Skip to content

deps: bump the go-dependencies group across 1 directory with 6 updates#68

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-108873bf4e
Open

deps: bump the go-dependencies group across 1 directory with 6 updates#68
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-108873bf4e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 7, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 6 updates in the / directory:

Package From To
github.com/go-git/go-billy/v5 5.8.0 5.9.0
github.com/hanwen/go-fuse/v2 2.9.0 2.10.1
github.com/jackc/pgx/v5 5.9.2 5.10.0
github.com/testcontainers/testcontainers-go/modules/postgres 0.41.0 0.42.0
github.com/willscott/go-nfs 0.0.3 0.0.4
go.uber.org/zap 1.27.1 1.28.0

Updates github.com/go-git/go-billy/v5 from 5.8.0 to 5.9.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.9.0

What's Changed

Full Changelog: go-git/go-billy@v5.8.0...v5.9.0

Commits
  • 237e529 Merge pull request #206 from pjbgf/v5-improvements
  • 04edb39 build: Add go-git integration test
  • d8efefd osfs: preserve empty ChrootOS base
  • 07f2a0b Merge pull request #205 from pjbgf/v5-improvements
  • 25207c8 build: Bump Go versions in workflows
  • 2fda229 osfs: ChrootOS eval baseDir on creation
  • 427b27f Merge pull request #203 from pjbgf/v5-improvements
  • 7d5a23e chroot: Reject symlink loops
  • 2c2287a util: avoid following symlinks in RemoveAll fallback
  • cbd88e9 Fix mount path handling
  • Additional commits viewable in compare view

Updates github.com/hanwen/go-fuse/v2 from 2.9.0 to 2.10.1

Commits
  • 1d16325 virtiofs: skip tests if qemu not available
  • 0c71566 README: document change
  • a77f008 virtiofs: add TestPosixtest — run posixtest suite inside a QEMU VM against vi...
  • d9be790 virtiofs: serve fuse.RawFileSystem to a VM directly
  • 4640dfc vhostuser: vhost server for virtioFS
  • 344ca7b fuse: public type ProtocolServer
  • 3e80db7 posixtest: minor cleanup
  • 58616b5 fuse: set up request output payload sizes early
  • 496352e fuse: fix filename()
  • 3bcfa7d posixtest: cover getxattr with nil buffer
  • Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

  • Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
  • Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
  • Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
  • Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
  • pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

  • Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
  • Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
  • Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
  • Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
  • Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
  • Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

  • Fix scanning "char" (OID 18) into *string in binary format (luongs3)
  • Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
  • Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
  • Fix data race when context is cancelled during connect
  • Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
  • pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
  • pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
  • pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
  • Add missing error check of rows.Err to load types (Jen Altavilla)
Commits
  • 7293fb1 Update changelog for v5.10.0
  • 1ade285 pgconn: document secure connection configuration
  • b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
  • 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
  • b28e65b pgtype: bound array element count against remaining message bytes
  • cd1f389 pgtype: bound array binary decode element length against remaining bytes
  • ff27b5b pgtype: bound hstore binary decode against malicious server input
  • a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
  • 44f6173 pgconn: cap server-supplied SCRAM iteration count
  • 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
  • Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/postgres from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/postgres's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

  • fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

📦 Dependency updates

  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
  • chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
  • chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
  • chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
  • chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
  • chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
  • chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
  • chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
  • fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
  • chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
  • chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
  • chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
  • chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
  • chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits
  • 6e58418 chore: use new version (v0.42.0) in modules and examples
  • f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
  • fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
  • 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
  • 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
  • 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
  • Additional commits viewable in compare view

Updates github.com/willscott/go-nfs from 0.0.3 to 0.0.4

Release notes

Sourced from github.com/willscott/go-nfs's releases.

v0.0.4

What's Changed

New Contributors

Full Changelog: willscott/go-nfs@v0.0.3...v0.0.4

Commits
  • 209a01f Merge pull request #149 from ncw/fix-eof
  • 275aeb9 nfs: fix EOF flag in READ response not being set when read reaches end of file
  • 527fb18 Use rwmutex to make reverseHandles map safe for concurrent access (#146)
  • 28bb217 map errors to NFS errors (#145)
  • See full diff in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.
Commits
  • 5b81b37 release v1.28.0 (#1547)
  • 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
  • d278c59 [chore] CI: test on Go 1.26 (#1535)
  • 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the go-dependencies group across 1 directory with 6 updates
26238b7 
Bumps the go-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.8.0` | `5.9.0` |
| [github.com/hanwen/go-fuse/v2](https://github.com/hanwen/go-fuse) | `2.9.0` | `2.10.1` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` |
| [github.com/testcontainers/testcontainers-go/modules/postgres](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` |
| [github.com/willscott/go-nfs](https://github.com/willscott/go-nfs) | `0.0.3` | `0.0.4` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |



Updates `github.com/go-git/go-billy/v5` from 5.8.0 to 5.9.0
- [Release notes](https://github.com/go-git/go-billy/releases)
- [Commits](go-git/go-billy@v5.8.0...v5.9.0)

Updates `github.com/hanwen/go-fuse/v2` from 2.9.0 to 2.10.1
- [Commits](hanwen/go-fuse@v2.9.0...v2.10.1)

Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.2...v5.10.0)

Updates `github.com/testcontainers/testcontainers-go/modules/postgres` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0)

Updates `github.com/willscott/go-nfs` from 0.0.3 to 0.0.4
- [Release notes](https://github.com/willscott/go-nfs/releases)
- [Commits](willscott/go-nfs@v0.0.3...v0.0.4)

Updates `go.uber.org/zap` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.1...v1.28.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
  dependency-version: 5.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/hanwen/go-fuse/v2
  dependency-version: 2.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/testcontainers/testcontainers-go/modules/postgres
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/willscott/go-nfs
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: go.uber.org/zap
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants