Build: Bump the go group across 1 directory with 8 updates #1116

dependabot · 2025-05-26T04:09:02Z

Bumps the go group with 8 updates in the / directory:

Package	From	To
github.com/ProtonMail/go-crypto	`1.2.0`	`1.3.0`
github.com/labstack/echo/v4	`4.13.3`	`4.13.4`
gorm.io/gorm	`1.26.1`	`1.30.0`
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs	`1.49.0`	`1.50.0`
github.com/aws/aws-sdk-go-v2/service/s3	`1.79.3`	`1.79.4`
github.com/content-services/zest/release/v2025	`2025.5.1746754376`	`2025.5.1747750822`
github.com/getsentry/sentry-go	`0.32.0`	`0.33.0`
github.com/jackc/pgx/v5	`5.7.4`	`5.7.5`

Updates github.com/ProtonMail/go-crypto from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.3.0

What's Changed

API v2: Tolerate invalid key signatures if one verifies in ProtonMail/go-crypto#284

Enforce acceptable hash functions in clearsign in ProtonMail/go-crypto#281

Allow to set a decompressed message size limit in ProtonMail/go-crypto#285

API v1: Only allow acceptable hashes when writing signatures in ProtonMail/go-crypto#286

Full Changelog: ProtonMail/go-crypto@v1.2.0...v1.3.0

Release v1.3.0-proton

This release is v1.3.0 with support for the following non-standardized features:

Presistent symmetric keys experimental + latest draft draft-ietf-openpgp-persistent-symmetric-keys-00

Automatic forwarding draft-wussler-openpgp-forwarding-00

Post-quantum algorithms draft-ietf-openpgp-pqc (Updated to draft-ietf-openpgp-pqc-09)

Commits

3b22d85 Merge pull request #286 from ProtonMail/feat/v1-api-enforce-signature-hashes
a9af95c feat(v1): Only allow acceptable hashes when writing signatures
3c60603 Merge pull request #285 from ProtonMail/feat/decompression-size-limit
d664700 feat: Allow to set a decompressed size limit
e1ea40e Merge pull request #281 from ProtonMail/fix/clearsign-check-hash
9cd4c3a feat(clearsign): Write complete legacy hash header
244eb1c fix(clearsign): Enforce acceptable hash functions in clearsign
a994e32 Merge pull request #284 from ProtonMail/feat/less-restrictive-key-signature
8fe0e95 feat(v2): Tolerate invalid key signatures if one passes
See full diff in compare view

Updates github.com/labstack/echo/v4 from 4.13.3 to 4.13.4

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.13.4

What's Changed

chore: fix some typos in comment by @zhuhaicity in labstack/echo#2735

CI: test with Go 1.24 by @aldas in labstack/echo#2748

Add support for TLS WebSocket proxy by @t-ibayashi-safie in labstack/echo#2762

Security

Update dependencies for GO-2025-3487, GO-2025-3503 and GO-2025-3595 in labstack/echo#2780

New Contributors

@zhuhaicity made their first contribution in labstack/echo#2735

@t-ibayashi-safie made their first contribution in labstack/echo#2762

Full Changelog: labstack/echo@v4.13.3...v4.13.4

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.13.4 - 2025-05-22

Enhancements

chore: fix some typos in comment by @zhuhaicity in labstack/echo#2735

CI: test with Go 1.24 by @aldas in labstack/echo#2748

Add support for TLS WebSocket proxy by @t-ibayashi-safie in labstack/echo#2762

Security

Update dependencies for GO-2025-3487, GO-2025-3503 and GO-2025-3595 in labstack/echo#2780

Commits

98ca08e Improve changelog for 4.13.4 (#2783)
f24aaff Revert "CORS: reject requests with 401 for non-preflight request with not mat...
9f50a65 Changelog for 4.13.4 (#2781)
d735cb6 Upgrade dependencies (#2780)
de44c53 Add support for TLS WebSocket proxy (#2762)
c44f628 CI: test with Go 1.24 (#2748)
ce0b12a chore: fix some typos in comment (#2735)
ee3e129 CORS: reject requests with 401 for non-preflight request with not matching or...
See full diff in compare view

Updates gorm.io/gorm from 1.26.1 to 1.30.0

Release notes

Sourced from gorm.io/gorm's releases.

Release v1.30.0

Changes

(WIP) Implement Generics API @jinzhu (#7424)

perf(schema): avoid redundant strings.ToLower call @1911860538 (#7464)

fix: return init dialector error @codingplz (#7379)

perf: break early on match failure in ParseConstraint @1911860538 (#7402)

feat: error message show field name @pi12138 (#7452)

perf: use strings.IndexByte to replace strings.Index @1911860538 (#7454)

perf: use strings.Cut to replace strings.SplitN @1911860538 (#7455)

Commits

c44405a Implement Generics API (#7424)
751c1d6 perf(schema): avoid redundant strings.ToLower call (#7464)
8e7ab46 fix: return init dialector error (#7379)
e3037e4 perf: break early on match failure in ParseConstraint (#7402)
1204330 feat: error message show field name (#7452)
9703eb7 perf: use strings.IndexByte to replace strings.Index (#7454)
1c966e0 perf: use strings.Cut to replace strings.SplitN (#7455)
See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.49.0 to 1.50.0

Commits

4334b43 Release 2024-02-16
9e29187 Regenerated Clients
f672c49 Update endpoints model
7f93578 Update API model
da7bcda feat: add client config passthrough to waiter opts (#2499)
1bb0482 Release 2024-02-15
cc83a2b Regenerated Clients
7f44d99 Update endpoints model
4280ccb Update API model
a264562 fix awsjson error deserialization to not expect string code (#2489)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.79.3 to 1.79.4

Commits

8e8487a Release 2025-05-22
7c47834 Regenerated Clients
b0394af Update API model
78e08c4 Handle checksum for unseekable 0-length s3 request body (#3086)
6a7e8b5 Release 2025-05-21
422e4b4 Regenerated Clients
ff53c6a Update endpoints model
892de6f Update API model
ec50368 Release 2025-05-20
16611cb Regenerated Clients
Additional commits viewable in compare view

Updates github.com/content-services/zest/release/v2025 from 2025.5.1746754376 to 2025.5.1747750822

Commits

1ce6e3f Update pulp bindings to 689d598a363629d8a5469d9b2a84744b63ab6ef37d356e3e82bb4...
26dc245 Update pulp bindings to 9258456e9d3b4a85d3e54836d2b97943386aab037ae5486b92ad2...
4209678 Update pulp bindings to b59d5a8be2d6a9584b32d696a45276e49ae256027b8e3dae95843...
701618d Update pulp bindings to 386d86254354e29d3b864523aed47886e3586b067968b5e2da9ab...
See full diff in compare view

Updates github.com/getsentry/sentry-go from 0.32.0 to 0.33.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.33.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.33.0.

Breaking Changes

Rename the internal Logger to DebugLogger. This feature was only used when you set Debug: True in your sentry.Init() call. If you haven't used the Logger directly, no changes are necessary. (#1012)

Features
Add support for Structured Logging. (#1010)
logger := sentry.NewLogger(ctx)
logger.Info(ctx, "Hello, Logs!")
You can learn more about Sentry Logs on our docs and the examples.
Add new attributes APIs, which are currently only exposed on logs. (#1007)
Bug Fixes

Do not push a new scope on StartSpan. (#1013)

Fix an issue where the propagated smapling decision wasn't used. (#995)

[Otel] Prefer httpRoute over httpTarget for span descriptions. (#1002)

Misc

Update github.com/stretchr/testify to v1.8.4. (#988)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.33.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.33.0.

Breaking Changes

Rename the internal Logger to DebugLogger. This feature was only used when you set Debug: True in your sentry.Init() call. If you haven't used the Logger directly, no changes are necessary. (#1012)

Features
Add support for Structured Logging. (#1010)
logger := sentry.NewLogger(ctx)
logger.Info(ctx, "Hello, Logs!")
You can learn more about Sentry Logs on our docs and the examples.
Add new attributes APIs, which are currently only exposed on logs. (#1007)
Bug Fixes

Do not push a new scope on StartSpan. (#1013)

Fix an issue where the propagated smapling decision wasn't used. (#995)

[Otel] Prefer httpRoute over httpTarget for span descriptions. (#1002)

Misc

Update github.com/stretchr/testify to v1.8.4. (#988)

Commits

03a4deb release: 0.33.0
34ba180 Prepare 0.33.0 (#1016)
c340089 Add initial logger implementation (#1010)
00a135a Do not push a new scope on StartSpan (#1013)
64de096 Rename Logger to DebugLogger (#1012)
523e1b4 Bump github.com/stretchr/testify on otel submodule (#1011)
bf20c9f Prefer http route over http target for span description (#1002)
021ccc1 Add attributes API (#1007)
c7d162c Update github.com/stretchr/testify to v1.8.4 (#988)
a309f56 build(deps): bump actions/create-github-app-token from 1.11.5 to 1.12.0 (#987)
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.7.4 to 5.7.5

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.7.5 (May 17, 2025)

Support sslnegotiation connection option (divyam234)

Update golang.org/x/crypto to v0.37.0. This placates security scanners that were unable to see that pgx did not use the behavior affected by https://pkg.go.dev/vuln/GO-2025-3487.

TraceLog now logs Acquire and Release at the debug level (dave sinclair)

Add support for PGTZ environment variable

Add support for PGOPTIONS environment variable

Unpin memory used by Rows quicker

Remove PlanScan memoization. This resolves a rare issue where scanning could be broken for one type by first scanning another. The problem was in the memoization system and benchmarking revealed that memoization was not providing any meaningful benefit.

Commits

15bca4a Release v5.7.5
1d557f9 Remove PlanScan memoization
de7fe81 Use reflect.TypeFor instead of reflect.TypeOf
d9eb089 Remove unused function
6be24eb Fix comment typo
07871c0 Zero internal baseRows references to allow GC earlier
777e7e5 Merge pull request #2313 from stampy88/tracelog_pool_additions
151bd02 Switched to LogLevelDebug
540fcaa Add support for PGOPTIONS environment variable
3a248e3 Add support for PGTZ environment variable
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) | `1.2.0` | `1.3.0` | | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.13.3` | `4.13.4` | | [gorm.io/gorm](https://github.com/go-gorm/gorm) | `1.26.1` | `1.30.0` | | [github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs](https://github.com/aws/aws-sdk-go-v2) | `1.49.0` | `1.50.0` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.79.3` | `1.79.4` | | [github.com/content-services/zest/release/v2025](https://github.com/content-services/zest) | `2025.5.1746754376` | `2025.5.1747750822` | | [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.32.0` | `0.33.0` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.4` | `5.7.5` | Updates `github.com/ProtonMail/go-crypto` from 1.2.0 to 1.3.0 - [Release notes](https://github.com/ProtonMail/go-crypto/releases) - [Commits](ProtonMail/go-crypto@v1.2.0...v1.3.0) Updates `github.com/labstack/echo/v4` from 4.13.3 to 4.13.4 - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](labstack/echo@v4.13.3...v4.13.4) Updates `gorm.io/gorm` from 1.26.1 to 1.30.0 - [Release notes](https://github.com/go-gorm/gorm/releases) - [Commits](go-gorm/gorm@v1.26.1...v1.30.0) Updates `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs` from 1.49.0 to 1.50.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.49.0...service/s3/v1.50.0) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.79.3 to 1.79.4 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.79.3...service/s3/v1.79.4) Updates `github.com/content-services/zest/release/v2025` from 2025.5.1746754376 to 2025.5.1747750822 - [Release notes](https://github.com/content-services/zest/releases) - [Commits](content-services/zest@release/v2025.5.1746754376...release/v2025.5.1747750822) Updates `github.com/getsentry/sentry-go` from 0.32.0 to 0.33.0 - [Release notes](https://github.com/getsentry/sentry-go/releases) - [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-go@v0.32.0...v0.33.0) Updates `github.com/jackc/pgx/v5` from 5.7.4 to 5.7.5 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.4...v5.7.5) --- updated-dependencies: - dependency-name: github.com/ProtonMail/go-crypto dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/labstack/echo/v4 dependency-version: 4.13.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: gorm.io/gorm dependency-version: 1.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs dependency-version: 1.50.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.79.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/content-services/zest/release/v2025 dependency-version: 2025.5.1747750822 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/getsentry/sentry-go dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.7.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] <[email protected]>

jlsherrill · 2025-05-27T17:44:03Z

/retest

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 26, 2025

jlsherrill approved these changes May 27, 2025

View reviewed changes

jlsherrill merged commit 77d60f4 into main May 27, 2025
22 of 23 checks passed

dependabot bot deleted the dependabot/go_modules/go-9f0bcde136 branch May 27, 2025 20:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Build: Bump the go group across 1 directory with 8 updates #1116

Build: Bump the go group across 1 directory with 8 updates #1116

Uh oh!

dependabot bot commented on behalf of github May 26, 2025

Uh oh!

jlsherrill commented May 27, 2025

Uh oh!

Uh oh!

Uh oh!

Build: Bump the go group across 1 directory with 8 updates #1116

Build: Bump the go group across 1 directory with 8 updates #1116

Uh oh!

Conversation

dependabot bot commented on behalf of github May 26, 2025

Release v1.3.0

What's Changed

Release v1.3.0-proton

v4.13.4

What's Changed

New Contributors

v4.13.4 - 2025-05-22

Release v1.30.0

Changes

0.33.0

Breaking Changes

Features

Bug Fixes

Misc

0.33.0

Breaking Changes

Features

Bug Fixes

Misc

5.7.5 (May 17, 2025)

Uh oh!

jlsherrill commented May 27, 2025

Uh oh!

Uh oh!

Uh oh!