Skip to content

fix(deps): bump the external group across 2 directories with 5 updates#3487

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/examples/external-cdae5a9043
Closed

fix(deps): bump the external group across 2 directories with 5 updates#3487
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/examples/external-cdae5a9043

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps the external group with 3 updates in the /examples directory: connectrpc.com/connect, google.golang.org/grpc and github.com/spf13/pflag.
Bumps the external group with 3 updates in the /tests-bdd directory: connectrpc.com/connect, google.golang.org/grpc and github.com/cucumber/godog.

Updates connectrpc.com/connect from 1.19.1 to 1.19.2

Release notes

Sourced from connectrpc.com/connect's releases.

v1.19.2

What's Changed

Governance

Bugfixes

Other changes

New Contributors

Full Changelog: connectrpc/connect-go@v1.19.1...v1.19.2

Commits
  • 1c195ae Prepare for v1.19.2 (#920)
  • 96abc6b Upgrade golangci-lint to v2 (#917)
  • be72fa5 Clarify concurrent use semantics for streaming types (#911)
  • 299d2e7 Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndRecei...
  • e299aa6 Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in /internal/conformance (#...
  • 7b531c0 Clarify UnaryFunc response type (#912)
  • 02f23a3 Fix typo in RELEASE.md (#906)
  • ec6f523 Add Timo Stamm to maintainers (#905)
  • 59cc697 Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appr...
  • e9aff4a Bump connectrpc.com/conformance from 1.0.4 to 1.0.5 in /internal/conformance ...
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.79.3 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Release 1.80.0

Behavior Changes

  • balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)
  • xds: update resource error handling and re-resolution logic (#8907)
    • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
    • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

... (truncated)

Commits

Updates github.com/spf13/pflag from 1.0.9 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

Commits
  • 0491e57 Merge pull request #448 from thaJeztah/fix_go_version
  • 72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
  • 7e4dfb1 Test on Go 1.12
  • 18a9d17 move Func, BoolFunc, tests as they require go1.21
  • c5b9e98 remove uses of errors.Is, which requires go1.13
  • 45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
  • See full diff in compare view

Updates golang.org/x/oauth2 from 0.34.0 to 0.36.0

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • 89ff2e1 google: add safer credentials JSON loading options.
  • See full diff in compare view

Updates connectrpc.com/connect from 1.19.1 to 1.19.2

Release notes

Sourced from connectrpc.com/connect's releases.

v1.19.2

What's Changed

Governance

Bugfixes

Other changes

New Contributors

Full Changelog: connectrpc/connect-go@v1.19.1...v1.19.2

Commits
  • 1c195ae Prepare for v1.19.2 (#920)
  • 96abc6b Upgrade golangci-lint to v2 (#917)
  • be72fa5 Clarify concurrent use semantics for streaming types (#911)
  • 299d2e7 Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndRecei...
  • e299aa6 Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in /internal/conformance (#...
  • 7b531c0 Clarify UnaryFunc response type (#912)
  • 02f23a3 Fix typo in RELEASE.md (#906)
  • ec6f523 Add Timo Stamm to maintainers (#905)
  • 59cc697 Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appr...
  • e9aff4a Bump connectrpc.com/conformance from 1.0.4 to 1.0.5 in /internal/conformance ...
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Release 1.80.0

Behavior Changes

  • balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)
  • xds: update resource error handling and re-resolution logic (#8907)
    • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
    • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

... (truncated)

Commits

Updates github.com/cucumber/godog from 0.15.0 to 0.15.1

Release notes

Sourced from github.com/cucumber/godog's releases.

v0.15.1

What's Changed

New Contributors

Full Changelog: cucumber/godog@v0.15.0...v0.15.1

Changelog

Sourced from github.com/cucumber/godog's changelog.

[v0.15.1]

Added

Changed

  • Replace deprecated ::set-output - (681 - nodeg)

Fixed

Commits
  • b7da3ab Update CHANGELOG.md for release, tidy modules
  • 005cfc2 Print step declaration line instead of handler declaration line (#668)
  • 6ba3a7e Mark junit test cases as skipped if no pickle step results available (#597)
  • 9b4d5e9 feat: support uint types (#695)
  • 963f338 fix(deps): update module github.com/spf13/pflag to v1.0.7 (#694)
  • 6a0bb7f fix: change bang to being in README (#687)
  • 3651f88 fix: verify dogT exists in the context before using it (#692)
  • 532be7d chore(deps): update dominikh/staticcheck-action action to v1.4.0 (#689)
  • 74fa488 Replace deprecated ::set-output (#681)
  • 4a4fd8a fix(errors): Fix expected Step argument count for steps with `context.Context...
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • 89ff2e1 google: add safer credentials JSON loading options.
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
fix(deps): bump the external group across 2 directories with 5 updates
5c32340 
Bumps the external group with 3 updates in the /examples directory: [connectrpc.com/connect](https://github.com/connectrpc/connect-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/spf13/pflag](https://github.com/spf13/pflag).
Bumps the external group with 3 updates in the /tests-bdd directory: [connectrpc.com/connect](https://github.com/connectrpc/connect-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/cucumber/godog](https://github.com/cucumber/godog).


Updates `connectrpc.com/connect` from 1.19.1 to 1.19.2
- [Release notes](https://github.com/connectrpc/connect-go/releases)
- [Changelog](https://github.com/connectrpc/connect-go/blob/main/RELEASE.md)
- [Commits](connectrpc/connect-go@v1.19.1...v1.19.2)

Updates `google.golang.org/grpc` from 1.79.3 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.79.3...v1.81.1)

Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.9...v1.0.10)

Updates `golang.org/x/oauth2` from 0.34.0 to 0.36.0
- [Commits](golang/oauth2@v0.34.0...v0.36.0)

Updates `connectrpc.com/connect` from 1.19.1 to 1.19.2
- [Release notes](https://github.com/connectrpc/connect-go/releases)
- [Changelog](https://github.com/connectrpc/connect-go/blob/main/RELEASE.md)
- [Commits](connectrpc/connect-go@v1.19.1...v1.19.2)

Updates `google.golang.org/grpc` from 1.80.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.79.3...v1.81.1)

Updates `github.com/cucumber/godog` from 0.15.0 to 0.15.1
- [Release notes](https://github.com/cucumber/godog/releases)
- [Changelog](https://github.com/cucumber/godog/blob/main/CHANGELOG.md)
- [Commits](cucumber/godog@v0.15.0...v0.15.1)

Updates `golang.org/x/oauth2` from 0.35.0 to 0.36.0
- [Commits](golang/oauth2@v0.34.0...v0.36.0)

---
updated-dependencies:
- dependency-name: connectrpc.com/connect
  dependency-version: 1.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: external
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.10
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: external
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: external
- dependency-name: connectrpc.com/connect
  dependency-version: 1.19.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: external
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: external
- dependency-name: github.com/cucumber/godog
  dependency-version: 0.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: external
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 19, 2026
@dependabot dependabot Bot requested review from a team as code owners May 19, 2026 03:22
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 19, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 19, 2026

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 140.119166ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 79.233516ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 403.303919ms
Throughput 247.95 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.591034807s
Average Latency 413.609813ms
Throughput 120.22 requests/second

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 19, 2026

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • examples
  • otdfctl
  • sdk
  • service
  • lib/fixtures
  • tests-bdd

See the workflow run for details.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 19, 2026

X-Test Results

✅ go@main-pull-3487
✅ go@main-v0.9.0
✅ java@main-pull-3487
✅ java@main-v0.9.0
✅ js@main-pull-3487
✅ js@main-v0.9.0
cukes-report
opentdfplatform4Q3LSQ.dockerbuild
govulncheck-failure-1
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-5
govulncheck-failure-0

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 20, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/examples/external-cdae5a9043 branch May 20, 2026 02:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp:examples dependencies Pull requests that update a dependency file go Pull requests that update Go code size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants