Skip to content

Doc-only: true Bump the go-modules group across 1 directory with 8 updates#17974

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/src/control/master/go-modules-4f636a1fa7
Open

Doc-only: true Bump the go-modules group across 1 directory with 8 updates#17974
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/src/control/master/go-modules-4f636a1fa7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026
edited
Loading

Bumps the go-modules group with 6 updates in the /src/control directory:

Package From To
github.com/desertbit/grumble 1.2.0 1.3.1
github.com/hashicorp/go-hclog 1.6.2 1.6.3
github.com/hashicorp/raft 1.7.0 1.7.3
github.com/prometheus/common 0.66.1 0.67.5
golang.org/x/net 0.48.0 0.53.0
google.golang.org/grpc 1.79.3 1.81.0

Updates github.com/desertbit/grumble from 1.2.0 to 1.3.1

Commits
  • 395f8e6 fix: boolean flags no longer consume the next positional argument
  • bbecfe6 Closer v4, DevContainer, Tests (#71)
  • 0876615 add string list implementation by chroblert + refactor by skaldesh (#43)
  • f218f9a refactored strconv code into separate file; use base 0 now with strconv funcs...
  • 39f44c2 refactor flags & add missing flag base types (#44)
  • See full diff in compare view

Updates github.com/hashicorp/go-hclog from 1.6.2 to 1.6.3

Release notes

Sourced from github.com/hashicorp/go-hclog's releases.

Optional JSON escaping

What's Changed

New Contributors

Full Changelog: hashicorp/go-hclog@v1.6.2...v1.6.3

Commits
  • d12136a Merge pull request #141 from Ericwww/support-json-escape
  • cb8687c support configure json escape when log in json format
  • 5dbb615 Merge pull request #138 from hashicorp/update-go1.22
  • 1f0704a hclogvet: updates for go1.22
  • See full diff in compare view

Updates github.com/hashicorp/raft from 1.7.0 to 1.7.3

Release notes

Sourced from github.com/hashicorp/raft's releases.

v1.7.3

What's Changed

New Contributors

Full Changelog: hashicorp/raft@v1.7.2...v1.7.3

v1.7.2

What's Changed

Full Changelog: hashicorp/raft@v1.7.1...v1.7.2

v1.7.1

This patch release fixes two potential issues with Pre-Vote which was added in 1.7.0. One of these has been observed in a single deployed instance but we've been unable to replicate the exact conditions so impact is difficult to assess. Out of an abundance of caution we strongly recommend all 1.7.0 users upgrade to 1.7.1 to avoid this issue occurring.

  1. #605 Fixes the observed issue where a node looses leadership but is unable to get pre-votes accepted due to followers thinking it's still the leader. This was an implementation bug.
  2. #609 fixes a theoretical issue (not come up with an actual reproduction yet) where a very specific sequence of pre-votes could artificially prevent cluster followers from holding elections even though there is no active leader succeeding to get a quorum of pre-vote responses.
Changelog

Sourced from github.com/hashicorp/raft's changelog.

UNRELEASED

IMPROVEMENETS

  • Added a flag to skip legacy duplicate telemetry. GH-630
Commits
  • c0dc6a0 Add logging on active node when sending a snapshot to a follower (#636)
  • 8f99c15 Add linter rules to ensure we don't accidentally emit metrics directly instea...
  • 7650cd0 Introduce hashicorp/go-metrics compatibility (#631)
  • a5bc06c chore: Add flag to skip legacy duplicate telemetry (#630)
  • 7e8e836 Merge pull request #629 from mukeshjc/main
  • 8368671 Merge branch 'main' into main
  • 017ad34 Remove deprecated releng github team
  • ede1f8d Merge pull request #595 from alexandear/docs-comments-fix-grammar
  • fb360eb Update CODEOWNERS file in .github/CODEOWNERS
  • 4b60222 Update CODEOWNERS file in .github/CODEOWNERS
  • Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.66.1 to 0.67.5

Release notes

Sourced from github.com/prometheus/common's releases.

v0.67.5

What's Changed

Full Changelog: prometheus/common@v0.67.4...v0.67.5

v0.67.4 / 2025-11-18

What's Changed

Full Changelog: prometheus/common@v0.67.3...v0.67.4

v0.67.3 / 2025-11-18

What's Changed

New Contributors

Full Changelog: prometheus/common@v0.67.2...v0.67.3

v0.67.2 / 2025-10-28

What's Changed

New Contributors

Full Changelog: prometheus/common@v0.67.1...v0.67.2

v0.67.1

What's Changed

Full Changelog: prometheus/common@v0.67.0...v0.67.1

v0.67.0 / 2025-10-07

What's Changed

... (truncated)

Changelog

Sourced from github.com/prometheus/common's changelog.

Changelog

main / unreleased

What's Changed

v0.67.2 / 2025-10-28

What's Changed

New Contributors

Full Changelog: prometheus/common@v0.67.1...v0.67.2

v0.67.1 / 2025-10-07

What's Changed

Full Changelog: prometheus/common@v0.67.0...v0.67.1

v0.67.0 / 2025-10-07

What's Changed

New Contributors

Full Changelog: prometheus/common@v0.66.1...v0.67.0

Commits
  • 934ff37 build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 (#870)
  • 1e29804 build(deps): bump golang.org/x/net from 0.46.0 to 0.48.0 (#872)
  • 0bd1c40 Synchronize common files from prometheus/prometheus (#866)
  • b644201 build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.34.0 (#871)
  • d80d854 chore: Add omitempty tag to all config fields (#865)
  • 04686b2 chore: 'omitempty' to Oauth2 fields with type Secret to avoid requiring them ...
  • 0b2fbf3 chore: clean up golangci-lint configuration (#782)
  • b2cdb07 Merge pull request #863 from prometheus/remove-http2-comment
  • cd1ab56 Config: remove outdated comment about HTTP/2 issues
  • f4c0aea Support JWT Profile for Authorization Grant (RFC 7523 3.1) (#862)
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.48.0 to 0.53.0

Commits
  • a8d1fc1 go.mod: update golang.org/x dependencies
  • 056ac74 quic: avoid depending on golang.org/x/sys/unix
  • c85f611 http3: add http3 package for testing in std
  • 805fc81 http2: add transport API tests
  • e63b894 http2: support testing via net/http.Transport.RoundTrip
  • 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
  • 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
  • 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
  • 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
  • 228a67a internal/http3: add CloseIdleConnections support in transport
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.39.0 to 0.43.0

Commits
  • f33a730 windows: support nil security descriptor on GetNamedSecurityInfo
  • 493d172 cpu: add runtime import in cpu_darwin_arm64_other.go
  • 2c2be75 windows: use syscall.SyscallN in Proc.Call
  • a76ec62 cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"
  • eaaaaee windows/registry: correct KeyInfo.ModTime calculation
  • 942780b cpu: darwin/arm64 feature detection
  • acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
  • 3687fbd cpu: better defaults on darwin ARM64
  • 48062e9 plan9: change Note to alias syscall.Note
  • 4f23f80 windows: change Signal to alias syscall.Signal
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.79.3 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Release 1.80.0

Behavior Changes

  • balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)
  • xds: update resource error handling and re-resolution logic (#8907)
    • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
    • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

  • xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (#8733)
  • credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (#8831)
  • xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (#8875)
  • xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (#8899)
  • xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (#8915)
  • xds/rbac: handle addresses with ports in IP matchers. (#8990)

New Features

... (truncated)

Commits
  • cb18228 Change version to 1.81.0 (#9062)
  • 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
  • 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
  • 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
  • af8a936 deps: update dependencies for all modules (#9065)
  • cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
  • 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
  • 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
  • d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
  • b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.10 to 1.36.11

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 10, 2026
@dependabot dependabot Bot requested review from a team as code owners April 10, 2026 16:08
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 10, 2026

Errors are component not formatted correctly,Ticket number prefix incorrect,Ticket number suffix is not a number. See https://daosio.atlassian.net/wiki/spaces/DC/pages/11133911069/Commit+Comments,Unable to load ticket data
https://daosio.atlassian.net/browse/Doc-only:

kjacque
kjacque requested changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kjacque kjacque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not against jumping straight to 1.25, but I do question the necessity of the updates. Is this in response to a CVE or just a routine bump?

Comment thread src/control/go.mod
// Scons uses this file to extract the minimum version.
go 1.21
toolchain go1.24.0
go 1.25.0
Copy link
Copy Markdown
Contributor

@kjacque kjacque Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

go 1.21
toolchain go1.25.0

@dependabot dependabot Bot changed the title Doc-only: true Bump the go-modules group in /src/control with 8 updates Doc-only: true Bump the go-modules group across 1 directory with 8 updates Apr 15, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/src/control/master/go-modules-4f636a1fa7 branch from 2be86aa to 0dabc77 Compare April 15, 2026 01:36
@dependabot dependabot Bot force-pushed the dependabot/go_modules/src/control/master/go-modules-4f636a1fa7 branch 2 times, most recently from 3b0331a to 67ce584 Compare April 29, 2026 01:40
@dependabot
Doc-only: true
822eb97 
 Bump the go-modules group across 1 directory with 8 updates

Bumps the go-modules group with 6 updates in the /src/control directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/desertbit/grumble](https://github.com/desertbit/grumble) | `1.2.0` | `1.3.1` |
| [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) | `1.6.2` | `1.6.3` |
| [github.com/hashicorp/raft](https://github.com/hashicorp/raft) | `1.7.0` | `1.7.3` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.66.1` | `0.67.5` |
| [golang.org/x/net](https://github.com/golang/net) | `0.48.0` | `0.53.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.79.3` | `1.81.0` |



Updates `github.com/desertbit/grumble` from 1.2.0 to 1.3.1
- [Commits](desertbit/grumble@v1.2.0...v1.3.1)

Updates `github.com/hashicorp/go-hclog` from 1.6.2 to 1.6.3
- [Release notes](https://github.com/hashicorp/go-hclog/releases)
- [Commits](hashicorp/go-hclog@v1.6.2...v1.6.3)

Updates `github.com/hashicorp/raft` from 1.7.0 to 1.7.3
- [Release notes](https://github.com/hashicorp/raft/releases)
- [Changelog](https://github.com/hashicorp/raft/blob/main/CHANGELOG.md)
- [Commits](hashicorp/raft@v1.7.0...v1.7.3)

Updates `github.com/prometheus/common` from 0.66.1 to 0.67.5
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](prometheus/common@v0.66.1...v0.67.5)

Updates `golang.org/x/net` from 0.48.0 to 0.53.0
- [Commits](golang/net@v0.48.0...v0.53.0)

Updates `golang.org/x/sys` from 0.39.0 to 0.43.0
- [Commits](golang/sys@v0.39.0...v0.43.0)

Updates `google.golang.org/grpc` from 1.79.3 to 1.81.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.79.3...v1.81.0)

Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11

---
updated-dependencies:
- dependency-name: github.com/desertbit/grumble
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/hashicorp/go-hclog
  dependency-version: 1.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/hashicorp/raft
  dependency-version: 1.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/prometheus/common
  dependency-version: 0.67.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/net
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/sys
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/src/control/master/go-modules-4f636a1fa7 branch from 67ce584 to 822eb97 Compare May 6, 2026 01:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kjacque kjacque kjacque requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kjacque