Skip to content

dev: bump the safe group with 8 updates#7903

Merged
johanstokking merged 4 commits into
v3.36from
dependabot/go_modules/safe-7a2373118d
Apr 28, 2026
Merged

dev: bump the safe group with 8 updates#7903
johanstokking merged 4 commits into
v3.36from
dependabot/go_modules/safe-7a2373118d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Bumps the safe group with 8 updates:

Package From To
github.com/aws/aws-sdk-go-v2/service/s3 1.99.1 1.100.0
github.com/getsentry/sentry-go 0.45.1 0.46.0
github.com/nats-io/nats-server/v2 2.12.7 2.12.8
github.com/nats-io/nats.go 1.50.0 1.51.0
github.com/uptrace/bun/dialect/pgdialect 1.2.15 1.2.18
github.com/uptrace/bun/driver/pgdriver 1.2.15 1.2.18
golang.org/x/crypto 0.49.0 0.50.0
golang.org/x/net 0.52.0 0.53.0

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.99.1 to 1.100.0

Commits

Updates github.com/getsentry/sentry-go from 0.45.1 to 0.46.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.46.0

Breaking Changes 🛠

New Features ✨

  • Add internal_sdk_error client report on serialization fail by @​giortzisg in #1273
  • Add grpc integration support by @​ribice in #938
  • Re-enable Telemetry Processor by default. To disable the behavior use the DisableTelemetryBuffer flag by @​giortzisg in #1254
  • Simplify client DSN storage to internal/protocol.Dsn and make it safe to access by @​giortzisg in #1254

Internal Changes 🔧

Deps

  • Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by @​dependabot in #1253
  • Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosstest by @​dependabot in #1272
  • Bump golangci-lint action from 2.1.1 to 2.11.4 by @​giortzisg in #1265
  • Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /otel by @​dependabot in #1256
  • Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 in /otel/otlp by @​dependabot in #1255

Other

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.46.0

Breaking Changes 🛠

New Features ✨

  • Add internal_sdk_error client report on serialization fail by @​giortzisg in #1273
  • Add grpc integration support by @​ribice in #938
  • Re-enable Telemetry Processor by default. To disable the behavior use the DisableTelemetryBuffer flag by @​giortzisg in #1254
  • Simplify client DSN storage to internal/protocol.Dsn and make it safe to access by @​giortzisg in #1254

Internal Changes 🔧

Deps

  • Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by @​dependabot in #1253
  • Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosstest by @​dependabot in #1272
  • Bump golangci-lint action from 2.1.1 to 2.11.4 by @​giortzisg in #1265
  • Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /otel by @​dependabot in #1256
  • Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 in /otel/otlp by @​dependabot in #1255

Other

Commits
  • 7e1f926 release: 0.46.0
  • 55688a9 fix: keep replace directives (#1275)
  • edb9172 feat!: remove SetExtra (#1274)
  • dbb964c feat: add internal_sdk_error client report on serialization fail (#1273)
  • 1fee895 feat: Add grpc integration support (#938)
  • f4eabe8 feat: re-enable Telemetry Processor and simplify setup (#1254)
  • aaef0ff chore: improve ci (#1271)
  • 533d762 chore: simplify makefile with go work (#1270)
  • 1ecdc28 build(deps): bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo (#...
  • 00dcbf0 build(deps): bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosste...
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.12.7 to 2.12.8

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.12.8

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

  • 1.25.9

Dependencies

  • golang.org/x/crypto v0.50.0 (#8030)
  • golang.org/x/sys v0.43.0 (#8030)
  • github.com/nats-io/nats.go v1.51.0 (#8068)

Improved

JetStream

  • Refactored and simplified setting the pinned headers in consumers (#8032)
  • Scanning for the starting sequence for consumers is now an asynchronous operation which no longer pauses the metalayer (#8051)

Fixed

General

  • Reload logic on gateway pinned_certs configuration has been corrected
  • Repeated CONNECT messages on a connection now clear subscriptions
  • JWT claims with validity times that cross midnight are now validated correctly
  • The /connz monitoring endpoint no longer discloses bearer JWTs
  • Monitoring redaction of route and cluster URL secrets when passed in as command line arguments
  • Fixed a panic that could occur when negotiating compression on leafnode connections
  • Max control line enforcement for non-clients has been fixed
  • Fixed a bug where setting message headers could mutate the input message buffers

Leafnodes

  • Solicited leafnode connections now send a connect advisory, which was previously missing (#8015)

JetStream

  • Message roll-ups are now applied on interest-based streams where there is no interest over the subjects (#8019)
  • Stream leaders can now catch up from incoming snapshots, correcting an edge case when scaling up (#8021)
  • Fixed a Raft commit index reset when terms mismatch (#8023, contributed by @​thecitymouse)
  • Purging via scheduled Nats-Schedule-Next: purge now errors when message scheduling is not enabled (#8035)
  • Recovering with a legacy zero index Raft snapshot will no longer panic (#8039)
  • Messages with a deduplication Nats-Msg-Id header are no longer incorrectly deduplicated in mirrors (#8043)
  • Fixed a panic when scaling after a stream update when the assignment is not fully populated yet on recovery (#8049)
  • Stream info and consumer info requests will no longer return not found when the assignments are in-flight (#8054)
  • Streams and consumers now correctly reject path separators in asset names

... (truncated)

Commits
  • e9559e9 Release v2.12.8
  • 972a686 Release v2.12.8-RC.2
  • f17e974 Cherry-picks for v2.12.8-RC.2 (#98)
  • 82b57ae [FIXED] c.setHeader mutates input message
  • 2530117 [FIXED] Max control line for non-clients
  • dfd2abc [FIXED] retryDisconnectedSyncConsumers properly checks for closed clients
  • 61e8ea8 [IMPROVED] Refactor processInboundSourceMsg for simplicity
  • 03c87ea [FIXED] Source rolls sequence back on error reset
  • 83e3d37 [FIXED] Source does not duplicate messages after leaf reconnect
  • 2a0c5c7 Update dependencies
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats.go from 1.50.0 to 1.51.0

Release notes

Sourced from github.com/nats-io/nats.go's releases.

Release v1.51.0

Changelog

ADDED

  • Core NATS:
    • Option to customize write buffer size (#2057)
    • Option to automatically reconnect on write error (#2055)
    • Accessors for JetStream API level and IsSysAccount from ServerInfo (#2060)

FIXED

  • Core NATS:
    • Make websocket frame validation more robust (#2050)
  • JetStream:
    • Fix deadlock in Consume() when calling Stop/Drain from ConsumeErrHandler (#2059)

IMPROVED

  • Fix typos in tests. Thanks @​deining for the contribution (#2049)
  • Fix deprecation warnings by bumping GH actions to their latest versions. Thanks @​deining for the contibution (#2048)
  • Code linting: remove functions min and max. Thanks @​deining for the contribution (#2047)

Complete Changes

nats-io/nats.go@v1.50.0...v1.51.0

Commits
  • 17b6fd1 Release v1.51.0 (#2061)
  • b6d0226 [ADDED] Accessors for JS API level and IsSysAccount (#2060)
  • 7a2bb4a [IMPROVED] Code linting: remove functions min and max (#2047)
  • 0099a32 [IMPROVED] Fix deprecation warnings by bumping GH actions to their latest ver...
  • e23b40d [FIXED] Deadlock in Consume() whe calling Stop/Drain from ConsumeErrHandler (...
  • 1250dd6 [ADDED] Automatic reconnect on write error option (#2055)
  • e4a8c79 [ADDED] Option to customize write buffer size (#2057)
  • 9a88c4c Update Claude workflow permissions to contents:read and actions:read (#2056)
  • f945cd9 [IMPROVED] Fix typos (#2049)
  • 4bba571 [FIXED] Make websocket frame validation more robust (#2050)
  • See full diff in compare view

Updates github.com/uptrace/bun/dialect/pgdialect from 1.2.15 to 1.2.18

Release notes

Sourced from github.com/uptrace/bun/dialect/pgdialect's releases.

v1.2.18

Please refer to CHANGELOG.md for details

v1.2.17

Please refer to CHANGELOG.md for details

v1.2.16

Please refer to CHANGELOG.md for details

Changelog

Sourced from github.com/uptrace/bun/dialect/pgdialect's changelog.

1.2.18 (2026-02-28)

Bug Fixes

  • handle []byte and [N]byte in Tuple, separate List from Tuple imp… (uptrace/bun#1340) (bec98b9)
  • validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misparse (#1338) (b8da15b), closes #1337

1.2.17 (2026-02-21)

Bug Fixes

  • migrator exec error propagation (#1320) (b40f603)
  • OrderAscNullsFirst mapping (fixes #1305) (43b6af2)
  • panic in indirectAsKey when loading complex models. TypeOf(v) returns nil (2788c5b)
  • RunMigration marks migration as applied after running (#1330) (990c2eb)

Features

  • add Tuple and List (#1331) (5c2b3d1)
  • create unique index on migration name column in Migrator.Init (#1332) (44ac056)
  • update: use DEFAULT instead of NULL on databases that support it (#1315) (cabcffd)

1.2.16 (2025-11-20)

Bug Fixes

Features

... (truncated)

Commits
  • 5de0fb9 chore: release v1.2.18 (release.sh) (#1341)
  • bec98b9 fix: handle []byte and [N]byte in Tuple, separate List from Tuple imp… (#1340)
  • b8da15b fix: validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misp...
  • 6b7a19b Add client cert support in postgres dsn (sslcert and sslkey) (#1336)
  • 3c9f8fb chore: remove Go 1.24 from CI build matrix
  • 43d07be chore: release v1.2.17 (release.sh) (#1333)
  • a94579f chore: add doc comments for exported identifiers across sub-packages
  • b19d8f7 chore: add doc comments for package, type, and exported functions
  • 415f372 chore: re-order features by category and add missing documentation
  • 44ac056 feat: create unique index on migration name column in Migrator.Init (#1332)
  • Additional commits viewable in compare view

Updates github.com/uptrace/bun/driver/pgdriver from 1.2.15 to 1.2.18

Release notes

Sourced from github.com/uptrace/bun/driver/pgdriver's releases.

v1.2.18

Please refer to CHANGELOG.md for details

v1.2.17

Please refer to CHANGELOG.md for details

v1.2.16

Please refer to CHANGELOG.md for details

Changelog

Sourced from github.com/uptrace/bun/driver/pgdriver's changelog.

1.2.18 (2026-02-28)

Bug Fixes

  • handle []byte and [N]byte in Tuple, separate List from Tuple imp… (uptrace/bun#1340) (bec98b9)
  • validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misparse (#1338) (b8da15b), closes #1337

1.2.17 (2026-02-21)

Bug Fixes

  • migrator exec error propagation (#1320) (b40f603)
  • OrderAscNullsFirst mapping (fixes #1305) (43b6af2)
  • panic in indirectAsKey when loading complex models. TypeOf(v) returns nil (2788c5b)
  • RunMigration marks migration as applied after running (#1330) (990c2eb)

Features

  • add Tuple and List (#1331) (5c2b3d1)
  • create unique index on migration name column in Migrator.Init (#1332) (44ac056)
  • update: use DEFAULT instead of NULL on databases that support it (#1315) (cabcffd)

1.2.16 (2025-11-20)

Bug Fixes

Features

... (truncated)

Commits
  • 5de0fb9 chore: release v1.2.18 (release.sh) (#1341)
  • bec98b9 fix: handle []byte and [N]byte in Tuple, separate List from Tuple imp… (#1340)
  • b8da15b fix: validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misp...
  • 6b7a19b Add client cert support in postgres dsn (sslcert and sslkey) (#1336)
  • 3c9f8fb chore: remove Go 1.24 from CI build matrix
  • 43d07be chore: release v1.2.17 (release.sh) (#1333)
  • a94579f chore: add doc comments for exported identifiers across sub-packages
  • b19d8f7 chore: add doc comments for package, type, and exported functions
  • 415f372 chore: re-order features by category and add missing documentation
  • 44ac056 feat: create unique index on migration name column in Migrator.Init (#1332)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.49.0 to 0.50.0

Commits
  • 03ca0dc go.mod: update golang.org/x dependencies
  • 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
  • 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
  • See full diff in compare view

Updates golang.org/x/net from 0.52.0 to 0.53.0

Commits
  • a8d1fc1 go.mod: update golang.org/x dependencies
  • 056ac74 quic: avoid depending on golang.org/x/sys/unix
  • c85f611 http3: add http3 package for testing in std
  • 805fc81 http2: add transport API tests
  • e63b894 http2: support testing via net/http.Transport.RoundTrip
  • 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
  • 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
  • 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
  • 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
  • 228a67a internal/http3: add CloseIdleConnections support in transport
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
dev: bump the safe group with 8 updates
3bd40fd 
Bumps the safe group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.99.1` | `1.100.0` |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.45.1` | `0.46.0` |
| [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) | `2.12.7` | `2.12.8` |
| [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) | `1.50.0` | `1.51.0` |
| [github.com/uptrace/bun/dialect/pgdialect](https://github.com/uptrace/bun) | `1.2.15` | `1.2.18` |
| [github.com/uptrace/bun/driver/pgdriver](https://github.com/uptrace/bun) | `1.2.15` | `1.2.18` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.49.0` | `0.50.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.52.0` | `0.53.0` |


Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.99.1 to 1.100.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.99.1...service/s3/v1.100.0)

Updates `github.com/getsentry/sentry-go` from 0.45.1 to 0.46.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.45.1...v0.46.0)

Updates `github.com/nats-io/nats-server/v2` from 2.12.7 to 2.12.8
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.12.7...v2.12.8)

Updates `github.com/nats-io/nats.go` from 1.50.0 to 1.51.0
- [Release notes](https://github.com/nats-io/nats.go/releases)
- [Commits](nats-io/nats.go@v1.50.0...v1.51.0)

Updates `github.com/uptrace/bun/dialect/pgdialect` from 1.2.15 to 1.2.18
- [Release notes](https://github.com/uptrace/bun/releases)
- [Changelog](https://github.com/uptrace/bun/blob/master/CHANGELOG.md)
- [Commits](uptrace/bun@v1.2.15...v1.2.18)

Updates `github.com/uptrace/bun/driver/pgdriver` from 1.2.15 to 1.2.18
- [Release notes](https://github.com/uptrace/bun/releases)
- [Changelog](https://github.com/uptrace/bun/blob/master/CHANGELOG.md)
- [Commits](uptrace/bun@v1.2.15...v1.2.18)

Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0
- [Commits](golang/crypto@v0.49.0...v0.50.0)

Updates `golang.org/x/net` from 0.52.0 to 0.53.0
- [Commits](golang/net@v0.52.0...v0.53.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.100.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.12.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: github.com/nats-io/nats.go
  dependency-version: 1.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/uptrace/bun/dialect/pgdialect
  dependency-version: 1.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: github.com/uptrace/bun/driver/pgdriver
  dependency-version: 1.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: golang.org/x/crypto
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: golang.org/x/net
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 28, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 28, 2026 01:41
@dependabot dependabot Bot requested a review from halimi April 28, 2026 01:41
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 28, 2026
@johanstokking johanstokking self-assigned this Apr 28, 2026
johanstokking and others added 2 commits April 28, 2026 11:52
@johanstokking
dev: Update dependencies
995cd30
@dependabot @johanstokking
dev: bump github.com/magefile/mage in /tools in the safe group
6e05d04 
Bumps the safe group in /tools with 1 update: [github.com/magefile/mage](https://github.com/magefile/mage).


Updates `github.com/magefile/mage` from 1.17.1 to 1.17.2
- [Release notes](https://github.com/magefile/mage/releases)
- [Commits](magefile/mage@v1.17.1...v1.17.2)

---
updated-dependencies:
- dependency-name: github.com/magefile/mage
  dependency-version: 1.17.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
...

Signed-off-by: dependabot[bot] <support@github.com>
@johanstokking johanstokking requested a review from a team as a code owner April 28, 2026 09:53
@github-actions github-actions Bot added the tooling Development tooling label Apr 28, 2026
@johanstokking johanstokking merged commit f22ea72 into v3.36 Apr 28, 2026
15 of 16 checks passed
@johanstokking johanstokking deleted the dependabot/go_modules/safe-7a2373118d branch April 28, 2026 11:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@halimi halimi Awaiting requested review from halimi halimi is a code owner automatically assigned from TheThingsNetwork/stack-reviewers-1

@KrishnaIyer KrishnaIyer Awaiting requested review from KrishnaIyer KrishnaIyer is a code owner automatically assigned from TheThingsNetwork/stack-reviewers-7

Assignees

@johanstokking johanstokking

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code tooling Development tooling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johanstokking