Skip to content

chore(deps): bump the go_modules group across 1 directory with 13 updates#3

Open
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/go_modules/go_modules-7c52bae3de
Open

chore(deps): bump the go_modules group across 1 directory with 13 updates#3
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/go_modules/go_modules-7c52bae3de

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 16, 2026

Bumps the go_modules group with 7 updates in the / directory:

Package From To
github.com/go-acme/lego/v4 4.22.2 4.34.0
github.com/jackc/pgx/v5 5.5.4 5.9.0
github.com/docker/cli 26.0.0+incompatible 29.2.0+incompatible
github.com/nwaples/rardecode/v2 2.0.0-beta.2 2.2.0
github.com/ulikunitz/xz 0.5.11 0.5.14
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp 1.29.0 1.43.0
golang.org/x/image 0.18.0 0.38.0

Updates github.com/go-acme/lego/v4 from 4.22.2 to 4.34.0

Release notes

Sourced from github.com/go-acme/lego/v4's releases.

v4.34.0

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

For key updates, see the changelog.

Changelog

  • b682f8494cca7fd9859adc8814b253e6855b7faa Add DNS provider for 1cloud.ru (#2921)
  • 79b83fe1e38e6b93443077014fb51d3ba3bfed7b Add DNS provider for Netnod (#2919)
  • ca178943d0a6394ae44d94ed37306d66b14ee2c2 Add DNS provider for UCloud (#2972)
  • 61bd6bf0b9bc49c740528316dc8054871127d706 Add DNS provider for online.net (#2964)
  • 4f6a481bc4298383b1d2514f3dab0dbd0120b544 bluecatv2: fix documentation
  • aa6fcebccb73828e933c33363dccc0a93a101988 fix: check base64url token
  • 1274ec8741d7ac0b4232775e358bc95db44d961c oraclecloud: support profile session token (#2965)
  • cff2cd750413febbec64cb5fb3eedfc5a2e31a49 rfc2136: add RFC3645 (TSIG-GSS) support (#2946)
  • 33754b3b216169b18d580bddf1837e713bff7c30 rfc2136: add dnsupdate as alias (#2957)
  • 79796e155e4460967458c0df8fe58ea390cfe08f yandex360: update API docs links (#2922)

v4.33.0

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

For key updates, see the changelog.

Changelog

  • a56697ed1cd7eddeedfb459f9200b936afeeb34a Add DNS provider for EuroDNS (#2898)
  • 9be8cd43ae5de725b39643598e00da367969cab6 Add DNS provider for Excedo (#2910)
  • 847c763504888c511d7fcec82d65004caf25853e feat: Add DNS provider for Czechia (#2885)
  • 491dcaad1d4b77f3ec703a581e9a8d900869953d feat: allow to Unwrap obtainError (#2874)
  • 87b172f103b26c8ea40c5e811576ad454f7b6891 gigahostno: remove unused Zone fields (#2913)
  • 7d459b59c5882aac5cd8545cbda77e18852f5cd3 liara: add support for team ID (#2867)
  • 7b1aa50081643440c853a682ad8a9c2bf706929b safedns: rename UKFast SafeDNS to ANS SafeDNS (#2877)

v4.32.0

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

For key updates, see the changelog.

Changelog

  • 078a1889c87c750f6051a3dd9dc1e5e24e690ec8 Add DNS provider for ArtFiles (#2859)

... (truncated)

Changelog

Sourced from github.com/go-acme/lego/v4's changelog.

v4.34.0

  • Release date: 2026-04-15
  • Tag: v4.34.0

Added

  • [dnsprovider] Add DNS provider for UCloud
  • [dnsprovider] Add DNS provider for online.net
  • [dnsprovider] Add DNS provider for 1cloud.ru
  • [dnsprovider] Add DNS provider for Netnod
  • [dnsprovider] oraclecloud: support profile session token
  • [dnsprovider] rfc2136: add RFC3645 (TSIG-GSS) support

Changed

  • [dnsprovider] rfc2136: add dnsupdate as alias

Fixed

  • [httpprovider] Check base64url token

v4.33.0

  • Release date: 2026-03-19
  • Tag: v4.33.0

Added

  • [dnsprovider] Add DNS provider for Excedo
  • [dnsprovider] Add DNS provider for EuroDNS
  • [dnsprovider] Add DNS provider for Czechia

Changed

  • [lib] feat: allow to Unwrap obtainError

Fixed

  • [dnsprovider] liara: add support for team ID
  • [dnsprovider] gigahostno: remove unused Zone fields

v4.32.0

  • Release date: 2026-02-19
  • Tag: v4.32.0

Added

  • [dnsprovider] Add DNS provider for ArtFiles

... (truncated)

Commits

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

Updates github.com/jackc/pgx/v5 from 5.5.4 to 5.9.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

  • Require Go 1.25+
  • Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
  • Add OAuth authentication support for PostgreSQL 18 (David Schneider)
  • Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
  • Add tsvector type support (Adam Brightwell)
  • Skip Describe Portal for cached prepared statements reducing network round trips
  • Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
  • Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
  • Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
  • Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
  • Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
  • Make RowsAffected faster (Abhishek Chanda)
  • Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
  • Fix: ContextWatcher goroutine leak (Hank Donnay)
  • Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)
  • Fix: pipelineBatchResults.Exec silently swallowing lastRows error
  • Fix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID
  • Fix: TSVector text encoding returning nil for valid empty tsvector
  • Fix: wrong error messages for Int2 and Int4 underflow
  • Fix: Numeric nil Int pointer dereference with Valid: true
  • Fix: reversed strings.ContainsAny arguments in Numeric.ScanScientific
  • Fix: message length parsing on 32-bit platforms
  • Fix: FunctionCallResponse.Decode mishandling of signed result size
  • Fix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)
  • Fix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)
  • Fix: missed Unwatch in Pipeline error paths
  • Clarify too many failed acquire attempts error message
  • Better error wrapping with context and SQL statement (Aneesh Makala)
  • Enable govet and ineffassign linters (Federico Guerinoni)
  • Guard against various malformed binary messages (arrays, hstore, multirange, protocol messages)
  • Fix various godoc comments (ferhat elmas)
  • Fix typos in comments (Oleksandr Redko)

5.8.0 (December 26, 2025)

  • Require Go 1.24+
  • Remove golang.org/x/crypto dependency
  • Add OptionShouldPing to control ResetSession ping behavior (ilyam8)
  • Fix: Avoid overflow when MaxConns is set to MaxInt32

... (truncated)

Commits
  • b4d8e62 Release v5.9.0
  • c227cd4 Bump minimum Go version from 1.24 to 1.25
  • f492c14 Use reflect.TypeFor instead of reflect.TypeOf for static types
  • ad8fb08 Use sync.WaitGroup.Go to simplify goroutine spawning
  • 3033773 Remove go1.26 build tag from synctest test
  • 83ffb3c Validate multirange element count against source length before allocating
  • 828f214 Fix message length parsing on 32-bit platforms
  • e196a39 Add fuzz test for SQL lexer in sanitize package
  • 7f969f8 Rename TraceQueryute to traceExecute
  • ab52391 Use single Stat snapshot in checkMinConns
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.32.0 to 0.50.0

Commits
  • 03ca0dc go.mod: update golang.org/x dependencies
  • 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
  • 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
  • 982eaa6 go.mod: update golang.org/x dependencies
  • 159944f ssh,acme: clean up tautological/impossible nil conditions
  • a408498 acme: only require prompt if server has terms of service
  • cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
  • 2f26647 x509roots/fallback: update bundle
  • e08b067 go.mod: update golang.org/x dependencies
  • 7d0074c scrypt: fix panic on parameters <= 0
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.24.0 to 0.36.0

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • 89ff2e1 google: add safer credentials JSON loading options.
  • acc3815 endpoints: fix %q verb use with wrong type
  • f28b0b5 all: fix some comments
  • fd15e0f x/oauth2: populate RetrieveError from DeviceAuth
  • 792c877 oauth2: use strings.Builder instead of bytes.Buffer
  • 014cf77 all: upgrade go directive to at least 1.24.0 [generated]
  • 3c76ce5 endpoints: correct Naver OAuth2 endpoint URLs
  • cf14319 oauth2: fix expiration time window check
  • 32d34ef internal: include clientID in auth style cache key
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 26.0.0+incompatible to 29.2.0+incompatible

Commits
  • 0b9d198 Merge pull request #6764 from vvoland/update-docker
  • 9c9ec73 vendor: github.com/moby/moby/client v0.2.2
  • bab3e81 vendor: github.com/moby/moby/api v1.53.0
  • 2e64fc1 Merge pull request #6367 from thaJeztah/template_slicejoin
  • 1f2ba2a Merge pull request #6760 from thaJeztah/container_create_fix_error
  • e34a342 templates: make "join" work with non-string slices and map values
  • a86356d Merge pull request #6763 from thaJeztah/bump_mapstructure
  • 771660a vendor: github.com/go-viper/mapstructure/v2 v2.5.0
  • 9cff36b Merge pull request #6762 from thaJeztah/bump_x_deps
  • 08ed2bc cli/command/container: make injecting config.json failures a warning
  • Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.4

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

v4.1.3

This release drops Go 1.23 support as that Go release is no longer supported. With that, we can drop x/crypto and no longer have any external dependencies in go-jose outside of the standard library!

This release fixes a bug where a critical b64 header was ignored if in an unprotected header. It is now rejected instead of ignored.

What's Changed

Full Changelog: go-jose/go-jose@v4.1.2...v4.1.3

v4.1.2

What's Changed

go-jose v4.1.2 improves some documentation, errors, and removes the only 3rd-party dependency.

New Contributors

Full Changelog: go-jose/go-jose@v4.1.1...v4.1.2

v4.1.1

What's Changed

New Contributors

... (truncated)

Commits

Updates github.com/nwaples/rardecode/v2 from 2.0.0-beta.2 to 2.2.0

Commits
  • 52fb4e8 allow max dictionary size to be set, with default now at 4GB
  • 9f4b0d1 dont let the dictionary be larger than the unpacked file size
  • 153fdf5 Merge pull request #47 from nwaples/bytereader
  • 3f140e5 document RarFS methods
  • b4fc922 change os.FileMode to fs.FileMode
  • edb01e7 add Seek support for uncompressed files
  • 710bda2 add initial Seek support for limitedReader
  • 9deacfb save offset in packetFileReader
  • 4f0a750 change limitedReader to save offset internally
  • 1c32663 split volume into readerVolume and fileVolume
  • Additional commits viewable in compare view

Updates github.com/ulikunitz/xz from 0.5.11 to 0.5.14

Commits

Updates go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.29.0 to 1.43.0

Changelog

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
  • Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
  • Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

  • Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
  • Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
  • Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
  • Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

  • Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

  • Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
  • Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

  • Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits
  • 9276201 Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)
  • 61b8c94 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)
  • 97a086e chore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)
  • 5e363de limit response body size for OTLP HTTP exporters (#8108)
  • 35214b6 Use an absolute path when calling bsd kenv (#8113)
  • 290024c fix(deps): update module google.golang.org/grpc to v1.80.0 (#8121)
  • e70658e fix: support getBody in otelploghttp (#8096)
  • 4afe468 fix(deps): update googleapis to 9d38bb4 (#8117)
  • b9ca729 chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115)
  • 69472ec chore(deps): update fossas/fossa-action action to v1.9.0 (#8118)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.29.0 to 1.43.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
  • Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
  • Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

  • Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
  • Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
  • Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
  • Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

  • Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

  • Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
  • Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

  • Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits
  • 9276201 Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)
  • 61b8c94 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)
  • 97a086e chore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)
  • 5e363de limit response body size for OTLP HTTP exporters (#8108)
  • 35214b6 Use an absolute path when calling bsd kenv (#8113)
  • 290024c fix(deps): update module google.golang.org/grpc to v1.80.0 (#8121)
  • e70658e fix: support getBody in otelploghttp (#8096)
  • 4afe468 fix(deps): update googleapis to 9d38bb4 (#8117)
  • b9ca729 chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115)
  • 69472ec chore(deps): update fossas/fossa-action action to v1.9.0 (#8118)
  • Additional commits viewable in compare view

Updates golang.org/x/image from 0.18.0 to 0.38.0

Commits
  • 23ae9ed tiff: cap buffer growth to prevent OOM from malicious IFD offset
  • e589e60 webp: allow VP8L + VP8X(with alpha)
  • fe7d73d go.mod: update golang.org/x dependencies
  • e3d762b all: upgrade go directive to at least 1.25.0 [generated]
  • 833c6ed go.mod: update golang.org/x dependencies
  • bc7fe0b go.mod: update golang.org/x dependencies
  • c53c97f go.mod: update golang.org/x dependencies
  • 9032ff7 all: eliminate vet diagnostics
  • 9c9d08c go.mod: update golang.org/x dependencies
  • 742b1b7 all: fix some comments
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.67.1 to 1.80.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.80.0

Behavior Changes

  • balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)
  • xds: update resource error handling and re-resolution logic (#8907)
    • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
    • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

  • xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (#8733)
  • credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (#8831)
  • xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (#8875)
  • xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (#8899)
  • xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (#8915)
  • xds/rbac: handle addresses with ports in IP matchers. (#8990)

New Features

  • ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (#8922)

Performance Improvements

  • credentials/alts: pool write buffers to reduce memory allocations and usage. (#8919)
  • grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the WithSharedWriteBuffer dial option or the SharedWriteBuffer server option to disable this feature. (#8957)
  • xds/priority: stop caching child LB policies removed from the configuration. This will help reduce memory and cpu usage when localities are constantly switching between priorities. (#8997)
  • mem: add a faster tiered buffer pool; use the experimental mem.NewBinaryTieredBufferPool function to create such pools. (#8775)

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

  • mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

... (truncated)

Commits
  • 397e45e Change version to 1.80.0 (#8948)
  • 64ebf0a Cherry-pick #8997 to v1.80.x (#9027)
  • e45ed24 xds/rbac: add additional handling for addresses with ports (#8990) (#9022)
  • c78d26e Cherry-pick #8957 to v1.80.x (#9007)
  • bd7cd3c grpc: enforce strict path checking for incoming requests on the server (#8987)
  • b6597b3 xds/clusterimpl: use xdsConfig for updates and remove redundant fields from L...
  • 1d4fa8a xds: change cdsbalancer to use update from dependency manager (#8907)
  • 8f47d36 attributes: Replace internal map with linked list (#8933)
  • 22e1ee8 xds: add panic recov...

    Description has been truncated

@dependabot
chore(deps): bump the go_modules group across 1 directory with 13 upd…
b84322f 
…ates

Bumps the go_modules group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-acme/lego/v4](https://github.com/go-acme/lego) | `4.22.2` | `4.34.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.4` | `5.9.0` |
| [github.com/docker/cli](https://github.com/docker/cli) | `26.0.0+incompatible` | `29.2.0+incompatible` |
| [github.com/nwaples/rardecode/v2](https://github.com/nwaples/rardecode) | `2.0.0-beta.2` | `2.2.0` |
| [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) | `0.5.11` | `0.5.14` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.29.0` | `1.43.0` |
| [golang.org/x/image](https://github.com/golang/image) | `0.18.0` | `0.38.0` |



Updates `github.com/go-acme/lego/v4` from 4.22.2 to 4.34.0
- [Release notes](https://github.com/go-acme/lego/releases)
- [Changelog](https://github.com/go-acme/lego/blob/master/CHANGELOG.md)
- [Commits](go-acme/lego@v4.22.2...v4.34.0)

Updates `github.com/golang-jwt/jwt/v4` from 4.5.1 to 4.5.2
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](golang-jwt/jwt@v4.5.1...v4.5.2)

Updates `github.com/jackc/pgx/v5` from 5.5.4 to 5.9.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.5.4...v5.9.0)

Updates `golang.org/x/crypto` from 0.32.0 to 0.50.0
- [Commits](golang/crypto@v0.32.0...v0.50.0)

Updates `golang.org/x/oauth2` from 0.24.0 to 0.36.0
- [Commits](golang/oauth2@v0.24.0...v0.36.0)

Updates `github.com/docker/cli` from 26.0.0+incompatible to 29.2.0+incompatible
- [Commits](docker/cli@v26.0.0...v29.2.0)

Updates `github.com/go-jose/go-jose/v4` from 4.0.5 to 4.1.4
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.0.5...v4.1.4)

Updates `github.com/nwaples/rardecode/v2` from 2.0.0-beta.2 to 2.2.0
- [Commits](nwaples/rardecode@v2.0.0-beta.2...v2.2.0)

Updates `github.com/ulikunitz/xz` from 0.5.11 to 0.5.14
- [Commits](ulikunitz/xz@v0.5.11...v0.5.14)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.29.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.29.0...v1.43.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.29.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.29.0...v1.43.0)

Updates `golang.org/x/image` from 0.18.0 to 0.38.0
- [Commits](golang/image@v0.18.0...v0.38.0)

Updates `google.golang.org/grpc` from 1.67.1 to 1.80.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.67.1...v1.80.0)

---
updated-dependencies:
- dependency-name: github.com/go-acme/lego/v4
  dependency-version: 4.34.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-version: 4.5.2
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.50.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/docker/cli
  dependency-version: 29.2.0+incompatible
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/nwaples/rardecode/v2
  dependency-version: 2.2.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/ulikunitz/xz
  dependency-version: 0.5.14
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.43.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.43.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/image
  dependency-version: 0.38.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.80.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 16, 2026
@dependabot dependabot bot mentioned this pull request Apr 16, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants