Skip to content

build(deps): bump the go-dev-dependencies group with 10 updates#312

Merged
mgoetzegb merged 1 commit into
mainfrom
dependabot/go_modules/go-dev-dependencies-bfc77b136c
May 18, 2026
Merged

build(deps): bump the go-dev-dependencies group with 10 updates#312
mgoetzegb merged 1 commit into
mainfrom
dependabot/go_modules/go-dev-dependencies-bfc77b136c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 11, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dev-dependencies group with 10 updates:

Package From To
github.com/tidwall/gjson 1.18.0 1.19.0
golang.org/x/crypto 0.50.0 0.51.0
github.com/fsnotify/fsnotify 1.10.0 1.10.1
github.com/quic-go/quic-go 0.59.0 0.59.1
golang.org/x/arch 0.26.0 0.27.0
golang.org/x/mod 0.35.0 0.36.0
golang.org/x/net 0.53.0 0.54.0
golang.org/x/sys 0.43.0 0.44.0
golang.org/x/text 0.36.0 0.37.0
golang.org/x/tools 0.44.0 0.45.0

Updates github.com/tidwall/gjson from 1.18.0 to 1.19.0

Commits

Updates golang.org/x/crypto from 0.50.0 to 0.51.0

Commits
  • b8a14a8 go.mod: update golang.org/x dependencies
  • 9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
  • fd0b90d acme: include Problem in OrderError.Error
  • b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
  • cc0e4fc hkdf: forward Extract to the standard library
  • a8e9237 x509roots/fallback: update bundle
  • See full diff in compare view

Updates github.com/fsnotify/fsnotify from 1.10.0 to 1.10.1

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.1

Changes and fixes

  • inotify: don't remove sibling watches sharing a path prefix (#754)

  • inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.1 2026-05-04

Changes and fixes

  • inotify: don't remove sibling watches sharing a path prefix (#754)

  • inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

Commits
  • 76b01a6 Release 1.10.1
  • fec150b Update changelog
  • 162b421 inotify, windows: don't rename sibling watches sharing a path prefix (#755)
  • 224257f inotify: don't remove sibling watches sharing a path prefix (#754)
  • e0c956c windows: document directory Write events and stabilize tests (#745)
  • See full diff in compare view

Updates github.com/quic-go/quic-go from 0.59.0 to 0.59.1

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.59.1

This patch release backports quic-go/quic-go#5642, which adds validation for HTTP/3 trailers.

Commits

Updates golang.org/x/arch from 0.26.0 to 0.27.0

Commits
  • a0d57e2 arm64/instgen: make addr the last op in SVE stores
  • 0e84109 riscv64/riscv64asm: fix '// Code generated' header
  • 06d6b46 riscv64: improve disassembler support for FENCE
  • 44bec3c x/arch/arm64/arm64asm: add missing pre/post-increment markers
  • e1fcd05 arm64/instgen: handle features not in docvars.
  • 974de23 arm64/instgen: remove PSEL
  • b277113 riscv64: add disassembly support and tests for CMO extensions
  • 2567a04 arm64/instgen: support PSEL
  • 624f5f6 arm64/instgen: fix encoding utility function doc
  • d672b82 arm64/instgen: support register range list for SVE
  • Additional commits viewable in compare view

Updates golang.org/x/mod from 0.35.0 to 0.36.0

Commits
  • 643da9b go.mod: update golang.org/x dependencies
  • ccc3cdf zip: include 'but content has correct sum' note in TestVCS
  • ab30318 zip: update zip hashes for new flate compression
  • See full diff in compare view

Updates golang.org/x/net from 0.53.0 to 0.54.0

Commits
  • b138e06 go.mod: update golang.org/x dependencies
  • 689f70a quic: fix wrong final size being used for RESET_STREAM frame
  • 208f306 http3: increase handshake timeout
  • 49810da http2: enable net/http wrapping when go >= 1.27
  • 5e11a5a quic: fix data race in streamForFrame
  • 8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
  • fc7b466 http2: add http2wrap test
  • 15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
  • 6465188 http2: add wrapped Server
  • 72f419a http2: add wrapped ClientConn
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.43.0 to 0.44.0

Commits
  • fb1facd windows: avoid uint16 overflow in NewNTUnicodeString
  • 94ad893 windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...
  • 54fe89f cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows
  • df7d5d7 unix: automatically remove container created by mkall.sh
  • 68a4a8e unix: avoid nil pointer dereference in Utime
  • 690c91f unix: add CPUSetDynamic for systems with more than 1024 CPUs
  • See full diff in compare view

Updates golang.org/x/text from 0.36.0 to 0.37.0

Commits

Updates golang.org/x/tools from 0.44.0 to 0.45.0

Commits
  • 2aabba0 go.mod: update golang.org/x dependencies
  • ef989b3 go/types/internal/play: show Info.Instances[Ident]
  • 21d44f2 go/analysis/passes/inline: document skipping of TestF->F calls
  • ec83c21 go/analysis/passes/modernize: minmax: only remove exact userdefined
  • 5625353 go/analysis/passes/modernize: improve value variable name generation
  • 15a3bd5 gopls/internal/analysis/errorsastype: imporove example clarity
  • cd57ef8 go/packages: include dependency errors when CompiledGoFiles is missing
  • 053fdbc go/analysis/passes/modernize: minmax: fix pure operands only
  • bf84681 go/analysis/passes/errorsas: add example of invalid errors.As use
  • 23921d1 gopls: add errorsastype analyzer
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-dev-dependencies group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/tidwall/gjson](https://github.com/tidwall/gjson) | `1.18.0` | `1.19.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.51.0` |
| [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) | `1.10.0` | `1.10.1` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.59.0` | `0.59.1` |
| [golang.org/x/arch](https://github.com/golang/arch) | `0.26.0` | `0.27.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.35.0` | `0.36.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.54.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.43.0` | `0.44.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.36.0` | `0.37.0` |
| [golang.org/x/tools](https://github.com/golang/tools) | `0.44.0` | `0.45.0` |


Updates `github.com/tidwall/gjson` from 1.18.0 to 1.19.0
- [Commits](tidwall/gjson@v1.18.0...v1.19.0)

Updates `golang.org/x/crypto` from 0.50.0 to 0.51.0
- [Commits](golang/crypto@v0.50.0...v0.51.0)

Updates `github.com/fsnotify/fsnotify` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md)
- [Commits](fsnotify/fsnotify@v1.10.0...v1.10.1)

Updates `github.com/quic-go/quic-go` from 0.59.0 to 0.59.1
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](quic-go/quic-go@v0.59.0...v0.59.1)

Updates `golang.org/x/arch` from 0.26.0 to 0.27.0
- [Commits](golang/arch@v0.26.0...v0.27.0)

Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
- [Commits](golang/mod@v0.35.0...v0.36.0)

Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](golang/net@v0.53.0...v0.54.0)

Updates `golang.org/x/sys` from 0.43.0 to 0.44.0
- [Commits](golang/sys@v0.43.0...v0.44.0)

Updates `golang.org/x/text` from 0.36.0 to 0.37.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.36.0...v0.37.0)

Updates `golang.org/x/tools` from 0.44.0 to 0.45.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: github.com/tidwall/gjson
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: github.com/fsnotify/fsnotify
  dependency-version: 1.10.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.59.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/arch
  dependency-version: 0.27.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/mod
  dependency-version: 0.36.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/sys
  dependency-version: 0.44.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/text
  dependency-version: 0.37.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.45.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 11, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner May 11, 2026 04:14
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 11, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner May 11, 2026 04:14
@dependabot dependabot Bot added the go Pull requests that update Go code label May 11, 2026
@github-actions

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 9 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 4c9b1dd.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

PackageVersionLicenseIssue Type
github.com/fsnotify/fsnotify1.10.1NullUnknown License
github.com/tidwall/gjson1.19.0NullUnknown License
golang.org/x/arch0.27.0NullUnknown License
golang.org/x/crypto0.51.0NullUnknown License
golang.org/x/mod0.36.0NullUnknown License
golang.org/x/net0.54.0NullUnknown License
golang.org/x/sys0.44.0NullUnknown License
golang.org/x/text0.37.0NullUnknown License
golang.org/x/tools0.45.0NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
gomod/github.com/fsnotify/fsnotify 1.10.1 UnknownUnknown
gomod/github.com/quic-go/quic-go 0.59.1 🟢 7.1
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/28 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 7detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
gomod/github.com/tidwall/gjson 1.19.0 UnknownUnknown
gomod/golang.org/x/arch 0.27.0 UnknownUnknown
gomod/golang.org/x/crypto 0.51.0 UnknownUnknown
gomod/golang.org/x/mod 0.36.0 UnknownUnknown
gomod/golang.org/x/net 0.54.0 UnknownUnknown
gomod/golang.org/x/sys 0.44.0 UnknownUnknown
gomod/golang.org/x/text 0.37.0 UnknownUnknown
gomod/golang.org/x/tools 0.45.0 UnknownUnknown

Scanned Files

  • go.mod

@github-actions

Copy link
Copy Markdown

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

@codecov

codecov Bot commented May 11, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.72%. Comparing base (e080f3e) to head (4c9b1dd).

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #312      +/-   ##
==========================================
+ Coverage   57.59%   57.72%   +0.12%     
==========================================
  Files          59       59              
  Lines        3080     3080              
==========================================
+ Hits         1774     1778       +4     
+ Misses       1167     1165       -2     
+ Partials      139      137       -2     
Flag Coverage Δ
opensearch-tests 95.68% <ø> (ø)
postgres-tests 92.03% <ø> (ø)
unit-tests 50.62% <ø> (+0.15%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@mgoetzegb
mgoetzegb merged commit 71efc4a into main May 18, 2026
13 checks passed
@mgoetzegb
mgoetzegb deleted the dependabot/go_modules/go-dev-dependencies-bfc77b136c branch May 18, 2026 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant