chore(deps)(deps): bump the go-dependencies group across 1 directory with 19 updates by dependabot[bot] · Pull Request #43 · PatrickFanella/subcults

dependabot · 2026-04-06T09:47:21Z

Bumps the go-dependencies group with 15 updates in the / directory:

Package	From	To
github.com/golang-jwt/jwt/v5	`5.3.0`	`5.3.1`
github.com/lib/pq	`1.10.9`	`1.12.3`
github.com/aws/aws-sdk-go-v2	`1.41.1`	`1.41.5`
github.com/aws/aws-sdk-go-v2/credentials	`1.19.7`	`1.19.14`
github.com/aws/aws-sdk-go-v2/service/s3	`1.95.1`	`1.98.0`
github.com/fxamacker/cbor/v2	`2.9.0`	`2.9.1`
github.com/knadh/koanf/providers/file	`1.2.0`	`1.2.1`
github.com/knadh/koanf/v2	`2.3.0`	`2.3.4`
github.com/livekit/protocol	`1.43.4`	`1.45.1`
github.com/livekit/server-sdk-go/v2	`2.13.1`	`2.16.1`
github.com/redis/go-redis/v9	`9.17.2`	`9.18.0`
github.com/testcontainers/testcontainers-go	`0.40.0`	`0.41.0`
github.com/testcontainers/testcontainers-go/modules/postgres	`0.40.0`	`0.41.0`
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	`0.61.0`	`0.67.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	`1.24.0`	`1.43.0`

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

Add spellcheck Github action to catch common spelling mistakes by @equalsgibson in golang-jwt/jwt#458

Add WithNotBeforeRequired parser option and add test coverage by @equalsgibson in golang-jwt/jwt#456

Update godoc example func to properly refer to NewWithClaims() by @equalsgibson in golang-jwt/jwt#459

Update github workflows by @mfridman in golang-jwt/jwt#462

Additional test for CustomClaims that validates unmarshalling behaviour by @equalsgibson in golang-jwt/jwt#457

Fix early file close in jwt cli by @mfridman in golang-jwt/jwt#472

Add TPM signature reference by @salrashid123 in golang-jwt/jwt#473

Remove misleading ParserOptions documentation in golang-jwt/jwt#484

Save signature to Token struct after successful signing by @EgorSheff in golang-jwt/jwt#417

Set token.Signature in ParseUnverified by @slickwilli in golang-jwt/jwt#414

👒 Dependencies

Bump crate-ci/typos from 1.34.0 to 1.35.3 by @dependabot[bot] in golang-jwt/jwt#461

Bump crate-ci/typos from 1.35.4 to 1.36.2 by @dependabot[bot] in golang-jwt/jwt#470

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in golang-jwt/jwt#478

Bump crate-ci/typos from 1.36.2 to 1.39.0 by @dependabot[bot] in golang-jwt/jwt#480

Bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in golang-jwt/jwt#481

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#469

Bump crate-ci/typos from 1.39.0 to 1.40.0 by @dependabot[bot] in golang-jwt/jwt#488

Bump actions/checkout from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#487

Bump crate-ci/typos from 1.40.0 to 1.41.0 by @dependabot[bot] in golang-jwt/jwt#490

Bump crate-ci/typos from 1.41.0 to 1.42.1 by @dependabot[bot] in golang-jwt/jwt#492

New Contributors

@equalsgibson made their first contribution in golang-jwt/jwt#458

@salrashid123 made their first contribution in golang-jwt/jwt#473

@EgorSheff made their first contribution in golang-jwt/jwt#417

@slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

7ceae61 Add release.yml for changelog configuration
dce8e4d Set token.Signature in ParseUnverified (#414)
8889e20 Save signature to Token struct after successful signing (#417)
d237f82 ci: update github-actions schedule interval to monthly
d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
e6a0afa Bump actions/checkout from 5 to 6 (#487)
9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
60a8669 Bump actions/setup-go from 5 to 6 (#469)
76f5828 Remove misleading ParserOptions documentation (#484)
Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0
The next release may change the default sslmode from require to prefer. See #1271 for details.
CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)
// Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
// Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
Features
Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

Support sslmode=prefer and sslmode=allow (#1270).

Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

Support connection service file to load connection details (#1285).

Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).
Add a new pqerror package with PostgreSQL error codes (#1275).

For example, to test if an error is a UNIQUE constraint violation:
if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
    log.Fatalf("email %q already exsts", email)
}
To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)
The next release may change the default sslmode from require to prefer. See #1271 for details.
CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)
// Old
tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
// Replacement
tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
Features

Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

Support sslmode=prefer and sslmode=allow (#1270).

Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits

1f3e3d9 Send datestyle as a startup parameter (#1312)
32ba56b Expand tests for multiple result sets
c2cfac1 Release v1.12.2
859f104 Test CockroachDB
12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
71daecb Ensure transactions are closed in pqtest
8f44823 Set PGAPPNAME for tests
4af2196 Fix healthcheck
38a54e4 Split out testdata/init a bit
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.1 to 1.41.5

Commits

90650dd Release 2026-03-26
dd88818 Regenerated Clients
b662c50 Update endpoints model
500a9cb Update API model
6221102 fix stale skew and delayed skew healing (#3359)
0a39373 fix order of generated event header handlers (#3361)
098f389 Only generate resolveAccountID when it's required (#3360)
6ebab66 Release 2026-03-25
b2ec3be Regenerated Clients
abc126f Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.7 to 1.19.14

Commits

d151076 Release 2026-04-02
e33c9a9 Regenerated Clients
e066559 Update endpoints model
a635ee4 Update API model
9074b3d Release 2026-04-01
f6ad4c0 Regenerated Clients
12a971a Update API model
8bd8eee chore: add additional text to CONTRIBUTING.md (#3372)
e4deb65 Release 2026-03-31
1f758f2 Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.95.1 to 1.98.0

Commits

e4deb65 Release 2026-03-31
1f758f2 Regenerated Clients
ba7e432 Update API model
607cb0a Release 2026-03-30
a44005f Regenerated Clients
dbbd846 Update API model
5b5c3f9 Revert "drop service/internal/benchmark (#3368)" (#3369)
7ca3f9d drop service/internal/benchmark (#3368)
338088b Release 2026-03-27
f0e5f3d Regenerated Clients
Additional commits viewable in compare view

Updates github.com/fxamacker/cbor/v2 from 2.9.0 to 2.9.1

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.9.1

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

[Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #757)

[Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #757)

[Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

[Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #753)

[Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #753)

[Encoding] Reject encoding nil inside indefinite-length strings (PR #750)

[Diagnostic] Accept valid U+FFFD replacement character (PR #753)

What's Changed

🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @fxamacker in fxamacker/cbor#688

Use actual negative zero in tests by @makew0rld in fxamacker/cbor#708

Reject encoding nil inside CBOR indefinite-length string by @fxamacker in fxamacker/cbor#750

Refactor and add tests by @fxamacker in fxamacker/cbor#752

Small bugfixes, defensive checks, and improvements by @fxamacker in fxamacker/cbor#753

Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @fxamacker in fxamacker/cbor#754

Fix several issues related to keyasint tag option by @fxamacker in fxamacker/cbor#757

CI / GitHub Actions and Docs

Bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in fxamacker/cbor#690

Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in fxamacker/cbor#691

Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in fxamacker/cbor#696

Bump github/codeql-action from 3.29.7 to 3.29.9 by @dependabot[bot] in fxamacker/cbor#697

Bump github/codeql-action from 3.29.9 to 3.29.11 by @dependabot[bot] in fxamacker/cbor#700

Bump github/codeql-action from 3.29.11 to 3.30.0 by @dependabot[bot] in fxamacker/cbor#702

Bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in fxamacker/cbor#703

Bump github/codeql-action from 3.30.0 to 3.30.3 by @dependabot[bot] in fxamacker/cbor#706

Bump github/codeql-action from 3.30.3 to 3.30.4 by @dependabot[bot] in fxamacker/cbor#710

Bump github/codeql-action from 3.30.4 to 3.30.6 by @dependabot[bot] in fxamacker/cbor#712

Bump github/codeql-action from 3.30.6 to 4.30.7 by @dependabot[bot] in fxamacker/cbor#713

Bump github/codeql-action from 4.30.7 to 4.30.8 by @dependabot[bot] in fxamacker/cbor#716

Bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in fxamacker/cbor#718

Bump github/codeql-action from 4.30.9 to 4.31.2 by @dependabot[bot] in fxamacker/cbor#720

... (truncated)

Commits

63d1c66 Merge pull request #758 from fxamacker/fxamacker/update-readme-for-release
e8b10c3 Merge pull request #757 from fxamacker/fxamacker/fix-keyasint
4dd026b Update README status
3076938 Update golangci-lint to v2.10.1
6920cbe Migrate .golangci.yml to version 2
05358b1 Fix several issues related to keyasint
3851e1b Merge pull request #754 from fxamacker/fxamacker/refactor-parseMapToStruct-etc
48a18bf Refactor field
59d62f5 Merge pull request #753 from fxamacker/fxamacker/small-bugfixes
46bc977 Merge pull request #752 from fxamacker/fxamacker/refactor-and-add-tests
Additional commits viewable in compare view

Updates github.com/knadh/koanf/providers/file from 1.2.0 to 1.2.1

Release notes

Sourced from github.com/knadh/koanf/providers/file's releases.

v1.2.1

changelog for v1.2.0 -> v1.2.1

29cce50 Merge pull request #101 from e-nikolov/fix-pflag-map-types

0202243 posflag: add support for pflag map types

Commits

29cce50 Merge pull request #101 from e-nikolov/fix-pflag-map-types
0202243 posflag: add support for pflag map types
See full diff in compare view

Updates github.com/knadh/koanf/v2 from 2.3.0 to 2.3.4

Release notes

Sourced from github.com/knadh/koanf/v2's releases.

v2.3.4

What's Changed

Bump github.com/nats-io/nats-server/v2 from 2.10.27 to 2.11.12 in /providers/nats by @dependabot[bot] in knadh/koanf#400

Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /providers/kiln by @dependabot[bot] in knadh/koanf#399

Bump google.golang.org/grpc from 1.71.1 to 1.79.3 in /providers/etcd by @dependabot[bot] in knadh/koanf#405

fix: hold RLock during copy in Get to prevent concurrent map access by @alexchenai in knadh/koanf#406

Add ability to check for prior values in cliflagv3.ProviderWithConfig() just like posflag by @knadh in knadh/koanf#403

New Contributors

@alexchenai made their first contribution in knadh/koanf#406

Full Changelog: knadh/koanf@v2.3.3...v2.3.4

v2.3.3

What's Changed

Fix deadlock in recursive Get*() calls in custom merge function. knadh/koanf@2f44276

Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /examples by @dependabot[bot] in knadh/koanf#398

Full Changelog: knadh/koanf@v2.3.2...v2.3.3

v2.3.2

What's Changed

fix: preserve nil pointer types in Get() method by @Asakuri in knadh/koanf#397

New Contributors

@Asakuri made their first contribution in knadh/koanf#397

Full Changelog: knadh/koanf@v2.3.1...v2.3.2

v2.3.1

What's Changed

providers/cliflagv3: Set the flags if they have a default value by @xescugc in knadh/koanf#382

fix panic in dotenv parser when callback function is not provided by @nilsocket in knadh/koanf#387

Bump golang.org/x/crypto from 0.40.0 to 0.45.0 in /providers/kiln by @dependabot[bot] in knadh/koanf#391

Bump golang.org/x/crypto from 0.37.0 to 0.45.0 in /providers/nats by @dependabot[bot] in knadh/koanf#390

refactor interface{} to any by @nilsocket in knadh/koanf#385

fix: pass event to callback instead of nil when file changes detected by @josepdcs in knadh/koanf#384

New Contributors

@xescugc made their first contribution in knadh/koanf#382

@nilsocket made their first contribution in knadh/koanf#387

@josepdcs made their first contribution in knadh/koanf#384

Full Changelog: knadh/koanf@v2.3.0...v2.3.1

Commits

b1f58b8 Add ability to check for prior values in cliflagv3.ProviderWithConfig() jus...
f394588 fix: hold RLock during copy operations in Get to prevent concurrent map acces...
d6f6de5 Bump google.golang.org/grpc from 1.71.1 to 1.79.3 in /providers/etcd (#405)
dd3bc85 Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /providers/kiln (#399)
cf589f4 Bump github.com/nats-io/nats-server/v2 in /providers/nats (#400)
2f44276 Fix deadlock in recursive Get*() calls in custom merge function. Fixes #383.
d8290fb Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /examples (#398)
ec91994 fix: preserve nil pointer types in Get() method (#397)
99a91c6 Fix Get() panic on nil pointers. Fixes #396.
fbccb44 Upgrade go-huml (v0.2.0 spec).
Additional commits viewable in compare view

Updates github.com/livekit/protocol from 1.43.4 to 1.45.1

Release notes

Sourced from github.com/livekit/protocol's releases.

@livekit/protocol@1.45.1

Patch Changes

add generic list type - #1449 (@paulwe)

add livekit_agent_simulation service, agent remote session proto & cli dev proto - #1404 (@theomonnom)

fix flaky test - #1445 (@paulwe)

require logger name - #1444 (@paulwe)

normalize protobuf "id" log field names - #1451 (@paulwe)

encode monotonic time in wall clock - #1439 (@paulwe)

Allow sips: scheme in transfer URIs. - #1446 (@dennwc)

export discard logger - #1457 (@paulwe)

Rename log field pID to participantID - #1452 (@paulwe)

@livekit/protocol@1.45.0

Minor Changes

Add PayloadTrailerFeature to TrackInfo and AddTrackRequest - #1438 (@chenosaurus)

Patch Changes

move out connector protos - #1429 (@paulwe)

add AGENT_ERROR disconnect reason - #1434 (@theomonnom)

@livekit/protocol@1.44.1

Patch Changes

Redact ice server credentials in logs - #1408 (@biglittlebigben)

remove cloud only methods from reporter interface - #1423 (@paulwe)

do not log sip auth field lengths - #1421 (@paulwe)

add stack utility - #1422 (@paulwe)

Changes for ingress observability support - #1392 (@biglittlebigben)

remove last cloud only obs method - #1425 (@paulwe)

update room observability codegen - #1395 (@paulwe)

Sync schema versions - #1385 (@paulwe)

... (truncated)

Changelog

Sourced from github.com/livekit/protocol's changelog.

1.45.1

Patch Changes

Dropping use of an affinity function in CreateSIPParticipant - #1456 (@alexlivekit)

1.45.0

Minor Changes

Add PayloadTrailerFeature to TrackInfo and AddTrackRequest - #1438 (@chenosaurus)

Patch Changes

Added NoRandomness field to individual dispatch rule" - #1426 (@alexlivekit)

1.44.1

Patch Changes

update text message protocol for http endpoints - #1407 (@longcw)

Adding feature_flags field to InternalTransferSIPParticipantRequest, InternalCreateSIPParticipantRequest, and EvaluateSIPDispatchRulesResponse - #1382 (@alexlivekit)

1.44.0

Minor Changes

Add numbers field to SIPDispatchRuleInfo for filtering calls by called number - #1351 (@civilcoder55)

Patch Changes

Add auto_subscribe_data_track to StartSession. - #1366 (@boks1971)

Add TextMessageRequest and TextMessageResponse - #1349 (@longcw)

Add featureinfo nested field for reporting noise cancellation feature specific metadata - #1367 (@1egoman)

Option to control auto subscribe of data tracks. - #1365 (@boks1971)

Changing the wording on duplicate dispatch rule error message - #1343 (@alexlivekit)

Allow passing ClientParams to SIP RPC client. - #1356 (@dennwc)

Add project ID to internal SIPCall info. - #1346 (@dennwc)

Add helpers for tracing attributes. - #1363 (@dennwc)

Add helper for setting Jaeger tracing. - #1355 (@dennwc)

... (truncated)

Commits

26a1fc2 Version Packages (#1441)
f734574 export discard logger (#1457)
623dc9e Dropping sip affinity use (#1456)
9607166 add livekit_agent_simulation service, agent remote session proto & cli dev pr...
1834b48 fix(connector): update error codes, add new error type (#1455)
eeefaec Rename log field pID to participantID (#1452)
48d85c2 normalize protobuf "id" log field names (#1451)
163370d add created_at and updated_at to SIP trunk and dispatch rule protos (#1450)
1fedefa add generic list type (#1449)
29e8871 Endpoint in the PL creation message (#1448)
Additional commits viewable in compare view

Updates github.com/livekit/server-sdk-go/v2 from 2.13.1 to 2.16.1

Commits

f0ef7f7 update protocol dep, version bump to 2.16.1 (#864)
8b80d0c chore(deps): update magefile/mage-action action to v4 (#863)
7cd375c improve connection retries. (#862)
a8ed4bd fix: additional act support (#858)
b09b583 Rename log field pID to participantID (#860)
4493ba0 Fix duration inflation caused by late-subscribing tracks (#859)
6376347 bump version to 2.16.0 (#857)
d348d7c Handle H265 encoders that produce multi-slice IDR (#844)
e5311e9 chore(release): bump to v2.15.0 for cli (#856)
7f4d29d chore(release): bump to v2.14.0 (#855)
Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.17.2 to 9.18.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.18.0

Redis 8.6 Support

Added support for Redis 8.6, including new commands and features for streams idempotent production and HOTKEYS.

Smart Client Handoff (Maintenance Notifications) for Cluster

note: Pending RS version release

This release introduces comprehensive support for Redis Enterprise Cluster maintenance notifications via SMIGRATING/SMIGRATED push notifications. The client now automatically handles slot migrations by:

Relaxing timeouts during migration (SMIGRATING) to prevent false failures

Triggering lazy cluster state reloads upon completion (SMIGRATED)

Enabling seamless operations during Redis Enterprise maintenance windows

(#3643) by @ndyakov

OpenTelemetry Native Metrics Support

Added comprehensive OpenTelemetry metrics support following the OpenTelemetry Database Client Semantic Conventions. The implementation uses a Bridge Pattern to keep the core library dependency-free while providing optional metrics instrumentation through the new extra/redisotel-native package.

Metric groups include:

Command metrics: Operation duration with retry tracking

Connection basic: Connection count and creation time

Resiliency: Errors, handoffs, timeout relaxation

Connection advanced: Wait time and use time

Pubsub metrics: Published and received messages

Stream metrics: Processing duration and maintenance notifications

(#3637) by @ofekshenawa

✨ New Features

HOTKEYS Commands: Added support for Redis HOTKEYS feature for identifying hot keys based on CPU consumption and network utilization (#3695) by @ofekshenawa

Streams Idempotent Production: Added support for Redis 8.6+ Streams Idempotent Production with ProducerID, IdempotentID, IdempotentAuto in XAddArgs and new XCFGSET command (#3693) by @ofekshenawa

NaN Values for TimeSeries: Added support for NaN (Not a Number) values in Redis time series commands (#3687) by @ofekshenawa

DialerRetries Options: Added DialerRetries and DialerRetryTimeout to ClusterOptions, RingOptions, and FailoverOptions (#3686) by @naveenchander30

ConnMaxLifetimeJitter: Added jitter configuration to distribute connection expiration times and prevent thundering herd (#3666) by @cyningsun

Digest Helper Functions: Added DigestString and DigestBytes helper functions for client-side xxh3 hashing compatible with Redis DIGEST command (#3679) by @ofekshenawa

SMIGRATED New Format: Updated SMIGRATED parser to support new format and remember original host:port (#3697) by @ndyakov

Cluster State Reload Interval: Added cluster state reload interval option for maintenance notifications (#3663) by @ndyakov

🐛 Bug Fixes

PubSub nil pointer dereference: Fixed nil pointer dereference in PubSub after WithTimeout() - pubSubPool is now properly cloned (#3710) by @Copilot

MaintNotificationsConfig nil check: Guard against nil MaintNotificationsConfig in initConn (#3707) by @veeceey

wantConnQueue zombie elements: Fixed zombie wantConn elements accumulation in wantConnQueue (#3680) by @cyningsun

XADD/XTRIM approx flag: Fixed XADD and XTRIM to use = when approx is false (#3684) by @ndyakov

Sentinel timeout retry: When connection to a sentinel times out, attempt to connect to other sentinels (#3654) by @cxljs

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.18.0 (2026-02-16)

🚀 Highlights

Redis 8.6 Support

Added support for Redis 8.6, including new commands and features for streams idempotent production and HOTKEYS.

Smart Client Handoff (Maintenance Notifications) for Cluster

This release introduces comprehensive support for Redis Cluster maintenance notifications via SMIGRATING/SMIGRATED push notifications. The client now automatically handles slot migrations by:

Relaxing timeouts during migration (SMIGRATING) to prevent false failures

Triggering lazy cluster state reloads upon completion (SMIGRATED)

Enabling seamless operations during Redis Enterprise maintenance windows

(#3643) by @ndyakov

OpenTelemetry Native Metrics Support

Added comprehensive OpenTelemetry metrics support following the OpenTelemetry Database Client Semantic Conventions. The implementation uses a Bridge Pattern to keep the core library dependency-free while providing optional metrics instrumentation through the new extra/redisotel-native package.

Metric groups include:

Command metrics: Ope...
Description has been truncated

…with 19 updates Bumps the go-dependencies group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.3.0` | `5.3.1` | | [github.com/lib/pq](https://github.com/lib/pq) | `1.10.9` | `1.12.3` | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.1` | `1.41.5` | | [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.7` | `1.19.14` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.95.1` | `1.98.0` | | [github.com/fxamacker/cbor/v2](https://github.com/fxamacker/cbor) | `2.9.0` | `2.9.1` | | [github.com/knadh/koanf/providers/file](https://github.com/knadh/koanf) | `1.2.0` | `1.2.1` | | [github.com/knadh/koanf/v2](https://github.com/knadh/koanf) | `2.3.0` | `2.3.4` | | [github.com/livekit/protocol](https://github.com/livekit/protocol) | `1.43.4` | `1.45.1` | | [github.com/livekit/server-sdk-go/v2](https://github.com/livekit/server-sdk-go) | `2.13.1` | `2.16.1` | | [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.17.2` | `9.18.0` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.40.0` | `0.41.0` | | [github.com/testcontainers/testcontainers-go/modules/postgres](https://github.com/testcontainers/testcontainers-go) | `0.40.0` | `0.41.0` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.61.0` | `0.67.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.43.0` | Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](golang-jwt/jwt@v5.3.0...v5.3.1) Updates `github.com/lib/pq` from 1.10.9 to 1.12.3 - [Release notes](https://github.com/lib/pq/releases) - [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md) - [Commits](lib/pq@v1.10.9...v1.12.3) Updates `github.com/aws/aws-sdk-go-v2` from 1.41.1 to 1.41.5 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.1...v1.41.5) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.7 to 1.19.14 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/m2/v1.19.7...credentials/v1.19.14) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.95.1 to 1.98.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.95.1...service/s3/v1.98.0) Updates `github.com/fxamacker/cbor/v2` from 2.9.0 to 2.9.1 - [Release notes](https://github.com/fxamacker/cbor/releases) - [Commits](fxamacker/cbor@v2.9.0...v2.9.1) Updates `github.com/knadh/koanf/providers/file` from 1.2.0 to 1.2.1 - [Release notes](https://github.com/knadh/koanf/releases) - [Commits](knadh/koanf@v1.2.0...v1.2.1) Updates `github.com/knadh/koanf/v2` from 2.3.0 to 2.3.4 - [Release notes](https://github.com/knadh/koanf/releases) - [Commits](knadh/koanf@v2.3.0...v2.3.4) Updates `github.com/livekit/protocol` from 1.43.4 to 1.45.1 - [Release notes](https://github.com/livekit/protocol/releases) - [Changelog](https://github.com/livekit/protocol/blob/main/CHANGELOG.md) - [Commits](livekit/protocol@v1.43.4...v1.45.1) Updates `github.com/livekit/server-sdk-go/v2` from 2.13.1 to 2.16.1 - [Commits](livekit/server-sdk-go@v2.13.1...v2.16.1) Updates `github.com/redis/go-redis/v9` from 9.17.2 to 9.18.0 - [Release notes](https://github.com/redis/go-redis/releases) - [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md) - [Commits](redis/go-redis@v9.17.2...v9.18.0) Updates `github.com/testcontainers/testcontainers-go` from 0.40.0 to 0.41.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.40.0...v0.41.0) Updates `github.com/testcontainers/testcontainers-go/modules/postgres` from 0.40.0 to 0.41.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.40.0...v0.41.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.61.0 to 0.67.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.61.0...zpages/v0.67.0) Updates `go.opentelemetry.io/otel` from 1.38.0 to 1.42.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.42.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.24.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.43.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.24.0 to 1.41.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.41.0) Updates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.43.0) Updates `go.opentelemetry.io/otel/trace` from 1.38.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.43.0) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/lib/pq dependency-version: 1.12.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.98.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/fxamacker/cbor/v2 dependency-version: 2.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/knadh/koanf/providers/file dependency-version: 1.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/knadh/koanf/v2 dependency-version: 2.3.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/livekit/protocol dependency-version: 1.45.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/livekit/server-sdk-go/v2 dependency-version: 2.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/redis/go-redis/v9 dependency-version: 9.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/testcontainers/testcontainers-go/modules/postgres dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.67.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel dependency-version: 1.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-06T09:47:22Z

Labels

The following labels could not be found: go, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-04-06T09:47:45Z

NPM Vulnerability Scan Results - web

Severity	Count
Critical	0
High	5
Moderate	2
Low	0
Total	7

Click to see details

# npm audit report

ajv  <6.14.0
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
fix available via `npm audit fix`
node_modules/ajv

brace-expansion  <1.1.13 || >=2.0.0 <2.0.3
Severity: moderate
brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
fix available via `npm audit fix`
node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion
node_modules/brace-expansion

flatted  <=3.4.1
Severity: high
flatted vulnerable to unbounded recursion DoS in parse() revive phase - https://github.com/advisories/GHSA-25h7-pfq9-p65f
Prototype Pollution via parse() in NodeJS flatted - https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
fix available via `npm audit fix`
node_modules/flatted

lodash-es  <=4.17.23
Severity: high
lodash vulnerable to Code Injection via `_.template` imports key names - https://github.com/advisories/GHSA-r5fr-rjxr-66jc
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - https://github.com/advisories/GHSA-f23m-r3pf-42rh
fix available via `npm audit fix`
node_modules/lodash-es

minimatch  <=3.1.3 || 9.0.0 - 9.0.6
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix`
node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch
node_modules/minimatch

picomatch  <=2.3.1 || 4.0.0 - 4.0.3
Severity: high
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - https://github.com/advisories/GHSA-3v7f-55p6-f55p
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - https://github.com/advisories/GHSA-3v7f-55p6-f55p
Picomatch has a ReDoS vulnerability via extglob quantifiers - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
Picomatch has a ReDoS vulnerability via extglob quantifiers - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
fix available via `npm audit fix`
node_modules/picomatch
node_modules/rollup-plugin-visualizer/node_modules/picomatch
node_modules/tinyglobby/node_modules/picomatch
node_modules/vite/node_modules/picomatch
node_modules/vitest/node_modules/picomatch

rollup  4.0.0 - 4.58.0
Severity: high
Rollup 4 has Arbitrary File Write via Path Traversal - https://github.com/advisories/GHSA-mw96-cpmx-2vgc
fix available via `npm audit fix`
node_modules/rollup

7 vulnerabilities (2 moderate, 5 high)

To address all issues, run:
  npm audit fix

github-actions · 2026-04-06T09:47:46Z

NPM Vulnerability Scan Results - e2e

Severity	Count
Critical	0
High	1
Moderate	0
Low	1
Total	2

Click to see details

# npm audit report

path-to-regexp  <0.1.13
Severity: high
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters - https://github.com/advisories/GHSA-37ch-88jc-xwx2
fix available via `npm audit fix`
node_modules/path-to-regexp

qs  6.7.0 - 6.14.1
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
fix available via `npm audit fix`
node_modules/qs

2 vulnerabilities (1 low, 1 high)

To address all issues, run:
  npm audit fix

dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 6, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps)(deps): bump the go-dependencies group across 1 directory with 19 updates#43

chore(deps)(deps): bump the go-dependencies group across 1 directory with 19 updates#43
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-8ec73404bf

dependabot Bot commented on behalf of github Apr 6, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Apr 6, 2026

Uh oh!

github-actions Bot commented Apr 6, 2026

Uh oh!

github-actions Bot commented Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.3.1

What's Changed

🔐 Features

👒 Dependencies

New Contributors

v1.12.3

v1.12.2

v1.12.1

v1.12.0

Features

v1.12.3 (2026-04-03)

v1.12.2 (2026-04-02)

v1.12.1 (2026-03-30)

v1.12.0 (2026-03-18)

Features

v2.9.1

🐞 Bug fixes related to the keyasint feature

🐞 Other bug fixes and defensive checks

What's Changed

CI / GitHub Actions and Docs

v1.2.1

v2.3.4

What's Changed

New Contributors

v2.3.3

What's Changed

v2.3.2

What's Changed

New Contributors

v2.3.1

What's Changed

New Contributors

@​livekit/protocol@​1.45.1

Patch Changes

@​livekit/protocol@​1.45.0

Minor Changes

Patch Changes

@​livekit/protocol@​1.44.1

Patch Changes

1.45.1

Patch Changes

1.45.0

Minor Changes

Patch Changes

1.44.1

Patch Changes

1.44.0

Minor Changes

Patch Changes

9.18.0

Redis 8.6 Support

Smart Client Handoff (Maintenance Notifications) for Cluster

OpenTelemetry Native Metrics Support

✨ New Features

🐛 Bug Fixes

9.18.0 (2026-02-16)

🚀 Highlights

Redis 8.6 Support

Smart Client Handoff (Maintenance Notifications) for Cluster

OpenTelemetry Native Metrics Support

Uh oh!

dependabot Bot commented on behalf of github Apr 6, 2026

Labels

Uh oh!

github-actions Bot commented Apr 6, 2026

NPM Vulnerability Scan Results - web

Uh oh!

github-actions Bot commented Apr 6, 2026

NPM Vulnerability Scan Results - e2e

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

dependabot Bot commented on behalf of github Apr 6, 2026 •

edited

Loading

🐞 Bug fixes related to the `keyasint` feature

`@livekit/protocol@1`.45.1

`@livekit/protocol@1`.45.0

`@livekit/protocol@1`.44.1