build(deps): bump the go_modules group across 3 directories with 5 updates

[dependabot]

Bumps the go_modules group with 1 update in the /bridge/opentracing/test directory: google.golang.org/grpc.
Bumps the go_modules group with 3 updates in the /internal/tools directory: github.com/cloudflare/circl, github.com/go-git/go-git/v5 and github.com/go-viper/mapstructure/v2.
Bumps the go_modules group with 1 update in the /trace/internal/telemetry/test directory: google.golang.org/grpc.

Updates google.golang.org/grpc from 1.72.1 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.6.1 to 1.6.3

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

• sign/mldsa: Check opts for nil value by @​armfazh in cloudflare/circl#582
• ecc/p384: Point addition must handle point doubling case. by @​armfazh in cloudflare/circl#583
• Release CIRCL v1.6.3 by @​armfazh in cloudflare/circl#584

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

• New SLH-DSA, improvements in ML-DSA for arm64.
• Tested compilation on WASM.

What's Changed

• Optimize pairing product computation by moving exponentiations to G1. by @​dfaranha in cloudflare/circl#547
• sign: Adding SLH-DSA signature by @​armfazh in cloudflare/circl#512
• Update code generators to CIRCL v1.6.1. by @​armfazh in cloudflare/circl#548
• ML-DSA: Add preliminary Wycheproof test vectors by @​bwesterb in cloudflare/circl#552
• go fmt by @​bwesterb in cloudflare/circl#554
• gz-compressing test vectors, use of HexBytes and ReadGzip functions. by @​armfazh in cloudflare/circl#555
• group: Removes use of elliptic Marshal and Unmarshal functions. by @​armfazh in cloudflare/circl#556
• Support encoding/decoding ML-DSA private keys (as long as they contain seeds) by @​bwesterb in cloudflare/circl#559
• Update to golangci-lint v2 by @​bwesterb in cloudflare/circl#560
• Preparation for ARM64 Implementation of poly operations for dilithium package. by @​elementrics in cloudflare/circl#562
• prepare power2Round for custom implementations in assembly by @​elementrics in cloudflare/circl#564
• ARM64 implementation for poly.PackLe16 by @​elementrics in cloudflare/circl#563
• add arm64 version of polyMulBy2toD by @​elementrics in cloudflare/circl#565
• add arm64 version of polySub by @​elementrics in cloudflare/circl#566
• group: add byteLen method for short groups and RandomScalar uses rand.Int by @​armfazh in cloudflare/circl#568
• add arm64 version of poly.Add/Sub by @​elementrics in cloudflare/circl#572
• group: Adding cryptobyte marshaling to scalars by @​armfazh in cloudflare/circl#569
• Bumping up to Go1.25 by @​armfazh in cloudflare/circl#574
• ci: Including WASM compilation. by @​armfazh in cloudflare/circl#577
• Revert to using package-declared HPKE errors for shortkem instead of standard library errors by @​harshiniwho in cloudflare/circl#578
• Release v1.6.2 by @​armfazh in cloudflare/circl#579

New Contributors

• @​dfaranha made their first contribution in cloudflare/circl#547
• @​elementrics made their first contribution in cloudflare/circl#562
• @​harshiniwho made their first contribution in cloudflare/circl#578

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits

• 24ae53c Release CIRCL v1.6.3
• 581020b Rename method to oddMultiplesProjective.
• 12209a4 Removing unused cmov for jacobian points.
• fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
• 5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
• 3416046 Check opts for nil value.
• a763d47 Release CIRCL v1.6.2
• 3c70bf9 Bump x/crypto x/sys dependencies.
• 3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
• 23491bd Adding generic Power2Round method.
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.0 to 5.19.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2010
• v5: Bump sha1cd and go-billy by @​pjbgf in go-git/go-git#2060
• v5: Align object encoding with upstream by @​pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

• plumbing: transport/http, Add support for followRedirects policy by @​pjbgf in go-git/go-git#2004

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1941
• dotgit: skip writing pack files that already exist on disk by @​pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

• build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1930
• [v5] plumbing: format/index, Improve v4 entry name validation by @​pjbgf in go-git/go-git#1935
• [v5] plumbing: format/idxfile, Fix version and fanout checks by @​pjbgf in go-git/go-git#1937

Full Changelog: go-git/go-git@v5.17.0...v5.17.1

v5.17.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1839
• git: worktree, optimize infiles function for very large repos by @​k-anshul in go-git/go-git#1853
• git: Add strict checks for supported extensions by @​pjbgf in go-git/go-git#1861
• backport, git: Improve Status() speed with new index.ModTime check by @​cedric-appdirect in go-git/go-git#1862
• storage: filesystem, Avoid overwriting loose obj files by @​pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

v5.16.5

What's Changed

• build: Update module golang.org/x/crypto to v0.45.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1744
• build: Bump Go test versions to 1.23-1.25 (v5) by @​pjbgf in go-git/go-git#1746
• [v5] git: worktree, Don't delete local untracked files when resetting worktree by @​Ch00k in go-git/go-git#1800

... (truncated)

Commits

• bc930f4 Merge pull request #2065 from go-git/commit-v5
• d315264 plumbing: object, Reset object before decode
• 6e1d348 plumbing: object, Align Tree handling with upstream
• e134ba3 tests: Skip double checks in Git v2.11
• 1971422 tests: Add git conformance tests for signing verification
• a387aa8 plumbing: object, Add ErrMalformedTag
• f415670 plumbing: object, Decode Tag headers via a state machine
• 5b0cd38 plumbing: object, Reject multi-signature commits at Verify
• fe8ed62 plumbing: object, Align Tag.EncodeWithoutSignature with Commit
• 98e337d plumbing: object, Add support for Tag.SignatureSHA256
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.4.0

What's Changed

• refactor: replace interface{} with any by @​sagikazarmark in go-viper/mapstructure#115
• build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in go-viper/mapstructure#114
• Generic tests by @​sagikazarmark in go-viper/mapstructure#118
• Fix godoc reference link in README.md by @​peczenyj in go-viper/mapstructure#107
• feat: add StringToTimeLocationHookFunc to convert strings to *time.Location by @​ErfanMomeniii in go-viper/mapstructure#117
• feat: add back previous StringToSlice as a weak function by @​sagikazarmark in go-viper/mapstructure#119

New Contributors

• @​ErfanMomeniii made their first contribution in go-viper/mapstructure#117

Full Changelog: go-viper/mapstructure@v2.3.0...v2.4.0

v2.3.0

What's Changed

• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in go-viper/mapstructure#46
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @​dependabot in go-viper/mapstructure#47
• [enhancement] Add check for reflect.Value in ComposeDecodeHookFunc by @​mahadzaryab1 in go-viper/mapstructure#52
• build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @​dependabot in go-viper/mapstructure#51
• build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by @​dependabot in go-viper/mapstructure#50
• build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot in go-viper/mapstructure#55
• build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in go-viper/mapstructure#58
• ci: add Go 1.24 to the test matrix by @​sagikazarmark in go-viper/mapstructure#74
• build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by @​dependabot in go-viper/mapstructure#72
• build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @​dependabot in go-viper/mapstructure#76
• build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @​dependabot in go-viper/mapstructure#78
• feat: add decode hook for netip.Prefix by @​tklauser in go-viper/mapstructure#85
• Updates by @​sagikazarmark in go-viper/mapstructure#86
• build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @​dependabot in go-viper/mapstructure#87
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in go-viper/mapstructure#93
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot in go-viper/mapstructure#92
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by @​dependabot in go-viper/mapstructure#97
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot in go-viper/mapstructure#96
• Update README.md by @​peczenyj in go-viper/mapstructure#90
• Add omitzero tag. by @​Crystalix007 in go-viper/mapstructure#98
• Use error structs instead of duplicated strings by @​m1k1o in go-viper/mapstructure#102
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot in go-viper/mapstructure#101
• feat: add common error interface by @​sagikazarmark in go-viper/mapstructure#105
• update linter by @​sagikazarmark in go-viper/mapstructure#106
• Feature allow unset pointer by @​rostislaved in go-viper/mapstructure#80

New Contributors

• @​tklauser made their first contribution in go-viper/mapstructure#85
• @​peczenyj made their first contribution in go-viper/mapstructure#90
• @​Crystalix007 made their first contribution in go-viper/mapstructure#98
• @​rostislaved made their first contribution in go-viper/mapstructure#80

Full Changelog: go-viper/mapstructure@v2.2.1...v2.3.0

Commits

• b9794a5 Merge pull request #119 from go-viper/string-to-weak-slice
• 17cdcb0 feat: add back previous StringToSlice as a weak function
• 3caca36 Merge pull request #117 from ErfanMomeniii/main
• 9a861bc Merge pull request #107 from peczenyj/patch-2
• 86ed5b5 refactor: update
• ace5b4e chore: add interface any linter
• 1a4f1ae Merge pull request #118 from go-viper/generic-tests
• a268909 fix: lint
• 17f1fd4 test: add more comments
• b48c856 test: expand tests
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.38.0 to 0.50.0

Commits

• 03ca0dc go.mod: update golang.org/x dependencies
• 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
• 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• e08b067 go.mod: update golang.org/x dependencies
• 7d0074c scrypt: fix panic on parameters <= 0
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.72.1 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #10.