Skip to content

build(deps): bump the all group across 1 directory with 9 updates#49

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-7920c4d036
Open

build(deps): bump the all group across 1 directory with 9 updates#49
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-7920c4d036

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Bumps the all group with 6 updates in the / directory:

Package From To
github.com/lib/pq 1.10.9 1.12.3
github.com/knadh/koanf/v2 2.3.4 2.3.5
github.com/mattn/go-sqlite3 1.14.42 1.14.44
go.uber.org/zap 1.27.1 1.28.0
golang.org/x/crypto 0.50.0 0.52.0
google.golang.org/api 0.276.0 0.282.0

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

  • Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

  • Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

  • Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

  • Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))

    // Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

  • Support connection service file to load connection details (#1285).

  • Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

  • Add a new pqerror package with PostgreSQL error codes (#1275).

    For example, to test if an error is a UNIQUE constraint violation:

    if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
    log.Fatalf("email %q already exsts", email)
}

    To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

  • Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

  • Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

  • Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

  • Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))

    // Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits
  • 1f3e3d9 Send datestyle as a startup parameter (#1312)
  • 32ba56b Expand tests for multiple result sets
  • c2cfac1 Release v1.12.2
  • 859f104 Test CockroachDB
  • 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
  • 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
  • 71daecb Ensure transactions are closed in pqtest
  • 8f44823 Set PGAPPNAME for tests
  • 4af2196 Fix healthcheck
  • 38a54e4 Split out testdata/init a bit
  • Additional commits viewable in compare view

Updates github.com/knadh/koanf/v2 from 2.3.4 to 2.3.5

Release notes

Sourced from github.com/knadh/koanf/v2's releases.

v2.3.5

What's Changed

New Contributors

Full Changelog: knadh/koanf@v2.3.4...v2.3.5

Commits
  • e09e4c8 fix: report full key var in MergeStrict type-mismatch error message (#418)
  • 7a28d59 Exclude nats, vault providers from global workspace and fix CI test commands.
  • d511690 Fix test action to use local Go toolchain for different versions.
  • 308274c Fix async file provider Watch() test that would race and fail randomly.
  • 91fa65d Upgrade vault lib in providers/vault.
  • f941889 Upgrade hjson lib in providers/jhson.
  • 3a69086 Upgrade NATS deps (dependabot sent 8 alerts) in providers/nats.
  • 2dd78e8 Bools: return the matched []bool, not the nil intermediate (#416)
  • d1d3dd7 Exclude the ./examples dir from Go workspace to avoid being pulled into tests.
  • 1641671 Move k8smount provider mock files out of the global mock dir.
  • Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.42 to 1.14.44

Commits
  • 20826e8 Merge pull request #1394 from mattn/sqlite-amalgamation-3053000
  • 2d4d220 fix changelog URL when minor or patch version is zero
  • 3761cf7 Upgrade SQLite to version 3053000
  • 1aa7317 Merge pull request #1388 from mattn/stmt-cache-lru
  • c719e20 Merge pull request #1392 from mattn/fix-issue-1390-query-comment-panic
  • 869e516 fix panic when querying input with no SQL (only comments/whitespace)
  • 6690238 extract finalizeCachedStmt helper and drop redundant tail reset
  • 59e8e75 only set stmt cacheKey when cache is enabled
  • 2badb4c use slice len/cap for stmt cache instead of separate counters
  • 7716c20 evict LRU stmt when stmt cache is full
  • Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.
Commits
  • 5b81b37 release v1.28.0 (#1547)
  • 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
  • d278c59 [chore] CI: test on Go 1.26 (#1535)
  • 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
  • See full diff in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.53.0 to 0.54.0

Commits
  • b138e06 go.mod: update golang.org/x dependencies
  • 689f70a quic: fix wrong final size being used for RESET_STREAM frame
  • 208f306 http3: increase handshake timeout
  • 49810da http2: enable net/http wrapping when go >= 1.27
  • 5e11a5a quic: fix data race in streamForFrame
  • 8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
  • fc7b466 http2: add http2wrap test
  • 15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
  • 6465188 http2: add wrapped Server
  • 72f419a http2: add wrapped ClientConn
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.276.0 to 0.282.0

Release notes

Sourced from google.golang.org/api's releases.

v0.282.0

0.282.0 (2026-05-27)

Features

v0.281.0

0.281.0 (2026-05-26)

Features

v0.280.0

0.280.0 (2026-05-19)

Features

v0.279.0

0.279.0 (2026-05-12)

Features

v0.278.0

0.278.0 (2026-05-05)

Features

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.282.0 (2026-05-27)

Features

0.281.0 (2026-05-26)

Features

0.280.0 (2026-05-19)

Features

0.279.0 (2026-05-12)

Features

0.278.0 (2026-05-05)

Features

0.277.0 (2026-04-29)

... (truncated)

Commits

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20260414002931-afd174a4e478 to 0.0.0-20260523011958-0a33c5d7ca68

Commits

Updates google.golang.org/grpc from 1.80.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the all group across 1 directory with 9 updates
f2cfc26 
Bumps the all group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/lib/pq](https://github.com/lib/pq) | `1.10.9` | `1.12.3` |
| [github.com/knadh/koanf/v2](https://github.com/knadh/koanf) | `2.3.4` | `2.3.5` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.42` | `1.14.44` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.52.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.276.0` | `0.282.0` |



Updates `github.com/lib/pq` from 1.10.9 to 1.12.3
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](lib/pq@v1.10.9...v1.12.3)

Updates `github.com/knadh/koanf/v2` from 2.3.4 to 2.3.5
- [Release notes](https://github.com/knadh/koanf/releases)
- [Commits](knadh/koanf@v2.3.4...v2.3.5)

Updates `github.com/mattn/go-sqlite3` from 1.14.42 to 1.14.44
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.42...v1.14.44)

Updates `go.uber.org/zap` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.1...v1.28.0)

Updates `golang.org/x/crypto` from 0.50.0 to 0.52.0
- [Commits](golang/crypto@v0.50.0...v0.52.0)

Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](golang/net@v0.53.0...v0.54.0)

Updates `google.golang.org/api` from 0.276.0 to 0.282.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.276.0...v0.282.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20260414002931-afd174a4e478 to 0.0.0-20260523011958-0a33c5d7ca68
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.80.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.80.0...v1.81.1)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/knadh/koanf/v2
  dependency-version: 2.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: go.uber.org/zap
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/api
  dependency-version: 0.282.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-version: 0.0.0-20260523011958-0a33c5d7ca68
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants