Skip to content

build(deps): bump the gomod group across 1 directory with 14 updates#4482

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/gomod-dd5e9d0f64
Open

build(deps): bump the gomod group across 1 directory with 14 updates#4482
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/gomod-dd5e9d0f64

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Bumps the gomod group with 10 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2/feature/s3/manager 1.22.17 1.22.18
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs 1.73.0 1.74.0
github.com/getkin/kin-openapi 0.137.0 0.138.0
github.com/go-co-op/gocron/v2 2.21.1 2.21.2
github.com/slack-go/slack 0.23.0 0.23.1
golang.org/x/crypto 0.50.0 0.52.0
golang.org/x/mod 0.35.0 0.36.0
google.golang.org/grpc 1.81.0 1.81.1
k8s.io/apiserver 0.36.0 0.36.1
modernc.org/sqlite 1.50.0 1.50.1

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.22.17 to 1.22.18

Commits

Updates github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.73.0 to 1.74.0

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.100.1 to 1.101.0

Commits

Updates github.com/getkin/kin-openapi from 0.137.0 to 0.138.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.138.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.137.0...v0.138.0

Commits
  • d237575 openapi3conv: test Upgrade on many documents (#1169)
  • 72d9005 feat(openapi3conv): canonicalization pass for 3.0 -> 3.x (#1162)
  • 03ab662 feat(openapi3): add per-type validation errors with cluster wrappers (#1166)
  • 3405d3b test: move public-API tests to external _test packages (#1168)
  • 4ddafd1 openapi3: add test for issue #927 (nullable not respected on $ref schemas)
  • 3342b7c openapi3gen: clear nullable on exported component bodies
  • See full diff in compare view

Updates github.com/go-co-op/gocron/v2 from 2.21.1 to 2.21.2

Release notes

Sourced from github.com/go-co-op/gocron/v2's releases.

v2.21.2

What's Changed

New Contributors

Full Changelog: go-co-op/gocron@v2.21.1...v2.21.2

Commits

Updates github.com/slack-go/slack from 0.23.0 to 0.23.1

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.23.1

[!IMPORTANT] Even though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.

Fixed

  • NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

Full Changelog: slack-go/slack@v0.23.0...v0.23.1

Changelog

Sourced from github.com/slack-go/slack's changelog.

[0.23.1] - 2026-05-10

Fixed

  • NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.
Commits
  • 34ad5c0 security: reject empty signing secret for NewSecretsVerifier
  • c6edc27 chore: bump go to 1.25.9
  • See full diff in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/mod from 0.35.0 to 0.36.0

Commits
  • 643da9b go.mod: update golang.org/x dependencies
  • ccc3cdf zip: include 'but content has correct sum' note in TestVCS
  • ab30318 zip: update zip hashes for new flate compression
  • See full diff in compare view

Updates golang.org/x/net from 0.53.0 to 0.54.0

Commits
  • b138e06 go.mod: update golang.org/x dependencies
  • 689f70a quic: fix wrong final size being used for RESET_STREAM frame
  • 208f306 http3: increase handshake timeout
  • 49810da http2: enable net/http wrapping when go >= 1.27
  • 5e11a5a quic: fix data race in streamForFrame
  • 8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
  • fc7b466 http2: add http2wrap test
  • 15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
  • 6465188 http2: add wrapped Server
  • 72f419a http2: add wrapped ClientConn
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.44.0 to 0.45.0

Commits
  • 397d5f8 unix: update to Linux kernel 7.0
  • 0a387f7 cpu: detect zbc extension on riscv64
  • 758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
  • 99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
  • e4444cb windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile
  • 04396e8 unix: add Readv, Writev, Preadv, Pwritev for OpenBSD
  • See full diff in compare view

Updates golang.org/x/text from 0.36.0 to 0.37.0

Commits

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates k8s.io/apiserver from 0.36.0 to 0.36.1

Commits

Updates modernc.org/sqlite from 1.50.0 to 1.50.1

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-05-21 v1.51.2:

    • Add FileControl.FileControlDataVersion, a wrapper around SQLITE_FCNTL_DATA_VERSION for observing pager-cache data-version changes, including those made on the same connection. Useful as a primitive for application-level cache invalidation.
    • Exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), consistent with the existing FileControlPersistWAL.
    • See [GitLab merge request #115](https://gitlab.com/cznic/sqlite/-/merge_requests/115), thanks Ian Chechin!

  • 2026-05-10 v1.50.1:

  • 2026-04-24 v1.50.0:

    • Upgrade to sqlite-vec v0.1.9.
    • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
    • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
    • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

  • 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
    • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
    • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
    • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
    • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
    • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
    • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
    • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
    • Fix data race on mutex.id in the mutexTry non-recursive path.
    • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
    • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
    • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
    • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
    • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
    • Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.
    • Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.
    • See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!
    • Fix "Shadowed err value (stmt.go)".
    • See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!
    • Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.
    • See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!
    • Fix vfsRead to properly handle partial and fragmented reads from io.Reader.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the gomod group across 1 directory with 14 updates
03463db 
Bumps the gomod group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.22.17` | `1.22.18` |
| [github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs](https://github.com/aws/aws-sdk-go-v2) | `1.73.0` | `1.74.0` |
| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.137.0` | `0.138.0` |
| [github.com/go-co-op/gocron/v2](https://github.com/go-co-op/gocron) | `2.21.1` | `2.21.2` |
| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.23.0` | `0.23.1` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.52.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.35.0` | `0.36.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.0` | `1.81.1` |
| [k8s.io/apiserver](https://github.com/kubernetes/apiserver) | `0.36.0` | `0.36.1` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.50.0` | `1.50.1` |



Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.22.17 to 1.22.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@feature/s3/manager/v1.22.17...feature/s3/manager/v1.22.18)

Updates `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs` from 1.73.0 to 1.74.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.73.0...service/s3/v1.74.0)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.100.1 to 1.101.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.100.1...service/s3/v1.101.0)

Updates `github.com/getkin/kin-openapi` from 0.137.0 to 0.138.0
- [Release notes](https://github.com/getkin/kin-openapi/releases)
- [Commits](getkin/kin-openapi@v0.137.0...v0.138.0)

Updates `github.com/go-co-op/gocron/v2` from 2.21.1 to 2.21.2
- [Release notes](https://github.com/go-co-op/gocron/releases)
- [Commits](go-co-op/gocron@v2.21.1...v2.21.2)

Updates `github.com/slack-go/slack` from 0.23.0 to 0.23.1
- [Release notes](https://github.com/slack-go/slack/releases)
- [Changelog](https://github.com/slack-go/slack/blob/master/CHANGELOG.md)
- [Commits](slack-go/slack@v0.23.0...v0.23.1)

Updates `golang.org/x/crypto` from 0.50.0 to 0.52.0
- [Commits](golang/crypto@v0.50.0...v0.52.0)

Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
- [Commits](golang/mod@v0.35.0...v0.36.0)

Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](golang/net@v0.53.0...v0.54.0)

Updates `golang.org/x/sys` from 0.44.0 to 0.45.0
- [Commits](golang/sys@v0.44.0...v0.45.0)

Updates `golang.org/x/text` from 0.36.0 to 0.37.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.36.0...v0.37.0)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `k8s.io/apiserver` from 0.36.0 to 0.36.1
- [Commits](kubernetes/apiserver@v0.36.0...v0.36.1)

Updates `modernc.org/sqlite` from 1.50.0 to 1.50.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager
  dependency-version: 1.22.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
  dependency-version: 1.74.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.101.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/getkin/kin-openapi
  dependency-version: 0.138.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/go-co-op/gocron/v2
  dependency-version: 2.21.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/slack-go/slack
  dependency-version: 0.23.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/mod
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/sys
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/text
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: k8s.io/apiserver
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: modernc.org/sqlite
  dependency-version: 1.50.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added go Pull requests that update Go code kind/dependencies labels May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

go Pull requests that update Go code kind/dependencies needs/area

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants