Skip to content

chore(deps): bump the dependencies group with 3 updates#675

Merged
rhamzeh merged 1 commit intomainfrom
dependabot/go_modules/dependencies-3656372cde
Apr 14, 2026
Merged

chore(deps): bump the dependencies group with 3 updates#675
rhamzeh merged 1 commit intomainfrom
dependabot/go_modules/dependencies-3656372cde

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026

Bumps the dependencies group with 3 updates: github.com/mattn/go-isatty, github.com/openfga/go-sdk and github.com/openfga/openfga.

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.21

Commits
  • 4237fb1 Update Go test matrix to current versions (1.24-1.26)
  • 433c12b Update GitHub Actions to latest versions
  • 1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
  • 1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
  • ac9c88d Fix typo in comment: undocomented -> undocumented
  • 8b7124e Add availability check for NtQueryObject in init
  • 08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
  • See full diff in compare view

Updates github.com/openfga/go-sdk from 0.7.5 to 0.8.0

Release notes

Sourced from github.com/openfga/go-sdk's releases.

v0.8.0

0.8.0 (2026-04-08)

Added

Fixed

  • disable http req duration metric by default (#281) (d8c395e)
  • prevent dropped results in streaming channel conversion (#296) (2eeeed9)
  • releaser app secret key (#300) (0279453)
  • use inputs fallback for bump-type to handle push trigger (#299) (6264d0f)
  • use release: prefix for auto generated PR (#302) (a440734)

[!WARNING] BREAKING CHANGES (pre-v1, semver allows):

  • OpenFgaApi: ApiStreamedListObjectsRequest.Execute() now returns (*StreamedListObjectsChannel, error) instead of (StreamResultOfStreamedListObjectsResponse, *http.Response, error)
  • OpenFgaApi: ApiStreamedListObjectsRequest.Options() now takes StreamingRequestOptions instead of RequestOptions
  • Removed ExecuteStreamedListObjects, ExecuteStreamedListObjectsWithBufferSize, and ProcessStreamedListObjectsResponse from the openfga package. Use fgaClient.StreamedListObjects(ctx).Body(...).Execute() or APIExecutor.ExecuteStreaming instead
  • fga-client.http_request.duration metric is now disabled by default; enable it via telemetry configuration if needed

What's Changed

... (truncated)

Changelog

Sourced from github.com/openfga/go-sdk's changelog.

0.8.0 (2026-04-08)

Added

  • feat!: add ExecuteStreaming to APIExecutor for streaming any OpenFGA endpoint via the generic executor. Check out the documentation (#292) (e0ce647)
  • telemetry: add fga-client.request.count metric to track total HTTP requests made by the SDK (#286) (9c8c53a)

Changed

  • chore: bump minimum Go version to 1.25 (#283) (7e50860)

Fixed

  • fix: The fga-client.http_request.duration metric is now disabled by default. Users can enable it via telemetry configuration if needed. (#281) (d8c395e)
  • fix: prevent dropped results in StreamedListObjects when error and result arrive simultaneously (#296) (2eeeed9)

[!WARNING] BREAKING CHANGES (pre-v1, semver allows):

  • OpenFgaApi: ApiStreamedListObjectsRequest.Execute() now returns (*StreamedListObjectsChannel, error) instead of (StreamResultOfStreamedListObjectsResponse, *http.Response, error)
  • OpenFgaApi: ApiStreamedListObjectsRequest.Options() now takes StreamingRequestOptions instead of RequestOptions
  • Removed ExecuteStreamedListObjects, ExecuteStreamedListObjectsWithBufferSize, and ProcessStreamedListObjectsResponse from the openfga package. Use fgaClient.StreamedListObjects(ctx).Body(...).Execute() or APIExecutor.ExecuteStreaming instead
  • fga-client.http_request.duration metric is now disabled by default; enable it via telemetry configuration if needed
Commits
  • 801e5a1 release: v0.8.0 (#305)
  • b1b6d6a chore: hide release commits from changelog (#304)
  • c4da7ff chore: add 'release' to PR task types for validation (#298)
  • a440734 fix: use release: prefix for auto generated PR (#302)
  • 0279453 fix: releaser app secret key (#300)
  • 6264d0f fix: use inputs fallback for bump-type to handle push trigger (#299)
  • f212c84 feat: release automation configs (#291)
  • acf7976 chore(deps): bump the dependencies group with 2 updates (#294)
  • b887571 chore(deps): bump the go_modules group across 1 directory with 2 updates (#297)
  • 270780f chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 in the dependencies gr...
  • Additional commits viewable in compare view

Updates github.com/openfga/openfga from 1.14.0 to 1.14.1

Release notes

Sourced from github.com/openfga/openfga's releases.

v1.14.1

Added

  • Added configuration for the server shutdown timeout. #2976

Changed

  • Made some minor changes in ListObjects to reduce heap allocations. Results in minor latency reduction. #3043
  • Improve cache key generation performance by removing fmt usage and extend control-character sanitization to all cache key inputs (tuples, conditions, context). #3006

Security

  • Fixed AuthZEN discovery metadata to publish endpoint URLs from the configured authzen.baseURL instead of request-supplied host headers, preventing host-header poisoning of /.well-known/authzen-configuration/{store_id}.
  • Removed the vulnerable github.com/docker/docker package (used only in tests) and replaced it with Moby (client & api). #3047

Thanks to @​rafanaskin for #2976 and #3047!

Full Changelog: openfga/openfga@v1.14.0...v1.14.1

Changelog

Sourced from github.com/openfga/openfga's changelog.

[1.14.1] - 2026-04-10

Added

  • Added configuration for the server shutdown timeout. #2976

Changed

  • Made some minor changes in ListObjects to reduce heap allocations. Results in minor latency reduction. #3043
  • Improve cache key generation performance by removing fmt usage and extend control-character sanitization to all cache key inputs (tuples, conditions, context). #3006

Security

  • Fixed AuthZEN discovery metadata to publish endpoint URLs from the configured authzen.baseURL instead of request-supplied host headers, preventing host-header poisoning of /.well-known/authzen-configuration/{store_id}.
  • Removed the vulnerable github.com/docker/docker package (used only in tests) and replaced it with Moby (client & api). #3047
Commits
  • fa57024 release: update changelog for release v1.14.1 (#3060)
  • 529114d chore(deps): bump the dependencies group across 1 directory with 7 updates (#...
  • 65cdbbe fix: use a baseURL for AuthZEN configuration endpoint (#3057)
  • f1fcf41 chore: replace docker with moby (#3047)
  • f68af73 Iterator Cache V2: Storage Wrapper Pattern with Lock-Free Design (#3016)
  • 5e156a0 test: fix flaky condition test (#3058)
  • 405ac40 chore(deps): bump the dependencies group across 1 directory with 6 updates (#...
  • afe250e chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 463908c feat: add graceful shutdown timeout configuration (#2976)
  • d28f9cf chore: update changelog to reflect playground off-by-default behavior (#3053)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dependencies group with 3 updates
8e5e2f2 
Bumps the dependencies group with 3 updates: [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty), [github.com/openfga/go-sdk](https://github.com/openfga/go-sdk) and [github.com/openfga/openfga](https://github.com/openfga/openfga).


Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.21
- [Commits](mattn/go-isatty@v0.0.20...v0.0.21)

Updates `github.com/openfga/go-sdk` from 0.7.5 to 0.8.0
- [Release notes](https://github.com/openfga/go-sdk/releases)
- [Changelog](https://github.com/openfga/go-sdk/blob/main/CHANGELOG.md)
- [Commits](openfga/go-sdk@v0.7.5...v0.8.0)

Updates `github.com/openfga/openfga` from 1.14.0 to 1.14.1
- [Release notes](https://github.com/openfga/openfga/releases)
- [Changelog](https://github.com/openfga/openfga/blob/main/CHANGELOG.md)
- [Commits](openfga/openfga@v1.14.0...v1.14.1)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-version: 0.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/openfga/go-sdk
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/openfga/openfga
  dependency-version: 1.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 13, 2026
Copilot AI review requested due to automatic review settings April 13, 2026 13:38
@dependabot dependabot bot requested a review from a team as a code owner April 13, 2026 13:38
@dependabot dependabot bot added the go Pull requests that update Go code label Apr 13, 2026
@dependabot dependabot bot review requested due to automatic review settings April 13, 2026 13:38
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 13, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​openfga/​openfga@​v1.14.0 ⏵ v1.14.177100100100100 +31
Updatedgithub.com/​openfga/​go-sdk@​v0.7.5 ⏵ v0.8.079 +2100100100100
Updatedgithub.com/​mattn/​go-isatty@​v0.0.20 ⏵ v0.0.21100100100100100

View full report

@rhamzeh rhamzeh added this pull request to the merge queue Apr 14, 2026
Merged via the queue into main with commit 892a37d Apr 14, 2026
19 of 20 checks passed
@rhamzeh rhamzeh deleted the dependabot/go_modules/dependencies-3656372cde branch April 14, 2026 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhamzeh rhamzeh rhamzeh approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rhamzeh