Bump cloud.google.com/go/bigquery from 1.65.0 to 1.77.0 in /function/loader in the loader-minor-updates group across 1 directory#1104
Conversation
|
@dependabot rebase |
83bedb0 to
e8d0f63
Compare
|
@dependabot rebase |
Bumps the loader-minor-updates group with 1 update in the /function/loader directory: [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/bigquery` from 1.65.0 to 1.77.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@spanner/v1.65.0...spanner/v1.77.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-version: 1.66.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: loader-minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>
e8d0f63 to
b061bda
Compare
Kusari Analysis Results:
Both independent analyses unanimously recommend proceeding. The dependency analysis confirms all 20 changes (19 updates, 1 removal) are clean with zero risk scores, no advisories, no vulnerabilities, and permissive licenses (Apache-2.0, BSD-3-Clause) across well-maintained Google Cloud, OpenTelemetry, gRPC, and genproto libraries. The removal of github.com/golang/groupcache further reduces attack surface. The code analysis confirms zero findings across all categories — no code issues, no exposed secrets, and no workflow concerns. Critically, this PR actively remediates two HIGH severity vulnerabilities: CVE-2026-33186 in google.golang.org/grpc and CVE-2025-22868 in golang.org/x/oauth2, with no new risks introduced on any updated version. The combined risk profile is strictly positive — merging this PR reduces the repository's vulnerability exposure with no offsetting security concerns. Note View full detailed analysis result for more information on the output and the checks that were run.
Found this helpful? Give it a 👍 or 👎 reaction! |
|
Kusari PR Analysis rerun based on - b061bda performed at: 2026-05-15T01:07:29Z - link to updated analysis |
Bumps the loader-minor-updates group with 1 update in the /function/loader directory: cloud.google.com/go/bigquery.
Updates
cloud.google.com/go/bigqueryfrom 1.65.0 to 1.77.0Commits
7cd2512chore(main): release spanner 1.77.0 (#11634)28f0030chore(all): fix out-of-sync version.go files (#11684)655de36feat(spanner): Support REPEATABLE_READ for RW transaction (#11654)60dc167fix(aiplatform): remove VertexAISearch.engine option (#11681)3f23a91fix(aiplatform): An existing google.api.http annotationhttp_uriis changed...e87cedcchore: remove resourcesettings (#11678)d662a45feat(spanner): add option for LastStatement in transaction (#11638)9e508d0chore: release main (#11623)601e742feat(bigquery/reservation): Add a new fieldreplication_statusto `.google....1eb601echore(firestore): expose the Firestore.executePipeline API to the preview bra...