Skip to content

build(deps): bump the all group across 1 directory with 8 updates#48

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-3727ed27c3
Open

build(deps): bump the all group across 1 directory with 8 updates#48
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-3727ed27c3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026

Bumps the all group with 7 updates in the / directory:

Package From To
github.com/lib/pq 1.10.9 1.12.3
github.com/mattn/go-sqlite3 1.14.42 1.14.44
go.uber.org/zap 1.27.1 1.28.0
golang.org/x/crypto 0.50.0 0.51.0
golang.org/x/net 0.53.0 0.54.0
google.golang.org/api 0.276.0 0.278.0
google.golang.org/grpc 1.80.0 1.81.0

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

  • Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

  • Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

  • Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

  • Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))

    // Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

  • Support connection service file to load connection details (#1285).

  • Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

  • Add a new pqerror package with PostgreSQL error codes (#1275).

    For example, to test if an error is a UNIQUE constraint violation:

    if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
    log.Fatalf("email %q already exsts", email)
}

    To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

  • Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

  • Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

  • Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

  • Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))

    // Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits
  • 1f3e3d9 Send datestyle as a startup parameter (#1312)
  • 32ba56b Expand tests for multiple result sets
  • c2cfac1 Release v1.12.2
  • 859f104 Test CockroachDB
  • 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
  • 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
  • 71daecb Ensure transactions are closed in pqtest
  • 8f44823 Set PGAPPNAME for tests
  • 4af2196 Fix healthcheck
  • 38a54e4 Split out testdata/init a bit
  • Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.42 to 1.14.44

Commits
  • 20826e8 Merge pull request #1394 from mattn/sqlite-amalgamation-3053000
  • 2d4d220 fix changelog URL when minor or patch version is zero
  • 3761cf7 Upgrade SQLite to version 3053000
  • 1aa7317 Merge pull request #1388 from mattn/stmt-cache-lru
  • c719e20 Merge pull request #1392 from mattn/fix-issue-1390-query-comment-panic
  • 869e516 fix panic when querying input with no SQL (only comments/whitespace)
  • 6690238 extract finalizeCachedStmt helper and drop redundant tail reset
  • 59e8e75 only set stmt cacheKey when cache is enabled
  • 2badb4c use slice len/cap for stmt cache instead of separate counters
  • 7716c20 evict LRU stmt when stmt cache is full
  • Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.
Commits
  • 5b81b37 release v1.28.0 (#1547)
  • 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
  • d278c59 [chore] CI: test on Go 1.26 (#1535)
  • 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
  • See full diff in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.51.0

Commits
  • b8a14a8 go.mod: update golang.org/x dependencies
  • 9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
  • fd0b90d acme: include Problem in OrderError.Error
  • b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
  • cc0e4fc hkdf: forward Extract to the standard library
  • a8e9237 x509roots/fallback: update bundle
  • See full diff in compare view

Updates golang.org/x/net from 0.53.0 to 0.54.0

Commits
  • b138e06 go.mod: update golang.org/x dependencies
  • 689f70a quic: fix wrong final size being used for RESET_STREAM frame
  • 208f306 http3: increase handshake timeout
  • 49810da http2: enable net/http wrapping when go >= 1.27
  • 5e11a5a quic: fix data race in streamForFrame
  • 8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
  • fc7b466 http2: add http2wrap test
  • 15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
  • 6465188 http2: add wrapped Server
  • 72f419a http2: add wrapped ClientConn
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.276.0 to 0.278.0

Release notes

Sourced from google.golang.org/api's releases.

v0.278.0

0.278.0 (2026-05-05)

Features

v0.277.0

0.277.0 (2026-04-29)

Features

Bug Fixes

  • idtoken: Avoid double impersonation in tokenSourceFromBytes (#3576) (75172cf), refs #2301
Changelog

Sourced from google.golang.org/api's changelog.

0.278.0 (2026-05-05)

Features

0.277.0 (2026-04-29)

Features

Bug Fixes

  • idtoken: Avoid double impersonation in tokenSourceFromBytes (#3576) (75172cf), refs #2301
Commits
  • 07c758d chore(main): release 0.278.0 (#3583)
  • e36c883 feat(all): auto-regenerate discovery clients (#3584)
  • 76b1187 feat(all): auto-regenerate discovery clients (#3582)
  • dd598a6 chore(main): release 0.277.0 (#3568)
  • b208a86 chore(all): update all (#3573)
  • 0c219d9 feat(all): auto-regenerate discovery clients (#3581)
  • 75172cf fix(idtoken): avoid double impersonation in tokenSourceFromBytes (#3576)
  • 2de1a5a feat(all): auto-regenerate discovery clients (#3580)
  • 60b0784 chore(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 in /inter...
  • bc6990e feat(all): auto-regenerate discovery clients (#3579)
  • Additional commits viewable in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20260414002931-afd174a4e478 to 0.0.0-20260427160629-7cedc36a6bc4

Commits

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)
Commits
  • cb18228 Change version to 1.81.0 (#9062)
  • 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
  • 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
  • 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
  • af8a936 deps: update dependencies for all modules (#9065)
  • cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
  • 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
  • 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
  • d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
  • b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the all group across 1 directory with 8 updates
57ff4b4 
Bumps the all group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/lib/pq](https://github.com/lib/pq) | `1.10.9` | `1.12.3` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.42` | `1.14.44` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.51.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.54.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.276.0` | `0.278.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.0` |



Updates `github.com/lib/pq` from 1.10.9 to 1.12.3
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](lib/pq@v1.10.9...v1.12.3)

Updates `github.com/mattn/go-sqlite3` from 1.14.42 to 1.14.44
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.42...v1.14.44)

Updates `go.uber.org/zap` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.1...v1.28.0)

Updates `golang.org/x/crypto` from 0.50.0 to 0.51.0
- [Commits](golang/crypto@v0.50.0...v0.51.0)

Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](golang/net@v0.53.0...v0.54.0)

Updates `google.golang.org/api` from 0.276.0 to 0.278.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.276.0...v0.278.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20260414002931-afd174a4e478 to 0.0.0-20260427160629-7cedc36a6bc4
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.80.0 to 1.81.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.80.0...v1.81.0)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: go.uber.org/zap
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/api
  dependency-version: 0.278.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-version: 0.0.0-20260427160629-7cedc36a6bc4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants