Skip to content

build(deps): bump the all-go-deps group in /backend with 3 updates #1015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the all-go-deps group in /backend with 3 updates #1015

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 15, 2025

Bumps the all-go-deps group in /backend with 3 updates: golang.org/x/sys, google.golang.org/grpc and google.golang.org/protobuf.

Updates golang.org/x/sys from 0.34.0 to 0.36.0

Commits
  • b06ce05 windows: add FILE_ZERO_DATA_INFORMATION
  • 689cc11 unix: fix Listen on solaris
  • a4712b9 plan9: drop go version tags for unsupported versions
  • 0293703 unix: add IFAL_* consts and ifaddrlblmsg on linux
  • ab85cbb unix/linux: extend rtnetlink constants
  • 9bd3753 unix: switch (*CPUSet).Zero to clear builtin
  • 899c232 windows/mkwinsyscall: use syscall.SyscallN instead of syscall.Syscall{6,9,12,15}
  • 543f21a all: upgrade go directive to at least 1.24.0 [generated]
  • 5b936e1 unix/linux: update to Linux kernel 6.16, Go to 1.24.5
  • 3a82703 unix: remove redundant xnu version check for {p}readv/{p}writev
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.74.2 to 1.75.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.75.1

Bug Fixes

  • transport: Fix a data race while copying headers for stats handlers in the std lib http2 server transport. (#8519)
  • xdsclient:
    • Fix a data race caused while reporting load to LRS. (#8483)
    • Fix regression preventing empty node IDs when creating an LRS client. (#8483)
  • server: Fix a regression preventing streams from being cancelled or timed out when blocked on flow control. (#8528)

Release 1.75.0

Behavior Changes

  • xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment variable. Fallback support can no longer be disabled. (#8482)
  • stats: Introduce DelayedPickComplete event, a type alias of PickerUpdated. (#8465)
    • This (combined) event will now be emitted only once per call, when a transport is successfully selected for the attempt.
    • OpenTelemetry metrics will no longer have multiple "Delayed LB pick complete" events in Go, matching other gRPC languages.
    • A future release will delete the PickerUpdated symbol.
  • credentials: Properly apply grpc.WithAuthority as the highest-priority option for setting authority, above the setting in the credentials themselves. (#8488)
    • Now that this WithAuthority is available, the credentials should not be used to override the authority.
  • round_robin: Randomize the order in which addresses are connected to in order to spread out initial RPC load between clients. (#8438)
  • server: Return status code INTERNAL when a client sends more than one request in unary and server streaming RPC. (#8385)
    • This is a behavior change but also a bug fix to bring gRPC-Go in line with the gRPC spec.

New Features

  • dns: Add an environment variable (GRPC_ENABLE_TXT_SERVICE_CONFIG) to provide a way to disable TXT lookups in the DNS resolver (by setting it to false). By default, TXT lookups are enabled, as they were previously. (#8377)

Bug Fixes

  • xds: Fix regression preventing empty node IDs in xDS bootstrap configuration. (#8476)
  • xds: Fix possible panic when certain invalid resources are encountered. (#8412)
  • xdsclient: Fix a rare panic caused by processing a response from a closed server. (#8389)
  • stats: Fix metric unit formatting by enclosing non-standard units like call and endpoint in curly braces to comply with UCUM and gRPC OpenTelemetry guidelines. (#8481)
  • xds: Fix possible panic when clusters are removed from the xds configuration. (#8428)
  • xdsclient: Fix a race causing "resource doesn not exist" when rapidly subscribing and unsubscribing to the same resource. (#8369)
  • client: When determining the authority, properly percent-encode (if needed, which is unlikely) when the target string omits the hostname and only specifies a port (grpc.NewClient(":<port-number-or-name>")). (#8488)

Release 1.74.3

Bug Fixes

  • xds: Fix a regression preventing empty node IDs in the bootstrap configuration. (#8476 , #8483)
  • xdsclient: Fix a data race caused while reporting load to LRS. (#8483)
  • server: Fix a regression preventing streams from being cancelled or timed out when blocked on flow control. (#8528)
Commits

Updates google.golang.org/protobuf from 1.36.6 to 1.36.9

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the all-go-deps group in /backend with 3 updates
9f94257 
Bumps the all-go-deps group in /backend with 3 updates: [golang.org/x/sys](https://github.com/golang/sys), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and google.golang.org/protobuf.


Updates `golang.org/x/sys` from 0.34.0 to 0.36.0
- [Commits](golang/sys@v0.34.0...v0.36.0)

Updates `google.golang.org/grpc` from 1.74.2 to 1.75.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.74.2...v1.75.1)

Updates `google.golang.org/protobuf` from 1.36.6 to 1.36.9

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-deps
- dependency-name: google.golang.org/grpc
  dependency-version: 1.75.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-deps
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-go-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added ci/dependabot Used by dependabot to mark its changes as coming from itself dependencies Pull requests that update a dependency file kind/enhancement release-note/misc Changes without direct user impact labels Sep 15, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 15, 2025 18:28
@dependabot dependabot bot requested review from yandzee and removed request for a team September 15, 2025 18:28
@dependabot dependabot bot added dependencies Pull requests that update a dependency file kind/enhancement release-note/misc Changes without direct user impact ci/dependabot Used by dependabot to mark its changes as coming from itself labels Sep 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yandzee yandzee Awaiting requested review from yandzee yandzee is a code owner automatically assigned from cilium/hubble-ui

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
ci/dependabot Used by dependabot to mark its changes as coming from itself dependencies Pull requests that update a dependency file kind/enhancement release-note/misc Changes without direct user impact
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants