk-go@v1.55.6	Location: Package overview	⚠︎
Native code	golang/github.com/prometheus/common@v0.62.0	Location: Package overview	⚠︎
Native code	golang/github.com/prometheus/common@v0.62.0	Location: Package overview	⚠︎
Native code	golang/github.com/prometheus/common@v0.62.0	Location: Package overview	⚠︎
Native code	golang/github.com/prometheus/common@v0.62.0	Location: Package overview	⚠︎

View full report↗︎

Next steps

Why is native code a concern?

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore golang/github.com/aws/aws-sdk-go@v1.55.6
• @SocketSecurity ignore golang/github.com/prometheus/common@v0.62.0