Skip to content

fix(deps): bump the external group across 2 directories with 4 updates#3440

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/examples/external-748583cfaa
Open

fix(deps): bump the external group across 2 directories with 4 updates#3440
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/examples/external-748583cfaa

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

Bumps the external group with 2 updates in the /examples directory: connectrpc.com/connect and google.golang.org/grpc.
Bumps the external group with 1 update in the /tests-bdd directory: github.com/cucumber/godog.

Updates connectrpc.com/connect from 1.19.1 to 1.19.2

Release notes

Sourced from connectrpc.com/connect's releases.

v1.19.2

What's Changed

Governance

Bugfixes

Other changes

New Contributors

Full Changelog: connectrpc/connect-go@v1.19.1...v1.19.2

Commits
  • 1c195ae Prepare for v1.19.2 (#920)
  • 96abc6b Upgrade golangci-lint to v2 (#917)
  • be72fa5 Clarify concurrent use semantics for streaming types (#911)
  • 299d2e7 Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndRecei...
  • e299aa6 Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in /internal/conformance (#...
  • 7b531c0 Clarify UnaryFunc response type (#912)
  • 02f23a3 Fix typo in RELEASE.md (#906)
  • ec6f523 Add Timo Stamm to maintainers (#905)
  • 59cc697 Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appr...
  • e9aff4a Bump connectrpc.com/conformance from 1.0.4 to 1.0.5 in /internal/conformance ...
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.79.3 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Release 1.80.0

Behavior Changes

  • balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)
  • xds: update resource error handling and re-resolution logic (#8907)
    • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
    • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

  • xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (#8733)
  • credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (#8831)
  • xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (#8875)
  • xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (#8899)
  • xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (#8915)
  • xds/rbac: handle addresses with ports in IP matchers. (#8990)

New Features

... (truncated)

Commits
  • cb18228 Change version to 1.81.0 (#9062)
  • 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
  • 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
  • 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
  • af8a936 deps: update dependencies for all modules (#9065)
  • cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
  • 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
  • 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
  • d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
  • b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
  • Additional commits viewable in compare view

Updates github.com/cucumber/godog from 0.15.0 to 0.15.1

Release notes

Sourced from github.com/cucumber/godog's releases.

v0.15.1

What's Changed

New Contributors

Full Changelog: cucumber/godog@v0.15.0...v0.15.1

Changelog

Sourced from github.com/cucumber/godog's changelog.

[v0.15.1]

Added

Changed

  • Replace deprecated ::set-output - (681 - nodeg)

Fixed

Commits
  • b7da3ab Update CHANGELOG.md for release, tidy modules
  • 005cfc2 Print step declaration line instead of handler declaration line (#668)
  • 6ba3a7e Mark junit test cases as skipped if no pickle step results available (#597)
  • 9b4d5e9 feat: support uint types (#695)
  • 963f338 fix(deps): update module github.com/spf13/pflag to v1.0.7 (#694)
  • 6a0bb7f fix: change bang to being in README (#687)
  • 3651f88 fix: verify dogT exists in the context before using it (#692)
  • 532be7d chore(deps): update dominikh/staticcheck-action action to v1.4.0 (#689)
  • 74fa488 Replace deprecated ::set-output (#681)
  • 4a4fd8a fix(errors): Fix expected Step argument count for steps with `context.Context...
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 6, 2026
@dependabot dependabot Bot requested review from a team as code owners May 6, 2026 19:02
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 6, 2026

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 176.362689ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 91.691229ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 439.851265ms
Throughput 227.35 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 42.143562411s
Average Latency 419.809544ms
Throughput 118.64 requests/second

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 6, 2026

X-Test Results

✅ go-pull-3440
✅ go-v0.9.0
bats-test-results
✅ java-pull-3440
✅ java-v0.9.0
✅ js-pull-3440
✅ js-v0.9.0
cukes-report
opentdfplatform71LTMF.dockerbuild
govulncheck-failure-8

@dependabot
fix(deps): bump the external group across 2 directories with 4 updates
edd1bd6 
Bumps the external group with 2 updates in the /examples directory: [connectrpc.com/connect](https://github.com/connectrpc/connect-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the external group with 1 update in the /tests-bdd directory: [github.com/cucumber/godog](https://github.com/cucumber/godog).


Updates `connectrpc.com/connect` from 1.19.1 to 1.19.2
- [Release notes](https://github.com/connectrpc/connect-go/releases)
- [Changelog](https://github.com/connectrpc/connect-go/blob/main/RELEASE.md)
- [Commits](connectrpc/connect-go@v1.19.1...v1.19.2)

Updates `google.golang.org/grpc` from 1.79.3 to 1.81.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.79.3...v1.81.0)

Updates `github.com/cucumber/godog` from 0.15.0 to 0.15.1
- [Release notes](https://github.com/cucumber/godog/releases)
- [Changelog](https://github.com/cucumber/godog/blob/main/CHANGELOG.md)
- [Commits](cucumber/godog@v0.15.0...v0.15.1)

Updates `golang.org/x/oauth2` from 0.35.0 to 0.36.0
- [Commits](golang/oauth2@v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: connectrpc.com/connect
  dependency-version: 1.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: external
- dependency-name: github.com/cucumber/godog
  dependency-version: 0.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: external
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/examples/external-748583cfaa branch from d1ba236 to edd1bd6 Compare May 7, 2026 17:56
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 177.700263ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 92.577172ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 435.105974ms
Throughput 229.83 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 42.866247586s
Average Latency 427.140083ms
Throughput 116.64 requests/second

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • tests-bdd

See the workflow run for details.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026

X-Test Results

✅ go-pull-3440
cukes-report
✅ go-v0.9.0
bats-test-results
✅ java-pull-3440
✅ java-v0.9.0
✅ js-pull-3440
✅ js-v0.9.0
opentdfplatformA25DBY.dockerbuild
govulncheck-failure-8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp:examples dependencies Pull requests that update a dependency file go Pull requests that update Go code size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants