Skip to content

build(deps): bump the dependencies group across 1 directory with 10 updates#54

Merged
SC-Samir merged 1 commit into
masterfrom
dependabot/go_modules/dependencies-4f9de8a7ac
Jul 5, 2026
Merged

build(deps): bump the dependencies group across 1 directory with 10 updates#54
SC-Samir merged 1 commit into
masterfrom
dependabot/go_modules/dependencies-4f9de8a7ac

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 8 updates in the / directory:

Package From To
github.com/bytedance/sonic 1.15.1 1.15.2
github.com/klauspost/cpuid/v2 2.3.0 2.4.0
github.com/pelletier/go-toml/v2 2.3.1 2.4.3
github.com/quic-go/quic-go 0.59.1 0.60.0
go.mongodb.org/mongo-driver/v2 2.6.0 2.7.0
golang.org/x/arch 0.27.0 0.28.0
golang.org/x/crypto 0.52.0 0.53.0
golang.org/x/net 0.55.0 0.56.0

Updates github.com/bytedance/sonic from 1.15.1 to 1.15.2

Release notes

Sourced from github.com/bytedance/sonic's releases.

v1.15.2

What's Changed

Full Changelog: bytedance/sonic@v1.15.1...v1.15.2

Commits
  • 579b6ff fix: use legacy map iterator shim
  • d774513 fix: align map runtime tags with Go 1.24
  • 47cc3ed Revert "rebase: update dev_hw with latest main" (#941)
  • fdf817a chore: update llvm
  • 93044d2 fix:add pretouchRecX86 in arm64 and add !arm64 to loader_go117_test.go
  • 59cca7c feat: update sve_linkname|sve_wrapgoc with asm2arm_tool
  • 76dcf4a chore: add asm2arm_tool execution and test scripts
  • ccddb06 feat: add SL mode support for asm2arm_tool
  • a756ce4 feat: add JIT mode support for asm2arm_tool
  • 1d17626 feat: use SVE acceleration in linkname and wrapgoc
  • Additional commits viewable in compare view

Updates github.com/klauspost/cpuid/v2 from 2.3.0 to 2.4.0

Release notes

Sourced from github.com/klauspost/cpuid/v2's releases.

v2.4.0

What's Changed

New Contributors

Full Changelog: klauspost/cpuid@v2.3.0...v2.4.0

Commits

Updates github.com/pelletier/go-toml/v2 from 2.3.1 to 2.4.3

Release notes

Sourced from github.com/pelletier/go-toml/v2's releases.

v2.4.3

What's Changed

What's new

Fixed bugs

Documentation

Other changes

New Contributors

Full Changelog: pelletier/go-toml@v2.4.2...v2.4.3

v2.4.2

What's Changed

Fixed bugs

Full Changelog: pelletier/go-toml@v2.4.1...v2.4.2

v2.4.1

What's Changed

Fixed bugs

Full Changelog: pelletier/go-toml@v2.4.0...v2.4.1

v2.4.0

What's Changed

What's new

... (truncated)

Commits
  • 071a36c fix: bound array and inline table nesting depth to prevent stack-overflow DoS...
  • 57fec25 Add RawMessage marshal support to unstable (#1084)
  • 79f82e3 fix: error instead of panic on nil unexported embedded pointer (#1089)
  • a28afed unstable/kind: drop duplicate 'a' from LocalDate comment (#1062)
  • 6fa69af fix: do not recurse forever on recursively embedded structs (#1087)
  • 82b792e fix: report table placement errors with position and key context (#1086)
  • f93de50 perf: avoid interface boxing when decoding date/time values (#1085)
  • 21f8286 Deliver the whole document to a root Unmarshaler (#994) (#1083)
  • 98e94ae Update bundled toml.abnf to TOML 1.1.0 and pin spec-corner behaviour (#1082)
  • 35f78d5 Fix invalid TOML from commented multi-line values (#1081)
  • Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.59.1 to 0.60.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.60.0

Starting with v0.60.0, quic-go is ready for use in FIPS 140-3 environments when built with Go 1.26 or newer and used with the Go Cryptographic Module. See FIPS140.md for details.

This required a number of changes:

  • switch QUIC HKDF usage to the standard library crypto/hkdf: #5461
  • use the Go standard library's TLS 1.3 AES-GCM implementation for QUIC packet protection AEADs: #5624
  • use cipher.NewGCMWithRandomNonce for address validation token encryption: #5625
  • disable FIPS 140-3 enforcement for the Retry packet integrity tag, which is outside the FIPS 140-3 scope: #5630
  • disable FIPS 140-3 enforcement for Initial packet protection, whose secrets are derived from public RFC constants: #5640
  • guard the internal ChaCha20-Poly1305 code path so it is not used in FIPS 140-3 mode: #5633
  • add FIPS / non-FIPS data transfer integration tests, including Retry and key updates: #5646

Breaking Changes

  • quic-go now requires Go 1.25 or newer: #5561

Notable Fixes

  • path probe packets now correctly pass the OOB data (needed to select the correct network interface in some system configurations): #5544, thanks to @​on-keyday
  • cancel the Stream and SendStream context when the connection is closed: #5556, thanks to @​zvdy
  • http3: validate Extended CONNECT ``:protocol` pseudo-header values according to HTTP token syntax: #5639
  • http3: always set http.Request.Scheme and http.Request.Host: #5554, thanks to @​qiulaidongfeng
  • http3: fixed a nil pointer dereference when Server.Logger is unset: #5671
  • fix maximum datagram size estimation after MTU discovery: #5650, thanks to @​jinq0123
  • OpenStreamSync now reliably returns the context error when the context is cancelled: #5660

Behind the scenes

In the last couple of months, we have reworked our fuzz setup and the integration into OSS-Fuzz: First of all, all fuzzers were rewritten to Go native fuzzing (#5592, #5599, #5600, #5603, #5613). We also added new fuzzers for the HTTP/3 frame parser (#5595), HTTP/3 request, response and trailer decoding (#5602) and the STREAM / CRYPTO frame sorter (#5620).

Since native Go fuzzing uses a different seed corpus format, we now use the newly implemented go-ossfuzz-seeds library to generate OSS-Fuzz compatible seed corpus files from f.Add calls.

We also enable ClusterFuzzLite batch fuzzing (#5605), including. a seed corpus (#5607). Fuzz coverage for both ClusterFuzzLite batch fuzzing (#5641) and for OSS-Fuzz fuzzing (#5655) is now submitted to Codecov.

Changelog

... (truncated)

Commits
  • 7612ad1 fix maximum datagram size estimation after MTU discovery (#5650)
  • c29d679 log build date and revisions in OSS-Fuzz build script (#5674)
  • 2728695 ci: bump docker/setup-qemu-action from 4.0.0 to 4.1.0 (#5673)
  • 4e4845b http3: fix nil pointer dereference when Server.Logger is unset (#5671)
  • 25c8e61 make frame sorter fuzz corpus accessible to OSS-Fuzz (#5670)
  • e444e69 ci: bump docker/login-action from 4.1.0 to 4.2.0 (#5668)
  • 23256b5 ci: bump docker/setup-buildx-action from 4.0.0 to 4.1.0 (#5665)
  • a7a3ef9 ci: bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#5666)
  • 0b49963 ci: bump docker/build-push-action from 7.1.0 to 7.2.0 (#5667)
  • 4f3577c ci: bump codecov/codecov-action from 6.0.0 to 6.0.1 (#5664)
  • Additional commits viewable in compare view

Updates go.mongodb.org/mongo-driver/v2 from 2.6.0 to 2.7.0

Release notes

Sourced from go.mongodb.org/mongo-driver/v2's releases.

MongoDB Go Driver 2.7.0

The MongoDB Go Driver Team is pleased to release version 2.7.0 of the official MongoDB Go Driver.

Release Highlights

This release adds support for sending afterClusterTime on writes in causally consistent sessions, improving alignment between read and write behavior in session-based workflows. It also continues cleanup of session-related and internal-only APIs by deprecating the experimental session API, helping clarify which surfaces are intended for long-term public use. Alongside that, the release includes a handful of targeted quality improvements across BSON validation, change streams, and error reporting to make the driver more predictable and easier to debug.

What's Changed

✨ New Features

🐛 Fixed

📝 Other Changes

New Contributors

Full Changelog: mongodb/mongo-go-driver@v2.6.2...v2.7.0

For a full list of tickets included in this release, please see the list of fixed issues.

... (truncated)

Commits
  • 7d61ab3 BUMP v2.7.0
  • d9593db GODRIVER-3559 Skip Docker Runner Tests (#2432)
  • 6d0f68d Merge release/2.6 into master (#2437)
  • 0ff564f Merge branch 'release/2.6'
  • 867c9b5 BUMP v2.6.2
  • 5b90659 Merge branch 'master' into merge-release/2.6-into-master-1781722303033
  • 797c020 GODRIVER-3964: Skip CSE prose tests requiring contention (#2431)
  • 283aa8b GODRIVER-3113 Skip flaky test in commit.json. (#2435)
  • 1803b12 GODRIVER-3965 fix: misleading error message type info in rewrap function (#2430)
  • 2995aaf GODRIVER-3906 Exclude tls.RecordHeaderError from backpressure labels (#2417)
  • Additional commits viewable in compare view

Updates golang.org/x/arch from 0.27.0 to 0.28.0

Commits
  • 9c1a596 x86/x86asm: support SHA instructions
  • 1255c5e x86/x86asm: support AVX instructions
  • 2ebc088 riscv64: add support for zvk instructions
  • See full diff in compare view

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.55.0 to 0.56.0

Commits
  • 9e7fdbf internal/http3: fix wrong argument being given when validating header value
  • b686e5f internal/http3: add gzip support to transport
  • 8a34885 go.mod: update golang.org/x dependencies
  • 72eaf98 dns/dnsmessage: correctly validate SVCB record parameter order
  • 82e7868 dns/dnsmessage: avoid panic when parsing SVCB record with truncated data
  • b64f1fa internal/http3: add server support for "Trailer:" magic prefix
  • 2707ee2 internal/http3: implement HTTP/3 clientConn methods
  • 31358cc internal/http3: snapshot response headers at WriteHeader time
  • 8ecbaa9 html: don't adjust xml:base
  • 8ae811a html: properly handle end script tag in fragment mode
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.45.0 to 0.46.0

Commits

Updates golang.org/x/text from 0.37.0 to 0.38.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 05:43
@dependabot dependabot Bot requested review from SC-Samir and removed request for a team July 1, 2026 05:43
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 1, 2026
…pdates

Bumps the dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/bytedance/sonic](https://github.com/bytedance/sonic) | `1.15.1` | `1.15.2` |
| [github.com/klauspost/cpuid/v2](https://github.com/klauspost/cpuid) | `2.3.0` | `2.4.0` |
| [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) | `2.3.1` | `2.4.3` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.59.1` | `0.60.0` |
| [go.mongodb.org/mongo-driver/v2](https://github.com/mongodb/mongo-go-driver) | `2.6.0` | `2.7.0` |
| [golang.org/x/arch](https://github.com/golang/arch) | `0.27.0` | `0.28.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.52.0` | `0.53.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.55.0` | `0.56.0` |



Updates `github.com/bytedance/sonic` from 1.15.1 to 1.15.2
- [Release notes](https://github.com/bytedance/sonic/releases)
- [Commits](bytedance/sonic@v1.15.1...v1.15.2)

Updates `github.com/klauspost/cpuid/v2` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/klauspost/cpuid/releases)
- [Commits](klauspost/cpuid@v2.3.0...v2.4.0)

Updates `github.com/pelletier/go-toml/v2` from 2.3.1 to 2.4.3
- [Release notes](https://github.com/pelletier/go-toml/releases)
- [Commits](pelletier/go-toml@v2.3.1...v2.4.3)

Updates `github.com/quic-go/quic-go` from 0.59.1 to 0.60.0
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](quic-go/quic-go@v0.59.1...v0.60.0)

Updates `go.mongodb.org/mongo-driver/v2` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](mongodb/mongo-go-driver@v2.6.0...v2.7.0)

Updates `golang.org/x/arch` from 0.27.0 to 0.28.0
- [Commits](golang/arch@v0.27.0...v0.28.0)

Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0
- [Commits](golang/crypto@v0.52.0...v0.53.0)

Updates `golang.org/x/net` from 0.55.0 to 0.56.0
- [Commits](golang/net@v0.55.0...v0.56.0)

Updates `golang.org/x/sys` from 0.45.0 to 0.46.0
- [Commits](golang/sys@v0.45.0...v0.46.0)

Updates `golang.org/x/text` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: github.com/bytedance/sonic
  dependency-version: 1.15.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/klauspost/cpuid/v2
  dependency-version: 2.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/pelletier/go-toml/v2
  dependency-version: 2.4.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: go.mongodb.org/mongo-driver/v2
  dependency-version: 2.7.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/arch
  dependency-version: 0.28.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/text
  dependency-version: 0.38.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump the dependencies group with 10 updates build(deps): bump the dependencies group across 1 directory with 10 updates Jul 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/dependencies-4f9de8a7ac branch from 102e386 to 84bb1e5 Compare July 5, 2026 10:53
@SC-Samir SC-Samir merged commit c11f65d into master Jul 5, 2026
1 of 2 checks passed
@SC-Samir SC-Samir deleted the dependabot/go_modules/dependencies-4f9de8a7ac branch July 5, 2026 10:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant