Bump the go_modules group across 5 directories with 5 updates #1080

dependabot · 2025-04-24T21:22:16Z

Bumps the go_modules group with 1 update in the /e2etests directory: golang.org/x/crypto.
Bumps the go_modules group with 3 updates in the /frontend/src/host_orchestrator directory: golang.org/x/sys, golang.org/x/text and google.golang.org/grpc.
Bumps the go_modules group with 1 update in the /frontend/src/libhoclient directory: golang.org/x/crypto.
Bumps the go_modules group with 3 updates in the /frontend/src/liboperator directory: golang.org/x/sys, golang.org/x/text and google.golang.org/grpc.
Bumps the go_modules group with 3 updates in the /frontend/src/operator directory: golang.org/x/sys, golang.org/x/text and google.golang.org/grpc.

Updates golang.org/x/crypto from 0.28.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.27.0 to 0.30.0

Commits

See full diff in compare view

Updates golang.org/x/sys from 0.0.0-20200323222414-85ca7c5b95cd to 0.1.0

Commits

See full diff in compare view

Updates golang.org/x/text from 0.3.0 to 0.3.8

Commits

434eadc language: reject excessively large Accept-Language strings
23407e7 go.mod: ignore cyclic dependency for tagging
b18d3dd secure/precis: replace bytes.Compare with bytes.Equal
795e854 all: replace io/ioutil with io and os package
b0ca10f internal/language: bump script types to uint16 and update registry
ba9b0e1 go.mod: update x/tools to HEAD
d03b418 A+C: delete AUTHORS and CONTRIBUTORS
b4bca84 language/display: fix Tag method comment
ea49e3e go.mod: update x/tools to HEAD
78819d0 go.mod: update to golang.org/x/text v0.1.10
Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.40.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

client: support channel idleness using WithIdleTimeout dial option (#6263)

This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.

client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)

xds: Add support for Custom LB Policies (gRFC A52) (#6224)

xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)

client: add support for pickfirst address shuffling (gRFC A62) (#6311)

xds: Add support for String Matcher Header Matcher in RDS (#6313)

xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)

Special Thanks: @s-matyukevich

xds: enable RLS in xDS by default (#6343)

orca: add support for application_utilization field and missing range checks on several metrics setters

balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)

authz: add conversion of json to RBAC Audit Logging config (#6192)

authz: add support for stdout logger (#6230 and #6298)

authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)

xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)

xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

xds: enable federation support by default (#6151)

status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

1055b48 Update version.go to 1.56.3 (#6713)
5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
faab873 Update version.go to v1.56.2 (#6432)
6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
cd6a794 Update version.go to v1.56.2-dev (#6387)
5b67e5e Update version.go to v1.56.1 (#6386)
d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
997c1ea Change version to 1.56.1-dev (#6345)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.25.0 to 1.30.0

Updates golang.org/x/crypto from 0.21.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.18.0 to 0.30.0

Commits

See full diff in compare view

Updates golang.org/x/sys from 0.0.0-20200323222414-85ca7c5b95cd to 0.1.0

Commits

See full diff in compare view

Updates golang.org/x/text from 0.3.0 to 0.3.8

Commits

434eadc language: reject excessively large Accept-Language strings
23407e7 go.mod: ignore cyclic dependency for tagging
b18d3dd secure/precis: replace bytes.Compare with bytes.Equal
795e854 all: replace io/ioutil with io and os package
b0ca10f internal/language: bump script types to uint16 and update registry
ba9b0e1 go.mod: update x/tools to HEAD
d03b418 A+C: delete AUTHORS and CONTRIBUTORS
b4bca84 language/display: fix Tag method comment
ea49e3e go.mod: update x/tools to HEAD
78819d0 go.mod: update to golang.org/x/text v0.1.10
Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.40.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

client: support channel idleness using WithIdleTimeout dial option (#6263)

This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.

client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)

xds: Add support for Custom LB Policies (gRFC A52) (#6224)

xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)

client: add support for pickfirst address shuffling (gRFC A62) (#6311)

xds: Add support for String Matcher Header Matcher in RDS (#6313)

xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)

Special Thanks: @s-matyukevich

xds: enable RLS in xDS by default (#6343)

orca: add support for application_utilization field and missing range checks on several metrics setters

balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)

authz: add conversion of json to RBAC Audit Logging config (#6192)

authz: add support for stdout logger (#6230 and #6298)

authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)

xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)

xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

xds: enable federation support by default (#6151)

status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

1055b48 Update version.go to 1.56.3 (#6713)
5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
faab873 Update version.go to v1.56.2 (#6432)
6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
cd6a794 Update version.go to v1.56.2-dev (#6387)
5b67e5e Update version.go to v1.56.1 (#6386)
d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
997c1ea Change version to 1.56.1-dev (#6345)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.25.0 to 1.30.0

Updates golang.org/x/sys from 0.0.0-20200323222414-85ca7c5b95cd to 0.1.0

Commits

See full diff in compare view

Updates golang.org/x/text from 0.3.0 to 0.3.8

Commits

434eadc language: reject excessively large Accept-Language strings
23407e7 go.mod: ignore cyclic dependency for tagging
b18d3dd secure/precis: replace bytes.Compare with bytes.Equal
795e854 all: replace io/ioutil with io and os package
b0ca10f internal/language: bump script types to uint16 and update registry
ba9b0e1 go.mod: update x/tools to HEAD
d03b418 A+C: delete AUTHORS and CONTRIBUTORS
b4bca84 language/display: fix Tag method comment
ea49e3e go.mod: update x/tools to HEAD
78819d0 go.mod: update to golang.org/x/text v0.1.10
Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.40.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

client: support channel idleness using WithIdleTimeout dial option (#6263)

This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.

client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)

xds: Add support for Custom LB Policies (gRFC A52) (#6224)

xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)

client: add support for pickfirst address shuffling (gRFC A62) (#6311)

xds: Add support for String Matcher Header Matcher in RDS (#6313)

xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)

Special Thanks: @s-matyukevich

xds: enable RLS in xDS by default (#6343)

orca: add support for application_utilization field and missing range checks on several metrics setters

balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)

authz: add conversion of json to RBAC Audit Logging config (#6192)

authz: add support for stdout logger (#6230 and #6298)

authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)

xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)

xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

xds: enable federation support by default (#6151)

status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

1055b48 Update version.go to 1.56.3 (#6713)
5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
faab873 Update version.go to v1.56.2 (#6432)
6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
cd6a794 Update version.go to v1.56.2-dev (#6387)
5b67e5e Update version.go to v1.56.1 (#6386)
d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
997c1ea Change version to 1.56.1-dev (#6345)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.25.0 to 1.30.0

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the go_modules group with 1 update in the /e2etests directory: [golang.org/x/crypto](https://github.com/golang/crypto). Bumps the go_modules group with 3 updates in the /frontend/src/host_orchestrator directory: [golang.org/x/sys](https://github.com/golang/sys), [golang.org/x/text](https://github.com/golang/text) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Bumps the go_modules group with 1 update in the /frontend/src/libhoclient directory: [golang.org/x/crypto](https://github.com/golang/crypto). Bumps the go_modules group with 3 updates in the /frontend/src/liboperator directory: [golang.org/x/sys](https://github.com/golang/sys), [golang.org/x/text](https://github.com/golang/text) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Bumps the go_modules group with 3 updates in the /frontend/src/operator directory: [golang.org/x/sys](https://github.com/golang/sys), [golang.org/x/text](https://github.com/golang/text) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `golang.org/x/crypto` from 0.28.0 to 0.35.0 - [Commits](golang/crypto@v0.28.0...v0.35.0) Updates `golang.org/x/sys` from 0.27.0 to 0.30.0 - [Commits](https://github.com/golang/sys/commits/v0.1.0) Updates `golang.org/x/sys` from 0.0.0-20200323222414-85ca7c5b95cd to 0.1.0 - [Commits](https://github.com/golang/sys/commits/v0.1.0) Updates `golang.org/x/text` from 0.3.0 to 0.3.8 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.3.0...v0.3.8) Updates `google.golang.org/grpc` from 1.40.0 to 1.56.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.40.0...v1.56.3) Updates `google.golang.org/protobuf` from 1.25.0 to 1.30.0 Updates `golang.org/x/crypto` from 0.21.0 to 0.35.0 - [Commits](golang/crypto@v0.28.0...v0.35.0) Updates `golang.org/x/sys` from 0.18.0 to 0.30.0 - [Commits](https://github.com/golang/sys/commits/v0.1.0) Updates `golang.org/x/sys` from 0.0.0-20200323222414-85ca7c5b95cd to 0.1.0 - [Commits](https://github.com/golang/sys/commits/v0.1.0) Updates `golang.org/x/text` from 0.3.0 to 0.3.8 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.3.0...v0.3.8) Updates `google.golang.org/grpc` from 1.40.0 to 1.56.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.40.0...v1.56.3) Updates `google.golang.org/protobuf` from 1.25.0 to 1.30.0 Updates `golang.org/x/sys` from 0.0.0-20200323222414-85ca7c5b95cd to 0.1.0 - [Commits](https://github.com/golang/sys/commits/v0.1.0) Updates `golang.org/x/text` from 0.3.0 to 0.3.8 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.3.0...v0.3.8) Updates `google.golang.org/grpc` from 1.40.0 to 1.56.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.40.0...v1.56.3) Updates `google.golang.org/protobuf` from 1.25.0 to 1.30.0 --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.30.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.1.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/text dependency-version: 0.3.8 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.56.3 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.30.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.30.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.1.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/text dependency-version: 0.3.8 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.56.3 dependency-type: direct:production dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.30.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.1.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/text dependency-version: 0.3.8 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.56.3 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.30.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 24, 2025

dependabot bot requested review from jemoreira, ser-io, Databean, rmuthiah, jmacnak and adelva1984 as code owners April 24, 2025 21:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the go_modules group across 5 directories with 5 updates #1080

Bump the go_modules group across 5 directories with 5 updates #1080

Uh oh!

dependabot bot commented on behalf of github Apr 24, 2025 •

edited

Loading

Uh oh!

Uh oh!

Bump the go_modules group across 5 directories with 5 updates #1080

Are you sure you want to change the base?

Bump the go_modules group across 5 directories with 5 updates #1080

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release 1.56.3

Security

Release 1.56.2

Release 1.56.1

Release 1.56.0

New Features

Bug Fixes

API Changes

Release 1.55.1

Release 1.55.0

Behavior Changes

Release 1.56.3

Security

Release 1.56.2

Release 1.56.1

Release 1.56.0

New Features

Bug Fixes

API Changes

Release 1.55.1

Release 1.55.0

Behavior Changes

Release 1.56.3

Security

Release 1.56.2

Release 1.56.1

Release 1.56.0

New Features

Bug Fixes

API Changes

Release 1.55.1

Release 1.55.0

Behavior Changes

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Apr 24, 2025 •

edited

Loading