:seedling:(deps): Bump the all-go-deps group with 4 updates by dependabot[bot] · Pull Request #413 · transparency-dev/distributor

dependabot · 2026-02-16T11:29:37Z

Bumps the all-go-deps group with 4 updates: github.com/mattn/go-sqlite3, github.com/transparency-dev/formats, golang.org/x/mod and google.golang.org/grpc.

Updates github.com/mattn/go-sqlite3 from 1.14.33 to 1.14.34

Commits

2087331 add script to create pull-request
a510883 Upgrade SQLite to version 3051002
dce6b34 Add percentile extension
See full diff in compare view

Updates github.com/transparency-dev/formats from 0.0.0-20241003145927-a04dcc2a37e4 to 0.1.0

Release notes

Sourced from github.com/transparency-dev/formats's releases.

v0.1.0

What's Changed

Added link to GenerateKey and noted algorithm id is required by @mhutchinson in transparency-dev/formats#1

Added a section on checkpoint merging by @mhutchinson in transparency-dev/formats#2

Add CI test + coverage by @AlCutter in transparency-dev/formats#3

Add CODEOWNERS with default team assignment by @AlCutter in transparency-dev/formats#4

Added lint config and presubmit script by @mhutchinson in transparency-dev/formats#5

Format code according to go1.19rc2 by @mhutchinson in transparency-dev/formats#6

Create scorecards.yml by @AlCutter in transparency-dev/formats#7

Create codeql.yml by @AlCutter in transparency-dev/formats#8

Tighten action permissions by @AlCutter in transparency-dev/formats#9

Add dependabot.yml by @AlCutter in transparency-dev/formats#10

Pin GitHub actions to git hashes by @AlCutter in transparency-dev/formats#13

Breaking change: Change the log ID function to also include the origin string by @mhutchinson in transparency-dev/formats#15

Enable all the linters by @mhutchinson in transparency-dev/formats#20

Update go version to minimum supported version by @mhutchinson in transparency-dev/formats#21

Update the docs on Origin string re #22 by @mhutchinson in transparency-dev/formats#23

Update ecosystem -> origin. by @jiggoha in transparency-dev/formats#24

Update and rename scorecards.yml to scorecard.yml by @AlCutter in transparency-dev/formats#26

Add dns_name recommendations for the Origin by @phbnf in transparency-dev/formats#25

Update log ID to not include the public key. by @jiggoha in transparency-dev/formats#27

Added scorecard badge by @mhutchinson in transparency-dev/formats#30

Added scorecard token by @mhutchinson in transparency-dev/formats#31

Update linter action and version, and auto-update by @mhutchinson in transparency-dev/formats#32

Add a benchmark on signing/verifying by @AlCutter in transparency-dev/formats#43

Group dependabot updates by ecosystem by @AlCutter in transparency-dev/formats#52

Updated Slack channel details by @mhutchinson in transparency-dev/formats#64

Migrate signers by @AlCutter in transparency-dev/formats#66

Add support for extracting CoSigV1 timestamps from signatures by @AlCutter in transparency-dev/formats#69

Bump to go1.21 by @AlCutter in transparency-dev/formats#100

Add support for verifying Sunlight checkpoints by @AlCutter in transparency-dev/formats#99

Update dependabot weekly instead of daily by @mhutchinson in transparency-dev/formats#131

Drop dep on the certificate-transparency-go repo by @AlCutter in transparency-dev/formats#125

Update token used for scorecard by @mhutchinson in transparency-dev/formats#141

Bump to go1.22 by @AlCutter in transparency-dev/formats#148

Drop TLS dep entirely by @AlCutter in transparency-dev/formats#150

Fix cosig timestamp endianness by @AlCutter in transparency-dev/formats#153

Added test for sigsum ID by @mhutchinson in transparency-dev/formats#157

Fix typo by @phbnf in transparency-dev/formats#163

Bump go version from 1.22 to 1.23 by @roger2hk in transparency-dev/formats#179

Bump golangci lint by @AlCutter in transparency-dev/formats#183

Update slack invite link by @taknira in transparency-dev/formats#197

Added function to generate vkey from skey by @mhutchinson in transparency-dev/formats#199

Fix failed scorecard analysis by @roger2hk in transparency-dev/formats#205

Bump Go version in go test workflow by @roger2hk in transparency-dev/formats#206

Add support for native CosignatureV1 (alg 0x04) verifier keys by @AlCutter in transparency-dev/formats#216

Deps

... (truncated)

Commits

See full diff in compare view

Updates golang.org/x/mod from 0.32.0 to 0.33.0

Commits

27761a2 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates google.golang.org/grpc from 1.78.0 to 1.79.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.1

Bug Fixes

grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)

Special Thanks: @vanja-p

experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)

pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.

This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)

xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)

balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Special Thanks: @marek-szews

Bug Fixes

credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)

Special Thanks: @Atul1710

xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)

health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)

Special Thanks: @sanki92

transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)

Special Thanks: @joybestourous

server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Special Thanks: @joybestourous

Performance Improvements

credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)

mem: Optimize pooling and creation of buffer objects. (#8784)

transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

Commits

782f2de Change version to 1.79.1 (#8902)
850eccb Change version to 1.79.1-dev (#8851)
765ff05 Change version to 1.79.0 (#8850)
68804be Cherry pick #8864 to v1.79.x (#8896)
0381eb6 xds: Support :authority header rewriting for LOGICAL_DNS clusters (#8822)
90f571d xds: remove references to ResolverState.Addresses (#8841)
679565f xds: remove HashKey field from xdsresource.Endpoint struct (#8844)
bb2073d mem: Allow overriding the default buffer pool. (#8806)
bd4444a Fix flaky TestServer_RedundantUpdateSuppression. (#8839)
623b3f0 test: add regression test for RecvMsg() error shadowing #7510 (#8820)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-go-deps group with 4 updates: [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3), [github.com/transparency-dev/formats](https://github.com/transparency-dev/formats), [golang.org/x/mod](https://github.com/golang/mod) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `github.com/mattn/go-sqlite3` from 1.14.33 to 1.14.34 - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.33...v1.14.34) Updates `github.com/transparency-dev/formats` from 0.0.0-20241003145927-a04dcc2a37e4 to 0.1.0 - [Release notes](https://github.com/transparency-dev/formats/releases) - [Commits](https://github.com/transparency-dev/formats/commits/v0.1.0) Updates `golang.org/x/mod` from 0.32.0 to 0.33.0 - [Commits](golang/mod@v0.32.0...v0.33.0) Updates `google.golang.org/grpc` from 1.78.0 to 1.79.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.78.0...v1.79.1) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-version: 1.14.34 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-deps - dependency-name: github.com/transparency-dev/formats dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-deps - dependency-name: golang.org/x/mod dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-deps - dependency-name: google.golang.org/grpc dependency-version: 1.79.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 16, 2026

mhutchinson approved these changes Feb 16, 2026

View reviewed changes

mhutchinson merged commit 0c6a064 into main Feb 16, 2026
11 checks passed

mhutchinson deleted the dependabot/go_modules/all-go-deps-94319cd839 branch February 16, 2026 12:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🌱(deps): Bump the all-go-deps group with 4 updates#413

🌱(deps): Bump the all-go-deps group with 4 updates#413
mhutchinson merged 1 commit intomainfrom
dependabot/go_modules/all-go-deps-94319cd839

dependabot bot commented on behalf of github Feb 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Feb 16, 2026

v0.1.0

What's Changed

Deps

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

Behavior Changes

New Features

Bug Fixes

Performance Improvements

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant