Skip to content

Bump cloud.google.com/go/bigquery from 1.65.0 to 1.77.0 in /function/loader in the loader-minor-updates group across 1 directory#1104

Merged
calebbrown merged 1 commit into
mainfrom
dependabot/go_modules/function/loader/loader-minor-updates-a23c44717e
May 15, 2026
Merged

Bump cloud.google.com/go/bigquery from 1.65.0 to 1.77.0 in /function/loader in the loader-minor-updates group across 1 directory#1104
calebbrown merged 1 commit into
mainfrom
dependabot/go_modules/function/loader/loader-minor-updates-a23c44717e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 1, 2025

Copy link
Copy Markdown
Contributor

Bumps the loader-minor-updates group with 1 update in the /function/loader directory: cloud.google.com/go/bigquery.

Updates cloud.google.com/go/bigquery from 1.65.0 to 1.77.0

Commits
  • 7cd2512 chore(main): release spanner 1.77.0 (#11634)
  • 28f0030 chore(all): fix out-of-sync version.go files (#11684)
  • 655de36 feat(spanner): Support REPEATABLE_READ for RW transaction (#11654)
  • 60dc167 fix(aiplatform): remove VertexAISearch.engine option (#11681)
  • 3f23a91 fix(aiplatform): An existing google.api.http annotation http_uri is changed...
  • e87cedc chore: remove resourcesettings (#11678)
  • d662a45 feat(spanner): add option for LastStatement in transaction (#11638)
  • 9e508d0 chore: release main (#11623)
  • 601e742 feat(bigquery/reservation): Add a new field replication_status to `.google....
  • 1eb601e chore(firestore): expose the Firestore.executePipeline API to the preview bra...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 1, 2025
@calebbrown

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot dependabot Bot changed the title Bump cloud.google.com/go/bigquery from 1.65.0 to 1.66.2 in /function/loader in the loader-minor-updates group across 1 directory Bump cloud.google.com/go/bigquery from 1.65.0 to 1.77.0 in /function/loader in the loader-minor-updates group across 1 directory May 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/function/loader/loader-minor-updates-a23c44717e branch from 83bedb0 to e8d0f63 Compare May 14, 2026 23:56
@calebbrown

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps the loader-minor-updates group with 1 update in the /function/loader directory: [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go).


Updates `cloud.google.com/go/bigquery` from 1.65.0 to 1.77.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@spanner/v1.65.0...spanner/v1.77.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-version: 1.66.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: loader-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/function/loader/loader-minor-updates-a23c44717e branch from e8d0f63 to b061bda Compare May 15, 2026 00:51
@calebbrown calebbrown enabled auto-merge (squash) May 15, 2026 00:54
@kusari-inspector

kusari-inspector Bot commented May 15, 2026

Copy link
Copy Markdown

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both independent analyses unanimously recommend proceeding. The dependency analysis confirms all 20 changes (19 updates, 1 removal) are clean with zero risk scores, no advisories, no vulnerabilities, and permissive licenses (Apache-2.0, BSD-3-Clause) across well-maintained Google Cloud, OpenTelemetry, gRPC, and genproto libraries. The removal of github.com/golang/groupcache further reduces attack surface. The code analysis confirms zero findings across all categories — no code issues, no exposed secrets, and no workflow concerns. Critically, this PR actively remediates two HIGH severity vulnerabilities: CVE-2026-33186 in google.golang.org/grpc and CVE-2025-22868 in golang.org/x/oauth2, with no new risks introduced on any updated version. The combined risk profile is strictly positive — merging this PR reduces the repository's vulnerability exposure with no offsetting security concerns.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: b061bda, performed at: 2026-05-15T01:07:09Z

Found this helpful? Give it a 👍 or 👎 reaction!

@calebbrown calebbrown merged commit 62f6e9b into main May 15, 2026
10 of 12 checks passed
@calebbrown calebbrown deleted the dependabot/go_modules/function/loader/loader-minor-updates-a23c44717e branch May 15, 2026 00:57
@kusari-inspector

Copy link
Copy Markdown

Kusari PR Analysis rerun based on - b061bda performed at: 2026-05-15T01:07:29Z - link to updated analysis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant