Skip to content

Bump the all group across 1 directory with 8 updates#156

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/all-13aa1da8af
Open

Bump the all group across 1 directory with 8 updates#156
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/all-13aa1da8af

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 29, 2026
edited
Loading

Bumps the all group with 8 updates in the / directory:

Package From To
github.com/RoaringBitmap/roaring 1.9.1 1.9.4
github.com/emmansun/base64 0.8.0 0.9.0
github.com/josephburnett/jd 1.7.1 1.9.2
github.com/klauspost/compress 1.18.5 1.18.6
github.com/streamingfast/firehose-core 1.14.5-0.20260601154750-a7db8ec6b293 1.14.5
github.com/tidwall/gjson 1.18.0 1.19.0
go.uber.org/zap 1.27.1 1.28.0
google.golang.org/grpc 1.80.0 1.81.1

Updates github.com/RoaringBitmap/roaring from 1.9.1 to 1.9.4

Release notes

Sourced from github.com/RoaringBitmap/roaring's releases.

Version 1.9.4

Updated documented regarding BSI. Users are encouraged to specify the full range, otherwise the query results could be incorrect.

Issue: RoaringBitmap/roaring#426

Full Changelog: RoaringBitmap/roaring@v1.9.3...v1.9.4

Version 1.9.3

What's Changed

Full Changelog: RoaringBitmap/roaring@v1.9.2...v1.9.3

Version 1.9.2

What's Changed

Full Changelog: RoaringBitmap/roaring@v1.9.1...v1.9.2

Commits

Updates github.com/emmansun/base64 from 0.8.0 to 0.9.0

Release notes

Sourced from github.com/emmansun/base64's releases.

RISCV64 RVV Support

Notable Changes:

  • Added RISCV64 RVV support for both Base64 encode and decode fast paths, with automatic fallback to generic logic when needed.
  • Introduced adaptive vector-length processing to improve portability and throughput across different RVV-capable CPUs.
  • Added RISCV64-specific asm tests and generic-vs-RVV benchmarks for correctness and performance validation.
  • Added a new riscv64-qemu GitHub Actions workflow and updated README/README-CN CI badges and architecture lists.
  • CI now covers RISCV64 QEMU testing end-to-end, and the new RVV path is verified passing.
Commits
  • 08a2972 optimize riscv64 decode path and tests
  • 10a03e4 clarify riscv64 vl comment
  • 6bc2de4 fix riscv64 asm test expectations
  • e5e4b50 fix riscv64 asm return slot offset
  • d096470 add riscv64 RVV encode path and qemu CI
  • 1449359 Merge pull request #36 from emmansun/dependabot/go_modules/golang.org/x/sys-0...
  • e20fe5c Bump golang.org/x/sys from 0.40.0 to 0.41.0
  • 28fdc0f Merge pull request #35 from emmansun/dependabot/go_modules/golang.org/x/sys-0...
  • fc797f5 Bump golang.org/x/sys from 0.39.0 to 0.40.0
  • 0ba2b1a Merge pull request #34 from emmansun/dependabot/go_modules/golang.org/x/sys-0...
  • Additional commits viewable in compare view

Updates github.com/josephburnett/jd from 1.7.1 to 1.9.2

Release notes

Sourced from github.com/josephburnett/jd's releases.

v1.9.2

04e983b Set version 1.9.2 a36f8e9 Exit code 0 on successful patch

v1.9.1

32aea9a Set version 1.9.1 c3c342b V2 no longer separate module

v1.9.0

This release includes a preview of the v2 API. The v2 API produces minimal diffs for lists. And it includes a new format with context to support it. You can try it out with the -v2 flag.

bd4d7e2 Set version 1.9.0 6125a15 Make vendor 7985941 Add vendor target before release 2aef56f Reformat .PHONY directives 128d245 Update README.md 1f854f4 Clarify -precision comments 6446402 Noop JSON Patch [] and noop JSON Merge Patch {} 6132595 Port precision to v2 3846799 Use slices from experimental 0b05a7b Revert "Upgrade v2 to 1.21" ef44caa Upgrade v2 to 1.21 1bccd65 go mod tidy and vendor in lib and v2 5509377 go mod vendor 04a032d Only set after context on a single diff element 60a3e81 Previous should be from list b 0beb845 Update dependencies 6a3563e Add the -v2 flag to try out the new API 17354e1 Merge branch 'master' into lcs3 53844ff A few more context tests ec9f62f Check before and after context 8b0379e More list patch test context 6929b83 Start new diff element after reading after context c4fcc9e Read diff context 6035605 Fix object test expectation fa7a502 Fix some edge cases 5ce3586 More simple list diff implementation 8e742b1 Web UI with arguments give error 0a1ac0a Accept number-like keys in JSON Pointers 1e10b14 Prevent -precision with -set or -mset options 56b2cb3 Add precision to the commandline 015cbcc Add test for precision in object cf8d025 Update instructions for including the UI 0c20aab Fix context before 7b15f05 Add context to diff c30f084 More list patch tests for LCS 7c606b5 More list diff tests for LCS

... (truncated)

Commits

Updates github.com/klauspost/compress from 1.18.5 to 1.18.6

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.6

What's Changed

New Contributors

Full Changelog: klauspost/compress@v1.18.5...v1.18.6

Commits

Updates github.com/streamingfast/firehose-core from 1.14.5-0.20260601154750-a7db8ec6b293 to 1.14.5

Release notes

Sourced from github.com/streamingfast/firehose-core's releases.

v1.14.5

Changed

  • reader-node-firehose: if the persisted cursor in the state file points to a block older than --reader-node-start-block-num, the cursor is now discarded (with a warning log) and the syncer restarts from the configured start block. Previously the stale cursor was always honored.
  • Bumped golang.org/x/net to v0.55.0 and golang.org/x/crypto to v0.52.0 (along with x/sys, x/term and x/text) to pick up the latest security fixes.

Fixed

  • Substreams: fix tier1 not forwarding the subrequest secret key to tier2 in the live backfiller, which could cause backfill jobs to fail authentication against tier2 when the tier2 secret key was configured.
  • Substreams: per-block execution timeouts are now surfaced as a DeadlineExceeded gRPC error instead of being silently swallowed (and the affected block dropped). Previously a deadline-exceeded panic during block execution could be caught by the generic context-cancelled handler, so the timeout was hidden and the block silently skipped.
  • Substreams: stop the progressBlockRate janitor goroutine when closing the sink stats, fixing a goroutine leak.
  • payment-gateway: fix a nil-pointer panic in session Release when sessionInfo is nil.

Added

  • tools relayer write-one-blocks New command to write one-block-files directly from the relayer. Can write partial blocks too, for comparing.
  • tools check one-blocks: New command that walks one-block files in streaming mode and reports issues inline as they are detected: available block ranges (printed as ✅ Available blocks in range [#X to #Y]), missing block ranges (printed as ❌ Missing blocks in range [#X to #Y]), forks (multiple distinct IDs at the same height), and parent-chain continuity breaks. Available and missing ranges are printed interleaved so the full picture of which blocks exist and which are absent is immediately visible. Uses the finalized block number (LibNum) embedded in each file to prune internal state so it does not grow infinitely. Progress is reported with an automatic ladder (every 10K below 100K processed, every 100K below 500K, every 500K below 1M, then every 1M); pass --progress-each N to override with a fixed cadence. The final summary ends with a colour-coded Status : ok (green) or Status : broken (red) line.
  • Substreams: added more metrics to identify time spent squashing
Changelog

Sourced from github.com/streamingfast/firehose-core's changelog.

v1.14.5

Changed

  • reader-node-firehose: if the persisted cursor in the state file points to a block older than --reader-node-start-block-num, the cursor is now discarded (with a warning log) and the syncer restarts from the configured start block. Previously the stale cursor was always honored.
  • Bumped golang.org/x/net to v0.55.0 and golang.org/x/crypto to v0.52.0 (along with x/sys, x/term and x/text) to pick up the latest security fixes.

Fixed

  • Substreams: fix tier1 not forwarding the subrequest secret key to tier2 in the live backfiller, which could cause backfill jobs to fail authentication against tier2 when the tier2 secret key was configured.
  • Substreams: per-block execution timeouts are now surfaced as a DeadlineExceeded gRPC error instead of being silently swallowed (and the affected block dropped). Previously a deadline-exceeded panic during block execution could be caught by the generic context-cancelled handler, so the timeout was hidden and the block silently skipped.
  • Substreams: stop the progressBlockRate janitor goroutine when closing the sink stats, fixing a goroutine leak.
  • payment-gateway: fix a nil-pointer panic in session Release when sessionInfo is nil.

Added

  • tools relayer write-one-blocks New command to write one-block-files directly from the relayer. Can write partial blocks too, for comparing.
  • tools check one-blocks: New command that walks one-block files in streaming mode and reports issues inline as they are detected: available block ranges (printed as ✅ Available blocks in range [#X to #Y]), missing block ranges (printed as ❌ Missing blocks in range [#X to #Y]), forks (multiple distinct IDs at the same height), and parent-chain continuity breaks. Available and missing ranges are printed interleaved so the full picture of which blocks exist and which are absent is immediately visible. Uses the finalized block number (LibNum) embedded in each file to prune internal state so it does not grow infinitely. Progress is reported with an automatic ladder (every 10K below 100K processed, every 100K below 500K, every 500K below 1M, then every 1M); pass --progress-each N to override with a fixed cadence. The final summary ends with a colour-coded Status : ok (green) or Status : broken (red) line.
  • Substreams: added more metrics to identify time spent squashing

v1.14.4

Removed from docker image

  • The 'grpc_health_probe' binary is no longer included in the docker image. You can use the HTTP '/healthz' endpoints instead or use your own GRPC poller.

Added

  • merger and relayer now expose an HTTP /healthz endpoint on a dedicated port via the new --merger-http-healthz-addr (default :10013) and --relayer-http-healthz-addr (default :10018) flags. Set the flag to an empty string to disable. The endpoint returns HTTP 200 when the service is ready and 503 otherwise (including during the common-system-shutdown-signal-delay graceful-shutdown window).
  • Config file now supports a global: section for setting persistent (global) flags such as shift-ports, log-format, log-to-file, etc. These flags can also still be set under the command-specific section (e.g. start.flags), but global: is more intuitive for flags that apply regardless of command.
  • tools compare-blocks: A single block number (e.g. 2713) is now accepted as the range argument, automatically expanding to the 100-block bundle that contains that block (e.g. 2700:2799).
  • Substreams Index optimisation: Optimized ClockDistributor to skip blocks earlier and faster when using block filter.
  • Substreams: add substreams_tier2_max_concurrent_requests and substreams_tier1_active_requests_hard_limit metrics to prometheus

Fixed

  • tools substreams store-size: Fix N/A shown for all stores. For local state stores, the compressed file size is now displayed as a fallback when no uncompressed metadata is available. For GCS state stores, the compressed size is now returned even when files lack datasize metadata, and both .kv and .kv.zst file extensions are now accepted. The "Live (uncompressed)" column is renamed to "Live Size" and now shows "Not found" when no state exists for a module. The computed module hash is shown in the table for easy manual GCS path verification. A warning is shown when no state data is found for any module, hinting at a possible wrong --state-store URL.
  • Substreams: Fix server-side bug that would cause Blocks request to fail after a few retries with 'load full store (...) load store stream: opening file for streaming: not found' when depending on a store that is being merged slowly

Changed

  • tools compare-blocks: --diff flag is now a string flag instead of a boolean. --diff or --diff=inline prints inline diffs using diffx; --diff=editor opens $DIFF_EDITOR (falls back to diff -u); --diff=<cmd> uses that command as the diff editor (e.g. --diff=vimdiff). The separate --diff-editor flag has been removed.
  • tools compare-blocks: diff output uses diffx for richer unified diffs with line numbers, ANSI color, and inline character-level highlighting.

v1.14.3

Fixed

  • MergedBlocksWriter.WriteBundle: close the read end of the internal pipe and wait for the producer goroutine to finish before returning. Previously, if the underlying Store.WriteObject returned without consuming the reader (e.g. an S3 destination skipping an existing object when overwrite is disabled), the producer goroutine would block forever on its next pipe write, leaking the goroutine and pinning the bundle's blocks in memory. This affected tools download-from-firehose against S3 destinations that already contained any of the requested bundles.

... (truncated)

Commits

Updates github.com/tidwall/gjson from 1.18.0 to 1.19.0

Commits

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.
Commits
  • 5b81b37 release v1.28.0 (#1547)
  • 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
  • d278c59 [chore] CI: test on Go 1.26 (#1535)
  • 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
  • See full diff in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 29, 2026
@dependabot
Bump the all group across 1 directory with 8 updates
1de3aa8 
Bumps the all group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/RoaringBitmap/roaring](https://github.com/RoaringBitmap/roaring) | `1.9.1` | `1.9.4` |
| [github.com/emmansun/base64](https://github.com/emmansun/base64) | `0.8.0` | `0.9.0` |
| [github.com/josephburnett/jd](https://github.com/josephburnett/jd) | `1.7.1` | `1.9.2` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.18.5` | `1.18.6` |
| [github.com/streamingfast/firehose-core](https://github.com/streamingfast/firehose-core) | `1.14.5-0.20260601154750-a7db8ec6b293` | `1.14.5` |
| [github.com/tidwall/gjson](https://github.com/tidwall/gjson) | `1.18.0` | `1.19.0` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.1` |



Updates `github.com/RoaringBitmap/roaring` from 1.9.1 to 1.9.4
- [Release notes](https://github.com/RoaringBitmap/roaring/releases)
- [Commits](RoaringBitmap/roaring@v1.9.1...v1.9.4)

Updates `github.com/emmansun/base64` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/emmansun/base64/releases)
- [Commits](emmansun/base64@v0.8.0...v0.9.0)

Updates `github.com/josephburnett/jd` from 1.7.1 to 1.9.2
- [Release notes](https://github.com/josephburnett/jd/releases)
- [Changelog](https://github.com/josephburnett/jd/blob/master/RELEASE_NOTES.md)
- [Commits](josephburnett/jd@v1.7.1...v1.9.2)

Updates `github.com/klauspost/compress` from 1.18.5 to 1.18.6
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](klauspost/compress@v1.18.5...v1.18.6)

Updates `github.com/streamingfast/firehose-core` from 1.14.5-0.20260601154750-a7db8ec6b293 to 1.14.5
- [Release notes](https://github.com/streamingfast/firehose-core/releases)
- [Changelog](https://github.com/streamingfast/firehose-core/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/streamingfast/firehose-core/commits/v1.14.5)

Updates `github.com/tidwall/gjson` from 1.18.0 to 1.19.0
- [Commits](tidwall/gjson@v1.18.0...v1.19.0)

Updates `go.uber.org/zap` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.1...v1.28.0)

Updates `google.golang.org/grpc` from 1.80.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.80.0...v1.81.1)

---
updated-dependencies:
- dependency-name: github.com/emmansun/base64
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/josephburnett/jd
  dependency-version: 1.9.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/RoaringBitmap/roaring
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/streamingfast/firehose-core
  dependency-version: 1.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/tidwall/gjson
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.uber.org/zap
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the all group with 8 updates Bump the all group across 1 directory with 8 updates Jun 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/all-13aa1da8af branch from 409f873 to 1de3aa8 Compare June 1, 2026 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants