Skip to content

🌱(deps): Bump the all-go-deps group across 1 directory with 4 updates#542

Merged
roger2hk merged 1 commit into
mainfrom
dependabot/go_modules/all-go-deps-a063a4f9bd
May 18, 2026
Merged

🌱(deps): Bump the all-go-deps group across 1 directory with 4 updates#542
roger2hk merged 1 commit into
mainfrom
dependabot/go_modules/all-go-deps-a063a4f9bd

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Bumps the all-go-deps group with 4 updates in the / directory: golang.org/x/mod, golang.org/x/net, google.golang.org/api and google.golang.org/grpc.

Updates golang.org/x/mod from 0.35.0 to 0.36.0

Commits
  • 643da9b go.mod: update golang.org/x dependencies
  • ccc3cdf zip: include 'but content has correct sum' note in TestVCS
  • ab30318 zip: update zip hashes for new flate compression
  • See full diff in compare view

Updates golang.org/x/net from 0.53.0 to 0.54.0

Commits
  • b138e06 go.mod: update golang.org/x dependencies
  • 689f70a quic: fix wrong final size being used for RESET_STREAM frame
  • 208f306 http3: increase handshake timeout
  • 49810da http2: enable net/http wrapping when go >= 1.27
  • 5e11a5a quic: fix data race in streamForFrame
  • 8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
  • fc7b466 http2: add http2wrap test
  • 15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
  • 6465188 http2: add wrapped Server
  • 72f419a http2: add wrapped ClientConn
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.278.0 to 0.279.0

Release notes

Sourced from google.golang.org/api's releases.

v0.279.0

0.279.0 (2026-05-12)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.279.0 (2026-05-12)

Features

Commits
  • e446d4c chore(main): release 0.279.0 (#3586)
  • d4241ea feat(all): auto-regenerate discovery clients (#3590)
  • 8452ed1 chore(all): update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (...
  • e87e376 feat(all): auto-regenerate discovery clients (#3587)
  • 09db0e3 feat(all): auto-regenerate discovery clients (#3585)
  • See full diff in compare view

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
🌱(deps): Bump the all-go-deps group across 1 directory with 4 updates
7bb21c9 
Bumps the all-go-deps group with 4 updates in the / directory: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/net](https://github.com/golang/net), [google.golang.org/api](https://github.com/googleapis/google-api-go-client) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
- [Commits](golang/mod@v0.35.0...v0.36.0)

Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](golang/net@v0.53.0...v0.54.0)

Updates `google.golang.org/api` from 0.278.0 to 0.279.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.278.0...v0.279.0)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-deps
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-deps
- dependency-name: google.golang.org/api
  dependency-version: 0.279.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-deps
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 18, 2026
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 18, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 24.91%. Comparing base (d76c213) to head (7bb21c9).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #542   +/-   ##
=======================================
  Coverage   24.91%   24.91%           
=======================================
  Files          30       30           
  Lines        2107     2107           
=======================================
  Hits          525      525           
  Misses       1488     1488           
  Partials       94       94

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@roger2hk roger2hk merged commit dfefd76 into main May 18, 2026
14 checks passed
@roger2hk roger2hk deleted the dependabot/go_modules/all-go-deps-a063a4f9bd branch May 18, 2026 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roger2hk roger2hk roger2hk approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @roger2hk