Skip to content

dev: bump the safe group across 1 directory with 9 updates#7965

Open
dependabot[bot] wants to merge 1 commit into
v3.36from
dependabot/go_modules/safe-d88581e65a
Open

dev: bump the safe group across 1 directory with 9 updates#7965
dependabot[bot] wants to merge 1 commit into
v3.36from
dependabot/go_modules/safe-d88581e65a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the safe group with 9 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2/config 1.32.24 1.32.28
github.com/aws/aws-sdk-go-v2/service/s3 1.103.3 1.105.0
github.com/coder/websocket 1.8.14 1.8.15
github.com/felixge/httpsnoop 1.0.4 1.1.0
github.com/getsentry/sentry-go 0.46.2 0.47.0
github.com/klauspost/compress 1.18.6 1.19.0
github.com/nats-io/nats-server/v2 2.14.2 2.14.3
golang.org/x/net 0.55.0 0.56.0
golang.org/x/sync 0.21.0 0.22.0

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.24 to 1.32.28

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.103.3 to 1.105.0

Commits

Updates github.com/coder/websocket from 1.8.14 to 1.8.15

Release notes

Sourced from github.com/coder/websocket's releases.

v1.8.15

Changes

New Contributors

Full Changelog: coder/websocket@v1.8.14...v1.8.15

Commits
  • 9c8faad conn: skip timeout callbacks for background contexts (#566)
  • 7039364 avoid per-frame cleanup closures on read to remove 2 allocs per frame read (#...
  • d099e16 docs: fix roadmap links (#558)
  • c98e9dc docs: fix lint issue (#557)
  • 39b7b07 docs: remove mention of resolved issue in README (#556)
  • 9f473ad docs: add document for AI agents (AGENTS.md) (#547)
  • 8d3545a fix: transmit in single frame when compression enabled (#552)
  • 8bf6dd2 chore: fix typo in Accept function (#544)
  • See full diff in compare view

Updates github.com/felixge/httpsnoop from 1.0.4 to 1.1.0

Release notes

Sourced from github.com/felixge/httpsnoop's releases.

v1.1.0

felixge/httpsnoop@v1.0.4...v1.1.0

Commits
  • 0fc9006 fix: preserve hooks for added writer interfaces (#35)
  • e413b2a Bump golang version, add io.StringWriter and improve performance (#33)
  • 9a9390b fix: populate duration when handler panics (#31)
  • d3fc968 feat: Support SetReadDeadline, SetWriteDeadline and EnableFullDuplex (#29)
  • See full diff in compare view

Updates github.com/getsentry/sentry-go from 0.46.2 to 0.47.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.47.0

Breaking Changes 🛠

  • Fix transaction_info source getting set incorrectly across HTTP middleware integrations (http, fasthttp, fiber). Users should now expect traces to properly get grouped with their parameterized path. Transactions in affected integrations may regroup after upgrading. by @​giortzisg in #1325
  • remove deprecatedotel.NewSentrySpanProcessor. Users should now use the sentryotlp.NewTraceExporter instead by @​giortzisg in #1307
    // Before
    sentry.Init(sentry.ClientOptions{Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0})
    tp := sdktrace.NewTracerProvider(
    sdktrace.WithSpanProcessor(sentryotel.NewSentrySpanProcessor()),
    )
    otel.SetTextMapPropagator(sentryotel.NewSentryPropagator())
    otel.SetTracerProvider(tp)
    // After:
    sentry.Init(sentry.ClientOptions{
    Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0,
    Integrations: func(i []sentry.Integration) []sentry.Integration {
    return append(i, sentryotel.NewOtelIntegration())
    },
    })
    exporter, _ := sentryotlp.NewTraceExporter(ctx, dsn)
    tp := sdktrace.NewTracerProvider(sdktrace.WithBatcher(exporter))
    otel.SetTracerProvider(tp)

  • Enable logs by default to skip double allow behavior. Enabling logs now happens once when setting up either sentry.NewLogger or any supported integration. Also the EnableLogs flag changes to DisableLogs for a global override switch by @​giortzisg in #1306
  • Remove the ContextifyFrames integration. The recommended way to add source context is SCM by @​giortzisg in #1302

New Features ✨

  • Add fiber v3 integration by @​giortzisg in #1324
  • Bump fasthttp from 1.51.0 to 1.71.0 by @​giortzisg in #1324
  • Add sentrysql SQL tracing integration by @​giortzisg in #1305
    • Supports multiple integration paths depending on how your app opens database connections: sentrysql.Open(...), sentrysql.OpenDB(...), and wrapped drivers/connectors for custom setups.
    • Database metadata is not inferred in every setup. If the database name is not discoverable automatically, pass sentrysql.WithDatabaseName(...) so spans are populated correctly.
    • Example:
     // Simple driver-based setup
     db, err := sentrysql.Open("sqlite", ":memory:",
         sentrysql.WithDatabaseSystem(sentrysql.SystemSQLite),
         sentrysql.WithDatabaseName("main"),
     )

Internal Changes 🔧

Deps

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.47.0

Breaking Changes 🛠

  • Fix transaction_info source getting set incorrectly across HTTP middleware integrations (http, fasthttp, fiber). Users should now expect traces to properly get grouped with their parameterized path. Transactions in affected integrations may regroup after upgrading. by @​giortzisg in #1325
  • remove deprecatedotel.NewSentrySpanProcessor. Users should now use the sentryotlp.NewTraceExporter instead by @​giortzisg in #1307
    // Before
    sentry.Init(sentry.ClientOptions{Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0})
    tp := sdktrace.NewTracerProvider(
    sdktrace.WithSpanProcessor(sentryotel.NewSentrySpanProcessor()),
    )
    otel.SetTextMapPropagator(sentryotel.NewSentryPropagator())
    otel.SetTracerProvider(tp)
    // After:
    sentry.Init(sentry.ClientOptions{
    Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0,
    Integrations: func(i []sentry.Integration) []sentry.Integration {
    return append(i, sentryotel.NewOtelIntegration())
    },
    })
    exporter, _ := sentryotlp.NewTraceExporter(ctx, dsn)
    tp := sdktrace.NewTracerProvider(sdktrace.WithBatcher(exporter))
    otel.SetTracerProvider(tp)

  • Enable logs by default to skip double allow behavior. Enabling logs now happens once when setting up either sentry.NewLogger or any supported integration. Also the EnableLogs flag changes to DisableLogs for a global override switch by @​giortzisg in #1306
  • Remove the ContextifyFrames integration. The recommended way to add source context is SCM by @​giortzisg in #1302

New Features ✨

  • Add fiber v3 integration by @​giortzisg in #1324
  • Bump fasthttp from 1.51.0 to 1.71.0 by @​giortzisg in #1324
  • Add sentrysql SQL tracing integration by @​giortzisg in #1305
    • Supports multiple integration paths depending on how your app opens database connections: sentrysql.Open(...), sentrysql.OpenDB(...), and wrapped drivers/connectors for custom setups.
    • Database metadata is not inferred in every setup. If the database name is not discoverable automatically, pass sentrysql.WithDatabaseName(...) so spans are populated correctly.
    • Example:
     // Simple driver-based setup
     db, err := sentrysql.Open("sqlite", ":memory:",
         sentrysql.WithDatabaseSystem(sentrysql.SystemSQLite),
         sentrysql.WithDatabaseName("main"),
     )

Internal Changes 🔧

Deps

... (truncated)

Commits

Updates github.com/klauspost/compress from 1.18.6 to 1.19.0

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.19.0

What's Changed

New Contributors

Full Changelog: klauspost/compress@v1.18.6...v1.19.0

v1.18.7

  • Fix s2.NewDict OOB read.

Security release without other changes.

Full Changelog: klauspost/compress@v1.18.6...v1.18.7

Commits

Updates github.com/nats-io/nats-server/v2 from 2.14.2 to 2.14.3

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.14.3

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

Dependencies

  • golang.org/x/crypto v0.53.0 (#8297)
  • golang.org/x/sys v0.46.0 (#8297)
  • github.com/nats-io/jwt/v2 v2.8.2
  • github.com/nats-io/nkeys v0.4.16

Improved

General

  • Per-connection log lines that could be noisy in normal operation have been demoted to debug level (#8289)
  • Writer options are now applied consistently when using the s2_fast compression mode (#8047)

JetStream

  • Stream and consumer assignment handling has been refactored for more consistent migration and info behavior (#8262)
  • Meta, stream and consumer write errors are now registered more consistently for health and recovery handling (#8293)

Removed

Monitoring

  • JSONP callback support has been removed from monitoring endpoints

Fixed

General

  • Long-running reconnect and OCSP loops no longer retain unused timers, reducing memory pressure over time (#8204)
  • Inherited JWT default permissions are now refreshed when account claims are updated (#8276)
  • External auth configuration is now cleared correctly when account claims are updated (#8275)
  • PROXY protocol detection, TLS sniffing with allow_non_tls and PROXY v1 address-family parsing have been fixed (#8302)
  • A race in gateway CONNECT handling has been fixed (#8306)
  • Trusted proxy tracking no longer leaks closed clients during concurrent updates (#8307)
  • Service import replies can now be delivered across cluster routes (#8317)
  • Message tracing now works correctly with service imports and exports
  • Several panic, fatal and data race conditions in authentication, routing, monitoring and clustered request handling have been fixed
  • NoAuthUser now checks connection restrictions
  • Leaf connections no longer bypass Nats-Trace-Dest publish permission checks
  • CONNZ and SUBSZ pagination now guard against Offset and Limit integer overflow panics

... (truncated)

Commits
  • 9b17a58 Release v2.14.3
  • 2be2525 Release v2.14.3-RC.2
  • 563d55f Cherry-picks for v2.14.3-RC.2 (#126)
  • e242ca0 NRG: Don't campaign with an uncommitted membership change about ourselves
  • 0e4d935 NRG: Exclude uncommitted membership change from snapshot
  • 0ab7302 NRG: Remove redundant known peer tracking
  • 6eb7d76 NRG: Truncated uncommitted membership change leaves stale state
  • 8157b56 [TEST] Campaign early on NRG tests
  • 712b3d2 [FIXED] Nil pointer panic when resolver dir parent is not traversable
  • f11c26b [FIXED] Skipped messages set last time to now
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.55.0 to 0.56.0

Commits
  • 9e7fdbf internal/http3: fix wrong argument being given when validating header value
  • b686e5f internal/http3: add gzip support to transport
  • 8a34885 go.mod: update golang.org/x dependencies
  • 72eaf98 dns/dnsmessage: correctly validate SVCB record parameter order
  • 82e7868 dns/dnsmessage: avoid panic when parsing SVCB record with truncated data
  • b64f1fa internal/http3: add server support for "Trailer:" magic prefix
  • 2707ee2 internal/http3: implement HTTP/3 clientConn methods
  • 31358cc internal/http3: snapshot response headers at WriteHeader time
  • 8ecbaa9 html: don't adjust xml:base
  • 8ae811a html: properly handle end script tag in fragment mode
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.21.0 to 0.22.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the safe group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.24` | `1.32.28` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.103.3` | `1.105.0` |
| [github.com/coder/websocket](https://github.com/coder/websocket) | `1.8.14` | `1.8.15` |
| [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) | `1.0.4` | `1.1.0` |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.46.2` | `0.47.0` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.18.6` | `1.19.0` |
| [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) | `2.14.2` | `2.14.3` |
| [golang.org/x/net](https://github.com/golang/net) | `0.55.0` | `0.56.0` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.21.0` | `0.22.0` |



Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.24 to 1.32.28
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.24...config/v1.32.28)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.103.3 to 1.105.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.103.3...service/s3/v1.105.0)

Updates `github.com/coder/websocket` from 1.8.14 to 1.8.15
- [Release notes](https://github.com/coder/websocket/releases)
- [Commits](coder/websocket@v1.8.14...v1.8.15)

Updates `github.com/felixge/httpsnoop` from 1.0.4 to 1.1.0
- [Release notes](https://github.com/felixge/httpsnoop/releases)
- [Commits](felixge/httpsnoop@v1.0.4...v1.1.0)

Updates `github.com/getsentry/sentry-go` from 0.46.2 to 0.47.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.46.2...v0.47.0)

Updates `github.com/klauspost/compress` from 1.18.6 to 1.19.0
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](klauspost/compress@v1.18.6...v1.19.0)

Updates `github.com/nats-io/nats-server/v2` from 2.14.2 to 2.14.3
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.14.2...v2.14.3)

Updates `golang.org/x/net` from 0.55.0 to 0.56.0
- [Commits](golang/net@v0.55.0...v0.56.0)

Updates `golang.org/x/sync` from 0.21.0 to 0.22.0
- [Commits](golang/sync@v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.105.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/coder/websocket
  dependency-version: 1.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: github.com/felixge/httpsnoop
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.14.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: golang.org/x/net
  dependency-version: 0.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: golang.org/x/sync
  dependency-version: 0.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 8, 2026 12:15
@dependabot dependabot Bot requested a review from halimi July 8, 2026 12:15
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants