Skip to content

chore(deps): bump the go_modules group across 1 directory with 8 updates#3909

Open
dependabot[bot] wants to merge 1 commit into
canaryfrom
dependabot/go_modules/integ-tests/go/go_modules-d6b428afb5
Open

chore(deps): bump the go_modules group across 1 directory with 8 updates#3909
dependabot[bot] wants to merge 1 commit into
canaryfrom
dependabot/go_modules/integ-tests/go/go_modules-d6b428afb5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the go_modules group with 8 updates in the /integ-tests/go directory:

Package From To
github.com/go-chi/chi/v5 5.2.2 5.2.4
github.com/go-jose/go-jose/v3 3.0.4 3.0.5
github.com/jackc/pgx/v5 5.6.0 5.9.2
github.com/nats-io/nats-server/v2 2.11.6 2.11.15
go.mongodb.org/mongo-driver 1.12.1 1.17.7
go.opentelemetry.io/otel 1.37.0 1.41.0
go.opentelemetry.io/otel/sdk 1.37.0 1.43.0
google.golang.org/grpc 1.73.0 1.79.3

Updates github.com/go-chi/chi/v5 from 5.2.2 to 5.2.4

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.3

What's Changed

New Contributors

Full Changelog: go-chi/chi@v5.2.2...v5.2.3

Commits
  • 6eb3588 middleware: harden RedirectSlashes handler (#1044)
  • de0d16e Update comment about min Go version (#1023)
  • 9fb4a15 update reverseMethodMap in RegisterMethod (#1022)
  • 51c977c Refactor to use atomic type (#1019)
  • 563ab11 Refactor graceful shutdown example (#994)
  • a52c582 Bump minimum Go and use new features (#1017)
  • 9b9fb55 Replace methodTypString func with reverseMethodMap (#1018)
  • 0265fcd refactor: iterative wildcard collapsing and add test for consecutive wildcard...
  • cf537d4 Optimize throttle middleware by avoiding unnecessary timer creation (#1011)
  • 9040e95 fix/608 - Fix flaky Throttle middleware test by synchronizing token usage (#1...
  • Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5

Release notes

Sourced from github.com/go-jose/go-jose/v3's releases.

v3.0.5

What's Changed

Fixes GHSA-78h2-9frx-2jm8

We recommend migrating from v3 to v4, and we will stop support v3 in the near future.

Full Changelog: go-jose/go-jose@v3.0.4...v3.0.5

Commits

Updates github.com/jackc/pgx/v5 from 5.6.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

  • Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

  • Require Go 1.25+
  • Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
  • Add OAuth authentication support for PostgreSQL 18 (David Schneider)
  • Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
  • Add tsvector type support (Adam Brightwell)
  • Skip Describe Portal for cached prepared statements reducing network round trips
  • Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
  • Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
  • Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
  • Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
  • Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
  • Make RowsAffected faster (Abhishek Chanda)
  • Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
  • Fix: ContextWatcher goroutine leak (Hank Donnay)
  • Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)

... (truncated)

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • 4e4eaed Release v5.9.1
  • 6273188 Fix batch result format corruption when using cached prepared statements
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.11.6 to 2.11.15

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.15

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.25.8

Dependencies

  • golang.org/x/crypto v0.49.0 (#7953)
  • github.com/nats-io/jwt/v2 v2.8.1 (#7960)
  • github.com/antithesishq/antithesis-sdk-go v0.6.0-default-no-op
  • github.com/klauspost/compress v1.18.4
  • github.com/nats-io/nats.go v1.49.0
  • github.com/nats-io/nkeys v0.4.15

CVEs

Changed

General

  • There is now a 1MB size limit on JWTs (#7960)

Improved

JetStream

  • The stream peer-remove command now accepts a peer ID as well as a server name (#7952)

MQTT

  • Protocol compliance has been improved, including more error handling on invalid or malformed MQTT packets (#7933)

Fixed

General

  • Improved handling of duplicate headers

... (truncated)

Commits
  • bef17e1 Release v2.11.15
  • e349b31 Cherry-picks for 2.11.15 (#62)
  • 782a6df [FIXED] Avoid stalling read loop on leafnode ErrMinimumVersionRequired
  • 74a5f6f Remove FIXME about auth callout nonce
  • ea8ae87 Message tracing requires client publish permission for Nats-Trace-Dest
  • 3fd43a0 Rebuild request info headers on leaf service imports
  • 8dbf004 [FIXED] MQTT flappers use monotonic time
  • 265a99b Update JWT and other dependencies
  • d6d1dd9 Streaming parsing of WebSocket frames with limited memory allocations
  • e6057af [FIXED] Avoid parsing trace headers from HPUB payload
  • Additional commits viewable in compare view

Updates go.mongodb.org/mongo-driver from 1.12.1 to 1.17.7

Release notes

Sourced from go.mongodb.org/mongo-driver's releases.

MongoDB Go Driver 1.17.7

The MongoDB Go Driver Team is pleased to release version 1.17.7 of the official MongoDB Go Driver.

Release Highlights

This release removes the deprecation notice from options.MergeClientOptions and fixes buffer handling in GSSAPI error description and username functions.

What's Changed

🐛 Fixed

📝 Other Changes

Full Changelog: mongodb/mongo-go-driver@v1.17.6...v1.17.7

For a full list of tickets included in this release, please see the list of fixed issues.

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

MongoDB Go Driver 1.17.6

The MongoDB Go Driver Team is pleased to release version 1.17.6 of the official MongoDB Go Driver.

[!NOTE] Due to a bug in the Go Driver release automation, there is no 1.17.5 release.

Release Highlights

This release makes various maintainability improvements to the Go Driver development and release automation.

What's Changed

📝 Other Changes

Full Changelog: mongodb/mongo-go-driver@v1.17.4...v1.17.6

For a full list of tickets included in this release, please see the list of fixed issues.

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

MongoDB Go Driver 1.17.4

... (truncated)

Commits
  • eb01e7e BUMP v1.17.7
  • 3c55093 GODRIVER-3766 Remove deprecation notice for MergeClientOptions (#2294)
  • f6163bf GODRIVER-3770 Remove libasan from gssapi tests in CI (#2293)
  • 6798963 GODRIVER-3770 Fix buffer handling in GSSAPI error description and username fu...
  • c1e9575 Add more visible deprecation banner to the 1.17 readme (#2233)
  • d2fa0ab BUMP v1.17.6
  • f1d540b BUMP v1.17.5
  • b879028 GODRIVER-3654 Don't test v1 branches against latest server. (#2188)
  • 21f47d4 Allow ignore-for-release label to satisfy label checker (#2203)
  • 8708ca8 Disable merge-up from release/1.17 (#2202)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.37.0 to 1.41.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

  • Support testing of [Go 1.26]. (#7902)

Fixed

  • Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880)
  • Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914)
  • Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914)
  • Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914)

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

  • Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
  • Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
  • Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

  • Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
  • Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
  • Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
  • Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
  • Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
  • Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

  • Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
  • Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
  • Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

... (truncated)

Commits
  • 4575a97 Release 1.41.0/0.63.0/0.17.0/0.0.15 (#7977)
  • 66fc10d fix: add error handling for insecure HTTP endpoints with TLS client configura...
  • 76e6eec chore(deps): update github/codeql-action action to v4.32.5 (#7980)
  • 0d50f90 Revert "Generate semconv/v1.40.0" (#7978)
  • c38a4a5 Generate semconv/v1.40.0 (#7929)
  • 0f1a224 chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (#7899)
  • c79ebf4 chore(deps): update module github.com/daixiang0/gci to v0.14.0 (#7973)
  • f758157 chore(deps): update module github.com/sonatard/noctx to v0.5.0 (#7968)
  • 92a1164 fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...
  • 3cd7c27 chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (#7969)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.37.0 to 1.43.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
  • Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
  • Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

  • Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
  • Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
  • Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
  • Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

  • Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

  • Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
  • Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

  • Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits
  • 9276201 Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)
  • 61b8c94 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)
  • 97a086e chore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)
  • 5e363de limit response body size for OTLP HTTP exporters (#8108)
  • 35214b6 Use an absolute path when calling bsd kenv (#8113)
  • 290024c fix(deps): update module google.golang.org/grpc to v1.80.0 (#8121)
  • e70658e fix: support getBody in otelploghttp (#8096)
  • 4afe468 fix(deps): update googleapis to 9d38bb4 (#8117)
  • b9ca729 chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115)
  • 69472ec chore(deps): update fossas/fossa-action action to v1.9.0 (#8118)
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.73.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

  • mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

  • balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

  • experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
  • pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
    • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
  • xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
  • balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Bug Fixes

  • credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
  • health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Performance Improvements

  • credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
  • mem: Optimize pooling and creation of buffer objects. (#8784)
  • transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 8 updates in the /integ-tests/go directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.2` | `5.2.4` |
| [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) | `3.0.4` | `3.0.5` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.6.0` | `5.9.2` |
| [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) | `2.11.6` | `2.11.15` |
| [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) | `1.12.1` | `1.17.7` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.37.0` | `1.41.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.37.0` | `1.43.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.73.0` | `1.79.3` |



Updates `github.com/go-chi/chi/v5` from 5.2.2 to 5.2.4
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.2.2...v5.2.4)

Updates `github.com/go-jose/go-jose/v3` from 3.0.4 to 3.0.5
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v3.0.4...v3.0.5)

Updates `github.com/jackc/pgx/v5` from 5.6.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/nats-io/nats-server/v2` from 2.11.6 to 2.11.15
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.11.6...v2.11.15)

Updates `go.mongodb.org/mongo-driver` from 1.12.1 to 1.17.7
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](mongodb/mongo-go-driver@v1.12.1...v1.17.7)

Updates `go.opentelemetry.io/otel` from 1.37.0 to 1.41.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.37.0...v1.41.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.37.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.37.0...v1.43.0)

Updates `google.golang.org/grpc` from 1.73.0 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.73.0...v1.79.3)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.4
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-version: 3.0.5
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.11.15
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.mongodb.org/mongo-driver
  dependency-version: 1.17.7
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.41.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.43.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 3, 2026
@vercel

vercel Bot commented Jul 3, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
beps Ready Ready Preview, Comment Jul 3, 2026 12:29pm
promptfiddle2 Ready Ready Preview, Comment Jul 3, 2026 12:29pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
promptfiddle Skipped Skipped Jul 3, 2026 12:29pm

Request Review

@vercel vercel Bot temporarily deployed to Preview – promptfiddle July 3, 2026 12:21 Inactive
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

⏭️ Performance benchmarks were skipped

Perf benchmarks (CodSpeed) are opt-in on pull requests — they no longer run on every push. They always run automatically after merge to canary/main.

To run them on this PR, do any of the following, then push a commit (or re-run CI):

  • Add RUN_CODSPEED=1 to the PR description, or
  • Include run-perf or /perf in the PR title or any commit message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants