Skip to content

chore(deps)(deps): bump the patch-and-minor group across 1 directory with 7 updates#44

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/patch-and-minor-4f38a09e0d
Open

chore(deps)(deps): bump the patch-and-minor group across 1 directory with 7 updates#44
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/patch-and-minor-4f38a09e0d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor

Bumps the patch-and-minor group with 5 updates in the / directory:

Package From To
github.com/coreos/go-oidc/v3 3.18.0 3.20.0
github.com/go-webauthn/webauthn 0.17.3 0.17.4
github.com/pion/webrtc/v4 4.2.12 4.2.16
github.com/wneessen/go-mail 0.7.3 0.8.1
gorm.io/gorm 1.31.1 1.31.2

Updates github.com/coreos/go-oidc/v3 from 3.18.0 to 3.20.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.20.0

What's Changed

Full Changelog: coreos/go-oidc@v3.19.0...v3.20.0

v3.19.0

What's Changed

New Contributors

Full Changelog: coreos/go-oidc@v3.18.0...v3.19.0

Commits
  • 75dfa5c oidc: add constants for "email" and "profile" scopes
  • a89f046 oidc: add API for determining when issuer URLs mismatch
  • 6a69b6d readme: update README and docs
  • f9049c9 oidc: ignore JWKs with unknown signing algorithms rather than failing
  • 2f178e0 SECURITY.md: add a security policy and point to project-level reporting
  • b3bc7da oidc: improve documentation for APIs
  • 0db9053 oidc: modernize with new Go APIs
  • 4204f0b oidc: add support for validating back-channel logout tokens
  • f77e01c fix: Key refresh should set no-cache to get most up to date keys
  • See full diff in compare view

Updates github.com/go-webauthn/webauthn from 0.17.3 to 0.17.4

Release notes

Sourced from github.com/go-webauthn/webauthn's releases.

v0.17.4

v0.17.4 (2026-05-22)

Dependency Updates

This release just contains updates to dependencies.

Changelog

Sourced from github.com/go-webauthn/webauthn's changelog.

v0.17.4 (2026-05-22)

Dependency Updates

This release just contains updates to dependencies.

Commits
  • bc5e90d release: v0.17.4 (#695)
  • eaeedc6 build(deps): update module github.com/go-webauthn/x to v0.2.6 (#694)
  • d41c63d build(deps): update step-security/harden-runner action to v2.19.4 (#693)
  • 5eb52ec build(deps): update codecov/codecov-action action to v6.0.1 (#692)
  • b9202d1 build(deps): update step-security/harden-runner action to v2.19.3 (#690)
  • 6b95913 build(deps): update github/codeql-action action to v4.35.5 (#691)
  • 7aca952 build(deps): update step-security/harden-runner action to v2.19.2 (#689)
  • a0459c6 ci: apply zizmor recommendations (#688)
  • See full diff in compare view

Updates github.com/pion/webrtc/v4 from 4.2.12 to 4.2.16

Release notes

Sourced from github.com/pion/webrtc/v4's releases.

v4.2.16

Changelog

  • 3acb04c0bedcc57d2b9ddea102cb7b3787179400 Add the ability to write tracks OpusTags
  • b1b0614cd458f580409fa2d3bdea7928d4a2e544 Add multi-track ogg writing API
  • 5636863a5e2f2f071fb7786bc14e28b55b538d86 Update module github.com/pion/sctp to v1.10.3
  • 43b3d65247e68fb76deba94e2fd37a21016b664c Fix flaky test detach race
  • 7a223a6f4d4fed5dcfa8f7749604ff7e72fd2f33 Add StartContext to ICE and DTLS Transport (#3371)
  • 979fc8416aa9b1cf66c7d4eade3822ab769f5be1 Update module github.com/pion/sctp to v1.10.2 (#3457)
  • 730635086cc80b614797f74ec6fa31f7150933dc Update module github.com/pion/datachannel to v1.6.2 (#3456)
  • 0b2fda9d73f83479868ee8c06a7d2e33c90e2845 Update module github.com/pion/sctp to v1.10.1 (#3455)
  • 7a9d72c9b35af9a11384eae393290a586cee8015 Update module github.com/pion/stun/v3 to v3.1.6 (#3452)
  • 7991a3a15b0602043b33113acb878509ba2a4d66 Update module github.com/pion/sdp/v3 to v3.0.19 (#3454)
  • ea2897fb6dc2eeeec2c38441ceb134c2047be4dd Update module github.com/pion/srtp/v3 to v3.0.12 (#3448)
  • 7c9521bd5656abe794a9e26424bf7ff0acca7a51 Update module github.com/pion/datachannel to v1.6.1 (#3451)
  • 3a57b45bb11c863f76234401bb1a75d0e3dcee6b Fix wasm null JS event handlers before release (#3432)
  • ec1dd730986df3d129c96f3691be04145d23259a Fix bundle-only data channel startup (#3447)
  • 6a5d2f84f74f7db9044ffdc1f2f5403985f50cae Update module github.com/pion/turn/v5 to v5.0.10 (#3444)

v4.2.15

Changelog

  • a323cae9557309a22eaa1cf78cfffe83ca463093 Upgrade dtls to fix compatibility with firefox
  • bb1c6843124045f4d06cd8acfb9c7c620958f6e5 SNAP: fix renegotiation bug (#3443)
  • 898d90d1ed5e4ac9191490c7b5a1c659c3bf4c95 Remove redundant lock guarding atomic

v4.2.14

Changelog

  • b5b06e4f039af5c3c02bc22d5358a34f14b772e7 Update dtls, ice, stun, turn
  • 862b836e80ec84a187e87441394fa7bf65100c3f Update module github.com/pion/ice/v4 to v4.2.6 (#3437)
  • 0406280048b573542cb7b6502157196244ff89d2 Update module github.com/pion/srtp/v3 to v3.0.11 (#3436)
  • 2eab7b01fdbb9fe49dca8e7cb6083bcbf85969e4 Update module github.com/pion/turn/v5 to v5.0.5 (#3435)
  • 4cda4cb03c459365dd1557ef2450bb57c9ad87d4 Update module github.com/pion/transport/v4 to v4.0.2 (#3433)
  • f52b36de1e39c6f98d0ba58ee5fcd3c7dbf5179c Make RID parsing more robust

v4.2.13

Changelog

  • 5eeb68efae547286a2112fece8c6fa6fc38c1131 Expose SCTP assoc metadata in getStats
  • a9822d3f4e810af2c9ab1c6f7ccc74b9fd7b7143 Fix DC send benchmark race on x386
  • e116405a6ad54871787d06f876d51bc0bcadd55b Fix mDNS connection tests on macOS
  • 2ebb5663c06fb42fa2e6dc11170e6d579fa0a169 Fix a race in benchmark
  • 064de24212cf4d997bdd9d5406cd89de12dd1af3 Fix DC OnClose race, add default DC open handler
  • 0607a804ad6bf42758b250dca05c91ece7573bc4 Add SCTP interleaving-inspection example
  • fa46152405dff75060146611914120d00308a418 Update module github.com/pion/turn/v5 to v5.0.4 (#3422)
  • 9654161f9b698b2d9a2df3dd5a676b20e881a7b3 Update module github.com/pion/rtp to v1.10.2 (#3421)
  • c96c16648cc994f0d425a1c58c725b49407852c3 Upgrade to turn/v5
  • 32341d78118c6f579e2195956003b36b37e5a393 Update module github.com/pion/interceptor to v0.1.45
Commits
  • 3acb04c Add the ability to write tracks OpusTags
  • b1b0614 Add multi-track ogg writing API
  • 5636863 Update module github.com/pion/sctp to v1.10.3
  • 43b3d65 Fix flaky test detach race
  • 7a223a6 Add StartContext to ICE and DTLS Transport (#3371)
  • 979fc84 Update module github.com/pion/sctp to v1.10.2 (#3457)
  • 7306350 Update module github.com/pion/datachannel to v1.6.2 (#3456)
  • 0b2fda9 Update module github.com/pion/sctp to v1.10.1 (#3455)
  • 7a9d72c Update module github.com/pion/stun/v3 to v3.1.6 (#3452)
  • 7991a3a Update module github.com/pion/sdp/v3 to v3.0.19 (#3454)
  • Additional commits viewable in compare view

Updates github.com/wneessen/go-mail from 0.7.3 to 0.8.1

Release notes

Sourced from github.com/wneessen/go-mail's releases.

v0.8.1

Welcome to go-mail v0.8.1! 🎉

This release is only a small release, but fixes a regression on the 386 platform. We hope you enjoy!

Notable features / improvements / fixes

Fix regression on 386 platforms

The NTLM support introduced in v0.8.0 contained a bug affecting 386 platforms: a 32-bit integer could overflow because it wasn't cast to int64. This caused problems when cross-compiling to the 386 architecture. The bug is fixed in #589. In addition, the CI pipeline has been extended to run cross-compile tests for every platform supported by GitHub runners. Thanks to @​firefart for reporting the issue.

Opportunistic SMTP authentication

PR #585 introduces an opportunistic authentication mechanism that lets users provide a list of preferred auth types. During SMTP authentication, the client checks the mechanisms the server supports and selects the first match from the preferred list. If the server supports none of the preferred mechanisms, the client falls back to Autodiscover mode and selects the strongest mechanism the server offers.

Convenience helpers for List-Unsubscribe and one-click List-Unsubscribe-Post

We already expose the HeaderListUnsubscribe and HeaderListUnsubscribePost header constants, but until now there was no dedicated function to construct these headers. Users had to assemble the angle-bracket URI list and the exact List-Unsubscribe=One-Click token by hand via SetGenHeader—something that's easy to get subtly wrong (missing <>, an incorrect POST token, or GET-triggerable URLs). Since February 2024, Gmail and Yahoo require a working RFC 8058 one-click unsubscribe for senders exceeding 5k messages per day, making this a common compliance requirement rather than a niche feature. PR #587 adds three convenience helpers to set these headers correctly:

  • SetListUnsubscribe(uris ...string): sets an RFC 2369 List-Unsubscribe header only (mailto/https links).
  • SetListUnsubscribePost(): sets List-Unsubscribe-Post: List-Unsubscribe=One-Click.
  • SetListUnsubscribeOneClick(httpsURL string, additionalURIs ...string): the common case: sets both headers correctly, validating that at least one HTTPS URL is present as required by RFC 8058.

What's Changed

CI/CD maintenance changes

Full Changelog: wneessen/go-mail@v0.8.0...v0.8.1

v0.8.0: Native NTLM and DKIM support

Welcome to go-mail v0.8.0! 🎉

This release brings two big new features and a couple of improvements and fixes to go-mail. We hope you enjoy this release!

[!IMPORTANT] This release adds a new dependency to go.mod. We now rely on the crypto package of the Go extended library. We already relied on golang.org/x/text before, but it's worth noting that if you have strict dependency requirements, that golang.org/x/crypto was added in this release.

Notable features/improvements/fixes

Native NTLM authentication support

With PR #576 native NTLMv2 SMTP auth support has been added to go-mail. This feature has been requested several times and so far we've always resorted to a custom SMTP authentication provider using some 3rd party libraries. With go-mail v0.8.0 you can now natively authenticate with NTLM servers like any of the other supported authentication methods. Big thanks to @​mkalus for providing some ground work in #549 and for helping to test the code. The development was mainly based on the excellent documentation of the cURL project.

... (truncated)

Commits
  • 2ac36f0 Update doc.go
  • 1550ad6 Merge pull request #598 from wneessen/churn/ci-cd-crosscompile
  • 896ceb6 Fix linux/386
  • 80296ec Add linux 386
  • 7f544b1 Only execute cross compile tests we can actually use
  • 47f7a74 Enable CGO
  • f3ab24e Add cross-compile test to CI
  • a0f7cbe Merge pull request #597 from wneessen/dependabot/go_modules/golang.org/x/cryp...
  • 86f6131 Bump golang.org/x/crypto from 0.53.0 to 0.54.0
  • 2b6e523 Merge pull request #592 from wneessen/dependabot/github_actions/github/codeql...
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.54.0

Commits
  • cdce021 go.mod: update golang.org/x dependencies
  • d9474cc openpgp: make the deprecation message more explicit
  • 7626c50 ssh: verify declared key type matches decoded key in authorized_keys
  • 0471e79 ssh/agent: enforce strict limits on DSA key parameters
  • 6435c37 ssh: sanitize client disconnect messages
  • 7d695da ssh/agent: drain channel stderr in agent forwarders
  • 5b7f841 acme/autocert: fix data race in Manager.createCert
  • 0b316e7 argon2: update RFC 9106 parameter recommendations
  • 55aec0a x509roots/fallback: update bundle
  • 5f2de1a internal: remove wycheproof tests
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.44.0 to 0.47.0

Commits
  • 9e7e939 cpu: handle vendor suffixes in parseRelease
  • f6fb8a1 unix: use epoll_pwait rather than epoll_wait
  • f3eeabf windows: avoid length overflow in NewNTString
  • 3cb6647 unix: update glibc to 2.43
  • c507910 windows: document safe usage of TrusteeValue
  • d58dcfa unix: add GPIO constants and structs
  • 397d5f8 unix: update to Linux kernel 7.0
  • 0a387f7 cpu: detect zbc extension on riscv64
  • 758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
  • 99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
  • Additional commits viewable in compare view

Updates gorm.io/gorm from 1.31.1 to 1.31.2

Release notes

Sourced from gorm.io/gorm's releases.

Release v1.31.2

Changes

Commits
  • 1d6ce99 Fix potential rows leak on panic by deferring rows.Close() (#7798)
  • f648834 perf: replace fmt.Sprintf with strconv in ExplainSQL numeric formatting (#7796)
  • 49cd6b8 Document NowFunc timezone behavior (#7799)
  • d0ee5e2 correct typo and rename fileType to fieldType in AlterColumn (#7748)
  • 2a22022 fix: panic when using clause.Returning with CreateInBatches (#7768)
  • 3322929 fix(migrator): add nil guards to ColumnType methods to prevent panic (#7767)
  • 40cd2af ci: switch tests Go matrix to stable/oldstable and update setup-go (#7726)
  • ba38501 chore(ci): bump actions/stale to v9 (#7696)
  • c1f742d fix: don't override alterColumn when defaults match (#7728)
  • c14d3ac update github ci golang version
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…with 7 updates

Bumps the patch-and-minor group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.18.0` | `3.20.0` |
| [github.com/go-webauthn/webauthn](https://github.com/go-webauthn/webauthn) | `0.17.3` | `0.17.4` |
| [github.com/pion/webrtc/v4](https://github.com/pion/webrtc) | `4.2.12` | `4.2.16` |
| [github.com/wneessen/go-mail](https://github.com/wneessen/go-mail) | `0.7.3` | `0.8.1` |
| [gorm.io/gorm](https://github.com/go-gorm/gorm) | `1.31.1` | `1.31.2` |



Updates `github.com/coreos/go-oidc/v3` from 3.18.0 to 3.20.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v3.18.0...v3.20.0)

Updates `github.com/go-webauthn/webauthn` from 0.17.3 to 0.17.4
- [Release notes](https://github.com/go-webauthn/webauthn/releases)
- [Changelog](https://github.com/go-webauthn/webauthn/blob/master/CHANGELOG.md)
- [Commits](go-webauthn/webauthn@v0.17.3...v0.17.4)

Updates `github.com/pion/webrtc/v4` from 4.2.12 to 4.2.16
- [Release notes](https://github.com/pion/webrtc/releases)
- [Commits](pion/webrtc@v4.2.12...v4.2.16)

Updates `github.com/wneessen/go-mail` from 0.7.3 to 0.8.1
- [Release notes](https://github.com/wneessen/go-mail/releases)
- [Commits](wneessen/go-mail@v0.7.3...v0.8.1)

Updates `golang.org/x/crypto` from 0.51.0 to 0.54.0
- [Commits](golang/crypto@v0.51.0...v0.54.0)

Updates `golang.org/x/sys` from 0.44.0 to 0.47.0
- [Commits](golang/sys@v0.44.0...v0.47.0)

Updates `gorm.io/gorm` from 1.31.1 to 1.31.2
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](go-gorm/gorm@v1.31.1...v1.31.2)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-and-minor
- dependency-name: github.com/go-webauthn/webauthn
  dependency-version: 0.17.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
- dependency-name: github.com/pion/webrtc/v4
  dependency-version: 4.2.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
- dependency-name: github.com/wneessen/go-mail
  dependency-version: 0.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-and-minor
- dependency-name: golang.org/x/crypto
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-and-minor
- dependency-name: golang.org/x/sys
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-and-minor
- dependency-name: gorm.io/gorm
  dependency-version: 1.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants