Skip to content

build(deps): bump the minor-and-patch group across 1 directory with 22 updates #466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump the minor-and-patch group across 1 directory with 22 updates #466

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 18, 2026
edited
Loading

Bumps the minor-and-patch group with 19 updates in the / directory:

Package From To
github.com/99designs/gqlgen 0.17.76 0.17.86
github.com/alitto/pond/v2 2.5.0 2.6.0
github.com/avast/retry-go/v4 4.6.1 4.7.0
github.com/aws/aws-sdk-go 1.55.7 1.55.8
github.com/docker/go-connections 0.5.0 0.6.0
github.com/getsentry/sentry-go 0.34.1 0.41.0
github.com/go-playground/validator/v10 10.27.0 10.30.1
github.com/golang-jwt/jwt/v5 5.2.3 5.3.0
github.com/jackc/pgx/v5 5.7.6 5.8.0
github.com/mattn/go-sqlite3 1.14.28 1.14.33
github.com/prometheus/client_golang 1.22.0 1.23.2
github.com/redis/go-redis/v9 9.16.0 9.17.2
github.com/rubenv/sql-migrate 1.8.0 1.8.1
github.com/sirupsen/logrus 1.9.3 1.9.4
github.com/spf13/cobra 1.9.1 1.10.2
github.com/spf13/viper 1.20.1 1.21.0
github.com/testcontainers/testcontainers-go 0.37.0 0.40.0
github.com/tetratelabs/wazero 1.10.1 1.11.0
github.com/vikstrous/dataloadgen 0.0.9 0.0.10

Updates github.com/99designs/gqlgen from 0.17.76 to 0.17.86

Release notes

Sourced from github.com/99designs/gqlgen's releases.

v0.17.86

What's Changed

New Contributors

Full Changelog: 99designs/gqlgen@v0.17.85...v0.17.86

v0.17.85

What's Changed

New Contributors

... (truncated)

Commits

Updates github.com/alitto/pond/v2 from 2.5.0 to 2.6.0

Release notes

Sourced from github.com/alitto/pond/v2's releases.

Release v2.6.0

What's Changed

Breaking Changes

  • Setting the queue size option to zero (0) via WithQueueSize(0) now disables the task queue altogether (all task submissions block until a worker becomes available unless the pool is set to non-blocking mode). Before this change, setting queue size to 0 would cause the queue to be unbounded. Pools are still unbounded by default, but now there's a constant that can be used to set queue size to unbounded explicitly. E.g. pond.NewPool(10, pond.WithQueueSize(pond.Unbounded)).

Full Changelog: alitto/pond@v2.5.0...v2.6.0

Commits
  • 505910b feat(optional-panic-recovery): Add option to disable panic recovery
  • e8bb01e feat(disable-queue): Allow disabling task queue by setting it to 0
  • 4503e79 Merge pull request #131 from alitto/dependabot/github_actions/actions/checkout-6
  • d53df42 chore(deps): bump actions/checkout from 5 to 6
  • de8edd9 Merge pull request #126 from alitto/dependabot/github_actions/actions/checkout-5
  • 52572db chore(deps): bump actions/checkout from 4 to 5
  • See full diff in compare view

Updates github.com/avast/retry-go/v4 from 4.6.1 to 4.7.0

Release notes

Sourced from github.com/avast/retry-go/v4's releases.

v4.7.0

What's Changed

New Contributors

Full Changelog: avast/retry-go@4.6.1...v4.7.0

Commits
  • 375037b bump version
  • 306fcee Merge pull request #142 from avast/go_1_25_test_environment
  • 0bdef9c ci(workflow): add Go version 1.25 to test matrix for expanded compatibility t...
  • 66013da Merge pull request #130 from StounhandJ/back_off_delay
  • 9e5d0d6 Merge pull request #129 from StounhandJ/master
  • 5068e50 Merge pull request #128 from amirrezafahimi/master
  • 22920c3 Merge pull request #136 from avast/dependabot/go_modules/github.com/stretchr/...
  • 459fade Bump github.com/stretchr/testify from 1.10.0 to 1.11.1
  • 6c62c20 BackOffDelay multiplies attempts from zero
  • e330bce no delay after final retry on max attempts
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.55.8 (2025-07-31)

SDK Features

  • Mark the module and all packages as deprecated.
    • This SDK has entered end-of-support.
Commits

Updates github.com/docker/go-connections from 0.5.0 to 0.6.0

Commits
  • 42faf79 Merge pull request #138 from thaJeztah/sockets_move_unix_options
  • 9ffab7e sockets: make NewUnixSocket, WithChown, WithChmod unix-only
  • 6bb1d15 Merge pull request #135 from thaJeztah/rename_test_files
  • b6c843d sockets: rename files to be considered test files
  • 80898b6 Merge pull request #133 from thaJeztah/deprecate_socket_dialpipe
  • a4399e5 socket: deprecate DialPipe
  • b071e04 Merge pull request #128 from thaJeztah/remove_old_cyphers
  • 578bfde Merge pull request #132 from thaJeztah/optimize_ParsePortSpec
  • deccd71 tlsconfig: align client and server defaults, remove weak CBC ciphers
  • 30b91c8 nat: ParsePortSpec: combine some conditions
  • Additional commits viewable in compare view

Updates github.com/getsentry/sentry-go from 0.34.1 to 0.41.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.41.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0.

Features

  • Add HTTP client integration for distributed tracing via sentryhttpclient package (#876)
    • Provides an http.RoundTripper implementation that automatically creates spans for outgoing HTTP requests
    • Supports trace propagation targets configuration via WithTracePropagationTargets option
    • Example usage: 
      import sentryhttpclient "github.com/getsentry/sentry-go/httpclient"
roundTripper := sentryhttpclient.NewSentryRoundTripper(nil)
client := &http.Client{
Transport: roundTripper,
}

  • Add ClientOptions.PropagateTraceparent option to control W3C traceparent header propagation in outgoing HTTP requests (#1161)
  • Add SpanID field to structured logs (#1169)

0.40.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.40.0.

Bug Fixes

  • Disable DisableTelemetryBuffer flag and noop Telemetry Buffer, to prevent a panic at runtime (#1149).

0.39.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.39.0.

Features

  • Drop events from the telemetry buffer when rate-limited or transport is full, allowing the buffer queue to empty itself under load (#1138).

Bug Fixes

  • Fix scheduler's hasWork() method to check if buffers are ready to flush. The previous implementation was causing CPU spikes (#1143).

0.38.0

Breaking Changes

Features

  • Introduce a new async envelope transport and telemetry buffer to prioritize and batch events (#1094, #1093, #1107).
    • Advantages:
      • Prioritized, per-category buffers (errors, transactions, logs, check-ins) reduce starvation and improve resilience under load
      • Batching for high-volume logs (up to 100 items or 5s) cuts network overhead
      • Bounded memory with eviction policies
      • Improved flush behavior with context-aware flushing
  • Add ClientOptions.DisableTelemetryBuffer to opt out and fall back to the legacy transport layer (HTTPTransport / HTTPSyncTransport).

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.41.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0.

Features

  • Add HTTP client integration for distributed tracing via sentryhttpclient package (#876)
    • Provides an http.RoundTripper implementation that automatically creates spans for outgoing HTTP requests
    • Supports trace propagation targets configuration via WithTracePropagationTargets option
    • Example usage: 
      import sentryhttpclient "github.com/getsentry/sentry-go/httpclient"
roundTripper := sentryhttpclient.NewSentryRoundTripper(nil)
client := &http.Client{
Transport: roundTripper,
}

  • Add ClientOptions.PropagateTraceparent option to control W3C traceparent header propagation in outgoing HTTP requests (#1161)
  • Add SpanID field to structured logs (#1169)

0.40.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.40.0.

Bug Fixes

  • Disable DisableTelemetryBuffer flag and noop Telemetry Buffer, to prevent a panic at runtime (#1149).

0.39.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.39.0.

Features

  • Drop events from the telemetry buffer when rate-limited or transport is full, allowing the buffer queue to empty itself under load (#1138).

Bug Fixes

  • Fix scheduler's hasWork() method to check if buffers are ready to flush. The previous implementation was causing CPU spikes (#1143).

0.38.0

Breaking Changes

Features

  • Introduce a new async envelope transport and telemetry buffer to prioritize and batch events (#1094, #1093, #1107).
    • Advantages:
      • Prioritized, per-category buffers (errors, transactions, logs, check-ins) reduce starvation and improve resilience under load

... (truncated)

Commits
  • 87e197c release: 0.41.0
  • a130ff1 chore: prepare 0.41.0 (#1172)
  • f3a5a3f feat: refactor log serialization to match docs (#1169)
  • 736c662 build(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.1 (#1164)
  • 30c8b2e build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.2.0 (#1165)
  • 335c5f1 build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 (#1163)
  • 77f5f7d build(deps): bump actions/checkout from 5 to 6 (#1162)
  • f5cdcd9 build(deps): bump actions/cache from 4 to 5 (#1166)
  • 8cb62cf feat: add propagateTraceparent option (#1161)
  • d7582e8 feat: add http client integration (#876)
  • Additional commits viewable in compare view

Updates github.com/go-playground/validator/v10 from 10.27.0 to 10.30.1

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

Release 10.30.1

What's Changed

New Contributors

Full Changelog: go-playground/validator@v10.30.0...v10.30.1

Release 10.30.0

What's Changed

New Contributors

Full Changelog: go-playground/validator@v10.29.0...v10.30.0

v10.29.0

What's Changed

New Contributors

... (truncated)

Commits

Updates github.com/golang-jwt/jwt/v5 from 5.2.3 to 5.3.0

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.0

This release is almost identical to to v5.2.3 but now correctly indicates Go 1.21 as minimum requirement.

What's Changed

Full Changelog: golang-jwt/jwt@v5.2.3...v5.3.0

Commits

Updates github.com/jackc/pgx/v5 from 5.7.6 to 5.8.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.8.0 (December 26, 2025)

  • Require Go 1.24+
  • Remove golang.org/x/crypto dependency
  • Add OptionShouldPing to control ResetSession ping behavior (ilyam8)
  • Fix: Avoid overflow when MaxConns is set to MaxInt32
  • Fix: Close batch pipeline after a query error (Anthonin Bonnefoy)
  • Faster shutdown of pgxpool.Pool background goroutines (Blake Gentry)
  • Add pgxpool ping timeout (Amirsalar Safaei)
  • Fix: Rows.FieldDescriptions for empty query
  • Scan unknown types into *any as string or []byte based on format code
  • Optimize pgtype.Numeric (Philip Dubé)
  • Add AfterNetConnect hook to pgconn.Config
  • Fix: Handle for preparing statements that fail during the Describe phase
  • Fix overflow in numeric scanning (Ilia Demianenko)
  • Fix: json/jsonb sql.Scanner source type is []byte
  • Migrate from math/rand to math/rand/v2 (Mathias Bogaert)
  • Optimize internal iobufpool (Mathias Bogaert)
  • Optimize stmtcache invalidation (Mathias Bogaert)
  • Fix: missing error case in interval parsing (Maxime Soulé)
  • Fix: invalidate statement/description cache in Exec (James Hartig)
  • ColumnTypeLength method return the type length for varbit type (DengChan)
  • Array and Composite codecs handle typed nils
Commits
  • fe8740a Release v5.8.0
  • e5dde5a Skip test on CockroachDB
  • 06f2d82 Remove trailing space
  • 2cf78dd Merge pull request #2448 from DengChan/column_type_lenth_varbit
  • 2d1c4ef Skip tests on CockroachDB
  • 1a5fa7f Array and Composite codecs handle typed nils
  • 5736d09 ColumnTypeLength method return the type length for varbit type.
  • 4c1308c Revert "stdlib matches native pgx scanning support"
  • 14ce2b7 Skip test on CockroachDB
  • 65b2724 Merge pull request #2443 from jameshartig/x-invalidate-cache-in-exec
  • Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.33

Commits

Updates github.com/prometheus/client_golang from 1.22.0 to 1.23.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.2 - 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.1...v1.23.2

v1.23.1 - 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.0...v1.23.1

v1.23.0 - 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.2 / 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

1.23.1 / 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

1.23.0 / 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729
Commits

Updates github.com/redis/go-redis/v9 from 9.16.0 to 9.17.2

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.17.2

🐛 Bug Fixes

  • Connection Pool: Fixed critical race condition in turn management that could cause connection leaks when dial goroutines complete after request timeout (#3626) by @​cyningsun
  • Context Timeout: Improved context timeout calculation to use minimum of remaining time and DialTimeout, preventing goroutines from waiting longer than necessary (#3626) by @​cyningsun

🧰 Maintenance

  • chore(deps): bump rojopolis/spellcheck-github-actions from 0.54.0 to 0.55.0 (#3627)

Contributors

We'd like to thank all the contributors who worked on this release!

@​cyningsun and @​ndyakov

9.17.1

🐛 Bug Fixes

🧰 Maintenance

  • chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#3609)
  • chore(deps): bump actions/checkout from 5 to 6 (#3610)
  • chore(script): fix help call in tag.sh (#3606) by @​ndyakov

Contributors

We'd like to thank all the contributors who worked on this release!

@​marcoferrer and @​ndyakov

9.17.0

🚀 Highlights

Redis 8.4 Support

Added support for Redis 8.4, including new commands and features (#3572)

Typed Errors

Introduced typed errors for better error handling using errors.As instead of string checks. Errors can now be wrapped and set to commands in hooks without breaking library functionality (#3602)

New Commands

@dependabot
build(deps): bump the minor-and-patch group across 1 directory with 2…
4b78971 
…2 updates

Bumps the minor-and-patch group with 19 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/99designs/gqlgen](https://github.com/99designs/gqlgen) | `0.17.76` | `0.17.86` |
| [github.com/alitto/pond/v2](https://github.com/alitto/pond) | `2.5.0` | `2.6.0` |
| [github.com/avast/retry-go/v4](https://github.com/avast/retry-go) | `4.6.1` | `4.7.0` |
| [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.55.7` | `1.55.8` |
| [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.5.0` | `0.6.0` |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.34.1` | `0.41.0` |
| [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.27.0` | `10.30.1` |
| [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.2.3` | `5.3.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.6` | `5.8.0` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.28` | `1.14.33` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.22.0` | `1.23.2` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.16.0` | `9.17.2` |
| [github.com/rubenv/sql-migrate](https://github.com/rubenv/sql-migrate) | `1.8.0` | `1.8.1` |
| [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.9.3` | `1.9.4` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.2` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.20.1` | `1.21.0` |
| [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.37.0` | `0.40.0` |
| [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero) | `1.10.1` | `1.11.0` |
| [github.com/vikstrous/dataloadgen](https://github.com/vikstrous/dataloadgen) | `0.0.9` | `0.0.10` |



Updates `github.com/99designs/gqlgen` from 0.17.76 to 0.17.86
- [Release notes](https://github.com/99designs/gqlgen/releases)
- [Changelog](https://github.com/99designs/gqlgen/blob/master/CHANGELOG.md)
- [Commits](99designs/gqlgen@v0.17.76...v0.17.86)

Updates `github.com/alitto/pond/v2` from 2.5.0 to 2.6.0
- [Release notes](https://github.com/alitto/pond/releases)
- [Commits](alitto/pond@v2.5.0...v2.6.0)

Updates `github.com/avast/retry-go/v4` from 4.6.1 to 4.7.0
- [Release notes](https://github.com/avast/retry-go/releases)
- [Commits](avast/retry-go@4.6.1...4.7.0)

Updates `github.com/aws/aws-sdk-go` from 1.55.7 to 1.55.8
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md)
- [Commits](aws/aws-sdk-go@v1.55.7...v1.55.8)

Updates `github.com/docker/go-connections` from 0.5.0 to 0.6.0
- [Commits](docker/go-connections@v0.5.0...v0.6.0)

Updates `github.com/getsentry/sentry-go` from 0.34.1 to 0.41.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.34.1...v0.41.0)

Updates `github.com/go-playground/validator/v10` from 10.27.0 to 10.30.1
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.27.0...v10.30.1)

Updates `github.com/golang-jwt/jwt/v5` from 5.2.3 to 5.3.0
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](golang-jwt/jwt@v5.2.3...v5.3.0)

Updates `github.com/jackc/pgx/v5` from 5.7.6 to 5.8.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.7.6...v5.8.0)

Updates `github.com/mattn/go-sqlite3` from 1.14.28 to 1.14.33
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.28...v1.14.33)

Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.22.0...v1.23.2)

Updates `github.com/redis/go-redis/v9` from 9.16.0 to 9.17.2
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/v9.17.2/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.16.0...v9.17.2)

Updates `github.com/rubenv/sql-migrate` from 1.8.0 to 1.8.1
- [Commits](rubenv/sql-migrate@v1.8.0...v1.8.1)

Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](sirupsen/logrus@v1.9.3...v1.9.4)

Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.2
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.9.1...v1.10.2)

Updates `github.com/spf13/viper` from 1.20.1 to 1.21.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.20.1...v1.21.0)

Updates `github.com/testcontainers/testcontainers-go` from 0.37.0 to 0.40.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.37.0...v0.40.0)

Updates `github.com/tetratelabs/wazero` from 1.10.1 to 1.11.0
- [Release notes](https://github.com/tetratelabs/wazero/releases)
- [Commits](wazero/wazero@v1.10.1...v1.11.0)

Updates `github.com/vektah/gqlparser/v2` from 2.5.30 to 2.5.31
- [Release notes](https://github.com/vektah/gqlparser/releases)
- [Commits](vektah/gqlparser@v2.5.30...v2.5.31)

Updates `github.com/vikstrous/dataloadgen` from 0.0.9 to 0.0.10
- [Commits](vikstrous/dataloadgen@v0.0.9...v0.0.10)

Updates `golang.org/x/term` from 0.33.0 to 0.38.0
- [Commits](golang/term@v0.33.0...v0.38.0)

Updates `golang.org/x/text` from 0.27.0 to 0.33.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.27.0...v0.33.0)

---
updated-dependencies:
- dependency-name: github.com/99designs/gqlgen
  dependency-version: 0.17.86
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/alitto/pond/v2
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/avast/retry-go/v4
  dependency-version: 4.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go
  dependency-version: 1.55.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/docker/go-connections
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.30.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.17.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/rubenv/sql-migrate
  dependency-version: 1.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/sirupsen/logrus
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/spf13/viper
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/tetratelabs/wazero
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/vektah/gqlparser/v2
  dependency-version: 2.5.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/vikstrous/dataloadgen
  dependency-version: 0.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/term
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/text
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 18, 2026
Copilot AI review requested due to automatic review settings January 18, 2026 02:10
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 18, 2026
Copilot AI reviewed Jan 18, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@socket-security
Copy link

socket-security bot commented Jan 18, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​aws/​aws-sdk-go@​v1.55.7 ⏵ v1.55.876 +110010050100
Updatedgithub.com/​prometheus/​client_golang@​v1.22.0 ⏵ v1.23.272 +1100100100100
Updatedgithub.com/​getsentry/​sentry-go@​v0.34.1 ⏵ v0.41.073 -8100100100100
Updatedgithub.com/​redis/​go-redis/​v9@​v9.16.0 ⏵ v9.17.274 +1100100100100
Updatedgithub.com/​jackc/​pgx/​v5@​v5.7.6 ⏵ v5.8.074 -2100100100100
Updatedgithub.com/​99designs/​gqlgen@​v0.17.76 ⏵ v0.17.8675100100100100
Updatedgithub.com/​mattn/​go-sqlite3@​v1.14.28 ⏵ v1.14.3396 -110010075100
Updatedgolang.org/​x/​text@​v0.27.0 ⏵ v0.33.078 +1100100100100
Updatedgithub.com/​go-playground/​validator/​v10@​v10.27.0 ⏵ v10.30.185100100100100
Updatedgithub.com/​tetratelabs/​wazero@​v1.10.1 ⏵ v1.11.086100100100100 +20
Updatedgithub.com/​testcontainers/​testcontainers-go@​v0.37.0 ⏵ v0.40.089 +1100100100100
Updatedgithub.com/​docker/​go-connections@​v0.5.0 ⏵ v0.6.095 -1100100100100
Updatedgithub.com/​spf13/​cobra@​v1.9.1 ⏵ v1.10.295 +1100100100100
Updatedgithub.com/​golang-jwt/​jwt/​v5@​v5.2.3 ⏵ v5.3.098100100100100
Updatedgithub.com/​sirupsen/​logrus@​v1.9.3 ⏵ v1.9.498 +1100100100100
Updatedgithub.com/​avast/​retry-go/​v4@​v4.6.1 ⏵ v4.7.099 +1100100100100
Updatedgithub.com/​spf13/​viper@​v1.20.1 ⏵ v1.21.099 +1100100100100
Updatedgithub.com/​vektah/​gqlparser/​v2@​v2.5.30 ⏵ v2.5.3199100100100100
Updatedgithub.com/​rubenv/​sql-migrate@​v1.8.0 ⏵ v1.8.1100100100100100
Updatedgolang.org/​x/​term@​v0.33.0 ⏵ v0.38.0100 +1100100100100
Updatedgithub.com/​vikstrous/​dataloadgen@​v0.0.9 ⏵ v0.0.10100100100100100
Updatedgithub.com/​alitto/​pond/​v2@​v2.5.0 ⏵ v2.6.0100100100100100

View full report

@socket-security
Copy link

socket-security bot commented Jan 18, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: golang dario.cat/mergo under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/testcontainers/[email protected]golang/dario.cat/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/dario.cat/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/aws/aws-sdk-go under Apache-2.0 AND BSD-3-Clause

Location: Package overview

From: go.modgolang/github.com/aws/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/aws/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/docker/docker

Location: Package overview

From: ?golang/github.com/stellar/[email protected]golang/github.com/testcontainers/[email protected]golang/github.com/docker/[email protected]+incompatible

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/docker/[email protected]+incompatible. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/ebitengine/purego under Apache-2.0 AND BSD-3-Clause

Location: Package overview

From: ?golang/github.com/testcontainers/[email protected]golang/github.com/ebitengine/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/ebitengine/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/fsnotify/fsnotify under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/spf13/[email protected]golang/github.com/fsnotify/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/fsnotify/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/mattn/go-sqlite3 under BSD-3-Clause AND MIT

Location: Package overview

From: go.modgolang/github.com/mattn/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/mattn/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/prometheus/client_golang under Apache-2.0 AND BSD-3-Clause

Location: Package overview

From: go.modgolang/github.com/prometheus/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/prometheus/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/shirou/gopsutil/v4

Location: Package overview

From: ?golang/github.com/testcontainers/[email protected]golang/github.com/shirou/gopsutil/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/shirou/gopsutil/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/spf13/pflag under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/[email protected]golang/github.com/spf13/[email protected]golang/github.com/stellar/[email protected]golang/github.com/spf13/[email protected]golang/github.com/spf13/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/spf13/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang github.com/vektah/gqlparser/v2 under BSD-3-Clause AND MIT

Location: Package overview

From: go.modgolang/github.com/vektah/gqlparser/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/vektah/gqlparser/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/crypto under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/[email protected]golang/github.com/go-playground/validator/[email protected]golang/github.com/prometheus/[email protected]golang/github.com/stellar/[email protected]golang/github.com/testcontainers/[email protected]golang/golang.org/x/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/net under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/[email protected]golang/github.com/go-playground/validator/[email protected]golang/github.com/prometheus/[email protected]golang/github.com/stellar/[email protected]golang/github.com/testcontainers/[email protected]golang/golang.org/x/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/sync under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/[email protected]golang/github.com/jackc/pgx/[email protected]golang/github.com/prometheus/[email protected]golang/github.com/stellar/[email protected]golang/golang.org/x/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/sys under BSD-3-Clause

Location: Package overview

From: ?golang/golang.org/x/[email protected]golang/github.com/stellar/[email protected]golang/github.com/tetratelabs/[email protected]golang/github.com/go-playground/validator/[email protected]golang/github.com/sirupsen/[email protected]golang/github.com/getsentry/[email protected]golang/github.com/docker/[email protected]golang/github.com/dgraph-io/ristretto/[email protected]golang/github.com/prometheus/[email protected]golang/github.com/spf13/[email protected]golang/github.com/stellar/[email protected]golang/github.com/testcontainers/[email protected]golang/golang.org/x/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/term under BSD-3-Clause

Location: Package overview

From: go.modgolang/golang.org/x/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/text under BSD-3-Clause

Location: Package overview

From: go.modgolang/golang.org/x/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang google.golang.org/protobuf under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/[email protected]golang/github.com/99designs/[email protected]golang/github.com/prometheus/[email protected]golang/github.com/stellar/[email protected]golang/google.golang.org/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/google.golang.org/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 25, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 25, 2026
@dependabot dependabot bot deleted the dependabot/go_modules/minor-and-patch-bd57508866 branch January 25, 2026 02:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants