Skip to content

Bump the gomod group across 1 directory with 4 updates#44

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-61c81fff92
Open

Bump the gomod group across 1 directory with 4 updates#44
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-61c81fff92

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the gomod group with 4 updates in the / directory: github.com/authzed/authzed-go, github.com/ccoveille/go-safecast/v2, github.com/rs/zerolog and google.golang.org/grpc.

Updates github.com/authzed/authzed-go from 1.8.0 to 1.10.0

Release notes

Sourced from github.com/authzed/authzed-go's releases.

v1.10.0

What's Changed

Full Changelog: authzed/authzed-go@v1.9.0...v1.10.0

v1.9.0

What's Changed

Full Changelog: authzed/authzed-go@v1.8.0...v1.9.0

Commits
  • 9f795e9 Merge pull request #418 from authzed/add-zedtoken-to-download-api
  • 2d81536 chore: vendor at_revision zedtoken on DownloadPermissionSetsResponse
  • 2f0956f chore: vendor LR debug change (#416)
  • 895bdef chore(deps): bump the go-mod group with 4 updates (#413)
  • 2e1a803 chore(deps): bump the go-mod group with 2 updates (#411)
  • 0b55457 Merge pull request #410 from authzed/fix/golangci-lint-deps
  • 3e9cddb fix: Add missing regenerate proto call
  • 4bf68ab chore(deps): Isolate tool deps from main module's go.mod
  • a85c88c Merge pull request #409 from authzed/fix/tools-directive
  • 73901ce chore(deps): Replace tools.go with go.mod tool directive
  • Additional commits viewable in compare view

Updates github.com/ccoveille/go-safecast/v2 from 2.0.0 to 2.0.1

Release notes

Sourced from github.com/ccoveille/go-safecast/v2's releases.

v2.0.1

What's Changed

Fixes

Minor

New Contributors

Full Changelog: ccoVeille/go-safecast@v2.0.0...v2.0.1

Commits
  • edf6347 chore: add tests for floats rounding to zero
  • bc04d2b chore: move tiny floats test to the right place
  • f57f503 chore: simplify sign check for small negative floats
  • 51825a0 fix type in test
  • 36013fd Fix issue #144: Small floats are incorrectly rejected
  • a401ef5 build(deps): bump crate-ci/typos from 1.46.2 to 1.46.3 in the all group
  • ce6b413 build(deps): bump the all group with 2 updates
  • e591b21 docs: Fix typo in comment
  • 38b4891 build(deps): bump the all group with 2 updates
  • 7569636 build(deps): bump crate-ci/typos from 1.45.0 to 1.45.1 in the all group
  • Additional commits viewable in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

Updates google.golang.org/grpc from 1.80.0 to 1.82.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.82.0

Behavior Changes

  • server: Remove support for GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING environment varibale. Strict incoming RPC path validation (which has been the default since v1.79.3) can no longer be disabled. (#9112)
  • transport: Add environment variable to change the default max header list size from 16MB to 8KB. This may be enabled by setting GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true. This will be enabled by default in a subsequent release. (#9019)
  • balancer: Load Balancing policy registry is now case-sensitive. Set GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false (and file an issue) to revert to case-insensitive behavior. (#9017)

New Features

  • experimental/stats: Expose a new API, NewContextWithLabelCallback, to register a callback that is invoked when telemetry labels are added. (#8877)
  • client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (#8929)
  • server: Add environment variable GRPC_GO_SERVER_GOROUTINE_LABELS that controls setting runtime/pprof.Labels on goroutines spawned by the server. Set GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true to add the grpc.method label on goroutines spawned to handle incoming requests. (#9082)

Bug Fixes

  • xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (#9138)
  • grpc: In the deprecated gzip Compressor (used via the deprecated WithCompressor dial option), enforce the MaxRecvMsgSize limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (#9114)
  • stats/opentelemetry: Record retry attempts, grpc.previous-rpc-attempts, at the call level and not the attempt level. (#8923)
  • encoding: Ensure Close() is always called on readers returned from Compressor.Decompress if possible. (#9135)
  • channelz: Fix the LastMessageSentTimestamp and LastMessageReceivedTimestamp fields in SocketMetrics to ensure they contain correct timestamp values. (#9109)

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

... (truncated)

Commits
  • bd23985 Change version to 1.82.0 (#9170)
  • 0f3086d Fix minor issues not covered by PR #9137 (#9147)
  • fef07fb internal: Split v3procservicepb import into pb and grpc for extproc (#9163)
  • 91dd64f transport: surface subsequent data when receiving non-gRPC header (#8929)
  • adc97de test/kokoro: add config for regional-td test (#9158)
  • 57c9ff1 xds: ensure full-string matching for RBAC Filter rules (#9148)
  • b58f32d server: Set a pprof label on new stream goroutines (#9082)
  • 6c98be3 refactor(transport): extract shared stream state handling logic in `loopyWrit...
  • bcaa6f4 rls: only reset backoff on recovery from TRANSIENT_FAILURE (#9137)
  • 429e6e0 balancer: expose endpoint weight and hostname as experimental APIs (#9074)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the area/dependencies Affects dependencies label Jun 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/gomod-61c81fff92 branch from c16035b to 7b36728 Compare June 23, 2026 11:07
Bumps the gomod group with 4 updates in the / directory: [github.com/authzed/authzed-go](https://github.com/authzed/authzed-go), [github.com/ccoveille/go-safecast/v2](https://github.com/ccoveille/go-safecast), [github.com/rs/zerolog](https://github.com/rs/zerolog) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `github.com/authzed/authzed-go` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/authzed/authzed-go/releases)
- [Commits](authzed/authzed-go@v1.8.0...v1.10.0)

Updates `github.com/ccoveille/go-safecast/v2` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/ccoveille/go-safecast/releases)
- [Commits](ccoVeille/go-safecast@v2.0.0...v2.0.1)

Updates `github.com/rs/zerolog` from 1.35.0 to 1.35.1
- [Commits](rs/zerolog@v1.35.0...v1.35.1)

Updates `google.golang.org/grpc` from 1.80.0 to 1.82.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.80.0...v1.82.0)

---
updated-dependencies:
- dependency-name: github.com/authzed/authzed-go
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/ccoveille/go-safecast/v2
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/rs/zerolog
  dependency-version: 1.35.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: google.golang.org/grpc
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/gomod-61c81fff92 branch from 7b36728 to 6a09a02 Compare July 1, 2026 04:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependencies Affects dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants