Skip to content

Bump the go_modules group across 3 directories with 7 updates#85

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/api/go/go_modules-c68a6238e7
Open

Bump the go_modules group across 3 directories with 7 updates#85
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/api/go/go_modules-c68a6238e7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown

Bumps the go_modules group with 1 update in the /api/go directory: golang.org/x/net.
Bumps the go_modules group with 4 updates in the /backend directory: golang.org/x/net, github.com/go-git/go-git/v5, github.com/buger/jsonparser and google.golang.org/grpc.
Bumps the go_modules group with 4 updates in the /frontend/cli directory: golang.org/x/net, github.com/go-git/go-git/v5, github.com/buger/jsonparser and google.golang.org/grpc.

Updates golang.org/x/net from 0.43.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.43.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.4 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

... (truncated)

Commits
  • 3c3be60 Merge pull request #2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Updates github.com/buger/jsonparser from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.1.2

What's Changed

New Contributors

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits
  • a69e7e0 Merge pull request #276 from dbarrosop/master
  • d3eacc0 fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...
  • 61b32cf Merge pull request #241 from unxcepted/master
  • 2181e83 Merge pull request #244 from ScaleChamp/patch-2
  • 1510b51 Added latest versions of go to tests
  • 6fc2e48 fix: eachkey allocation
  • a6f867e Merge pull request #239 from AdamKorcz/cifuzz1
  • cbc01fd Fuzzing: Add CIFuzz
  • dc92d69 Merge pull request #228 from jonomacd/null-handling
  • 2d9d634 Merge pull request #231 from carsonip/fix-parseint-overflow-check
  • Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.6.1 to 1.6.3

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

  • New SLH-DSA, improvements in ML-DSA for arm64.
  • Tested compilation on WASM.

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits
  • 24ae53c Release CIRCL v1.6.3
  • 581020b Rename method to oddMultiplesProjective.
  • 12209a4 Removing unused cmov for jacobian points.
  • fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
  • 5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
  • 3416046 Check opts for nil value.
  • a763d47 Release CIRCL v1.6.2
  • 3c70bf9 Bump x/crypto x/sys dependencies.
  • 3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
  • 23491bd Adding generic Power2Round method.
  • Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.2 to 5.9.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.9.0

What's Changed

Full Changelog: go-git/go-billy@v5.8.0...v5.9.0

v5.8.0

What's Changed

Full Changelog: go-git/go-billy@v5.7.0...v5.8.0

v5.7.0

What's Changed

Full Changelog: go-git/go-billy@v5.6.2...v5.7.0

Commits
  • 237e529 Merge pull request #206 from pjbgf/v5-improvements
  • 04edb39 build: Add go-git integration test
  • d8efefd osfs: preserve empty ChrootOS base
  • 07f2a0b Merge pull request #205 from pjbgf/v5-improvements
  • 25207c8 build: Bump Go versions in workflows
  • 2fda229 osfs: ChrootOS eval baseDir on creation
  • 427b27f Merge pull request #203 from pjbgf/v5-improvements
  • 7d5a23e chroot: Reject symlink loops
  • 2c2287a util: avoid following symlinks in RemoveAll fallback
  • cbd88e9 Fix mount path handling
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.41.0 to 0.51.0

Commits
  • b8a14a8 go.mod: update golang.org/x dependencies
  • 9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
  • fd0b90d acme: include Problem in OrderError.Error
  • b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
  • cc0e4fc hkdf: forward Extract to the standard library
  • a8e9237 x509roots/fallback: update bundle
  • 03ca0dc go.mod: update golang.org/x dependencies
  • 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
  • 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
  • 982eaa6 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.72.1 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

  • mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

  • balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

  • experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
  • pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
    • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
  • xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
  • balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Bug Fixes

  • credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
  • health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Performance Improvements

  • credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
  • mem: Optimize pooling and creation of buffer objects. (#8784)
  • transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

Updates golang.org/x/net from 0.43.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.4 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

... (truncated)

Commits
  • 3c3be60 Merge pull request #2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Updates github.com/buger/jsonparser from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.1.2

What's Changed

New Contributors

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits
  • a69e7e0 Merge pull request #276 from dbarrosop/master
  • d3eacc0 fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...
  • 61b32cf Merge pull request #241 from unxcepted/master
  • 2181e83 Merge pull request #244 from ScaleChamp/patch-2
  • 1510b51 Added latest versions of go to tests
  • 6fc2e48 fix: eachkey allocation
  • a6f867e Merge pull request #239 from AdamKorcz/cifuzz1
  • cbc01fd Fuzzing: Add CIFuzz
  • dc92d69 Merge pull request #228 from jonomacd/null-handling
  • 2d9d634 Merge pull request #231 from carsonip/fix-parseint-overflow-check
  • Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.6.1 to 1.6.3

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

  • New SLH-DSA, improvements in ML-DSA for arm64.
  • Tested compilation on WASM.

What's Changed

Bumps the go_modules group with 1 update in the /api/go directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 4 updates in the /backend directory: [golang.org/x/net](https://github.com/golang/net), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the go_modules group with 4 updates in the /frontend/cli directory: [golang.org/x/net](https://github.com/golang/net), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `golang.org/x/net` from 0.43.0 to 0.55.0
- [Commits](golang/net@v0.43.0...v0.55.0)

Updates `golang.org/x/net` from 0.43.0 to 0.55.0
- [Commits](golang/net@v0.43.0...v0.55.0)

Updates `github.com/go-git/go-git/v5` from 5.16.4 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md)
- [Commits](go-git/go-git@v5.16.4...v5.19.1)

Updates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.1...v1.1.2)

Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.6.1...v1.6.3)

Updates `github.com/go-git/go-billy/v5` from 5.6.2 to 5.9.0
- [Release notes](https://github.com/go-git/go-billy/releases)
- [Commits](go-git/go-billy@v5.6.2...v5.9.0)

Updates `golang.org/x/crypto` from 0.41.0 to 0.51.0
- [Commits](golang/crypto@v0.41.0...v0.51.0)

Updates `google.golang.org/grpc` from 1.72.1 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.72.1...v1.79.3)

Updates `golang.org/x/net` from 0.43.0 to 0.55.0
- [Commits](golang/net@v0.43.0...v0.55.0)

Updates `github.com/go-git/go-git/v5` from 5.16.4 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md)
- [Commits](go-git/go-git@v5.16.4...v5.19.1)

Updates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.1...v1.1.2)

Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.6.1...v1.6.3)

Updates `github.com/go-git/go-billy/v5` from 5.6.2 to 5.9.0
- [Release notes](https://github.com/go-git/go-billy/releases)
- [Commits](go-git/go-billy@v5.6.2...v5.9.0)

Updates `golang.org/x/crypto` from 0.41.0 to 0.51.0
- [Commits](golang/crypto@v0.41.0...v0.51.0)

Updates `google.golang.org/grpc` from 1.72.1 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.72.1...v1.79.3)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.19.1
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.1.2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-git/go-billy/v5
  dependency-version: 5.9.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.19.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.1.2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-git/go-billy/v5
  dependency-version: 5.9.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants