Skip to content

build(deps): bump the tools group across 1 directory with 6 updates#6449

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/tools/tools-ee6d9af733
Open

build(deps): bump the tools group across 1 directory with 6 updates#6449
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/tools/tools-ee6d9af733

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 9, 2026

Bumps the tools group with 6 updates in the /tools directory:

Package From To
github.com/bufbuild/buf 1.66.1 1.69.0
github.com/grpc-ecosystem/grpc-gateway/v2 2.28.0 2.29.0
github.com/mikefarah/yq/v4 4.52.4 4.53.2
github.com/oapi-codegen/oapi-codegen/v2 2.6.0 2.7.0
github.com/openfga/cli 0.7.12 0.7.13
github.com/sqlc-dev/sqlc 1.30.0 1.31.1

Updates github.com/bufbuild/buf from 1.66.1 to 1.69.0

Release notes

Sourced from github.com/bufbuild/buf's releases.

v1.69.0

  • Increase check plugin WASM memory limits to 1GiB.
  • Fix LSP stale diagnostics persisting after a file is closed or deleted.
  • Fix handling of unprefixed newlines in block comments.
  • Add LSP code lenses for buf.gen.yaml files: "Run buf generate" and "Check for plugin updates".
  • Add LSP warnings for lint.ignore and breaking.ignore paths in buf.yaml that do not match any file in the workspace.

v1.68.4

  • Fix duplicated extension tags across imports from compiler.

v1.68.3

  • Fix buf format error handling for edition 2024.

v1.68.2

  • Fix build failures for modules with a vendored descriptor.proto.
  • Fix LSP incorrectly reporting "edition '2024' not yet fully supported" errors.
  • Fix CEL compilation error messages in buf lint to use the structured error API instead of parsing cel-go's text output.
  • Add --debug-address flag to buf lsp serve to provide debug and profile support.

v1.68.1

  • Revert the use of the new compiler report format and properly ungate Editions 2024 features.
  • Fix absolute imports (leading-dot) marked unused in diagnostics.

v1.68.0

This release ports buf to our new Protobuf compiler, already used to power the Buf LSP. It uses a query-driven frontend and a new AST and intermediate representation, designed from the ground up to bring several improvements:

  • Better diagnostics. The new compiler produces rich, structured diagnostic reports with precise source locations. It also catches issues that protoc misses, such as duplicate repeated modifiers.
  • Editions 2024 support. Full support for Protobuf Editions 2024.
  • Faster and more memory efficient. Designed for large workspaces, the new compiler uses less memory and compiles faster than the previous implementation.

This is a seamless upgrade for buf users: no changes are required, the output has been automatically updated to a new, richer diagnostics report.

  • Use new compiler for build process and support Editions 2024 features.
  • Add LSP document links for buf.yaml deps, buf.gen.yaml remote plugins and input modules, buf.policy.yaml name and BSR plugins, and buf.lock dep names, making each a clickable link to its BSR page.
  • Add LSP code lenses for buf.yaml files to update all dependencies (buf.dep.updateAll) or check for available updates (buf.dep.checkUpdates).
  • Improve shell completions for buf flags with fixed value sets and file/directory arguments.
  • Add buf curl URL path shell completions (service and method names) via server reflection, --schema, or the local buf module.
  • Add support for Edition 2024 syntax to buf format.
  • Fix buf generate --clean deleting files from nested plugin output directories.

v1.67.0

  • Fix LSP not skipping buf.build/docs links for lint rules from check plugins and policies.
  • Fix buf dep graph --format json silently dropping dependencies when a dependency was already seen.
  • Add support for --rbs_out as a protoc_builtin plugin (requires protoc v34.0+).
  • Add relevant links from CEL LSP hover documentation to either <celbyexample.com> or <protovalidate.com>
  • Add OpenBSD and FreeBSD release binaries for amd64 and arm64.
  • Skip writing unchanged output files in buf generate to preserve modification times

... (truncated)

Changelog

Sourced from github.com/bufbuild/buf's changelog.

[v1.69.0] - 2026-04-29

  • Increase check plugin WASM memory limits to 1GiB.
  • Fix LSP stale diagnostics persisting after a file is closed or deleted.
  • Fix handling of unprefixed newlines in block comments.
  • Add LSP code lenses for buf.gen.yaml files: "Run buf generate" and "Check for plugin updates".
  • Add LSP warnings for lint.ignore and breaking.ignore paths in buf.yaml that do not match any file in the workspace.

[v1.68.4] - 2026-04-22

  • Fix duplicated extension tags across imports from compiler.

[v1.68.3] - 2026-04-20

  • Fix buf format error handling for edition 2024.

[v1.68.2] - 2026-04-17

  • Fix build failures for modules with a vendored descriptor.proto.
  • Fix LSP incorrectly reporting "edition '2024' not yet fully supported" errors.
  • Fix CEL compilation error messages in buf lint to use the structured error API instead of parsing cel-go's text output.
  • Add --debug-address flag to buf lsp serve to provide debug and profile support.

[v1.68.1] - 2026-04-14

  • Revert the use of the new compiler report format and properly ungate Editions 2024 features.
  • Fix absolute imports (leading-dot) marked unused in diagnostics.

[v1.68.0] - 2026-04-14

  • Use new compiler for build process and support Editions 2024 features.
  • Add LSP document links for buf.yaml deps, buf.gen.yaml remote plugins and input modules, buf.policy.yaml name and BSR plugins, and buf.lock dep names, making each a clickable link to its BSR page.
  • Add LSP code lenses for buf.yaml files to update all dependencies (buf.dep.updateAll) or check for available updates (buf.dep.checkUpdates).
  • Improve shell completions for buf flags with fixed value sets and file/directory arguments.
  • Add buf curl URL path shell completions (service and method names) via server reflection, --schema, or the local buf module.
  • Add support for Edition 2024 syntax to buf format.
  • Fix buf generate --clean deleting files from nested plugin output directories.

[v1.67.0] - 2026-04-01

  • Fix LSP not skipping buf.build/docs links for lint rules from check plugins and policies.
  • Fix buf dep graph --format json silently dropping dependencies when a dependency was already seen.
  • Add support for --rbs_out as a protoc_builtin plugin (requires protoc v34.0+).
  • Add relevant links from CEL LSP hover documentation to either <celbyexample.com> or <protovalidate.com>
  • Add OpenBSD and FreeBSD release binaries for amd64 and arm64.
  • Skip writing unchanged output files in buf generate to preserve modification times
  • Update buf beta registry plugin delete to prompt the user for deletion, matching the UX of the other deletion commands. Use --force to restore the old behavior.
Commits
  • 88829eb Release v1.69.0 (#4521)
  • 4a92ff3 Upgrade protocompile to latest main (#4520)
  • 04ed9c9 Add YAML files to license header generation (#4518)
  • ddb8521 Upgrade protocompile to latest main (#4519)
  • 7e1e277 Propagate DuplicateProtoPathError as typed error from new compiler path (#4517)
  • f781a0e Reduce allocations in shake256.NewDigestForContent (#4505)
  • 5f4233e Add concurrency checks for CI workflows (#4516)
  • b10141d Add LSP code lenses for buf generate and checking for plugin updates (#4480)
  • 637ea97 Upgrade protocompile and update changelog (#4515)
  • d960fc0 Add LSP warning diagnostics for invalid buf.yaml ignore paths (#4498)
  • Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.28.0 to 2.29.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.29.0

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.28.0...v2.29.0

Commits
  • ba9b55c chore(deps): update dependency rules_shell to v0.8.0 (#6626)
  • 284a82e chore(deps): update googleapis digest to bcfcbda (#6625)
  • f74bc7f chore(deps): update google/oss-fuzz digest to d58fd64 (#6624)
  • efb665d Add edition 2024 support (#6622)
  • c58da15 chore(deps): update google/oss-fuzz digest to 32b8df7 (#6621)
  • 42997a1 Deprecate fields and methods if file is deprecated (#6613)
  • 6f4af8b chore(deps): update googleapis digest to bf85cad (#6620)
  • 68fde5f chore(deps): update google/oss-fuzz digest to 7b814a1 (#6619)
  • 6da2a46 chore(deps): update googleapis digest to 898f25c (#6617)
  • c9c7ad4 chore(deps): update googleapis digest to fc96870 (#6616)
  • Additional commits viewable in compare view

Updates github.com/mikefarah/yq/v4 from 4.52.4 to 4.53.2

Release notes

Sourced from github.com/mikefarah/yq/v4's releases.

v4.53.2

  • Releases and tags now signed and immutable!
  • Add system(command; args) operator (disabled by default) (#2640)
  • TOML encoder: prefer readable table sections over inline tables (#2649)
  • Fix TOML encoder to quote keys containing special characters (#2648)
  • Add string slicing support (#2639)
  • Fix findInArray misuse on MappingNodes in equality and contains (#2645) Thanks @​jandubois!
  • Fix panic on negative slice indices that underflow after adjustment (#2646) Thanks @​jandubois!
  • Fix stack overflow from circular alias in traverse (#2647) Thanks @​jandubois!
  • Fix panic and OOM in repeatString for large repeat counts (#2644) Thanks @​jandubois!
  • Bumped dependencies

v4.52.5

Changelog

Sourced from github.com/mikefarah/yq/v4's changelog.

4.53.2:

  • Fixing release process

4.53.1:

  • Releases and tags now signed and immutable!
  • Add system(command; args) operator (disabled by default) (#2640)
  • TOML encoder: prefer readable table sections over inline tables (#2649)
  • Fix TOML encoder to quote keys containing special characters (#2648)
  • Add string slicing support (#2639)
  • Fix findInArray misuse on MappingNodes in equality and contains (#2645) Thanks @​jandubois!
  • Fix panic on negative slice indices that underflow after adjustment (#2646) Thanks @​jandubois!
  • Fix stack overflow from circular alias in traverse (#2647) Thanks @​jandubois!
  • Fix panic and OOM in repeatString for large repeat counts (#2644) Thanks @​jandubois!
  • Bumped dependencies

4.52.5:

Commits
  • 751d8ad Bumping version
  • 6dd681a Fixing release signing
  • fc7c337 Updating bump version script
  • e969dd7 Bumping version
  • dc4b4ea Preparing release notes
  • 602586d Create scorecard.yml
  • 9a0335a fix: restrict GitHub Actions workflow token permissions (OSSF least-privilege...
  • 838c516 Trying to test release
  • c8f6c1a Updating release to sign checksums
  • 0e80383 chore: pin GitHub Actions and Docker base images to full-length hashes (OSSF ...
  • Additional commits viewable in compare view

Updates github.com/oapi-codegen/oapi-codegen/v2 from 2.6.0 to 2.7.0

Release notes

Sourced from github.com/oapi-codegen/oapi-codegen/v2's releases.

v2.7.0: Squashing bugs, many bugs (and adding some features)

Many improvements and even more bug fixes

This v2.7.0 release of oapi-codegen contains quite a bit of internal refactoring, focused on our most historically fragile code paths, which relate to the aggregate types (allOf/anyOf/oneOf), $ref to external specs, enums, and the spec traversal logic missing quite a few leaf nodes where models should have been generated, but were skipped.

The biggest changes are explicitly described in the sections below, and the full list of commits is at the bottom.

Thank you to all contributors, we've been going through all past PR's and updating them and merging where we can, and thanks to all our users for reporting issues that you hit.

I've (@​mromaszewicz) used a lot of LLM help here to scrub through old issues and do some deep internal refactoring to address common problem areas. I intend to continue doing this, since the conditional generation logic is getting quite complicated. When I originally released oapi-codegen, the use case was much simpler, all the models were under #/components/schemas, and all the references to them were in the requests, responses, etc. I never imagine how many things would be external references or unions, and how many complex OpenAPI specifications people would be generating code for. The initial design was never flexible enough to handle that, so ongoing bug fixes are getting increasingly complex due to edge cases. This version has a lot of internal changes you won't see as a user, but the way we handle type generation internally is unifying lots of copy/paste re-implementations into reusable code for consistency. Most of these changes can be done transparently, but some can't, so, onto the changes:

Code generation changes which might require some changes on your end

This release contains three changes, all very narrow in scope, which will require some manual adjustment of your own code. We've decided that these are small enough and uncommon enough not to require opt-in, which causes internal complexity. It's always a judgment call with these. If we got it wrong, we're happy to revisit it in a maintenance release.

Strict-server external response refs require strict-server generation in both packages (#2357)

If your strict-server spec uses an external $ref to a components/responses/... defined in another spec, that other spec must also be generated with strict-server: true. Add it to the source spec's config and regenerate:

# config for the spec being $ref'd
generate:
  models: true
  strict-server: true   # now required when imported by a strict-server spec

This restores the v2.0.0 behavior that lets you cast response models across package boundaries — the standard pattern for sharing error models (e.g. a common 400) across services. PR #1387 had silently changed the embedded type from N400JSONResponse to the bare externalRef0.N400, so the local and external response structs no longer had matching types and casts stopped compiling.

Many more anonymous inner schemas are now hoisted into top level schemas

Inline oneOf, anyOf, and additionalProperties schemas embedded directly under an operation's request or response body now flow through the same boilerplate-emission pipeline as components/schemas, so they get the As* / From* / Merge* accessor methods they were previously missing. As part of that change, two older naming patterns are replaced with one pattern, shared with all components:

GetPets_200_Data_Item             →  GetPets200JSONResponseBody_Data_Item
GetPets200JSONResponse_Data_Item  →  GetPets200JSONResponseBody_Data_Item

In practice, we think this shouldn't break anyone, because this change addresses a bug which produced pointless types with no benefit, and you never interact with these directly, but rather you'd call an accessor on a field of a model.

Strict middleware typedefs are now inlined (#2271)

StrictHandlerFunc and StrictMiddlewareFunc in generated strict-server code are now inline type definitions instead of aliases to github.com/oapi-codegen/runtime/strictmiddleware/<framework>. Generated servers no longer import that package.

... (truncated)

Commits
  • b363ca5 refactor(codegen): better Swagger compression, modern naming (#1909)
  • 08b3018 Route server enums through general enums codegen (#2358)
  • fbc8e0d revert external-ref carve-out in strict-server response embedding (#2010) (#2...
  • 7517e09 respect output file path on gofmt failure (#2356)
  • 9643421 fix example codegen (#2354)
  • 036a54b per-operation middleware in Echo (#2353)
  • 3338f93 Strict server: gate no-content response headers on nullable/optional (#2351)
  • 218effe Synchronize strict servers (#2350)
  • 81b9d95 Overhaul anonymous schema hoisting (#2348)
  • eff4a2b fix: allow x-go-type and x-go-type-skip-optional-pointer for allOf (#1610)
  • Additional commits viewable in compare view

Updates github.com/openfga/cli from 0.7.12 to 0.7.13

Release notes

Sourced from github.com/openfga/cli's releases.

v0.7.13

0.7.13 (2026-04-27)

Added

Changed

  • Update bundled OpenFGA to v1.15.0

What's Changed

New Contributors

Full Changelog: openfga/cli@v0.7.12...v0.7.13

Changelog

Sourced from github.com/openfga/cli's changelog.

0.7.13 (2026-04-27)

Added

Changed

  • Update bundled OpenFGA to v1.15.0
Commits
  • c5e2c46 release: v0.7.13 (#687)
  • 7d4e5fa chore: fix Rename .release-please-config.json to release-please-config.json (...
  • 2d95dfa chore(deps): bump goreleaser/goreleaser-action in the dependencies group (#681)
  • 4bfa9ba chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
  • 1934c31 chore: add 'release' to task types for PR validation (#684)
  • 5826777 feat: support custom headers (#670)
  • 6e2a665 chore: release automation (#683)
  • 892a37d chore(deps): bump the dependencies group with 3 updates (#675)
  • 34340e5 chore(deps): bump actions/upload-artifact in the dependencies group (#676)
  • 52b8566 chore(deps): bump github.com/openfga/language/pkg/go (#668)
  • Additional commits viewable in compare view

Updates github.com/sqlc-dev/sqlc from 1.30.0 to 1.31.1

Release notes

Sourced from github.com/sqlc-dev/sqlc's releases.

v1.31.1

Bug Fixes

  • Remove go.mod replace directive that breaks go install ...@latest (#4401)
  • Downgrade github.com/ncruces/go-sqlite3 to v0.32.0 (#4400)

Build

  • (deps) Bump github.com/jackc/pgx/v5 (#4398)

v1.31.0

Bug Fixes

  • Strip psql meta-commands from schema files (#4390)
  • Emit pointers for nullable enum columns when emit_pointers_for_null_types is set (#4388)
  • Map xid8 to pgtype.Uint64 for pgx/v5 (#4387)
  • Rename :one return variable when it conflicts with a parameter (#4383)
  • Coerce SQLite JSONB output regardless of type casing (#4385)
  • Dedupe sqlc.arg parameters wrapped in a type cast for MySQL (#4384)
  • Preserve MySQL optimizer hints in generated query text (#4382)
  • Catch invalid ON CONFLICT DO UPDATE column references (#4366)
  • Replace manual loop with copy() builtin (#4166)
  • (native) Make MySQL connection check immediate on first attempt (#4254)

Documentation

  • Add link to community python plugin (#4157)
  • Add Claude Code remote environment setup instructions (#4246)
  • Add sqlc-gen-sqlx to community language support (#4371)
  • Add GitHub Topic to the plugins page (#4258)

Features

  • (sqlfile) Add sqlfile.Split (#4146)
  • (sqlite) Add database analyzer using ncruces/go-sqlite3 (#4199)
  • (ast) Implement comprehensive SQL AST formatting (#4205)
  • (mysql) Improve AST formatting and add DELETE JOIN support (#4206)
  • (sqlite) Add SQLite support to format tests (#4207)
  • (expander) Add star expander for SELECT * and RETURNING * (PostgreSQL, MySQL, SQLite) (#4203)
  • Add SQLCEXPERIMENT environment variable for experimental features (#4228)
  • Add native database support for e2e tests without Docker (#4236)
  • (postgresql) Add analyzerv2 experiment for database-only analysis (#4237)
  • Graduate parsecmd experiment (#4253)
  • Add parse subcommand with AST JSON output (#4240)
  • Add ClickHouse support to sqlc parse (#4267)
  • Add sqlc-test-setup command for database test environment setup (#4304)

Refactor

  • (ast) Rename Formatter interface to Dialect (#4208)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the tools group across 1 directory with 6 updates
e12c25d 
Bumps the tools group with 6 updates in the /tools directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/bufbuild/buf](https://github.com/bufbuild/buf) | `1.66.1` | `1.69.0` |
| [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) | `2.28.0` | `2.29.0` |
| [github.com/mikefarah/yq/v4](https://github.com/mikefarah/yq) | `4.52.4` | `4.53.2` |
| [github.com/oapi-codegen/oapi-codegen/v2](https://github.com/oapi-codegen/oapi-codegen) | `2.6.0` | `2.7.0` |
| [github.com/openfga/cli](https://github.com/openfga/cli) | `0.7.12` | `0.7.13` |
| [github.com/sqlc-dev/sqlc](https://github.com/sqlc-dev/sqlc) | `1.30.0` | `1.31.1` |



Updates `github.com/bufbuild/buf` from 1.66.1 to 1.69.0
- [Release notes](https://github.com/bufbuild/buf/releases)
- [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md)
- [Commits](bufbuild/buf@v1.66.1...v1.69.0)

Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.28.0 to 2.29.0
- [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases)
- [Commits](grpc-ecosystem/grpc-gateway@v2.28.0...v2.29.0)

Updates `github.com/mikefarah/yq/v4` from 4.52.4 to 4.53.2
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@v4.52.4...v4.53.2)

Updates `github.com/oapi-codegen/oapi-codegen/v2` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/oapi-codegen/oapi-codegen/releases)
- [Commits](oapi-codegen/oapi-codegen@v2.6.0...v2.7.0)

Updates `github.com/openfga/cli` from 0.7.12 to 0.7.13
- [Release notes](https://github.com/openfga/cli/releases)
- [Changelog](https://github.com/openfga/cli/blob/main/CHANGELOG.md)
- [Commits](openfga/cli@v0.7.12...v0.7.13)

Updates `github.com/sqlc-dev/sqlc` from 1.30.0 to 1.31.1
- [Release notes](https://github.com/sqlc-dev/sqlc/releases)
- [Commits](sqlc-dev/sqlc@v1.30.0...v1.31.1)

---
updated-dependencies:
- dependency-name: github.com/bufbuild/buf
  dependency-version: 1.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
- dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2
  dependency-version: 2.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
- dependency-name: github.com/mikefarah/yq/v4
  dependency-version: 4.53.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
- dependency-name: github.com/oapi-codegen/oapi-codegen/v2
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
- dependency-name: github.com/openfga/cli
  dependency-version: 0.7.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tools
- dependency-name: github.com/sqlc-dev/sqlc
  dependency-version: 1.31.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 9, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 9, 2026 18:27
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants