Skip to content

fix(deps): bump the external group across 1 directory with 5 updates#3694

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/sdk/external-f5815c3a6d
Open

fix(deps): bump the external group across 1 directory with 5 updates#3694
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/sdk/external-f5815c3a6d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the external group with 3 updates in the /sdk directory: connectrpc.com/grpchealth, github.com/lestrrat-go/jwx/v2 and google.golang.org/grpc.

Updates connectrpc.com/grpchealth from 1.4.0 to 1.5.0

Release notes

Sourced from connectrpc.com/grpchealth's releases.

v1.5.0

What's Changed

Governance

Add @​timostamm as a maintainer in connectrpc/grpchealth-go#80 🎉

Enhancements

Other changes

Full Changelog: connectrpc/grpchealth-go@v1.4.0...v1.5.0

Commits

Updates github.com/lestrrat-go/jwx/v2 from 2.1.6 to 2.1.7

Changelog

Sourced from github.com/lestrrat-go/jwx/v2's changelog.

v2.1.7 30 Jun 2026

  • This module is now deprecated. v2 is no longer maintained; please migrate to github.com/lestrrat-go/jwx/v4 or github.com/lestrrat-go/jwx/v3. The go.mod deprecation notice causes go get and pkg.go.dev to flag this module as deprecated.
Commits
  • f818e26 Merge branch 'develop/v2' into v2
  • 15997a7 release v2.1.7
  • 4b065d7 build(deps): bump actions/cache from 6.0.0 to 6.1.0 (#2237)
  • 1da7d9b build(deps): bump actions/setup-go from 6.4.0 to 6.5.0 (#2229)
  • acff097 build(deps): bump actions/cache from 5 to 6 (#2228)
  • 4e33541 build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#2225)
  • 11d9ac0 build(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 (#2191)
  • 3314202 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#2183)
  • 5b7fe02 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#2178)
  • 273a5e4 build(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#2177)
  • Additional commits viewable in compare view

Updates golang.org/x/text from 0.37.0 to 0.38.0

Commits

Updates golang.org/x/tools from 0.44.0 to 0.45.0

Commits
  • 2aabba0 go.mod: update golang.org/x dependencies
  • ef989b3 go/types/internal/play: show Info.Instances[Ident]
  • 21d44f2 go/analysis/passes/inline: document skipping of TestF->F calls
  • ec83c21 go/analysis/passes/modernize: minmax: only remove exact userdefined
  • 5625353 go/analysis/passes/modernize: improve value variable name generation
  • 15a3bd5 gopls/internal/analysis/errorsastype: imporove example clarity
  • cd57ef8 go/packages: include dependency errors when CompiledGoFiles is missing
  • 053fdbc go/analysis/passes/modernize: minmax: fix pure operands only
  • bf84681 go/analysis/passes/errorsas: add example of invalid errors.As use
  • 23921d1 gopls: add errorsastype analyzer
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.81.1 to 1.82.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.82.0

Behavior Changes

  • server: Remove support for GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING environment varibale. Strict incoming RPC path validation (which has been the default since v1.79.3) can no longer be disabled. (#9112)
  • transport: Add environment variable to change the default max header list size from 16MB to 8KB. This may be enabled by setting GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true. This will be enabled by default in a subsequent release. (#9019)
  • balancer: Load Balancing policy registry is now case-sensitive. Set GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false (and file an issue) to revert to case-insensitive behavior. (#9017)

New Features

  • experimental/stats: Expose a new API, NewContextWithLabelCallback, to register a callback that is invoked when telemetry labels are added. (#8877)
  • client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (#8929)
  • server: Add environment variable GRPC_GO_SERVER_GOROUTINE_LABELS that controls setting runtime/pprof.Labels on goroutines spawned by the server. Set GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true to add the grpc.method label on goroutines spawned to handle incoming requests. (#9082)

Bug Fixes

  • xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (#9138)
  • grpc: In the deprecated gzip Compressor (used via the deprecated WithCompressor dial option), enforce the MaxRecvMsgSize limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (#9114)
  • stats/opentelemetry: Record retry attempts, grpc.previous-rpc-attempts, at the call level and not the attempt level. (#8923)
  • encoding: Ensure Close() is always called on readers returned from Compressor.Decompress if possible. (#9135)
  • channelz: Fix the LastMessageSentTimestamp and LastMessageReceivedTimestamp fields in SocketMetrics to ensure they contain correct timestamp values. (#9109)
Commits
  • bd23985 Change version to 1.82.0 (#9170)
  • 0f3086d Fix minor issues not covered by PR #9137 (#9147)
  • fef07fb internal: Split v3procservicepb import into pb and grpc for extproc (#9163)
  • 91dd64f transport: surface subsequent data when receiving non-gRPC header (#8929)
  • adc97de test/kokoro: add config for regional-td test (#9158)
  • 57c9ff1 xds: ensure full-string matching for RBAC Filter rules (#9148)
  • b58f32d server: Set a pprof label on new stream goroutines (#9082)
  • 6c98be3 refactor(transport): extract shared stream state handling logic in `loopyWrit...
  • bcaa6f4 rls: only reset backoff on recovery from TRANSIENT_FAILURE (#9137)
  • 429e6e0 balancer: expose endpoint weight and hostname as experimental APIs (#9074)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 30, 2026
@dependabot dependabot Bot requested review from a team as code owners June 30, 2026 17:53
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 30, 2026
@github-actions github-actions Bot added comp:sdk A software development kit, including library, for client applications and inter-service communicati size/s labels Jun 30, 2026
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 209.27333ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 113.836556ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 416.476047ms
Throughput 240.11 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 45.084562481s
Average Latency 449.156613ms
Throughput 110.90 requests/second

@dependabot dependabot Bot force-pushed the dependabot/go_modules/sdk/external-f5815c3a6d branch from 04cb6a7 to 62248bc Compare July 1, 2026 17:54
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 205.432403ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 106.361013ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 412.590336ms
Throughput 242.37 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 44.979761477s
Average Latency 448.338449ms
Throughput 111.16 requests/second

@dependabot dependabot Bot force-pushed the dependabot/go_modules/sdk/external-f5815c3a6d branch from 62248bc to 2aba4ab Compare July 2, 2026 13:40
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 302.987986ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 108.378962ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 584.183616ms
Throughput 171.18 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 44.991593791s
Average Latency 447.778238ms
Throughput 111.13 requests/second

Bumps the external group with 3 updates in the /sdk directory: [connectrpc.com/grpchealth](https://github.com/connectrpc/grpchealth-go), [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `connectrpc.com/grpchealth` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/connectrpc/grpchealth-go/releases)
- [Commits](connectrpc/grpchealth-go@1.4.0...v1.5.0)

Updates `github.com/lestrrat-go/jwx/v2` from 2.1.6 to 2.1.7
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/v2.1.7/Changes)
- [Commits](lestrrat-go/jwx@v2.1.6...v2.1.7)

Updates `golang.org/x/text` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.37.0...v0.38.0)

Updates `golang.org/x/tools` from 0.44.0 to 0.45.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.44.0...v0.45.0)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.0)

---
updated-dependencies:
- dependency-name: connectrpc.com/grpchealth
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
- dependency-name: github.com/lestrrat-go/jwx/v2
  dependency-version: 2.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: external
- dependency-name: golang.org/x/text
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
- dependency-name: golang.org/x/tools
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/sdk/external-f5815c3a6d branch from 2aba4ab to a9e68d1 Compare July 3, 2026 17:53
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • examples
  • otdfctl
  • sdk
  • service
  • lib/fixtures
  • tests-bdd

See the workflow run for details.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 211.526154ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 107.447314ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 445.905956ms
Throughput 224.26 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 45.908249738s
Average Latency 457.020384ms
Throughput 108.91 requests/second

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp:sdk A software development kit, including library, for client applications and inter-service communicati dependencies Pull requests that update a dependency file go Pull requests that update Go code size/s

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants