Skip to content

build(deps): bump the all group across 1 directory with 11 updates#44

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/all-da2ba1aa43
Open

build(deps): bump the all group across 1 directory with 11 updates#44
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/all-da2ba1aa43

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026

Bumps the all group with 7 updates in the / directory:

Package From To
github.com/lib/pq 1.10.9 1.12.0
github.com/golang-jwt/jwt/v5 5.3.0 5.3.1
github.com/grpc-ecosystem/grpc-gateway/v2 2.27.4 2.28.0
github.com/knadh/koanf/v2 2.3.0 2.3.4
github.com/mattn/go-sqlite3 1.14.33 1.14.37
golang.org/x/crypto 0.46.0 0.49.0
google.golang.org/api 0.259.0 0.272.0

Updates github.com/lib/pq from 1.10.9 to 1.12.0

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.0

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))

    // Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

  • Support connection service file to load connection details (#1285).

  • Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

  • Add a new pqerror package with PostgreSQL error codes (#1275).

    For example, to test if an error is a UNIQUE constraint violation:

    if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
    log.Fatalf("email %q already exsts", email)
}

    To make this a bit more convenient, it also adds a pq.As() function:

    pqErr := pq.As(err, pqerror.UniqueViolation)
if pqErr != nil {
    log.Fatalf("email %q already exsts", email)
}

Fixes

  • Fix SSL key permission check to allow modes stricter than 0600/0640 (#1265).

  • Fix Hstore to work with binary parameters (#1278).

  • Clearer error when starting a new query while pq is still processing another query (#1272).

  • Send intermediate CAs with client certificates, so they can be signed by an intermediate CA (#1267).

  • Use time.UTC for UTC aliases such as Etc/UTC (#1283).

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.0 (2026-03-18)

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))

    // Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

  • Support connection service file to load connection details (#1285).

  • Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

  • Add a new pqerror package with PostgreSQL error codes (#1275).

    For example, to test if an error is a UNIQUE constraint violation:

    if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/master/err); ok && pqErr.Code == pqerror.UniqueViolation {
    log.Fatalf("email %q already exsts", email)
}

    To make this a bit more convenient, it also adds a pq.As() function:

    pqErr := pq.As(err, pqerror.UniqueViolation)
if pqErr != nil {
    log.Fatalf("email %q already exsts", email)
}

Fixes

  • Fix SSL key permission check to allow modes stricter than 0600/06400600 (#1265).

  • Fix Hstore to work with binary parameters (#1278).

... (truncated)

Commits
  • 42ab0ff Change default sslmode from "require" to "prefer"
  • 6d40f13 Release v1.12.0
  • 386fc0e Document NULL behaviour with COPY
  • a62682e Better staticcheck cache 2
  • 87ee06c Better staticcheck cache
  • 0962458 Rewrite tests to use pqerror, pq.As()
  • 0d20981 Don't move pq.Error to pqerror.Error
  • 4332138 Add pqerror package
  • 620d6d5 Make tests run faster
  • dc8ff5d Implement connection service file
  • Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

👒 Dependencies

New Contributors

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits
  • 7ceae61 Add release.yml for changelog configuration
  • dce8e4d Set token.Signature in ParseUnverified (#414)
  • 8889e20 Save signature to Token struct after successful signing (#417)
  • d237f82 ci: update github-actions schedule interval to monthly
  • d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
  • e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
  • e6a0afa Bump actions/checkout from 5 to 6 (#487)
  • 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
  • 60a8669 Bump actions/setup-go from 5 to 6 (#469)
  • 76f5828 Remove misleading ParserOptions documentation (#484)
  • Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.27.4 to 2.28.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.28.0

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.8...v2.28.0

v2.27.8

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.7...v2.27.8

v2.27.7

Re-release of v2.26.7 as v2.27.7 for correct semver ordering.

v2.27.6

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.5...v2.27.6

v2.27.5

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.4...v2.27.5

Commits
  • 13a31f4 fix(protoc-gen-openapiv2): fix panic on enum resolution in nested messages (#...
  • 8e678ff chore(deps): update googleapis digest to 27ffde2 (#6369)
  • 41651ff chore(deps): update googleapis digest to b026ba8 (#6368)
  • d083140 chore(deps): update googleapis digest to 537554c (#6365)
  • eb2fada chore(deps): update googleapis digest to 7b25d8c (#6364)
  • d8dddc9 chore(deps): update googleapis digest to 6781051 (#6363)
  • 3c4354f chore(deps): update googleapis digest to 055f92c (#6362)
  • b2eb1b5 fix(deps): update module google.golang.org/grpc to v1.79.1 (#6361)
  • 61b9d73 chore(deps): update googleapis digest to d84d3c2 (#6360)
  • e0880e3 chore(deps): update googleapis digest to 6eead6e (#6359)
  • Additional commits viewable in compare view

Updates github.com/knadh/koanf/v2 from 2.3.0 to 2.3.4

Release notes

Sourced from github.com/knadh/koanf/v2's releases.

v2.3.4

What's Changed

New Contributors

Full Changelog: knadh/koanf@v2.3.3...v2.3.4

v2.3.3

What's Changed

Full Changelog: knadh/koanf@v2.3.2...v2.3.3

v2.3.2

What's Changed

New Contributors

Full Changelog: knadh/koanf@v2.3.1...v2.3.2

v2.3.1

What's Changed

New Contributors

Full Changelog: knadh/koanf@v2.3.0...v2.3.1

Commits
  • b1f58b8 Add ability to check for prior values in cliflagv3.ProviderWithConfig() jus...
  • f394588 fix: hold RLock during copy operations in Get to prevent concurrent map acces...
  • d6f6de5 Bump google.golang.org/grpc from 1.71.1 to 1.79.3 in /providers/etcd (#405)
  • dd3bc85 Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /providers/kiln (#399)
  • cf589f4 Bump github.com/nats-io/nats-server/v2 in /providers/nats (#400)
  • 2f44276 Fix deadlock in recursive Get*() calls in custom merge function. Fixes #383.
  • d8290fb Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /examples (#398)
  • ec91994 fix: preserve nil pointer types in Get() method (#397)
  • 99a91c6 Fix Get() panic on nil pointers. Fixes #396.
  • fbccb44 Upgrade go-huml (v0.2.0 spec).
  • Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.33 to 1.14.37

Commits
  • bb8d0b2 Bump Go test matrix versions from 1.23-1.25 to 1.24-1.26
  • bc7436e Bump GitHub Actions versions to latest
  • 0f12d4e Ensure Close always removes runtime finalizer to prevent memory leak
  • d71eda8 Fix upgrade.sh: add already-up-to-date check and fix changelog URL format
  • 4ea2a9f Upgrade SQLite to version 3051003
  • 8c99a68 Call sqlite3_clear_bindings() in bind() to reset parameters
  • 5a1f4d3 use unsafe.Slice
  • 8366a00 create pull-request
  • 2087331 add script to create pull-request
  • a510883 Upgrade SQLite to version 3051002
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.46.0 to 0.49.0

Commits
  • 982eaa6 go.mod: update golang.org/x dependencies
  • 159944f ssh,acme: clean up tautological/impossible nil conditions
  • a408498 acme: only require prompt if server has terms of service
  • cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
  • 2f26647 x509roots/fallback: update bundle
  • e08b067 go.mod: update golang.org/x dependencies
  • 7d0074c scrypt: fix panic on parameters <= 0
  • 506e022 go.mod: update golang.org/x dependencies
  • 7dacc38 chacha20poly1305: error out in fips140=only mode
  • See full diff in compare view

Updates golang.org/x/net from 0.48.0 to 0.51.0

Commits
  • 60b3f6f internal/http3: prevent Server handler from writing longer body than declared
  • b0ca456 internal/http3: fix Write in Server Handler returning the wrong value
  • 1558ba7 publicsuffix: update to 2026-02-06
  • 4e1c745 internal/http3: make Server response include headers that can be inferred
  • 19f580f http2: fix nil panic in typeFrameParser for unassigned frame types
  • 818aad7 internal/http3: add server to client trailer header support
  • c1bbe1a internal/http3: add client to server trailer header support
  • 29181b8 all: remove go1.25 and older build constraints
  • 8109305 all: upgrade go directive to at least 1.25.0 [generated]
  • 0b37bdf quic: don't run TestStreamsCreateConcurrency in synctest bubble
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.34.0 to 0.35.0

Commits

Updates google.golang.org/api from 0.259.0 to 0.272.0

Release notes

Sourced from google.golang.org/api's releases.

v0.272.0

0.272.0 (2026-03-16)

Features

v0.271.0

0.271.0 (2026-03-10)

Features

v0.270.0

0.270.0 (2026-03-08)

Features

v0.269.0

0.269.0 (2026-02-24)

Features

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.272.0 (2026-03-16)

Features

0.271.0 (2026-03-10)

Features

0.270.0 (2026-03-08)

Features

0.269.0 (2026-02-24)

Features

Bug Fixes

  • generator: Handle preview version pkg name (#3511) (2a249ce)

... (truncated)

Commits

Updates google.golang.org/genproto/googleapis/api from 0.0.0-20251222181119-0a764e51fe1b to 0.0.0-20260217215200-42d3e9bedb6d

Commits

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20251222181119-0a764e51fe1b to 0.0.0-20260311181403-84a4fc48630c

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the all group across 1 directory with 11 updates
646b39e 
Bumps the all group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/lib/pq](https://github.com/lib/pq) | `1.10.9` | `1.12.0` |
| [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.3.0` | `5.3.1` |
| [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) | `2.27.4` | `2.28.0` |
| [github.com/knadh/koanf/v2](https://github.com/knadh/koanf) | `2.3.0` | `2.3.4` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.33` | `1.14.37` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.46.0` | `0.49.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.259.0` | `0.272.0` |



Updates `github.com/lib/pq` from 1.10.9 to 1.12.0
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](lib/pq@v1.10.9...v1.12.0)

Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](golang-jwt/jwt@v5.3.0...v5.3.1)

Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.27.4 to 2.28.0
- [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases)
- [Commits](grpc-ecosystem/grpc-gateway@v2.27.4...v2.28.0)

Updates `github.com/knadh/koanf/v2` from 2.3.0 to 2.3.4
- [Release notes](https://github.com/knadh/koanf/releases)
- [Commits](knadh/koanf@v2.3.0...v2.3.4)

Updates `github.com/mattn/go-sqlite3` from 1.14.33 to 1.14.37
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.33...v1.14.37)

Updates `golang.org/x/crypto` from 0.46.0 to 0.49.0
- [Commits](golang/crypto@v0.46.0...v0.49.0)

Updates `golang.org/x/net` from 0.48.0 to 0.51.0
- [Commits](golang/net@v0.48.0...v0.51.0)

Updates `golang.org/x/oauth2` from 0.34.0 to 0.35.0
- [Commits](golang/oauth2@v0.34.0...v0.35.0)

Updates `google.golang.org/api` from 0.259.0 to 0.272.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.259.0...v0.272.0)

Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20251222181119-0a764e51fe1b to 0.0.0-20260217215200-42d3e9bedb6d
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20251222181119-0a764e51fe1b to 0.0.0-20260311181403-84a4fc48630c
- [Commits](https://github.com/googleapis/go-genproto/commits)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-version: 5.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2
  dependency-version: 2.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/knadh/koanf/v2
  dependency-version: 2.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.37
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/net
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/api
  dependency-version: 0.272.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/genproto/googleapis/api
  dependency-version: 0.0.0-20260217215200-42d3e9bedb6d
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-version: 0.0.0-20260311181403-84a4fc48630c
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants