Skip to content

build(deps): bump the production-dependencies group across 1 directory with 5 updates #3989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the production-dependencies group across 1 directory with 5 updates #3989

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 13, 2025
edited
Loading

Bumps the production-dependencies group with 5 updates in the / directory:

Package From To
github.com/go-sql-driver/mysql 1.9.2 1.9.3
github.com/jackc/pgx/v5 5.7.4 5.7.5
golang.org/x/sync 0.13.0 0.15.0
google.golang.org/grpc 1.72.0 1.73.0
modernc.org/sqlite 1.37.0 1.38.0

Updates github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.9.3

What's Changed

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.9.3

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.9.3 (2025-06-13)

  • tx.Commit() and tx.Rollback() returned ErrInvalidConn always. Now they return cached real error if present. (#1690)

  • Optimize reading small resultsets to fix performance regression introduced by compression protocol support. (#1707)

  • Fix db.Ping() on compressed connection. (#1723)

Commits

Updates github.com/jackc/pgx/v5 from 5.7.4 to 5.7.5

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.7.5 (May 17, 2025)

  • Support sslnegotiation connection option (divyam234)
  • Update golang.org/x/crypto to v0.37.0. This placates security scanners that were unable to see that pgx did not use the behavior affected by https://pkg.go.dev/vuln/GO-2025-3487.
  • TraceLog now logs Acquire and Release at the debug level (dave sinclair)
  • Add support for PGTZ environment variable
  • Add support for PGOPTIONS environment variable
  • Unpin memory used by Rows quicker
  • Remove PlanScan memoization. This resolves a rare issue where scanning could be broken for one type by first scanning another. The problem was in the memoization system and benchmarking revealed that memoization was not providing any meaningful benefit.
Commits
  • 15bca4a Release v5.7.5
  • 1d557f9 Remove PlanScan memoization
  • de7fe81 Use reflect.TypeFor instead of reflect.TypeOf
  • d9eb089 Remove unused function
  • 6be24eb Fix comment typo
  • 07871c0 Zero internal baseRows references to allow GC earlier
  • 777e7e5 Merge pull request #2313 from stampy88/tracelog_pool_additions
  • 151bd02 Switched to LogLevelDebug
  • 540fcaa Add support for PGOPTIONS environment variable
  • 3a248e3 Add support for PGTZ environment variable
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.13.0 to 0.15.0

Commits
  • 8a14946 errgroup: remove duplicated comment
  • 1869c69 all: replace deprecated ioutil
  • d1ac909 sync/errgroup: PanicError.Error print stack trace
  • 506c70f errgroup: propagate panic and Goexit through Wait
  • See full diff in compare view

Updates google.golang.org/grpc from 1.72.0 to 1.73.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.73.0

New Features

  • balancer/ringhash: move LB policy from xds/internal to exported path to facilitate use without xds (#8249)
  • xds: enable least request LB policy by default. It can be disabled by setting GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST=false in your environment. (#8253)
  • grpc: add a CallAuthority Call Option that can be used to overwrite the http :authority header on per-RPC basis. (#8068)
  • stats/opentelemetry: add trace event for name resolution delay. (#8074)
  • health: added List method to gRPC Health service. (#8155)
  • ringhash: implement features from gRFC A76. (#8159)
  • xds: add functionality to support SPIFFE Bundle Maps as roots of trust in XDS which can be enabled by setting GRPC_EXPERIMENTAL_XDS_MTLS_SPIFFE=true. (#8167, #8180, #8229, #8343)

Bug Fixes

  • xds: locality ID metric label is changed to make it consistent with gRFC A78. (#8256)
  • client: fail RPCs on the client when using extremely short contexts that expire before the grpc-timeout header is created. (#8312)
  • server: non-positive grpc-timeout header values are now rejected. This is consistent with the gRPC protocol spec. (#8290)
  • xds: fix reported error string when LRS load reporting interval is invalid. (#8224)

Performance Improvements

  • credentials/alts: improve read performance by optimizing buffer copies and allocations. (#8271)
  • server: improve performance of RPC handling by avoid a status proto copy (#8282)

Documentation

  • examples/features/opentelemetry: modify example to demonstrate tracing using OpenTelemtry plugin. (#8056)

Release 1.72.2

Bug Fixes

  • client: restore support for NO_PROXY environment variable when connecting to locally-resolved addresses (case 2 from gRFC A1). (#8329)
  • balancer/least_request: fix panic on resolver errors. (#8333)

Release 1.72.1

Bug Fixes

  • client: HTTP Proxy connections are no longer attempted for addresses with non-TCP network types. (#8215)
  • client: Fix bug that causes RPCs to fail with status INTERNAL instead of CANCELLED or DEADLINE_EXCEEDED when receiving a RST_STREAM frame in the middle of the gRPC message. (#8289)
Commits

Updates modernc.org/sqlite from 1.37.0 to 1.38.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the production-dependencies group across 1 director…
1ceb7f7 
…y with 5 updates

Bumps the production-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) | `1.9.2` | `1.9.3` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.4` | `5.7.5` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.13.0` | `0.15.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.72.0` | `1.73.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.37.0` | `1.38.0` |



Updates `github.com/go-sql-driver/mysql` from 1.9.2 to 1.9.3
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/v1.9.3/CHANGELOG.md)
- [Commits](go-sql-driver/mysql@v1.9.2...v1.9.3)

Updates `github.com/jackc/pgx/v5` from 5.7.4 to 5.7.5
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.7.4...v5.7.5)

Updates `golang.org/x/sync` from 0.13.0 to 0.15.0
- [Commits](golang/sync@v0.13.0...v0.15.0)

Updates `google.golang.org/grpc` from 1.72.0 to 1.73.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.72.0...v1.73.0)

Updates `modernc.org/sqlite` from 1.37.0 to 1.38.0
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.37.0...v1.38.0)

---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
  dependency-version: 1.9.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.7.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: golang.org/x/sync
  dependency-version: 0.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: google.golang.org/grpc
  dependency-version: 1.73.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: modernc.org/sqlite
  dependency-version: 1.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 13, 2025
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. 🔧 golang labels Jun 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code size:S This PR changes 10-29 lines, ignoring generated files. 🔧 golang
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants