Skip to content

build(deps): bump the go-dev-dependencies group across 1 directory with 8 updates#311

Merged
mgoetzegb merged 2 commits into
mainfrom
dependabot/go_modules/go-dev-dependencies-667a107542
May 5, 2026
Merged

build(deps): bump the go-dev-dependencies group across 1 directory with 8 updates#311
mgoetzegb merged 2 commits into
mainfrom
dependabot/go_modules/go-dev-dependencies-667a107542

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dev-dependencies group with 8 updates in the / directory:

Package From To
github.com/rs/zerolog 1.35.0 1.35.1
github.com/bytedance/sonic 1.15.0 1.15.1
github.com/cloudwego/base64x 0.1.6 0.1.7
github.com/fsnotify/fsnotify 1.9.0 1.10.0
github.com/mattn/go-isatty 0.0.21 0.0.22
github.com/mattn/go-sqlite3 1.14.42 1.14.44
github.com/pelletier/go-toml/v2 2.3.0 2.3.1
go.mongodb.org/mongo-driver/v2 2.5.1 2.6.0

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

Updates github.com/bytedance/sonic from 1.15.0 to 1.15.1

Release notes

Sourced from github.com/bytedance/sonic's releases.

v1.15.1

What's Changed

New Contributors

Full Changelog: bytedance/sonic@v1.15.0...v1.15.1

Commits
  • 4ddcd08 docs: update README Go 1.26 support (#931)
  • 4c8f70b chore: update loader v0.5.1 (#933)
  • d64ddf9 opt: unify JIT funcs in single moduledata on Pretouch (#932)
  • 3835c03 feat:(encoder) not omit zero value for omitempty tag (#927)
  • c9e5b0f fix(rt): align map IndirectElem semantics across Go versions (#924)
  • 28040bd revert: drop integer range mismatch and related tests (#922)
  • f8ba977 fix(decoder): align jit string-tag mismatch with encoding/json (#917)
  • 9a1c148 fix(decoder): memory corruption when decode prefilled interface (#914)
  • 0724463 chore: use go fmt format (#913)
  • f7c86b9 ci: add macOS ARM (Apple Silicon) runners to workflows (#911)
  • Additional commits viewable in compare view

Updates github.com/cloudwego/base64x from 0.1.6 to 0.1.7

Release notes

Sourced from github.com/cloudwego/base64x's releases.

v0.1.7

What's Changed

Full Changelog: cloudwego/base64x@v0.1.6...v0.1.7

Commits

Updates github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

  • inotify: improve initialization error message (#731)

  • inotify: send Rename event if recursive watch is renamed (#696)

  • inotify: avoid copying event buffers when reading names (#741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

  • windows: fix nil pointer dereference in remWatch (#736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

  • inotify: improve initialization error message (#731)

  • inotify: send Rename event if recursive watch is renamed (#696)

  • inotify: avoid copying event buffers when reading names (#741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

  • windows: fix nil pointer dereference in remWatch (#736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Commits
  • 8d01d7b Release 1.10.0
  • 602284e Update changelog
  • 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
  • dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
  • eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
  • fdcafbf avoid copying inotify event buffers (#741)
  • 7cf61a8 update minimum Go version requirement to 1.23 in README.md (#747)
  • 907df2a run go fix ./... (#746)
  • e53b542 all: bump minimum Go version to 1.23 (#744)
  • 0ead6d1 windows: re-enable chanClosed check in TestClose/events_not_read (#743)
  • Additional commits viewable in compare view

Updates github.com/mattn/go-isatty from 0.0.21 to 0.0.22

Commits

Updates github.com/mattn/go-sqlite3 from 1.14.42 to 1.14.44

Commits
  • 20826e8 Merge pull request #1394 from mattn/sqlite-amalgamation-3053000
  • 2d4d220 fix changelog URL when minor or patch version is zero
  • 3761cf7 Upgrade SQLite to version 3053000
  • 1aa7317 Merge pull request #1388 from mattn/stmt-cache-lru
  • c719e20 Merge pull request #1392 from mattn/fix-issue-1390-query-comment-panic
  • 869e516 fix panic when querying input with no SQL (only comments/whitespace)
  • 6690238 extract finalizeCachedStmt helper and drop redundant tail reset
  • 59e8e75 only set stmt cacheKey when cache is enabled
  • 2badb4c use slice len/cap for stmt cache instead of separate counters
  • 7716c20 evict LRU stmt when stmt cache is full
  • Additional commits viewable in compare view

Updates github.com/pelletier/go-toml/v2 from 2.3.0 to 2.3.1

Release notes

Sourced from github.com/pelletier/go-toml/v2's releases.

v2.3.1

What's Changed

Fixed bugs

Other changes

New Contributors

Full Changelog: pelletier/go-toml@v2.3.0...v2.3.1

Commits
  • f85c4e8 README.md: remove reference to old go versions and modules (#1048)
  • 45d4fb4 fix: change DisallowUnknownFields error from "missing field" to "unknown fiel...
  • c171216 Fix incorrect error positions in unstable parser Range() (#1047) (#1056)
  • See full diff in compare view

Updates go.mongodb.org/mongo-driver/v2 from 2.5.1 to 2.6.0

Release notes

Sourced from go.mongodb.org/mongo-driver/v2's releases.

MongoDB Go Driver 2.6.0

The MongoDB Go Driver Team is pleased to release version 2.6.0 of the official MongoDB Go Driver.

Release Highlights

[!IMPORTANT] Go Driver v2.6 will be the last minor version to support MongoDB 4.2. Go Driver v2.7 will require MongoDB 4.4 or newer.

This release adds support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability.

Two new methods of ClientOptions are available:

  • SetMaxAdaptiveRetries - specifies the maximum number of times the driver should retry operations that fail with a server side overload error. If not invoked, the default is 2. MaxAdaptiveRetries can also be set through the "maxAdaptiveRetries" URI option (e.g. "maxAdaptiveRetries=5").
  • SetEnableOverloadRetargeting - specifies whether the driver should enable overload retargeting for operations that fail with a server side overload error. If not invoked, the default is false. EnableOverloadRetargeting can also be set through the "enableOverloadRetargeting" URI option (e.g. "enableOverloadRetargeting=true").

What's Changed

✨ New Features

Full Changelog: mongodb/mongo-go-driver@v2.5.1...v2.6.0

For a full list of tickets included in this release, please see the list of fixed issues.

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

Commits
  • fd85a83 BUMP v2.6.0
  • 52b385d GODRIVER-3829 Cleanup skip list. (#2369)
  • 71375d7 Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.1...
  • 65f4e94 GODRIVER-3870 Use a generic type parameter for retry func in overload code ex...
  • 00ab776 GODRIVER-3849 Update backpressure errors handling examples. (#2365)
  • fa56c25 Bump github/codeql-action from 4.35.1 to 4.35.2 in the actions group (#2367)
  • 4ee727e GODRIVER-3844 Add maxAdaptiveRetries and enableOverloadRetargeting option...
  • 881269a GODRIVER-3810 Update WithTransaction to raise timeout error. (#2344)
  • c1d47f7 Bump actions/upload-artifact from 7.0.0 to 7.0.1 in the actions group (#2361)
  • 9a15470 GODRIVER-3658 Implement backpressure retry logic. (#2353)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…th 8 updates

Bumps the go-dev-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/rs/zerolog](https://github.com/rs/zerolog) | `1.35.0` | `1.35.1` |
| [github.com/bytedance/sonic](https://github.com/bytedance/sonic) | `1.15.0` | `1.15.1` |
| [github.com/cloudwego/base64x](https://github.com/cloudwego/base64x) | `0.1.6` | `0.1.7` |
| [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) | `1.9.0` | `1.10.0` |
| [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) | `0.0.21` | `0.0.22` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.42` | `1.14.44` |
| [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) | `2.3.0` | `2.3.1` |
| [go.mongodb.org/mongo-driver/v2](https://github.com/mongodb/mongo-go-driver) | `2.5.1` | `2.6.0` |



Updates `github.com/rs/zerolog` from 1.35.0 to 1.35.1
- [Commits](rs/zerolog@v1.35.0...v1.35.1)

Updates `github.com/bytedance/sonic` from 1.15.0 to 1.15.1
- [Release notes](https://github.com/bytedance/sonic/releases)
- [Commits](bytedance/sonic@v1.15.0...v1.15.1)

Updates `github.com/cloudwego/base64x` from 0.1.6 to 0.1.7
- [Release notes](https://github.com/cloudwego/base64x/releases)
- [Commits](cloudwego/base64x@v0.1.6...v0.1.7)

Updates `github.com/fsnotify/fsnotify` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md)
- [Commits](fsnotify/fsnotify@v1.9.0...v1.10.0)

Updates `github.com/mattn/go-isatty` from 0.0.21 to 0.0.22
- [Commits](mattn/go-isatty@v0.0.21...v0.0.22)

Updates `github.com/mattn/go-sqlite3` from 1.14.42 to 1.14.44
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.42...v1.14.44)

Updates `github.com/pelletier/go-toml/v2` from 2.3.0 to 2.3.1
- [Release notes](https://github.com/pelletier/go-toml/releases)
- [Commits](pelletier/go-toml@v2.3.0...v2.3.1)

Updates `go.mongodb.org/mongo-driver/v2` from 2.5.1 to 2.6.0
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](mongodb/mongo-go-driver@v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: github.com/rs/zerolog
  dependency-version: 1.35.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: github.com/bytedance/sonic
  dependency-version: 1.15.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: github.com/cloudwego/base64x
  dependency-version: 0.1.7
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: github.com/fsnotify/fsnotify
  dependency-version: 1.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: github.com/mattn/go-isatty
  dependency-version: 0.0.22
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.44
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: github.com/pelletier/go-toml/v2
  dependency-version: 2.3.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: go.mongodb.org/mongo-driver/v2
  dependency-version: 2.6.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 4, 2026
@dependabot
dependabot Bot requested review from a team as code owners May 4, 2026 04:12
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 4, 2026
@github-actions

github-actions Bot commented May 4, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 7 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA af8beb3.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

PackageVersionLicenseIssue Type
github.com/bytedance/sonic1.15.1NullUnknown License
github.com/cloudwego/base64x0.1.7NullUnknown License
github.com/fsnotify/fsnotify1.10.0NullUnknown License
github.com/mattn/go-isatty0.0.22NullUnknown License
github.com/mattn/go-sqlite31.14.44NullUnknown License
github.com/pelletier/go-toml/v22.3.1NullUnknown License
github.com/rs/zerolog1.35.1NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
gomod/github.com/bytedance/sonic 1.15.1 UnknownUnknown
gomod/github.com/cloudwego/base64x 0.1.7 UnknownUnknown
gomod/github.com/fsnotify/fsnotify 1.10.0 UnknownUnknown
gomod/github.com/mattn/go-isatty 0.0.22 UnknownUnknown
gomod/github.com/mattn/go-sqlite3 1.14.44 UnknownUnknown
gomod/github.com/pelletier/go-toml/v2 2.3.1 UnknownUnknown
gomod/github.com/rs/zerolog 1.35.1 UnknownUnknown
gomod/go.mongodb.org/mongo-driver/v2 2.6.0 🟢 7.8
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 7Found 10/13 approved changesets -- score normalized to 7
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Vulnerabilities🟢 46 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1021 out of 21 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 25 contributing companies or organizations

Scanned Files

  • go.mod

@github-actions

github-actions Bot commented May 4, 2026

Copy link
Copy Markdown

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

@codecov

codecov Bot commented May 4, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.72%. Comparing base (b8a5bef) to head (af8beb3).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
pkg/configReader/configReader.go 50.00% 1 Missing ⚠️
pkg/httpassert/extracter.go 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##             main     #311   +/-   ##
=======================================
  Coverage   57.72%   57.72%           
=======================================
  Files          59       59           
  Lines        3080     3080           
=======================================
  Hits         1778     1778           
  Misses       1165     1165           
  Partials      137      137           
Flag Coverage Δ
opensearch-tests 95.68% <ø> (ø)
postgres-tests 92.03% <ø> (ø)
unit-tests 50.62% <33.33%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@mgoetzegb
mgoetzegb merged commit e080f3e into main May 5, 2026
13 checks passed
@mgoetzegb
mgoetzegb deleted the dependabot/go_modules/go-dev-dependencies-667a107542 branch May 5, 2026 11:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant