chore(deps): bump the go_modules group across 1 directory with 5 updates by dependabot[bot] · Pull Request #2 · NethermindEth/panda

dependabot · 2026-06-18T13:24:03Z

Bumps the go_modules group with 5 updates in the / directory:

Package	From	To
github.com/go-chi/chi/v5	`5.2.3`	`5.2.4`
github.com/buger/jsonparser	`1.1.1`	`1.1.2`
github.com/cloudflare/circl	`1.6.1`	`1.6.3`
github.com/go-jose/go-jose/v4	`4.1.3`	`4.1.4`
google.golang.org/grpc	`1.79.1`	`1.79.3`

Updates github.com/go-chi/chi/v5 from 5.2.3 to 5.2.4

Commits

6eb3588 middleware: harden RedirectSlashes handler (#1044)
de0d16e Update comment about min Go version (#1023)
9fb4a15 update reverseMethodMap in RegisterMethod (#1022)
51c977c Refactor to use atomic type (#1019)
563ab11 Refactor graceful shutdown example (#994)
a52c582 Bump minimum Go and use new features (#1017)
See full diff in compare view

Updates github.com/buger/jsonparser from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.1.2

What's Changed

Updated travis to build for 1.13 to 1.15 by @janreggie in buger/jsonparser#225

eliminate 2 allocations in EachKey() by @Villenny in buger/jsonparser#223

fix issue #150 (in deleting case) by @daria-kay in buger/jsonparser#226

fixing the oss-fuzz issue by @daria-kay in buger/jsonparser#227

Fix parseInt overflow check false negative by @carsonip in buger/jsonparser#231

Added bespoke error for null cases by @jonomacd in buger/jsonparser#228

Fuzzing: Add CIFuzz by @AdamKorcz in buger/jsonparser#239

Added latest versions of go to tests by @moredure in buger/jsonparser#244

fix EachKey pIdxFlags allocation by @unxcepted in buger/jsonparser#241

fix: prevent panic on negative slice index in Delete with malformed JSON (GO-2026-4514) by @dbarrosop in buger/jsonparser#276

New Contributors

@janreggie made their first contribution in buger/jsonparser#225

@Villenny made their first contribution in buger/jsonparser#223

@daria-kay made their first contribution in buger/jsonparser#226

@carsonip made their first contribution in buger/jsonparser#231

@jonomacd made their first contribution in buger/jsonparser#228

@moredure made their first contribution in buger/jsonparser#244

@unxcepted made their first contribution in buger/jsonparser#241

@dbarrosop made their first contribution in buger/jsonparser#276

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits

a69e7e0 Merge pull request #276 from dbarrosop/master
d3eacc0 fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...
61b32cf Merge pull request #241 from unxcepted/master
2181e83 Merge pull request #244 from ScaleChamp/patch-2
1510b51 Added latest versions of go to tests
6fc2e48 fix: eachkey allocation
a6f867e Merge pull request #239 from AdamKorcz/cifuzz1
cbc01fd Fuzzing: Add CIFuzz
dc92d69 Merge pull request #228 from jonomacd/null-handling
2d9d634 Merge pull request #231 from carsonip/fix-parseint-overflow-check
Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.6.1 to 1.6.3

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

sign/mldsa: Check opts for nil value by @armfazh in cloudflare/circl#582

ecc/p384: Point addition must handle point doubling case. by @armfazh in cloudflare/circl#583

Release CIRCL v1.6.3 by @armfazh in cloudflare/circl#584

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

New SLH-DSA, improvements in ML-DSA for arm64.

Tested compilation on WASM.

What's Changed

Optimize pairing product computation by moving exponentiations to G1. by @dfaranha in cloudflare/circl#547

sign: Adding SLH-DSA signature by @armfazh in cloudflare/circl#512

Update code generators to CIRCL v1.6.1. by @armfazh in cloudflare/circl#548

ML-DSA: Add preliminary Wycheproof test vectors by @bwesterb in cloudflare/circl#552

go fmt by @bwesterb in cloudflare/circl#554

gz-compressing test vectors, use of HexBytes and ReadGzip functions. by @armfazh in cloudflare/circl#555

group: Removes use of elliptic Marshal and Unmarshal functions. by @armfazh in cloudflare/circl#556

Support encoding/decoding ML-DSA private keys (as long as they contain seeds) by @bwesterb in cloudflare/circl#559

Update to golangci-lint v2 by @bwesterb in cloudflare/circl#560

Preparation for ARM64 Implementation of poly operations for dilithium package. by @elementrics in cloudflare/circl#562

prepare power2Round for custom implementations in assembly by @elementrics in cloudflare/circl#564

ARM64 implementation for poly.PackLe16 by @elementrics in cloudflare/circl#563

add arm64 version of polyMulBy2toD by @elementrics in cloudflare/circl#565

add arm64 version of polySub by @elementrics in cloudflare/circl#566

group: add byteLen method for short groups and RandomScalar uses rand.Int by @armfazh in cloudflare/circl#568

add arm64 version of poly.Add/Sub by @elementrics in cloudflare/circl#572

group: Adding cryptobyte marshaling to scalars by @armfazh in cloudflare/circl#569

Bumping up to Go1.25 by @armfazh in cloudflare/circl#574

ci: Including WASM compilation. by @armfazh in cloudflare/circl#577

Revert to using package-declared HPKE errors for shortkem instead of standard library errors by @harshiniwho in cloudflare/circl#578

Release v1.6.2 by @armfazh in cloudflare/circl#579

New Contributors

@dfaranha made their first contribution in cloudflare/circl#547

@elementrics made their first contribution in cloudflare/circl#562

@harshiniwho made their first contribution in cloudflare/circl#578

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits

24ae53c Release CIRCL v1.6.3
581020b Rename method to oddMultiplesProjective.
12209a4 Removing unused cmov for jacobian points.
fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
3416046 Check opts for nil value.
a763d47 Release CIRCL v1.6.2
3c70bf9 Bump x/crypto x/sys dependencies.
3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
23491bd Adding generic Power2Round method.
Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

Commits

0e59876 Merge commit from fork
ddffdbc Bump actions/checkout from 5 to 6 (#213)
See full diff in compare view

Updates google.golang.org/grpc from 1.79.1 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Commits

dda86db Change version to 1.79.3 (#8983)
72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
97ca352 Changing version to 1.79.3-dev (#8954)
8902ab6 Change the version to release 1.79.2 (#8947)
a928670 Cherry-pick #8874 to v1.79.x (#8904)
06df363 Change version to 1.79.2-dev (#8903)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.3` | `5.2.4` | | [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.1.2` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.1` | `1.6.3` | | [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.3` | `4.1.4` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.79.1` | `1.79.3` | Updates `github.com/go-chi/chi/v5` from 5.2.3 to 5.2.4 - [Release notes](https://github.com/go-chi/chi/releases) - [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md) - [Commits](go-chi/chi@v5.2.3...v5.2.4) Updates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2 - [Release notes](https://github.com/buger/jsonparser/releases) - [Commits](buger/jsonparser@v1.1.1...v1.1.2) Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.1...v1.6.3) Updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.3...v4.1.4) Updates `google.golang.org/grpc` from 1.79.1 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.79.1...v1.79.3) --- updated-dependencies: - dependency-name: github.com/go-chi/chi/v5 dependency-version: 5.2.4 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/buger/jsonparser dependency-version: 1.1.2 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.3 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 18, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go_modules group across 1 directory with 5 updates#2

chore(deps): bump the go_modules group across 1 directory with 5 updates#2
dependabot[bot] wants to merge 1 commit into
docker-workflowfrom
dependabot/go_modules/go_modules-ffe544da2b

dependabot Bot commented on behalf of github Jun 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 18, 2026

v1.1.2

What's Changed

New Contributors

CIRCL v1.6.3

What's Changed

CIRCL v1.6.2

What's Changed

New Contributors

v4.1.4

What's Changed

Release 1.79.3

Security

Release 1.79.2

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants