Bump github.com/confluentinc/confluent-kafka-go/v2 from 2.4.0 to 2.5.4

[dependabot]

Bumps github.com/confluentinc/confluent-kafka-go/v2 from 2.4.0 to 2.5.4.

Release notes

Sourced from github.com/confluentinc/confluent-kafka-go/v2's releases.

v2.5.4 is a maintenance release with the following fixes and enhancements:

• Upgrade azidentity library to 1.6.0.
• Upgrade vault library to 1.15.0.
• Handle primitives in avrov2 library.
• Allow RuleRegistry to be set in serdes.

confluent-kafka-go is based on librdkafka v2.5.3, see the librdkafka v2.5.3 release notes for a complete list of changes, enhancements, fixes and upgrade considerations.

v2.5.3 is a maintenance release with the following fixes and enhancements:

• Properly handle 409 conflicts when registering KEKs/DEKs.
• Run rule actions when a rule condition fails.
• Include deleted schemas when getting schemas by subject and version.
• Handle signed ints when transforming Protobuf payloads.
• Use correct URL when calling DEK Registry to retrieve a DEK by version.
• Upgrade Hamba Avro library to 2.24.0.
• Perform Avro schema resolution in the Avro deserializer if necessary.
• Add some missing APIs to the Schema Registry client.

confluent-kafka-go is based on librdkafka v2.5.3, see the librdkafka v2.5.3 release notes for a complete list of changes, enhancements, fixes and upgrade considerations.

There were no v2.5.1 or v2.5.2 releases.

v2.5.0

[!WARNING] This version has introduced a regression in which an assert is triggered during PushTelemetry call. This happens when no metric is matched on the client side among those requested by broker subscription.

You won't face any problem if:

• Broker doesn't support KIP-714.
• KIP-714 feature is disabled on the broker side.
• KIP-714 feature is disabled on the client side. This is enabled by default. Set configuration enable.metrics.push to false.
• If KIP-714 is enabled on the broker side and there is no subscription configured there.
• If KIP-714 is enabled on the broker side with subscriptions that match the KIP-714 metrics defined on the client.

Having said this, we strongly recommend using v2.5.3 and above to not face this regression at all.

This is a feature release.

• Adds an AdminAPI DeleteRecords() (#1141, @​PratRanj07).
• Add support for metadata and ruleSet in the schema registry client, which together support data contracts.
• Add a new Avro package "avrov2" which uses the Avro hamba library. The old package "avro" uses Avro libraries which are no longer maintained and should not be used in new code.
• Move rest service for schema registry client into internal package for use by both the SR client and the DEK Registry client.
• Add support for CSFLE (client-side field-level encryption) for AWS, Azure, GCP, and HashiCorp Vault. See the encryption examples in the examples directory.

... (truncated)

Changelog

Sourced from github.com/confluentinc/confluent-kafka-go/v2's changelog.

v2.5.4

v2.5.4 is a maintenance release with the following fixes and enhancements:

Fixes

• Upgrade azidentity library to 1.6.0
• Upgrade vault library to 1.15.0
• Handle primitives in avrov2 library
• Allow RuleRegistry to be set in serdes

confluent-kafka-go is based on librdkafka v2.5.3, see the librdkafka v2.5.3 release notes for a complete list of changes, enhancements, fixes and upgrade considerations.

v2.5.3

v2.5.3 is a maintenance release with the following fixes and enhancements:

Fixes

• Properly handle 409 conflicts when registering KEKs/DEKs
• Run rule actions when a rule condition fails
• Include deleted schemas when getting schemas by subject and version
• Handle signed ints when transforming Protobuf payloads
• Use correct URL when calling DEK Registry to retrieve a DEK by version
• Upgrade Hamba Avro library to 2.24.0
• Perform Avro schema resolution in the Avro deserializer if necessary
• Add some missing APIs to the Schema Registry client

confluent-kafka-go is based on librdkafka v2.5.3, see the librdkafka v2.5.3 release notes for a complete list of changes, enhancements, fixes and upgrade considerations.

There were no v2.5.1 or v2.5.2 releases.

v2.5.0

[!WARNING] This version has introduced a regression in which an assert is triggered during PushTelemetry call. This happens when no metric is matched on the client side among those requested by broker subscription.

You won't face any problem if:

• Broker doesn't support KIP-714.
• KIP-714 feature is disabled on the broker side.
• KIP-714 feature is disabled on the client side. This is enabled by default. Set configuration enable.metrics.push to false.
• If KIP-714 is enabled on the broker side and there is no subscription configured there.
• If KIP-714 is enabled on the broker side with subscriptions that match the KIP-714 metrics defined on the client.

... (truncated)

Commits

• 0e86e8b Update docs and errors for v2.5.4 (#1301)
• 27d635d Update changelog for 2.5.4 (#1299)
• e87f65a Remove redundant rest_service.go (#26) (#1297)
• 91519a9 Upgrade azidentity/vault (#25) (#1294)
• ca09491 Add test for Avro logical type (#24) (#1293)
• d99820f Handle primitives in avrov2 (#23) (#1292)
• f691087 Minor refactor to use RuleRegistry (#22) (#1289)
• 3ee4497 Import librdkafka 2.5.3 (#1287)
• f2d295f Update CHANGELOG.md for warning
• abbeffc Documentation and error code update for librdkafka v2.5.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[purple-team-service-user]

Approved version-update:semver-minor update

[purple-team-service-user]

Approved version-update:semver-minor update